Chapter 8 Network Security Thanks and enjoy! JFK/KWR All material copyright 1996-2012 J.F Kurose and K.W. Ross, All Rights Reserved Computer Networking:

Slides:



Advertisements
Similar presentations
Chapter 8 Network Security
Advertisements

Network Security7-1 Chapter 7 Network Security Computer Networking: A Top Down Approach Featuring the Internet, 2 nd edition. Jim Kurose, Keith Ross Addison-Wesley,
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
ECE 4450:427/527 - Computer Networks Spring 2015 Dr. Nghi Tran Department of Electrical & Computer Engineering Lecture 9.1: Network Security Dr. Nghi Tran.
1 CS 854 – Hot Topics in Computer and Communications Security Fall 2006 Introduction to Cryptography and Security.
Network Security Hwajung Lee. What is Computer Networks? A collection of autonomous computers interconnected by a single technology –Interconnected via:
1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Digital Signature Key distribution.
8: Network Security Security. 8: Network Security8-2 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides.
Chapter 8 Network Security Computer Networking: A Top Down Approach, 5 th edition. Jim Kurose, Keith Ross Addison-Wesley, April 2009.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
1 ITC242 – Introduction to Data Communications Week 11 Topic 17 Chapter 18 Network Security.
CSE401n:Computer Networks
Network Security understand principles of network security:
Public Key Cryptography
8: Network Security8-1 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides freely available to all (faculty, students,
Review and Announcement r Ethernet m Ethernet CSMA/CD algorithm r Hubs, bridges, and switches m Hub: physical layer Can’t interconnect 10BaseT & 100BaseT.
8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.
Lecture 24 Cryptography CPE 401 / 601 Computer Network Systems slides are modified from Jim Kurose and Keith Ross and Dave Hollinger.
University of Calgary – CPSC 441.  The field of network security is about:  how bad guys can attack computer networks  how we can defend networks against.
8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 A note on the use of these.
Lecture 23 Cryptography CPE 401 / 601 Computer Network Systems Slides are modified from Jim Kurose & Keith Ross.
Lecture 15 Lecture’s outline Public algorithms (usually) that are each other’s inverse.
8-1Network Security Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides freely available to all (faculty, students,
1-1 1DT066 Distributed Information System Chapter 8 Network Security.
Lecture 17 Network Security CPE 401/601 Computer Network Systems slides are modified from Jim Kurose & Keith Ross All material copyright J.F.
 This Class  Chapter 8. 2 What is network security?  Confidentiality  only sender, intended receiver should “understand” message contents.
22-1 Last time □ SMTP ( ) □ DNS This time □ P2P □ Security.
Network Security7-1 Chapter 8: Network Security Chapter goals: r understand principles of network security: m cryptography and its many uses beyond “confidentiality”
CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.
Chapter 8, slide: 1 ECE/CS 372 – introduction to computer networks Lecture 18 Announcements: r Final exam will take place August 13 th,2012 r HW4 and Lab5.
Day 37 8: Network Security8-1. 8: Network Security8-2 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key:
Cryptography Wei Wu. Internet Threat Model Client Network Not trusted!!
8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012.
1 Cryptography r Overview r Symmetric Key Cryptography r Public Key Cryptography r Message integrity and digital signatures References: Stallings Kurose.
8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 part 1: Principles of cryptography.
Network Security7-1 Chapter 7 Network Security Computer Networking: A Top Down Approach Featuring the Internet, 2 nd edition. Jim Kurose, Keith Ross Addison-Wesley,
Prof. Younghee Lee 1 1 Computer Networks u Lecture 13: Network Security Prof. Younghee Lee * Some part of this teaching materials are prepared referencing.
ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 Lecture 11 Network Security (1)
Public Key Cryptography. symmetric key crypto requires sender, receiver know shared secret key Q: how to agree on key in first place (particularly if.
Network Security Introduction Light stuff – examples with Alice, Bob and Trudy Serious stuff - Security attacks, mechanisms and services.
1-1 1DT066 Distributed Information System Chapter 8 Network Security.
30.1 Chapter 30 Cryptography Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
1 Security and Cryptography: basic aspects Ortal Arazi College of Engineering Dept. of Electrical & Computer Engineering The University of Tennessee.
Introduction1-1 Data Communications and Computer Networks Chapter 6 CS 3830 Lecture 28 Omar Meqdadi Department of Computer Science and Software Engineering.
1 Network Security Basics. 2 Network Security Foundations: r what is security? r cryptography r authentication r message integrity r key distribution.
8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 A note on the use of these.
Network Security7-1 Today r Reminders m Ch6 Homework due Wed Nov 12 m 2 nd exams have been corrected; contact me to see them r Start Chapter 7 (Security)
+ Security. + What is network security? confidentiality: only sender, intended receiver should “understand” message contents sender encrypts message receiver.
CPSC 441 TUTORIAL – APRIL 4, 2012 TA: MARYAM ELAHI NETWORK SECURITY.
1 Cryptography Troy Latchman Byungchil Kim. 2 Fundamentals We know that the medium we use to transmit data is insecure, e.g. can be sniffed. We know that.
 Last Class  Chapter 7 on Data Presentation Formatting and Compression  This Class  Chapter 8.1. and 8.2.
8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 A note on the use of these.
Chapter 8 Network Security Thanks and enjoy! JFK/KWR All material copyright J.F Kurose and K.W. Ross, All Rights Reserved Computer Networking:
Cryptography services Lecturer: Dr. Peter Soreanu Students: Raed Awad Ahmad Abdalhalim
8: Network Security8-1 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides freely available to all (faculty, students,
Network security Cryptographic Principles
Chapter 8: Network Security
What is network security?
ECE/CS 372 – introduction to computer networks Lecture 16
Chapter 8: Network Security
Chapter 8: Network Security
Network Security Basics
1DT057 Distributed Information System Chapter 8 Network Security
Intro to Cryptography Some slides have been taken from:
Encryption INST 346, Section 0201 April 3, 2018.
Security: Principles & Symmetric Key Cryptography
Chapter 8: Network Security
Security: Public Key Cryptography
Chapter 8: Network Security
Presentation transcript:

