Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.

Slides:



Advertisements
Similar presentations
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Advertisements

Last Class: The Problem BobAlice Eve Private Message Eavesdropping.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Netprog: Cryptgraphy1 Cryptography Reference: Network Security PRIVATE Communication in a PUBLIC World. by Kaufman, Perlman & Speciner.
More on SSL/TLS. Internet security: TLS TLS is one of the more prominent internet security protocols. TLS is one of the more prominent internet security.
Http Web Authentication Web authentication is used to verify a users identity before allowing access to certain web pages On web browsers you get a login.
Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.
15-1 Last time Internet Application Security and Privacy Public-key encryption Integrity.
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
Computer Security Key Management
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.
Encryption An Overview. Fundamental problems Internet traffic goes through many networks and routers Many of those networks are broadcast media Sniffing.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering.
EEC 688/788 Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
03 December 2003 Public Key Infrastructure and Authentication Mark Norman DCOCE Oxford University Computing Services.
Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.
Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.
Digital Certificates. What is a Digital Certificate? A digital certificate is the equivalent of your business card in the e-commerce world. It says who.
CSCI 6962: Server-side Design and Programming
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
Lecture 19 Page 1 CS 111 Online Symmetric Cryptosystems C = E(K,P) P = D(K,C) E() and D() are not necessarily the same operations.
SSL and https for Secure Web Communication CSCI 5857: Encoding and Encryption.
Secure Socket Layer (SSL)
Network Security. Information secrecy-only specified parties know the information exchanged. Provided by criptography. Information integrity-the information.
8-1Network Security Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity, authentication.
Network Security – Part 2 (Continued) Lecture Notes for May 8, 2006 V.T. Raja, Ph.D., Oregon State University.
Security Keys, Signatures, Encryption. Slides by Jyrki Nummenmaa ‘
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
23-1 Last time □ P2P □ Security ♦ Intro ♦ Principles of cryptography.
Internet Security. 2 PGP is a security technology which allows us to send that is authenticated and/or encrypted. Authentication confirms the identity.
1 Cryptography NOTES. 2 Secret Key Cryptography Single key used to encrypt and decrypt. Key must be known by both parties. Assuming we live in a hostile.
Encryption Questions answered in this lecture: How does encryption provide privacy? How does encryption provide authentication? What is public key encryption?
Chapter 8 – Network Security Two main topics Cryptographic algorithms and mechanisms Firewalls Chapter may be hard to understand if you don’t have some.
Network Security – Special Topic on Skype Security.
Lecture 16: Security CDK4: Chapter 7 CDK5: Chapter 11 TvS: Chapter 9.
Upper OSI Layers Natawut Nupairoj, Ph.D. Department of Computer Engineering Chulalongkorn University.
Digital Signatures, Message Digest and Authentication Week-9.
Protocols for public-key management. Key management –two problems Distribution of public keys (for public- key cryptography) Distribution of secret keys.
Cryptography: Digital Signatures Message Digests Authentication
Authentication Issues and Solutions CSCI 5857: Encoding and Encryption.
Encryption. Introduction The incredible growth of the Internet has excited businesses and consumers alike with its promise of changing the way we live.
TCP/IP Protocol Suite 1 Chapter 30 Security Credit: most slides from Forouzan, TCP/IP protocol suit.
Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
Group 9 Chapter 8.3 – 8.6. Public Key Algorithms  Symmetric Key Algorithms face an inherent problem  Keys must be distributed to all parties but kept.
© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.
Application Layer Attack. DDoS DDoS – Distributed Denial of Service Why would any one want to do this? In some cases, for bringing down service of competitors,
Computer Science Lecture 23, page 1 CS677: Distributed OS Security: Focus of Control Three approaches for protection against security threats a)Protection.
Identify Friend or Foe (IFF) Chapter 9 Simple Authentication protocols Namibia Angola 1. N 2. E(N,K) SAAF Impala Russian MIG 1 Military needs many specialized.
Mar 28, 2003Mårten Trolin1 This lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.
@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.
Prof. Reuven Aviv, Nov 2013 Public Key Infrastructure1 Prof. Reuven Aviv Tel Hai Academic College Department of Computer Science Public Key Infrastructure.
Secure HTTP (HTTPS) Pat Morin COMP 2405.
Computer Communication & Networks
Secure Sockets Layer (SSL)
Protocol ap1.0: Alice says “I am Alice”
Advanced Computer Networks
Chapter 8 roadmap 8.1 What is network security?
Presentation transcript:

Network Security Continued

Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender. – 2. The sender cannot later repudiate the content of the message. – 3. The receiver cannot make the message up.

