Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Security Chapter 8

Published byTamsin Parsons Modified over 6 years ago

Similar presentations

Presentation on theme: "Network Security Chapter 8"— Presentation transcript:

1 Network Security Chapter 8
Network security can be divided roughly into 4 closely intertwined areas: secrecy (confidentiality), authentication, Non-repudiation, integrity control. Question: what does non-repudiation mean? What does “integrity” mean? Cryptography Symmetric-Key Algorithms Public-Key Algorithms Digital Signatures Management of Public Keys Communication Security Authentication Protocols Security -- skip Web Security Social Issues -- skip Gray units can be optionally omitted without causing later gaps Revised: August 2011 CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011

2 Network Security Security addresses a variety of threats and defenses across all layers Physical Link Network Transport Application Authentication, Authorization, and non-repudiation End-to-end encryption Firewalls, IP Security Packets can be encrypted on data link layer basis Wireless transmissions can be encrypted CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011

3 Network Security (1) Some different adversaries and security threats
Different threats require different defenses CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011

4 Cryptography Cryptography – Term comes from 2 Greek words meaning “Secret Writing” Vocabulary: Cipher – character-for-character or bit-by-bit transformation Code – replaces one word with another word or symbol Cryptography is a fundamental building block for security mechanisms. Introduction » Substitution ciphers » Transposition ciphers » One-time pads » Fundamental cryptographic principles » CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011

5 Introduction The encryption model (for a symmetric-key cipher)
Most popular computer-based encryption alternatives: Symmetric key – same key used to both encrypt and decrypt; popular for securing data communications protocols. Public key – different keys used to encrypt than to decrypt (public key, private key); popular for encrypting keys (and some data) The encryption model (for a symmetric-key cipher) Kerckhoff’s principle: Algorithms (E, D) are public; only the keys (K) are secret Kerckhoff’s principal: algorithms are public, keys are private Trudy Alice Bob Note: Names indicate roles. CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011

6 Substitution Ciphers Substitution ciphers replace each group of letters in the message with another group of letters to disguise it Simple single-letter substitution cipher CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011

7 Transposition Ciphers
Transposition ciphers reorder letters but does not disguise them Key gives column order, starting with the lowest letter Column 5 (G) 6 (K) 7 (M) 8 (U) Simple column transposition cipher CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011

8 One-Time Pads (1) Simple scheme for perfect secrecy:
XOR message with secret pad to encrypt, decrypt Pad is as long as the message and can’t be reused! It is a “one-time” pad to guarantee secrecy Different secret pad decrypts to the wrong plaintext As long as the pads are never re-used or revealed, this approach is unbreakable. CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011

9 One-Time Pads (2) – Quantum Cryptography
Approach using lasers and photonic filters leveraging quantum mechanics (qubit polarization). See pages in textbook. Approach cannot be eavesdropped upon; detects man-in-the-middle Alice sending Bob a one-time pad with quantum crypto. Bob’s guesses yield bits; Trudy misses some Bob can detect Trudy since error rate increases CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011

10 Fundamental Cryptographic Principles
Messages must contain some redundancy redundancy = info not needed to understand the message so that active intruders cannot send random junk and have it be interpreted as a valid msg All encrypted messages decrypt to something Redundancy lets receiver recognize a valid message But redundancy helps attackers break the design Some method is needed to foil replay attacks Without a way to check if messages are fresh then old messages can be copied and resent For example, add a date stamp to messages CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011

11 Symmetric-Key Algorithms
Symmetric key – the same Secret key is used to both encrypt and decrypt the message. Popular for communication protocols because encryption/decryption can be done rapidly and easily adaptable to hardware automation. Encryption in which the parties share a secret key Approaches using block ciphers – takes a n-bit block of plaintext as an input and transforms it using the key into an n-bit block of cipher text (and vice versa). DES – Data Encryption Standard » AES – Advanced Encryption Standard » Cipher modes » Other ciphers » Cryptanalysis » Question: What happens if the secret key becomes revealed? CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011

12 Symmetric-Key Algorithms (1)
Use the same secret key to encrypt and decrypt; block ciphers operate on a block at a time Same number of bits in as bits out Product cipher combines transpositions/substitutions Basic elements of product ciphers (Pages ) Permutation (transposition) box Substitution box Product with multiple P- and S-boxes Question: Who can explain what is happening in the Substitution Box? CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011