Chapter 8 Network Security Thanks and enjoy! JFK/KWR All material copyright J.F Kurose and K.W. Ross, All Rights Reserved Computer Networking: A Top Down Approach, 5 th edition. Jim Kurose, Keith Ross Addison-Wesley, April 2009.

Chapter 8: Network Security Chapter goals: r understand principles of network security: m cryptography and its many uses beyond “confidentiality” m authentication m message integrity r security in practice: m firewalls and intrusion detection systems m security in application, transport, network, link layers 2

Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity 8.4 Securing 8.5 Securing TCP connections: SSL 8.6 Network layer security: IPsec 8.7 Securing wireless LANs 8.8 Operational security: firewalls and IDS 3

What is network security? Desirable properties of secure communication: Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver decrypts message Authentication: sender, receiver want to confirm identity of each other Message integrity: sender, receiver want to ensure message not altered (in transit, or afterwards) without detection Operational Security: services must be accessible and available to users, controlling packet access to and from the network (protecting corporate secrets) 4

Friends and enemies: Alice, Bob, Trudy r well-known in network security world r Bob, Alice (lovers!) want to communicate “securely” r Trudy (intruder) may intercept, delete, add messages secure sender secure receiver channel data, control messages data Alice Bob Trudy 5

Who might Bob, Alice be? r … well, real-life Bobs and Alices! r Web browser/server for electronic transactions (e.g., on-line purchases) r on-line banking client/server r DNS servers r routers exchanging routing table updates r other examples? 6

There are bad guys (and girls) out there! Q: What can a “bad guy” do? A: A lot! See section 1.6 m eavesdrop: intercept messages m actively insert messages into connection m impersonation: can fake (spoof) source address in packet (or any field in packet) m hijacking: “take over” ongoing connection by removing sender or receiver, inserting himself in place m denial of service: prevent service from being used by others (e.g., by overloading resources) 7

Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity 8.4 Securing 8.5 Securing TCP connections: SSL 8.6 Network layer security: IPsec 8.7 Securing wireless LANs 8.8 Operational security: firewalls and IDS 8

9 The language of cryptography m plaintext message K A (m) ciphertext, encrypted with key K A m = K B (K A (m)) plaintext ciphertext K A encryption algorithm decryption algorithm Alice’s encryption key Bob’s decryption key K B

10 Simple encryption scheme substitution cipher: substituting one thing for another m Caesar cipher: substituting each letter – k letters later m monoalphabetic cipher: substitute one letter for another plaintext: abcdefghijklmnopqrstuvwxyz ciphertext: mnbvcxzasdfghjklpoiuytrewq Plaintext: bob. i love you. alice Monoalph. ciphertext: nkn. s gktc wky. mgsbc E.g.: Key: the mapping from the set of 26 letters to the set of 26 letters Caesar ciphertext: ere. l oryh brx. dolfh

11 Polyalphabetic encryption r n monoalphabetic cyphers, M 1,M 2,…,M n r Cycling pattern: m e.g., n=4, M 1,M 3,M 4,M 3,M 2 ; M 1,M 3,M 4,M 3,M 2 ; r For each new plaintext symbol, use subsequent monoalphabetic pattern in cyclic pattern m dog: d from M 1, o from M 3, g from M 4 r Key: the n ciphers and the cyclic pattern

12 Breaking an encryption scheme r Cipher-text only attack: Trudy has ciphertext that she can analyze r Two approaches: m Search through all keys: must be able to differentiate resulting plaintext from gibberish m Statistical analysis r Known-plaintext attack: trudy has some plaintext corresponding to some ciphertext m eg, in monoalphabetic cipher, trudy determines pairings for a,l,i,c,e,b,o, r Chosen-plaintext attack: trudy can get the cyphertext for some chosen plaintext

13 Types of Cryptography r Crypto often uses keys: m Algorithm is known to everyone m Only “keys” are secret r Public key cryptography m Involves the use of two keys r Symmetric key cryptography m Involves the use one key r Hash functions m Involves the use of no keys m Nothing secret: How can this be useful?

14 Symmetric key cryptography symmetric key crypto: Bob and Alice share same (symmetric) key: K r e.g., key is knowing substitution pattern in mono alphabetic substitution cipher Q: how do Bob and Alice agree on key value? plaintext ciphertext K S encryption algorithm decryption algorithm S K S plaintext message, m K (m) S m = K S (K S (m))

15 Two types of symmetric ciphers r Stream ciphers m encrypt one bit at time r Block ciphers m Break plaintext message in equal-size blocks m Encrypt each block as a unit

16 Stream Ciphers r Combine each bit of keystream with bit of plaintext to get bit of ciphertext r m(i) = ith bit of message r ks(i) = ith bit of keystream r c(i) = ith bit of ciphertext r c(i) = ks(i)  m(i) (  = exclusive or) r m(i) = ks(i)  c(i) keystream generator key keystream pseudo random

17 RC4 Stream Cipher r RC4 is a popular stream cipher m Extensively analyzed and considered good m Key can be from 1 to 256 bytes m To generate the keystream, the cipher makes use of a permutation of all 256 possible bytes m The permutation is initialized with a variable length key, typically between 40 and 256 bits, using the key-scheduling algorithm (KSA). Once this has been completed, the stream of bits is generated using the pseudo-random generation algorithm (PRGA). m Used in WEP (Wired Equivalent Privacy) for m Can be used in SSL (Secure Session Layer)

18 Block ciphers r Message to be encrypted is processed in blocks of k bits (e.g., 64-bit blocks). r 1-to-1 mapping is used to map k-bit block of plaintext to k-bit block of ciphertext Example with k=3: input output input output What is the ciphertext for ?

