Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Security and It’s Issues

Published bySteven Davidson Modified over 8 years ago

Similar presentations

Presentation on theme: "Network Security and It’s Issues"— Presentation transcript:

1 Network Security and It’s Issues
Advisor Tzonelih Hwang Presenter Prosanta Gope Quantum Information and Network Security Lab, NCKU,2015

2 Outline Network Security Basics.
Understating the Purpose of Mutual Authentication Symmetric Key based Mutual Authentication. Public Key based Mutual Authentication. Understating Secure Socket Layer (SSL)

3 Network Security Basics

4 Network Security Services
Confidentiality Integrity Authentication Nonrepudiation Access Control Availability

5 Network Security Services
Confidentiality Maintaining the privacy of data Integrity Detecting that the data is not tampered with Authentication Establishing proof of identity Nonrepudiation Ability to prove that the sender actually sent the data Access Control Access to information resources are regulated Availability Computer assets are available to authorized parties when needed SERVICES Confidentiality Integrity Authentication Ensures that the origin of a message is correctly identified, with an assurance that the identity is not false Nonrepudiation Neither the sender nor the receiver of a message is able to deny the transmission Access Control Availability

6 Something Well-known in Network Security World

7 Friends and enemies: Alice, Bob, Trudy
Bob, Alice (lovers!) want to communicate “securely” Trudy (intruder) may intercept, delete, add messages Alice Bob channel data, control messages secure sender secure receiver data data Trudy

8 Protocol Human protocols  the rules followed in human interactions
Example: Asking a question in class Networking protocols  rules followed in networked communication systems Examples: HTTP, FTP, etc. Security protocol  the (communication) rules followed in a security application Examples: SSL, IPSec, Kerberos, etc.

9 Ideal Security Protocol
Must satisfy security requirements Requirements need to be precise Efficient Small computational requirement Small bandwidth usage, minimal delays… Robust Works even if environment changes Easy to use & implement, flexible… Difficult to satisfy all of these!

10 Secure Entry to NSA Insert badge into reader Enter PIN Correct PIN?
Yes? Enter No? Get shot by security guard

11 ATM Machine Protocol Insert ATM card Enter PIN Correct PIN?
Yes? Conduct your transaction(s) No? Machine (eventually) eats card

12 Authentication Protocols

13 Authentication Alice must prove her identity to Bob
Alice and Bob can be humans or computers May also require Bob to prove he’s Bob (mutual authentication) Probably need to establish a session key May have other requirements, such as Use public keys Use symmetric keys Use hash functions Anonymity, etc., etc.

14 Simple Authentication
“I’m Alice” Prove it My password is “frank” Alice Bob Simple and may be OK for standalone system But insecure for networked system Subject to a replay attack (next 2 slides) Also, Bob must know Alice’s password

15 Authentication Attack
“I’m Alice” Prove it My password is “frank” Alice Bob Trudy

16 Authentication Attack
“I’m Alice” Prove it My password is “frank” Trudy Bob This is an example of a replay attack How can we prevent a replay?

17 Simple Authentication
I’m Alice, my password is “frank” Alice Bob More efficient, but… … same problem as previous version

18 Better Authentication
“I’m Alice” Prove it h(Alice’s password) Alice Bob Better since it hides Alice’s password From both Bob and Trudy But still subject to replay

19 Challenge-Response To prevent replay, use challenge-response
Goal is to ensure “freshness” Suppose Bob wants to authenticate Alice Challenge sent from Bob to Alice Challenge is chosen so that… Replay is not possible Only Alice can provide the correct response Bob can verify the response

20 Nonce To ensure freshness, can employ a nonce What to use for nonces?
Nonce == number used once What to use for nonces? That is, what is the challenge? What should Alice do with the nonce? That is, how to compute the response? How can Bob verify the response? Should we rely on passwords or keys?