13 Data Encryption Standard (1)
DES encryption was widely used (but no longer secure) Developed by IBM in 1977 Plaintext encrypted in blocks of 64-bits; 56-bit key; 19 stages of computation DES steps A single iteration Contains transpositions & substitutions CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011

14 Data Encryption Standard (2)
3DES was introduced in 1979, popular through the 1990s. Uses 2 DES keys for encryption and 3 iterations (stages) of DES, using key 1 for 1st and 3rd iteration and key 2 for 2nd iteration. Triple encryption (“3DES”) with two 56-bit keys Gives a (formerly) adequate key strength of 112 bits Instructor addition: 3DES not currently considered “adequate” today for most uses Setting K1 = K2 allows for compatibility with DES Triple DES decryption Triple DES encryption Question: Why is the length of the encryption key important? CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011

15 Key Length and Encryption Strength The strength of encryption is related to the difficulty of discovering the key, which in turn depends on both the cipher used and the length of the key. For example, the difficulty of discovering the key for the RSA cipher most commonly used for public-key encryption depends on the difficulty of factoring large numbers, a well-known mathematical problem. Encryption strength is often described in terms of the size of the keys used to perform the encryption: in general, longer keys provide stronger encryption. Key length is measured in bits. For example, 128-bit keys for use with the RC4 symmetric-key cipher supported by SSL provide significantly better cryptographic protection than 40-bit keys for use with the same cipher. Roughly speaking, 128-bit RC4 encryption is 3 x 1026 times stronger than 40- bit RC4 encryption. Different ciphers may require different key lengths to achieve the same level of encryption strength. The RSA cipher used for public-key encryption, for example, can use only a subset of all possible values for a key of a given length, due to the nature of the mathematical problem on which it is based. Other ciphers, such as those used for symmetric key encryption, can use all possible values for a key of a given length, rather than a subset of those values. Thus a 128-bit key for use with a symmetric-key encryption cipher would provide stronger encryption than a 128-bit key for use with the RSA public- key encryption cipher. This difference explains why the RSA public-key encryption cipher must use a 512-bit key (or longer) to be considered cryptographically strong, whereas symmetric key ciphers can achieve approximately the same level of strength with a 64-bit key. Even this level of strength may be vulnerable to attacks in the near future. CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011

16 Advanced Encryption Standard (1)
AES replaces 3DES. Introduced in 2001 by US Government (NIST). Supports block size of 128-bits and encryption key lengths of 128, 192, or 256 bits. AES is the successor to 3DES: Symmetric block cipher, key lengths up to 256 bits Openly designed by public competition ( ) Available for use by everyone Built as software (e.g., C) or hardware (e.g., x86) Winner was Rijndael cipher Now a widely used standard CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011

17 Advanced Encryption Standard (2)
AES uses 10 rounds for 128-bit block and 128-bit key Each round uses a key derived from 128-bit key Each round has a mix of substitutions and rotations All steps are reversible to allow for decryption Round keys are derived from 128-bit secret key CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011

18 Leslie gets a large bonus!
Cipher Modes (1) Cipher Modes prevent the same msg from being encrypted to the same bits every time. Question: Why is such variance desirable? Cipher modes set how long messages are encrypted Instructor addition: 5 cipher modes for symmetric-key encryption Each has strengths/weaknesses and preferential deployment usages Encrypting each block independently, called ECB (Electronic Code Book) mode, is vulnerable to shifts Code book == maps each plaintext word to its ciphertext With ECB mode, switching encrypted blocks gives a different but valid message Leslie gets a large bonus! CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011

19 Cipher Modes (2) 2) CBC (Cipher Block Chaining) is a widely used mode
CBC protects against code books (i.e., same plaintext block will not result in the same ciphertext block); computed using a 64-bit block 2) CBC (Cipher Block Chaining) is a widely used mode Chains blocks together with XOR to prevent shifts Has a random IV (Initial Value) for different output Because of the IV, repeated encryptions of the same message will produce different ciphertext. CBC mode encryption CBC mode decryption CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011

20 Cipher Modes (3) Cipher feedback mode enables a byte-by-byte encryption (no larger blocks) 3) cipher feedback mode is similar to CBC mode but can operate a byte (rather than a whole 8 byte block) at a time Encryption Decryption CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011