19 Block ciphers r How many possible mappings are there for k=3? m How many 3-bit inputs? m How many permutations of the 3-bit inputs? m Answer: 40,320 ; not very many! r In general, 2 k ! mappings; huge for k=64 r Problem: m Table approach requires table with 2 64 entries, each entry with 64 bits r Table too big: instead use function that simulates a randomly permuted table

20 Prototype function 64-bit input S1S1 8bits S2S2 S3S3 S4S4 S7S7 S6S6 S5S5 S8S8 64-bit intermediate 64-bit output Loop for n rounds 8-bit to 8-bit mapping From Kaufman et al

21 Why rounds in prototpe? r If only a single round, then one bit of input affects at most 8 bits of output. r In 2 nd round, the 8 affected bits get scattered and inputted into multiple substitution boxes. r How many rounds? m How many times do you need to shuffle cards m Becomes less efficient as n increases

22 Encrypting a large message r Why not just break message in 64-bit blocks, encrypt each block separately? m If same block of plaintext appears twice, will give same cyphertext. r How about: m Generate random 64-bit number r(i) for each plaintext block m(i) m Calculate c(i) = K S ( m(i)  r(i) ) m Transmit c(i), r(i), i=1,2,… m At receiver: m(i) = K S (c(i))  r(i) m Problem: inefficient, need to send c(i) and r(i)

23 Cipher Block Chaining (CBC) r CBC generates its own random numbers m Have encryption of current block depend on result of previous block m c(i) = K S ( m(i)  c(i-1) ) m m(i) = K S ( c(i))  c(i-1) r How do we encrypt first block? m Initialization vector (IV): random block = c(0) m IV does not have to be secret r Change IV for each message (or session) m Guarantees that even if the same message is sent repeatedly, the ciphertext will be completely different each time

Cipher Block Chaining r cipher block: if input block repeated, will produce same cipher text: t=1 m(1) = “HTTP/1.1” block cipher c(1) = “k329aM02” … r cipher block chaining: XOR ith input block, m(i), with previous block of cipher text, c(i-1) m c(0) transmitted to receiver in clear m what happens in “HTTP/1.1” scenario from above? + m(i) c(i) t=17 m(17) = “HTTP/1.1” block cipher c(17) = “k329aM02” block cipher c(i-1)

25 Symmetric key crypto: DES DES: Data Encryption Standard r US encryption standard [NIST: National Institute of Standards and Technology (1993)] r 56-bit symmetric key, 64-bit plaintext input r Block cipher with cipher block chaining r How secure is DES? m DES Challenge: 56-bit-key-encrypted phrase decrypted (brute force) in less than a day m No known good analytic attack r making DES more secure: m 3DES: encrypt 3 times with 3 different keys (actually encrypt, decrypt, encrypt)

26 Symmetric key crypto: DES initial permutation 16 identical “rounds” of function application, each using different 48 bits of key final permutation DES operation

27 AES: Advanced Encryption Standard r new (Nov. 2001) symmetric-key NIST standard, replacing DES r processes data in 128 bit blocks r 128, 192, or 256 bit keys r brute force decryption (try each key) taking 1 sec on DES, takes 149 trillion years for AES

28 Public Key Cryptography symmetric key crypto r requires sender, receiver know shared secret key r Q: how to agree on key in first place (particularly if never “met”)? public key cryptography r radically different approach [Diffie- Hellman76, RSA78] r sender, receiver do not share secret key r public encryption key known to all r private decryption key known only to receiver

29 Public key cryptography plaintext message, m ciphertext encryption algorithm decryption algorithm Bob’s public key plaintext message K (m) B + K B + Bob’s private key K B - m = K ( K (m) ) B + B -

30 Public key encryption algorithms need K ( ) and K ( ) such that B B.. given public key K, it should be impossible to compute private key K B B Requirements: 1 2 Diffie-Hellman Key Exchange RSA: Rivest, Shamir, Adelson algorithm + - K (K (m)) = m B B