21 Challenge-Response Nonce is the challenge The hash is the response
“I’m Alice” Nonce h(Alice’s password, Nonce) Alice Bob Nonce is the challenge The hash is the response Nonce prevents replay, ensures freshness Password is something Alice knows Note: Bob must know Alice’s pwd to verify

22 Generic Challenge-Response
“I’m Alice” Nonce Something that could only be Alice from Alice (and Bob can verify) Bob In practice, how to achieve this? Hashed password works, but… Encryption is better here (Why?)

23 Symmetric Key Notation
Encrypt plaintext P with key K C = E(P,K) Decrypt ciphertext C with key K P = D(C,K) Here, we are concerned with attacks on protocols, not attacks on crypto So, we assume crypto algorithms are secure

24 Authentication: Symmetric Key
Alice and Bob share symmetric key K Key K known only to Alice and Bob Authenticate by proving knowledge of shared symmetric key How to accomplish this? Cannot reveal key, must not allow replay (or other) attack, must be verifiable, …

25 Authentication with Symmetric Key
“I’m Alice” R E(R,K) Bob, K Alice, K Secure method for Bob to authenticate Alice Alice does not authenticate Bob So, can we achieve mutual authentication?

26 Mutual Authentication?
“I’m Alice”, R E(R,K) E(R,K) Alice, K Bob, K What’s wrong with this picture? “Alice” could be Trudy (or anybody else)!

27 Mutual Authentication
Since we have a secure one-way authentication protocol… The obvious thing to do is to use the protocol twice Once for Bob to authenticate Alice Once for Alice to authenticate Bob This has got to work…

28 Mutual Authentication
“I’m Alice”, RA RB, E(RA, K) E(RB, K) Alice, K Bob, K This provides mutual authentication… …or does it? See the next slide

29 Mutual Authentication Attack
1. “I’m Alice”, RA 2. RB, E(RA, K) 5. E(RB, K) Bob, K Trudy 3. “I’m Alice”, RB 4. RC, E(RB, K) Trudy Bob, K

30 Let’s Resolve this Problem

31 Symmetric Key Mutual Authentication
“I’m Alice”, RA RB, E(“Bob”,RA,K) E(“Alice”,RB,K) Alice, K Bob, K Do these “insignificant” changes help? Yes!

32 Problem Statement In Symmetric Key based Authentication Protocol Alice and Bob need to have a Shared Secret Key, Where Distribution of Keys among the Participants is a tedious Job.

33 Welcome to the World of Public-Key Crypto-System

34 Public Keys and Trust Public Key: PB Public Key: PA Secret key: SB
Secret key: SA Public Key: PB Secret key: SB How are public keys stored? How to obtain the public key? How does Bob know or ‘trusts’ that PA is Alice’s public key?

35 Distribution of Public Keys
Public announcement: users distribute public keys to recipients or broadcast to community at large Publicly available directory: can obtain greater security by registering keys with a public directory Public Key Can Also Achieve Through CA Public key cryptography turns confidentiality problem into an integrity/authenticity problem.

36 Public Key Notation Encrypt M with Alice’s public key: {M}Alice
Sign M with Alice’s private key: [M]Alice Anybody can use Alice’s public key Only Alice can use her private key

37 Public Key Authentication
“I’m Alice” {R}Alice R Alice Bob Is this secure? Trudy can get Alice to decrypt anything!

38 Public Key Authentication
“I’m Alice” R [R]Alice Alice Bob Is this secure? Trudy can get Alice to sign anything!

39 Public Keys Generally, a bad idea to use the same key pair for encryption and signing Instead, should have… …one key pair for encryption/decryption… …and a different key pair for signing/verifying signatures

40 Session Key Usually, a session key is required
I.e., a symmetric key for a particular session Used for confidentiality and/or integrity How to authenticate and establish a session key (i.e., shared symmetric key)? When authentication completed, want Alice and Bob to share a session key Trudy cannot break the authentication… …and Trudy cannot determine the session key

41 Authentication & Session Key
“I’m Alice”, R {R,K}Alice {R +1,K}Bob Alice Bob Is this secure? Alice is authenticated and session key is secure Alice’s “nonce”, R, useless to authenticate Bob The key K is acting as Bob’s nonce to Alice No mutual authentication

42 Public Key Authentication and Session Key
“I’m Alice”, R [R,K]Bob [R +1,K]Alice Alice Bob Is this secure? Mutual authentication (good), but… … session key is not secret (very bad)

43 Public Key Authentication and Session Key
“I’m Alice”, R {[R,K]Bob}Alice {[R +1,K]Alice}Bob Bob Alice Is this secure? Seems to be OK Mutual authentication and session key!