21 Cipher Modes (4) 4) A stream cipher uses the key and IV to generate a stream that is a one-time pad; can’t reuse (key, IV) pair Doesn’t amplify transmission errors like CBC mode Encryption Decryption Keystream is a sequence of output blocks that acts like a one-time pad. CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011

22 Encryption above; repeat the operation to decrypt
Cipher Modes (5) Counter mode is often used for encrypting accessible stored data such as databases 5) Counter mode (encrypt a counter and XOR it with each message block) allows random access for decryption Encryption above; repeat the operation to decrypt CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011

23 Other Ciphers Some common symmetric-key cryptographic algorithms
Can be used in combination, e.g., AES over Twofish CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011

24 Public-Key Algorithms
Addresses the key distribution problem. Uses two keys that are related by an algorithm (e.g., factoring prime numbers, elliptic curve computation): one key (D) the end user keeps private to encrypt or decrypt other key (E) is public (e.g., can be distributed to others). D(E(P)) = P = E(D(P)) where difficult to deduce D from E and E cannot be broken by a plaintext attack. Secret key algorithms are 1000 times faster than public key algorithms. Therefore, public key is used for data (e.g., key sharing) while secret key is used for communications protocols. Encryption in which each party publishes a public part of their key and keep secret a private part of it RSA (by Rivest, Shamir, Adleman) » CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011

25 Public-Key Algorithms (1)
Downsides of keys for symmetric-key designs: Key must be secret, yet must be distributed to both parties For N users there are N2 pairwise keys to manage Public key schemes split the key into public and private parts that are mathematically related: Private part is not distributed; easy to keep secret Only one public key per user needs to be managed Security depends on the chosen mathematical property Much slower than symmetric-key, e.g., 1000X So use it to set up per-session symmetric keys CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011

26 RSA (1) Widely used practical deployment of public key cryptography since Based on principles from number theory concerning difficulty of factoring large numbers (e.g., a 500 digit number). RSA is too slow for encrypting large volumes of data but is widely used for key distribution. RSA is a widely used public-key encryption method whose security is based on the difficulty of factoring large numbers Key generation: Choose two large primes, p and q Compute n = p × q and z = ( p − 1) × (q − 1). Choose d to be relatively prime to z Find e such that e × d = 1 mod z Public key is (e, n), and private key is (d, n) Encryption (of k bit message, for numbers up to n): Cipher = Plaine (mod n) Decryption: Plain = Cipherd (mod n) CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011

27 RSA (2) – detail (skip) Small-scale example of RSA encryption (book pages 795-6) For p=3, q=11  n=33, z=20  d=7, e=3 Encryption: C = P3 mod 33 Decryption: P = C7 mod 33 Trivial example – far too small a number for real life CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011

28 Digital Signatures Lets receiver verify the message is authentic. Requirements: The receiver can verify the claimed identity of the sender The sender cannot later repudiate the contents of the message The receiver cannot possibly have concocted the message himself. Symmetric-Key signatures » Public-Key signatures » Message digests » The birthday attack » CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011

29 Digital Signatures (1) Requirements for a signature:
Receiver can verify claimed identity of sender. Sender cannot later repudiate contents of message. Receiver cannot have concocted message himself. CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011

30 Symmetric-key Signatures
This approach is used for IPsec’s HMAC (see pg 816-7). Requires the existance of a very trustworthy “Big Brother” to arbitrate disputes. Alice and Bob each trust and share a key with Big Brother (BB); Big Brother doesn’t trust anyone A=Alice ID, B=Bob ID, P=message, RA=random #, t=time (Note: random # and time protects against replay attacks) RA and time protect against replays. Time lets very old messages be detected. For recent messages, RA can be checked to see if it has been used before. Only Alice can send this encrypted message to BB Only BB can send this encrypted message to Bob Since only KA can send 1st msg, 2nd msg signed by BB proves Alice sent P to Bob CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011

31 Public-Key Signatures
No Big Brother needed and assumes encryption and decryption are inverses that can be applied in either order But relies on private key kept and secret RSA & DSS (Digital Signature Standard) widely used CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011