Using Public key / Private Key To send P, Alice send E_B(D_A(P)). Bob receives, decode it with his private key to get D_A(P), encode it with Alice’s public key to get P.

Digital Signature Can Bob verify this is the message from Alice? – Yes, because (1) the message usually have some format and if it is not decoded correctly it will make no sense (2) Alice can send a hash of the message to Bob and Bob can verify whether the hash matches the decoded message

Digital Signature If Alice later denies she sent the message P, Bob can show P and D_A(P). A third party can check if he can get P with D_A(P) and Alice’s private key. If yes, Alice is lying because Bob does not know Alice’s private key and have no way to make up D_A(P).

Is problem solved? How can Alice and Bob know each other’s public key? Can Alice send a message to Bob to ask him to send her pkB? No. Tom may intercept this message and return Alice a message with his key or some junk.

Solution? Ask someone with authority, say, C. – Alice asks C “can you tell me the public key of Bob?” – C replies “Here you are, pkB.” Will this work? No. Because how can Alice be sure that this message is from C and not from Tom?

Solution Because C is well-known, Alice remembers his public key. So when C sends Alice the reply, he “signs” it with his private key: D_skC(pkB, I am sending you the public key of Bob as you requested). When Alice gets this message, she knows that this must be from C and can be trusted.

Problems? If everyone must contact C before the session begins, can C still handle it? Note that the RSA algorithm involves multiplications of large numbers and is slow.

Solution In fact, C does not have to answer the reply in real time. He can send Bob a “certificate” like: D_skC[I hereby certificate that this key ############# belongs to Bob. Bob’s IP address is ****** and his is Later, when Bob wants to prove he is indeed Bob, he can just present this to Alice. Actually, it is D_skC{SHA_1[I hereby certificate that this key ############# belongs to Bob. Bob’s IP address is ****** and his is and C is called Certificate Authority (CA).

Optimizations Still, signing all these certificates is too much for a single machine. There is PKI (Public Key Infrastructure) as a tree. You have a root, Regional Authorities, and CAs. A node certifies the nodes under it by signing. Chain of trust.

Authentication If someone claims he is A and wants to have a conversation with you, how do you verify? He should present something to you which you can check and which he can have if and only if he is A. We can all think of certain things for our real friends, but does such thing exist in the electronic world?

Simple Protocol Will this work – suppose A and B knows each other’s public key – If A wants to communicate with B, A sends E_pkB[D_skA(P)], where P is the plain text message. Because of the digital signature scheme, B knows that this message is originally from A. But a message that is originally from A does not mean that it is from A– the replay attack. What the adversary can do is: first play the message with you, after you are tricked to believe it is A, then ask for transferring $10000.

The solution Recall that everyone has a public key and a private key. Suppose Alice and Bob knows each other’s public key. – If Alice wants to setup a session with Bob, she sends Bob a message E_pkB[Alice, R_a], meaning that I am Alice and I want to talk to you, where R_a is a number picked at random. – Bob replies E_pkA[R_a, R_b, K_s], where R_b is a number picked at random and K_s is the session key. – Alice replies AES_K_s[R_b]. (not exactly the same as Skype’s protocol, but the idea is the same)

Explanations Message 2. When Alice gets E_pkA[R_a, R_b, K_s], she can decrypt it and can get R_a, R_b, K_s. When she sees R_a, she knows that this is the response she is waiting for and the sender must be Bob. Why? Because no one except Bob knows how to decode E_pkB[Alice, R_a] to get R_a and R_a is totally random and it is impossible for one to guess it right.

