William Stallings Data and Computer Communications Chapter 18 Network Security

Security Requirements zConfidentiality zIntegrity zAvailability

Passive Attacks zEavesdropping on transmissions zTo obtain information zRelease of message contents yOutsider learns content of transmission zTraffic analysis yBy monitoring frequency and length of messages, even encrypted, nature of communication may be guessed zDifficult to detect zCan be prevented

Active Attacks zMasquerade yPretending to be a different entity zReplay zModification of messages zDenial of service zEasy to detect yDetection may lead to deterrent zHard to prevent

Security Threats

Conventional Encryption

Ingredients zPlain text zEncryption algorithm zSecret key zCipher text zDecryption algorithm

Requirements for Security zStrong encryption algorithm yEven if known, should not be able to decrypt or work out key yEven if a number of cipher texts are available together with plain texts of them zSender and receiver must obtain secret key securely zOnce key is known, all communication using this key is readable

Attacking Encryption zCrypt analysis yRelay on nature of algorithm plus some knowledge of general characteristics of plain text yAttempt to deduce plain text or key zBrute force yTry every possible key until plain text is achieved

Algorithms zBlock cipher yProcess plain text in fixed block sizes producing block of cipher text of equal size yData encryption standard (DES) yTriple DES (TDES)

Data Encryption Standard zUS standard z64 bit plain text blocks z56 bit key

DES Encryption Algorithm

DES Single Iteration

Strength of DES zDeclared insecure in 1998 zElectronic Frontier Foundation zDES Cracker machine zDES now worthless zAlternatives include TDEA

Triple DEA zANSI X9.17 (1985) zIncorporated in DEA standard 1999 zUses 3 keys and 3 executions of DEA algorithm zEffective key length 168 bit

Location of Encryption Devices

Link Encryption zEach communication link equipped at both ends zAll traffic secure zHigh level of security zRequires lots of encryption devices zMessage must be decrypted at each switch to read address (virtual circuit number) zSecurity vulnerable at switches yParticularly on public switched network

End to End Encryption zEncryption done at ends of system zData in encrypted form crosses network unaltered zDestination shares key with source to decrypt zHost can only encrypt user data yOtherwise switching nodes could not read header or route packet zTraffic pattern not secure zUse both link and end to end

Key Distribution zKey selected by A and delivered to B zThird party selects key and delivers to A and B zUse old key to encrypt and transmit new key from A to B zUse old key to transmit new key from third party to A and B

Automatic Key Distribution (diag)

Automatic Key Distribution zSession Key yUsed for duration of one logical connection yDestroyed at end of session yUsed for user data zPermanent key yUsed for distribution of keys zKey distribution center yDetermines which systems may communicate yProvides one session key for that connection zFront end processor yPerforms end to end encryption yObtains keys for host

Traffic Padding zProduce cipher text continuously zIf no plain text to encode, send random data zMake traffic analysis impossible

Message Authentication zProtection against active attacks yFalsification of data yEavesdropping zMessage is authentic if it is genuine and comes from the alleged source zAuthentication allows receiver to verify that message is authentic yMessage has not altered yMessage is from authentic source yMessage timeline

Authentication Using Encryption zAssumes sender and receiver are only entities that know key zMessage includes: yerror detection code ysequence number ytime stamp

Authentication Without Encryption zAuthentication tag generated and appended to each message zMessage not encrypted zUseful for: yMessages broadcast to multiple destinations xHave one destination responsible for authentication yOne side heavily loaded xEncryption adds to workload xCan authenticate random messages yPrograms authenticated without encryption can be executed without decoding

Message Authentication Code zGenerate authentication code based on shared key and message zCommon key shared between A and B zIf only sender and receiver know key and code matches: yReceiver assured message has not altered yReceiver assured message is from alleged sender yIf message has sequence number, receiver assured of proper sequence

Message Authentication Using Message Authentication Code

One Way Hash Function zAccepts variable size message and produces fixed size tag (message digest) zAdvantages of authentication without encryption yEncryption is slow yEncryption hardware expensive yEncryption hardware optimized to large data yAlgorithms covered by patents yAlgorithms subject to export controls (from USA)

Using One Way Hash

Secure Hash Functions zHash function must have following properties: yCan be applied to any size data block yProduce fixed length output yEasy to compute yNot feasible to reverse yNot feasible to find two message that give the same hash

SHA-1 zSecure Hash Algorithm 1 zInput message less than 2 64 bits yProcessed in 512 bit blocks zOutput 160 bit digest

Public Key Encryption zBased on mathematical algorithms zAsymmetric yUse two separate keys zIngredients yPlain text yEncryption algorithm yPublic and private key yCipher text yDecryption algorithm

Public Key Encryption (diag)

Public Key Encryption - Operation zOne key made public yUsed for encryption zOther kept private yUsed for decryption zInfeasible to determine decryption key given encryption key and algorithm zEither key can be used for encryption, the other for decryption

Steps zUser generates pair of keys zUser places one key in public domain zTo send a message to user, encrypt using public key zUser decrypts using private key

Digital Signature zSender encrypts message with their private key zReceiver can decrypt using sneders public key zThis authenticates sender, who is only person who has the matching key zDoes not give privacy of data yDecrypt key is public

RSA Algorithm

RSA Example

IPv4 and IPv6 Security zIPSec zSecure branch office connectivity over Internet zSecure remote access over Internet zExtranet and intranet connectivity zEnhanced electronic commerce security

IPSec Scope zAuthentication header zEncapsulated security payload zKey exchange zRFC 2401,2402,2406,2408

Security Association zOne way relationship between sender and receiver zFor two way, two associations are required zThree SA identification parameters ySecurity parameter index yIP destination address ySecurity protocol identifier

SA Parameters zSequence number counter zSequence counter overflow zAnti-reply windows zAH information zESP information zLifetime of this association zIPSec protocol mode yTunnel, transport or wildcard zPath MTU

Transport and Tunnel Modes zTransport mode yProtection for upper layer protocols yExtends to payload of IP packet yEnd to end between hosts zTunnel mode yProtection for IP packet yEntire packet treated as payload for outer IP “packet” yNo routers examine inner packet yMay have different source and destination address yMay be implemented at firewall

Authentication Header

Encapsulating Security Payload zESP zConfidentiality services

ESP Packet

Scope of ESP

Key Management zManual zAutomatic yISAKMP/Oakley xOakley key determination protocol xInternet security association and key management protocol

Required Reading zStallings chapter 18