31 Prerequisite: modular arithmetic r x mod n = remainder of x when divide by n r Facts: [(a mod n) + (b mod n)] mod n = (a+b) mod n [(a mod n) - (b mod n)] mod n = (a-b) mod n [(a mod n) * (b mod n)] mod n = (a*b) mod n r Thus (a mod n) d mod n = a d mod n r Example: x=14, n=10, d=2: (x mod n) d mod n = 4 2 mod 10 = 6 x d = 14 2 = 196 x d mod 10 = 6

Diffie-Hellman Key Exchange  The protocol has two system parameters q and α. m They are both public and may be used by all the users in a system.  Parameter q is a prime number and parameter α (usually called a generator) is an integer less than q. 32

Diffie-Hellman Key Exchange 33 Key generation and Exchange in Diffie-Hellman:

Diffie-Hellman Key Exchange r XA, XB secret r ( Y A ) XB mod q = ( Y B ) XA mod q ? ( α XA mod q) XB mod q = α (XB.XA) mod q = α (XA.XB) mod q = ( α XB mod q) XA mod q = ( Y B ) XA mod q 34

35 RSA: getting ready r A message is a bit pattern. r A bit pattern can be uniquely represented by an integer number. r Thus encrypting a message is equivalent to encrypting a number. Example r m= This message is uniquely represented by the decimal number 145. r To encrypt m, we encrypt the corresponding number, which gives a new number (the cyphertext).

36 RSA: Creating public/private key pair 1. Choose two large prime numbers p, q. (e.g., 1024 bits each) 2. Compute n = pq, z = (p-1)(q-1) 3. Choose e (with e<n) that has no common factors with z. (e, z are “relatively prime”). 4. Choose d such that ed-1 is exactly divisible by z. (in other words: ed mod z = 1 ). 5. Public key is (n,e). Private key is (n,d). K B + K B -

37 RSA: Encryption, decryption 0. Given (n,e) and (n,d) as computed above 1. To encrypt message m (<n), compute c = m mod n e 2. To decrypt received bit pattern, c, compute m = c mod n d m = (m mod n) e mod n d Magic happens! c

38 RSA example: Bob chooses p=5, q=7. Then n=35, z=24. e=5 (so e, z relatively prime). d=29 (so ed-1 exactly divisible by z). bit pattern m m e c = m mod n e 0000l c m = c mod n d c d encrypt: decrypt: Encrypting 8-bit messages.

39 Why does RSA work? r Must show that c d mod n = m where c = m e mod n r Fact: for any x and y: x y mod n = x (y mod z) mod n m where n= pq and z = (p-1)(q-1) (Number Theory) r Thus, c d mod n = (m e mod n) d mod n = m ed mod n = m (ed mod z) mod n = m 1 mod n = m

40 RSA: another important property The following property will be very useful later: K ( K (m) ) = m B B - + K ( K (m) ) B B + - = use public key first, followed by private key use private key first, followed by public key Result is the same!

41 Follows directly from modular arithmetic: (m e mod n) d mod n = m ed mod n = m de mod n = (m d mod n) e mod n K ( K (m) ) = m B B - + K ( K (m) ) B B + - = Why ?

42 Why is RSA Secure? r Suppose you know Bob’s public key (n,e). How hard is it to determine d? r Essentially need to find factors of n without knowing the two factors p and q. r Fact: factoring a big number is hard. Generating RSA keys r Have to find big primes p and q r Approach: make good guess then apply testing rules (see Kaufman)

43 Session keys r Exponentiation is computationally intensive r DES is at least 100 times faster than RSA Session key, K S r Bob and Alice use RSA to exchange a symmetric key K S r Once both have K S, they use symmetric key cryptography

Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity 8.4 Securing 8.5 Securing TCP connections: SSL 8.6 Network layer security: IPsec 8.7 Securing wireless LANs 8.8 Operational security: firewalls and IDS