32 Instructor Addition: DSS
Digital Signature Standard (DSS) – FIPS 186-1 Uses the Secure Hash Algorithm (SHA-1 = FIPS 180) SHA-1 computes a fixed length message digest (= cryptographic hash) from a variable length input message. Digital signatures provide authentication and integrity Digital signatures: SHA-1 hash of a message Encrypted with a Private Key CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011

33 Question: Have we seen SHA-1 before?
Message Digests (1) Message Digest (MD) converts arbitrary-size message (P) into a fixed-size identifier MD(P) with properties: Given P, easy to compute MD(P). Given MD(P), effectively impossible to find P. Given P no one can find P′ so that MD(P′) = MD(P). Changing 1 bit of P produces very different MD. Message digests (also called cryptographic hash) can “stand for” messages in protocols, e.g., authentication Example: SHA bit hash, widely used Example: MD5 128-bit hash – now known broken Some popular protocols still use MD5 Question: Have we seen SHA-1 before? CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011

34 Message Digests (2) Public-key signature for message authenticity and integrity but not confidentiality with a message digest Message sent in the clear Alice signs message digest Question: What does “not confidentiality” mean? CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011

35 Message Digests (3) In more detail: example of using SHA-1 message digest and RSA public key for signing non-secret messages CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011

36 Five 32-bit hashes output
Message Digests (4) SHA-1 digests the message 512 bits at a time to build a 160-bit hash as five 32-bit components SHA-1 Message in 512-bit blocks Five 32-bit hashes output CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011

37 Birthday Attack How hard is it to find a message P′ that has the same message digest as P? Such a collision will allow P′ to be substituted for P, thereby enabling a forgery of P’ to pass as the P original. Analysis: N bit hash has 2N possible values Expect to test 2N messages given P to find P′ But expect only 2N/2 messages to find a collision This is the birthday attack Take away: SHA-1 produces a 160 bit digest so, according to the birthday attack, it would take 280 digests to find a collision. However, even if a computer could do 1T digests/sec (not likely), it would take over 32,000 years to compute 280 digests to discover P’. CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011

38 Management of Public Keys
Public-key cryptography makes it possible for people who do not share a common key in advance to nevertheless communicate securely. It enables trusted signing of messages without requiring a trusted third party. Signed message digests make it possible for the recipient to easily verify the integrity of the received messages. The missing link to enable this is: how do they get each other’s public keys to start the communication process? We therefore need a trusted way to distribute public keys Certificates » X.509, the certificate standard » Public Key infrastructures » CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011

39 Management of Public Keys (1)
Problem to be overcome: Trudy can subvert encryption if she can fake Bob’s public key; Alice and Bob will not necessarily know Trudy replaces EB with ET and acts as a “man in the middle” Question: Who can explain what a “man in the middle attack” is? CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011

40 A possible certificate
Certificates An organization that certifies public keys is called a certification authority (CA). The fundamental job of a certificate is to bind a public key to the name of a principal (individual, company, etc.). Certificates themselves are not secret or protected but they are signed by the CA. CA (Certification Authority) issues signed statements about public keys; users trust CA and it can be offline A possible certificate Question: Since the integrity of a certificate is verified by the CA’s signature, what will happen if the CA’s private key becomes revealed? CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011

41 Basic fields in X.509 certificates
X.509 is the standard for PKI (next slide) to manage digital certificates and public key encryption. Specifies 1) formats for public key certificates, 2) Certificate Revocation Lists (CRLs), 3) attribute certificates, and 4) certificate path validation algorithm. X.509 is the standard for widely used certificates Ex: used with SSL for secure Web browsing Basic fields in X.509 certificates CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011

42 Public Key Infrastructures (PKIs)
PKI is a world-wide system for managing public keys using CAs Scales with hierarchy, may have multiple roots Also need CRLs (Certificate Revocation Lists) Trust anchor Chain of certificates for CA 5 Hierarchical PKI RA = Regional Authority CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011

43 Communication Security
Applications of security to network protocols IPsec (IP security) » Firewalls » Virtual private networks » Wireless security » CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011

44 IPsec (1) IPsec adds confidentiality and authentication to IP
Secret keys are set up for packets between endpoints called security associations Adds AH header; inserted after IP in transport mode Identifies security association AH (Authentication Header) provides integrity and anti-replay CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011