Explainations Message 3. When Bob gets AES_K_s[R_b], he can use K_s to decode it to get R_b. Then he knows that this must be the message he is waiting for and the one who sent the first message must be Alice. Why? Because no one except Alice knows how to decode E_pkA[R_a, R_b, K_s] to get R_b and K_s to get AES_K_s[R_b].

Explanations The key is, we can make sure that every message must be the response of the previous message. After the session key is exchanged, the conversation can begin.

SSL -- Secure Sockets Layer and HTTPS Build a secure connection between two sockets. It is a layer between the application layer and the transportation layer. When HTTP is run over SSL, it is HTTPS.

SSL Twp protocols, one for establishing a secure connection, the other for using it. Fig Establishing connection. 1.A->B. SSL version, Preferences, R_A. 2.B->A. SSL version, Choices, R_B. Certificate. Done. 3.A->B. E_pkB[premaster key]. Change cipher. Finished. 4.B->A. Change cipher. Finished. R_A, R_B, premaster key used to get the session key. A is sure that she is talking to B. B use passwords to make sure that he is talking to A.

PGP – Pretty Good Privacy Used in s. MD5RSAIDEA RSA P K_M DA zip EB

Attacks – SYN Flood SYN Flood – TCP establishes the connection by three-way handshake. Client sends SYN, server receives SYN, sends SYN ACK, at the same time allocating memory for this connection. – If the client just send SYN, but not respond to the SYN ACK, the server will wait for a while and release the memory. – What if people use spoofed source IP addresses to send SYN packets?

Attacks – Reflection Reflection. – What if people use the a lot of computers sending SYN to server with a victim’s IP address as the source address?

Attacks logy/internet/10attacks.html logy/internet/10attacks.html e/419816/a-next-generation-dos-attack- distributed-reflection/ e/419816/a-next-generation-dos-attack- distributed-reflection/

DDoS DDoS – Distributed Denial of Service Why would any one want to do this? In some cases, for bringing down service of competitors, or for extortion money.

Application Layer Attack There is a particular type of attack – simply ask bots to send requests to the victim for large files. Now, the victim, the server, has to send large files therefore the bandwidth is saturated and no more requests can be satisfied.

CAPTCHA One way is to see if we can distinguish human from bots. CAPTCHA -- Completely Automated Public Turing test to tell Computers and Humans Apart Below is a picture from wiki

CAPTCHA Was proposed by Luis von Ahn, Manuel Blum, Nicholas J. Hopper, and John Langford.

Other things you can do With the CAPTCHA idea, they actually did something else: scan an old book, and show a word in the book along with one from CAPTCHA. You don’t know which one is from where. So while you login, you help the library to recognize words.

Problem with CAPTCHA The problem is that you do not want to answer a CAPTCHA problem every 30 mins if you are watching a movie.

The other solution Ask the client to solve a puzzle, basically asking the client to spend some resource before getting service. Can you design some puzzles?

Puzzles Some puzzles include: – Finding a string such that the first k bits of its SHA- 1 hash are 0. – By controlling k, you control the difficulty of the puzzle. – A problem is that this puzzle is biased toward clients with fast machines.

Memory-bound puzzles are better Memory speed varies less significantly than CPU speed. Forcing the client to do a lot of random read from main memory. How?

One memory bound puzzle There is a one-to-one function F() that cannot be reversed. Server started from x_0. x_i = F(x_i-1). Server sends x_k to the client. Ask him to return x_0. It is to the best interest of the client to build a table, because table lookup is much faster than calculating the function, then search which input results in x_k, to get x_k-1, and so on.

Other solutions Speak-up: When system is in trouble, instead waiting to drown, you should speak up! Meaning that you should also send a lot of requests. The server serves the one with loudest voice. From their 2006 sigcomm paper:

Speak-up Actually, every client has to pay the server some currency in the form of bandwidth. The hope is that the clients have spare bandwidths but the attackers already have used up their bandwidths. These dummy byes are a waste of resource.

What we are working on Introducing p2p to DDoS defense.

A useful link