Download presentation
Presentation is loading. Please wait.
Published bySilvester Moore Modified over 5 years ago
1
Cryptography and Networks Advanced Network Security Peter Reiher August, 2014
2
Outline Using cryptography in networks IPSec SSL and TLS
3
Encryption and Network Security
Relies on the kinds of encryption algorithms and protocols discussed previously Can be applied at different places in the network stack With different effects and costs
4
Cryptographic Effects for Networks
What useful purposes does crypto serve in networks? What is necessary for it to achieve those purposes? When is that easy and when is it hard? And why?
5
Secrecy Encrypt the traffic before sending it across the network
If crypto strong and correct, attackers can’t deduce the message contents Strong – a crypto algorithm that is not easy to break Correct – proper implementation and use of crypto (keying, etc.)
6
Authentication Proper crypto can give assurances of who created messages Easiest using public key crypto But sometimes of value with symmetric crypto, as well
7
Integrity Encrypted data cannot be easily tampered with
Without totally corrupting the decrypted version Strong, correct encryption thus allows detection of message alteration Sort of bundled together with the secrecy property
8
What If I Only Care About Integrity?
Encryption is computationally expensive Generally based on how much data is encrypted Can I get integrity via crypto without paying full cost of encrypting packets? Yes, via digital signatures
9
Digital Signatures Essentially, encrypt a hash of the data
Rather than the full data Attach encrypted hash to the unencrypted packet Receiver undoes the crypto on the hash and checks its value If message altered, hash doesn’t match
10
Deliver the actual message plus the hash
A Simple Example An IP message Deliver the actual message plus the hash The IP header The payload Compute a hash of the message
11
Checking the Digital Signature
Compare the hash in the message to the newly computed hash Calculate the hash on the incoming message
12
Cryptographic Hashes Hashes used for digital signatures require some special properties Hard to find another text that hashes to the same value Hard to invert Changing one bit changes hash value Not all hash functions are suitable Suitable ones are called cryptographic hashes
13
Some Common Cryptographic Hashes
MD5 “Broken” in 2009, not good to use it SHA-1 Not fully broken, but some weaknesses found Soon, SHA-3 Designed to replace SHA-1
14
Some Details What do we hash? Just the payload? Entire packet?
Payload plus some header fields? Where? Where do we create and where do we check? Can’t attackers replace the original hash? With a proper hash of the altered data
15
What Do We Hash? Integrity protection is applied only to the parts of the packet we hash So if we only hash the payload, no protection for the headers However, some header fields change E.g., the packet TTL If we hash those, the hash won’t match
16
What Do We Want to Protect?
Depends on our integrity goals Are we using this mechanism to ensure correct headers? Or do we only care about the payload? Often, apps won’t examine headers anyway Digital signature typically provide some authentication, too
17
Where Do We Hash? At the packet’s creation point?
And checked at its destination? Or at some intermediate points? Note: IP checksumming will be done at each hop, regardless of digital signatures
18
Avoiding Hash Replacement
If attacker can intercept message, he can replace the hash Even if it’s a crypto hash, he can still calculate hash for another value And replace the right one Everyone knows the crypto hashing functions Solved with keyed hashes
19
Keyed Hash Functions Crypto hash functions aren’t keyed
Anyone knowing the function and the text can produce the hash Keyed hash functions also use a secret key Perhaps merely concatenated to the text before hashing Usually a bit more complicated
20
Message Authentication Codes
MACs Basically, keyed hash functions HMAC is most famous approach HMAC(K, m) = H((K opad) | H((K ipad) | m)) opad and ipad are constants Safer against certain attacks than just hashing concatenation of m and K
21
MACs and Keys Safe digital signatures require MACs
Which requires signer and signature checker use proper keys Which requires safe key distribution Generally a hard problem Typically no easier in the signature case
22
Where Do We Apply Encryption?
At some point we encrypt the data It then travels across all or part of the network To another point where we decrypt Protection given by crypto only applies to the instants when data is encrypted
23
Link Level Encryption Source Destination
ciphertext plaintext ciphertext plaintext ciphertext ciphertext plaintext ciphertext ciphertext plaintext ciphertext plaintext ciphertext Let’s say we want to send a message using encryption Different keys (maybe even different ciphers) used at each hop
24
When Do We Use Link Encryption?
When only one link is untrusted Or is much less trusted than the rest When endpoints can’t/won’t do the crypto Most common case is Wifi standards include options for link encryption
25
End-to-End Encryption
Source Destination plaintext ciphertext ciphertext ciphertext ciphertext plaintext ciphertext When would link encryption be better? Cryptography only at the end points Only the end points see the plaintext Normal way network cryptography done
26
When Do We Use End-to-End Encryption?
When we don’t trust any element of the intermediate network When we want crypto decisions to be under control of sender/receiver Might be unsure what intermediates will do Used to protect most sensitive traffic in the Internet
27
Where Are the Endpoints, Anyway?
If you do end-to-end encryption, where are the endpoints? The network layer end points? The transport layer end points? The application layer end points? Maybe not even end machine to end machine (e.g., VPNs)? Has serious implications for where you do cryptography And keying and trust issues
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.