45 Whole IP packet is wrapped
IPsec (2) ESP (Encapsulating Security Payload) provides secrecy and integrity; expands on AH Adds ESP header and trailer; inserted after IP header in transport or before in tunnel mode Transport mode Tunnel mode Whole IP packet is wrapped CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011

46 Firewalls A firewall protect an internal network by filtering packets
Can have stateful rules about what packets to pass E.g., no incoming packets to port 80 (Web) or 25 (SMTP) DMZ helps to separate internal from external traffic E.g., run Web and servers there DMZ (DeMilitarized Zone) CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011

47 Virtual Private Networks (1)
VPNs (Virtual Private Networks) join disconnected islands of a logical network into a single virtual network Islands are joined by tunnels over the Internet Tunnel VPN joining London, Paris, Home, and Travel CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011

48 Virtual Private Networks (2)
VPN traffic travels over the Internet but VPN hosts are separated from the Internet Need a gateway to send traffic in/out of VPN Topology as seen from inside the VPN CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011

49 Wireless Security (1) Wireless signals are broadcast to all nearby receivers Important to use encryption to secure the network This is an issue for , Bluetooth, 3G, … Common design: Clients have a password set up for access Clients authenticate to infrastructure and set up a session key Session key is then used to encrypt packets CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011

50 Wireless Security (2) 802.11i session key setup handshake (step 2)
Client and AP share a master key (password) MIC (Message Integrity Check) is like a signature KX(M) means a message M encrypted with key KX CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011

51 Authentication Protocols
Authentication verifies the identity of a remote party Shared Secret Key » Diffie-Hellman Key Exchange » Key Distribution Center » Kerberos » Public-Key Cryptography » CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011

52 Shared Secret Key (1) Authenticating with a challenge-response (first attempt) Alice (A) and Bob (B) share a key KAB RX is random, KX (M) is M encrypted with key KX Challenge Response Bob knows it’s Alice Alice knows it’s Bob CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011

53 Shared Secret Key (2) A shortened two-way authentication (second attempt) But it is vulnerable to reflection attack CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011

54 Bob thinks he is talking to Alice now
Shared Secret Key (3) Trudy impersonates Alice to Bob with reflection attack Second session gets Bob to give Trudy the response Bob thinks he is talking to Alice now CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011

55 Shared Secret Key (4) First attempt is also vulnerable to reflection attack! Trudy impersonates Bob to Alice after Alice initiates Alice thinks she is talking to Bob Alice thinks she is talking to Bob again CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011

56 Shared Secret Key (5) Moral: Designing a correct authentication protocol is harder than it looks; errors are often subtle. General design rules for authentication: Have initiator prove who she is before responder Initiator, responder use different keys Draw challenges from different sets Make protocol resistant to attacks involving second parallel session CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011

57 Shared Secret Key (6) An authentication protocol that is not vulnerable HMAC (Hashed Message Authentication Code) is an authenticator, like a signature Alice knows it’s Bob Bob knows it’s Alice CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011

58 Diffie-Hellman Key Exchange (1)
Lets two parties establish a shared secret Eavesdropper can’t compute secret gxy mod n without knowing x or y Shared secret Shared secret CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011

59 Diffie-Hellman Key Exchange (2)
But it is vulnerable to a man-in-the-middle attack Need to confirm identities, not just share a secret gxz mod n gxz mod n gzy mod n gzy mod n CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011

60 KDC – Key Distribution Center (1)
Trusted KDC removes need for many shared secrets Alice and Bob share a secret only with KDC (KA, KB) End up with KS, a shared secret session key First attempt below is vulnerable to replay attack in which Trudy captures and later replays messages Trudy can send this later to impersonate Alice to Bob Alice has session key KS Bob has session key KS CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011

61 Key Distribution Center (2)
The Needham-Schroeder authentication protocol Not vulnerable to replays; doesn’t use timestamps Alice knows it’s Bob Bob knows it’s Alice CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011

62 Key Distribution Center (3)
The Otway-Rees authentication protocol (simplified) Slightly stronger than previous; Trudy can’t replay even if she obtains previous secret KS CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011

63 Alice asks for a secret shared with Bob
Kerberos Kerberos V5 is a widely used protocol (e.g., Windows) Authentication includes TGS (Ticket Granting Server) Ticket Gets session key KS Alice asks for a secret shared with Bob Ticket Gets shared key KAB The timestamps, t, are used to weed out very old messages Knows it’s Alice Bob gets key KAB Knows it’s Bob CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011