44 Public Key Authentication and Session Key
“I’m Alice”, R [{R,K}Alice]Bob [{R +1,K}Bob]Alice Alice Bob Is this secure? Seems to be OK

45 Perfect Forward Secrecy
Consider this “issue”… Alice encrypts message with shared key K and sends ciphertext to Bob Trudy records ciphertext and later attacks Alice’s (or Bob’s) computer to recover K Then Trudy decrypts recorded messages Perfect forward secrecy (PFS): Trudy cannot later decrypt recorded ciphertext Even if Trudy gets key K or other secret(s) Is PFS possible?

46 Naïve Session Key Protocol
E(KS, K) E(messages, KS) Alice, K Bob, K Trudy could record E(KS, K) If Trudy later gets K then she can get KS Then Trudy can decrypt recorded messages

47 Then How to Achieve Perfect Forward Secrecy (PFS)

48 With the Help of Diffie-Hellman Key-Agreement Protocol

49 Key Agreement: Diffie-Hellman Protocol
Key agreement protocol, both A and B contribute to the key Setup: p prime and g generator of Zp*, p and g public. ga mod p gb mod p Secure against passive attacker. What if the attacker is active? Pick random, secret b Compute and send gb mod p Pick random, secret a Compute and send ga mod p K = (ga mod p)b = gab mod p K = (gb mod p)a = gab mod p

50 MIM in Diffie-Hellman ga mod n gc mod n gc mod n gb mod n Alice computes gac mod n and Bob computes gbc mod n !!!

51 Oh! No.. Can Anyone Help Me to Achieve PFS?

52 Perfect Forward Secrecy
E(ga mod p, K) E(gb mod p, K) Alice: K, a Bob: K, b Session key KS = gab mod p Alice forgets a, Bob forgets b So-called Ephemeral Daffier-Hellman Neither Alice nor Bob can later recover KS Are there other ways to achieve PFS?

53 Mutual Authentication, Session Key and PFS
“I’m Alice”, RA RB, [{RA, gb mod p}Alice]Bob [{RB, ga mod p}Bob]Alice Bob Alice Session key is SK = gab mod p Alice forgets a and Bob forgets b If Trudy later gets Bob’s and Alice’s secrets, she cannot recover session key SK

54 Secure communication

55 Understanding SSL Part 3  Protocols

56 Network Security Services
Authentication Privacy Integrity Authentication 古早密碼學 資安號 古典密碼學 Network Security Services

57 THANK YOU I have questions…

Download ppt "Network Security and It’s Issues"

Similar presentations

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Last Class: The Problem BobAlice Eve Private Message Eavesdropping.

Last Class: The Problem BobAlice Eve Private Message Eavesdropping.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
CMSC 414 Computer (and Network) Security Lecture 21 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 21 Jonathan Katz.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution of public keys –use of public-key.

Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution of public keys –use of public-key.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Chapter 30 Message Security, User Authentication, and Key Management.

McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Chapter 30 Message Security, User Authentication, and Key Management.
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
EEC 688/788 Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

EEC 688/788 Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
CMSC 414 Computer and Network Security Lecture 23 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 23 Jonathan Katz.
Topic 11: Key Distribution and Agreement 1 Information Security CS 526 Topic 11: Key Distribution & Agreement, Secure Communication.

Topic 11: Key Distribution and Agreement 1 Information Security CS 526 Topic 11: Key Distribution & Agreement, Secure Communication.
Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.

Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.
Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.

Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.
CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.
Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.

Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.

Similar presentations

Ads by Google