Network Security Understand principles of network security: Cryptography and its many uses beyond “confidentiality”. Authentication. Message integrity Non-repudiation Key distribution. Security in practice: Firewalls Security and protocols in application, transport, network, and link layers (NAT, IPSec, SSL, Kerberos, etc)

Security in network layers

Common Security Attacks Packet sniffing: To gain access to cleartext network data and passwords Impersonation: To gain unauthorized access to data or to create unauthorized e-mails by impersonating an authorized entity Denial-of-service: To render network resources non-functional Replay of messages: To gain access to information and change it in transit Guessing of keys: To gain access to encrypted data and passwords (brute-force attack) Port scanning: To discover potential available attack points

What is Network Security? Confidentiality: only sender, intended receiver should “understand” message contents Authentication: sender, receiver want to confirm identity of each other Message Integrity: sender, receiver want to ensure message not altered without detection Non-Repudiation: being able to prove that the sender did send the message

A Security Example: Alice, Bob, Trudy Alice and Bob want to communicate “securely”. Trudy (intruder) may intercept, delete, add messages, and so on to disrupt their communications.

Who Might Alice and Bob Be? Users Web browser/server for electronic transactions (e.g., on-line purchases) On-line banking client/server DNS servers Routers exchanging routing table updates

Cryptography Definitions Encryption is a process by which a message (called plaintext) is transformed into another message (called ciphertext) using a mathematical function and a special encryption password (called a key). Decryption is the reverse process

Cryptography Definitions Alice’s encryption key Bob’s decryption key K A K B encryption algorithm plaintext ciphertext decryption algorithm plaintext

Symmetric (Secret) Key Cryptography Same key decrypts and encrypts information. The encryption functions used need not be secret, but the keys used must be secret Sender and receiver must agree on the key before secured communication starts The encryption and decryption functions used can be the same or different.

Symmetric Key Cryptography: Key Issues A-B K A-B encryption algorithm plaintext message, m ciphertext decryption algorithm plaintext K (m) K (m) A-B m = K ( ) A-B Symmetric key cryptography: Bob and Alice share the same (symmetric) key: K Question: How is the agreed upon key distributed to both Bob and Alice in a secure fashion?

Symmetric Key Cryptography: DES DES: Data Encryption Standard US encryption standard 56-bit symmetric key, 64-bit plaintext input AES: Advanced Encryption Standard Newer (November 2001) symmetric key replacing DES. 128, 192, or 256 bit keys, 128-bit plaintext input Brute force decryption (trying each key) would take 1 second on DES, but would take 149 trillion years for AES. IDEA: International Data Encryption Algorithm 64-bit input, 128-bit keys Stronger, more efficient than DES.

Public Key Cryptography Symmetric key cryptography Requires both the sender and receiver to know the shared secret key. Question: how do they agree on the key in the first place (particularly if they have never “met”)? Public key cryptography Sender and receiver do not share secret key. Public encryption key known to all. Private decryption key known only by the owner.

Public (Assymetric) Key Cryptography Keys are generated in pairs. Public key is publicly registered so everyone knows it, and private one is kept secret by the owner. Each key can decrypt what the other encrypts, but not what it encrypts itself. Important properties of key generation: There is a one-to-one correspondence in the generated key pairs – if one key can decrypt a message, it must have been encrypted by the other. It must be extremely difficult, if not impossible, to deduce the private key when given a public key.

Public Key Cryptography + Bob’s public key K B - Bob’s private key K B plaintext message, m encryption algorithm ciphertext decryption algorithm plaintext message K (m) B + m = K (K (m)) B + -

Public Key Encryption Algorithms Diffie-Hellman: the first public key approach proposed. RSA: the best known public key system, developed by Rivest, Shamir, and Adleman (hence RSA). DSA: Digital Signature Algorithm, developed by the U.S. National Security Agency (NSA).

Symmetric vs. Public Key Cryptography Which method provides stronger security? Which method is more convenient? Which method performs better? Ideally, we would like to combine the strengths of symmetric and public key cryptography, and avoid their weaknesses: We want the efficiency of symmetric cryptography combined with the ease of use and convenience of public key cryptography.

Hybrid Secret-Public Key Cryptography When two parties want to communicate securely, public key cryptography is used to exchange a random symmetric session key. To communicate, symmetric cryptography is used with the session key. When done, both parties destroy the session key.

Hash functions/Message Digests Message digest is a special kind of checksum produced using cryptographic means. Typically produced from a one-way hash function that is difficult to reverse or predict. This function takes the entire input and reduces it to a small value of fixed length, typically 128 to 512 bits in length. Must be collision-resistant: must be difficult for 2 messages to produce the same digest Encrypted hash (MAC) is used to ensure authentication and integrity

Message Digests: Hash Function Algorithms MD5 hash function widely used SHA-1 is also used. Issues in both MD5 and SHA-1 have been found in recent years though These algorithms are now being phased out more quickly in favour of other, newer approaches like SHA-2.

Authentication and Integrity Authentication is the process of proving one’s identity to someone else. There are three main ways of authenticating an individual: Something you know Something you own Something you are Message integrity: ensuring that a message not altered without detection.

