31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
SECURITY SERVICES Network security can provide five services. Four of these services are related to the message exchanged using the network. The fifth service provides entity authentication or identification. Message Confidentiality Message Integrity Message Authentication Message Nonrepudiation Entity Authentication Topics discussed in this section:
31.3 Figure 31.1 Security services related to the message or entity
MESSAGE INTEGRITY Encryption and decryption provide secrecy, or confidentiality, but not integrity. However, on occasion we may not even need secrecy, but instead must have integrity. Document and Fingerprint Message and Message Digest Creating and Checking the Digest Hash Function Criteria Hash Algorithms: SHA-1 Topics discussed in this section:
31.5 To preserve the integrity of a document, both the document and the fingerprint are needed. Note
31.6 Figure 31.4 Message and message digest Notations: m: message H(m): message digest of m by using hash function H()
31.7 The message digest needs to be kept secret, or unalterable by others. Note
31.8 Figure 31.5 Checking integrity Notes: We need to make sure the digest cannot be altered by attacker
31.9 Figure 31.6 Criteria of a hash function One-wayness: Cannot recover message m given its digest H(m) Weak collision resistance: Given message m, cannot generate another message m’ such that H(m’)=H(m) ensure integrity Strong collision resistance: (a stronger requirement than above one) Sender cannot generate two messages m and m’ such that H(m)=H(m’) ensure nonrepudation
31.10 Can we use a conventional lossless compression method as a hashing function? Solution We cannot. A lossless compression method creates a compressed message that is reversible. You can uncompress the compressed message to get the original one. Example 31.1
31.11 Can we use a checksum method as a hashing function? Solution We cannot. A checksum function is not reversible; it meets the first criterion. However, it does not meet the other criteria. That is to say, an attacker can easily modify a message without being detected. Example 31.2
31.12 Figure 31.7 Message digest creation
31.13 SHA-1 hash algorithms create an N-bit message digest out of a message of 512-bit blocks. SHA-1 has a message digest of 160 bits. Another popular hash algorithm is MD5 (message digest algorithm 5). It is an older generation than SHA-1. Note
MESSAGE AUTHENTICATION A hash function per se cannot provide authentication. The digest created by a hash function can detect any modification in the message, but not authentication. MAC (message authentication code): can be used to ensure both integrity and authentication Topics discussed in this section:
31.15 Figure 31.9 MAC, created by Alice and checked by Bob Message itself is unencrypted
31.16 Figure HMAC (Hashed MAC): uses keyless hash function Reason: we can directly use mature keyless hash function such as SHA-1 or MD5 Why not stop here?
DIGITAL SIGNATURE When Alice sends a message to Bob, Bob needs to check the authenticity of the sender; he needs to be sure that the message comes from Alice and not Eve. Bob can ask Alice to sign the message electronically. In other words, an electronic signature can prove the authenticity of Alice as the sender of the message. We refer to this type of signature as a digital signature. Comparison Need for Keys Process Topics discussed in this section:
31.18 A digital signature needs a public-key system. Note Notations: m: message H(m): message digest of m by using hash function H() K A - :Private key of user A K A + :Public key of user A K AB : Symmetric key between A and B K(m): ciphertext of message m by using encryption key K
31.19 Figure Signing the message itself in digital signature Private K A - Public K A + Provide no confidentiality (message is not secret) Problem: Too expensive to sign message itself using public key system
For message confidentiality, we use the private and public keys of the receiver; In digital signature (integrity, authentication, nonrepudation), we use the private and public keys of the sender Note
31.21 Figure Signing the digest in a digital signature
31.22 Digital signature provides three out of the five services we mentioned for security systems Integrity Authentication Nonrepudiation
ENTITY AUTHENTICATION Entity authentication is a technique designed to let one party prove the identity of another party. An entity can be a person, a process, a client, or a server. The entity whose identity needs to be proved is called the claimant; the party that tries to prove the identity of the claimant is called the verifier. Passwords Challenge-Response Topics discussed in this section:
Entity Authentication: Kinds of Witnesses Something knownPassword PIN number Secret key Private key Something possessedPassport Driver’s license ID card Credit card Something inherentConventional signature Fingerprints Facial characteristics handwriting
In challenge-response authentication, the claimant proves that she knows a secret (such as a password) without revealing it in communication (prevent secret from leaking to eavesdropper) Note
31.26 Figure Challenge/response authentication using a nonce The challenge is a time-varying value sent by the verifier; the response is the result of a function applied on the challenge.
31.27 Figure Challenge-response authentication using a timestamp
31.28 Figure Challenge-response authentication using a keyed-hash function
31.29 Figure Authentication, asymmetric-key KA+KA+
31.30 Figure Authentication, using digital signature KA-KA-
KEY MANAGEMENT We never discussed how secret keys in symmetric-key cryptography and how public keys in asymmetric-key cryptography are distributed and maintained. In this section, we touch on these two issues. We first discuss the distribution of symmetric keys; we then discuss the distribution of asymmetric keys. Symmetric-Key Distribution Public-Key Distribution Topics discussed in this section:
31.32 Figure KDC (key distribution center)
31.33 A session symmetric key between two parties is used only once. Note
31.34 Figure Creating a session key between Alice and Bob using KDC
31.35 In public-key cryptography, everyone has access to everyone’s public key; public keys are available to the public. Note
31.36 Figure Announcing a public key Problem: How can you know what you get is really Bob’s public key?
Certification Authorities Certification authority (CA): binds public key to particular entity, E. E (person, router) registers its public key with CA. E provides “proof of identity” to CA. CA creates certificate binding E to its public key. certificate containing E’s public key digitally signed by CA – CA says “this is E’s public key” Bob’s public key K B + Bob’s identifying information digital signature (encrypt) CA private key K CA - K B + certificate for Bob’s public key, signed by CA - K CA (K ) B
Certification Authorities When Alice wants Bob’s public key: gets Bob’s certificate (Bob or elsewhere). apply CA’s public key to Bob’s certificate, get Bob’s public key Bob’s public key K B + digital signature (decrypt) CA public key K CA + K B + - K (K ) B
A certificate contains: Serial number (unique to issuer) info about certificate owner, including algorithm and key value itself (not shown) r info about certificate issuer r valid dates r digital signature by issuer 31.39
Internet Web Security Architecture Client A CA Web Server B K - CA (K + B ) K + B (K AB, R) K AB (R) K AB (m) K - CA (K + B ) Cert Request K+BK+B R (nonce) is used to prevent replay attack
Internet Web Security Conditions Clients’ web browsers have built-in CAs. CAs are trustable Web servers have certificates in CAs. Q: What if a server has no certificate? Example: SSH servers 31.41