64 Public-Key Cryptography
Mutual authentication using public-key cryptography Alice and Bob get each other’s public keys (EA, EB) from a trusted directory; shared KS is the result CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011

65 Web Security Applications of security to the Web Secure naming »
SSL—Secure Sockets Layer » Many other issues with downloaded code CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011

66 Trudy sends spoofed reply
Secure Naming (1) DNS names are included as part of URLs – so spoofing DNS resolution causes Alice contact Trudy not Bob Trudy sends spoofed reply CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011

67 DNS cache at Alice’s ISP
Secure Naming (2) How Trudy spoofs the DNS for bob.com in more detail To counter, DNS servers randomize seq. numbers DNS cache at Alice’s ISP CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011

68 Secure Naming (3) DNSsec (DNS security) adds strong authenticity to DNS Responses are signed with public keys Public keys are included; client starts with top-level Also optional anti-spoofing to tie request/response Now being deployed in the Internet Bob’s public key can be used in the future to check the authenticity of responses for machines within bob.com. Resource Record set for bob.com. Has Bob’s public key (KEY), and is signed by .com server (SIG) CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011

69 SSL—Secure Sockets Layer (1)
SSL provides an authenticated, secret connection between two sockets; uses public keys with X.509 TLS (Transport Layer Security) is the IETF version SSL runs on top of TCP and below the application HTTPS means HTTP over SSL SSL in the protocol stack CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011

70 SSL—Secure Sockets Layer (2)
Phases in SSL V3 connection establishment (simplified) Only the client (Alice) authenticates the server (Bob) Session key computed on both sides (EB, RA, RB) CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011

71 SSL—Secure Sockets Layer (3)
Data transmission using SSL. Authentication and encryption for a connection use the session key. CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011

72 End Chapter 8 CN5E by Tanenbaum & Wetherall, © Pearson Education-Prentice Hall and D. Wetherall, 2011

Download ppt "Network Security Chapter 8"

Similar presentations

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
EEC-484/584 Computer Networks Lecture 16 Wenbing Zhao

EEC-484/584 Computer Networks Lecture 16 Wenbing Zhao
EEC-484/584 Computer Networks Lecture 16 Wenbing Zhao

EEC-484/584 Computer Networks Lecture 16 Wenbing Zhao
EECC694 - Shaaban #1 lec #16 Spring2000 5-4-2000 Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.

EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.
Cryptography April 20, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption
Chapter 8 Network Security 4/17/2017 www.noteshit.com.

Chapter 8 Network Security 4/17/2017
Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.

Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.
Computer Networks, Fifth Edition by Andrew Tanenbaum and David Wetherall, © Pearson Education-Prentice Hall, 2011 Network Security Chapter 8.

Computer Networks, Fifth Edition by Andrew Tanenbaum and David Wetherall, © Pearson Education-Prentice Hall, 2011 Network Security Chapter 8.
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.

Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.
Network Security Chapter 8 8.3 - 8.6. Computer Networks, Fifth Edition by Andrew Tanenbaum and David Wetherall, © Pearson Education-Prentice Hall, 2011.

Network Security Chapter Computer Networks, Fifth Edition by Andrew Tanenbaum and David Wetherall, © Pearson Education-Prentice Hall, 2011.
Network Security Chapter 8

Network Security Chapter 8
Computer Networks NYUS FCSIT Spring 2008 Milos STOLIC, Bs.C. Teaching Assistant

Computer Networks NYUS FCSIT Spring 2008 Milos STOLIC, Bs.C. Teaching Assistant
Network Security. An Introduction to Cryptography The encryption model (for a symmetric-key cipher).

Network Security. An Introduction to Cryptography The encryption model (for a symmetric-key cipher).
Chi-Cheng Lin, Winona State University CS 313 Introduction to Computer Networking & Telecommunication Network Security (A Very Brief Introduction)

Chi-Cheng Lin, Winona State University CS 313 Introduction to Computer Networking & Telecommunication Network Security (A Very Brief Introduction)
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.

SYSTEM ADMINISTRATION Chapter 13 Security Protocols.

Similar presentations

Ads by Google