Digital Signatures We would like to have a cryptographic technique analogous to hand-written signatures. This digital signature is verifiable and not forgeable: recipient (Alice) can prove to someone that Bob, and no one else (including Alice), must have signed the document. Hash encrypted by a private key is a digital signature that is then attached to the original message By signing only the digest, we have the same level of security, as the digest is tied to the message, with less encryption and decryption overhead.

Signed Message Digests as Digital Signatures Bob sends digitally signed message: large message m H: Hash function H(m) digital signature (encrypt) Bob’s private key K B - KB(H(m)) - encrypted msg digest +

Signed Message Digests as Digital Signatures Alice verifies signature and integrity of digitally signed message: Bob sends digitally signed message: large message m H: Hash function KB(H(m)) - encrypted msg digest H(m) digital signature (encrypt) Bob’s private key large message m K B - Bob’s public key digital signature (decrypt) K B + KB(H(m)) - encrypted msg digest H: Hash function + H(m) H(m) equal ?

Certification Authorities With public key cryptography there’s a danger of a “man-in-the-middle attacks” How do we make sure that a particular public key belongs to a certain entity? How can we avoid impersonation? The International Telecommunication Union (ITU) specifies an authentication service and specific syntax for certificates in X.509.

Certification Authorities Certification Authority (CA): binds a public key to particular entity, E. E (person, router) registers its public key with CA. E provides “proof of identity” to CA. CA creates certificate binding E to its public key. Certificate containing E’s public key digitally signed by CA – CA says “this is E’s public key” digital signature (encrypt) K B + Bob’s public key K B + CA private key certificate for Bob’s public key, signed by CA - Bob’s identifying information K CA

Certification Authorities When Alice wants Bob’s public key: Gets Bob’s certificate (Bob or elsewhere). Apply CA’s public key to Bob’s certificate, get Bob’s public key. K B + digital signature (decrypt) Bob’s public key K B + CA public key + K CA

Firewalls firewall isolates an organization’s internal network from a larger external network, allowing some packets to pass, blocking others

Packet Filtering Firewalls All incoming and outgoing packets are examined according to some parameters (such as source/destinations IP address and/or port number)

Application Layer Gateway/Firewalls An application gateway (proxy) is an application-specific server through which all application data (inbound and outbound) must pass.

IPsec: Network Layer Security Network-layer secrecy: Sending host encrypts the data in IP datagram. TCP and UDP segments; ICMP and SNMP messages. Network-layer authentication Destination host can authenticate source IP addresses. Two principle protocols: Authentication header (AH) protocol Encapsulation security payload (ESP) protocol For both AH and ESP protocols, the source and destination handshake: Create network-layer logical channel called a security association (SA).

Authentication Header (AH) Protocol Provides source authentication, data integrity, but not confidentiality. AH header inserted between IP header, data field. IP header data (e.g., TCP, UDP segment) AH header

Encapsulation Security Payload (ESP) Protocol Provides secrecy, host authentication, and data integrity. Packet data and the ESP trailer are encrypted. authenticated encrypted ESP header ESP trailer ESP authent. IP header TCP/UDP segment

Secure Sockets Layer (SSL) Transport layer security to any TCP-based application using SSL services. Used between Web browsers, servers for e-commerce (shttp). Security services: Server authentication. Data encryption. Client authentication (optional). Server authentication: SSL-enabled browser includes public keys for trusted CAs. Browser requests server certificate, issued by trusted CA. Browser uses CA’s public key to extract server’s public key from certificate.

SSL (Continued) Encrypted SSL session: Browser generates symmetric session key, encrypts it with server’s public key, sends encrypted key to server. Using private key, server decrypts session key. Only the browser and server know session key. All data sent into TCP socket (by client or server) encrypted with session key. SSL can be used for non-Web applications, e.g., IMAP. Client authentication can be done with client certificates which have also been issued by CAs. SSL serves as a basis for TLS protocol

VPN A virtual private network is an extension of an enterprise's private intranet across a public network such as the Internet, creating a secure private connection, through a private tunnel.

Kerberos an encryption-based security system that provides mutual authentication between the users and the servers in a network environment. Authorization can be implemented independently from the authentication a ticket-granting server (key distribution center) acts as a mutually trusted third party

Key Distribution Centers (KDCs) Alice, Bob need shared symmetric key. KDC: server shares different secret key with each registered user (many users). Alice, Bob know own their symmetric keys, KA-KDC and KB-KDC , for communicating with KDC. KDC KB-KDC KP-KDC KA-KDC KX-KDC KY-KDC KZ-KDC KA-KDC KB-KDC

Key Distribution Centers (KDCs) Q: How does KDC allow Bob, Alice to determine shared symmetric secret key to communicate with each other? KDC generates R1 KA-KDC(A,B) KA-KDC(R1, KB-KDC(A,R1) ) Alice knows R1 Bob knows to use R1 to communicate with Alice KB-KDC(A,R1) Alice and Bob communicate: using R1 as session key for shared symmetric encryption