Presentation is loading. Please wait.

Presentation is loading. Please wait.

7: Network Security1 Chapter 7: Network security Foundations: r what is security? r cryptography r authentication r message integrity Security in practice:

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "7: Network Security1 Chapter 7: Network security Foundations: r what is security? r cryptography r authentication r message integrity Security in practice:"— Presentation transcript:

1 7: Network Security1 Chapter 7: Network security Foundations: r what is security? r cryptography r authentication r message integrity Security in practice: r application layer: secure e-mail r transport layer: Internet commerce, SSL,

2 7: Network Security2 Friends and enemies: Alice, Bob, Trudy r well-known in network security world r Bob, Alice want to communicate “securely” r Trudy, the “intruder” may intercept, delete, add messages Figure 7.1 goes here

3 7: Network Security3 What is network security? Secrecy: only sender, intended receiver should “understand” msg contents m sender encrypts msg m receiver decrypts msg Authentication: sender, receiver want to confirm identity of each other Message Integrity: sender, receiver want to ensure message not altered (in transit, or afterwards) without detection

4 7: Network Security4 Internet security threats Packet sniffing: m broadcast media m promiscuous NIC reads all packets passing by m can read all unencrypted data (e.g. passwords) m e.g.: C sniffs B’s packets A B C src:B dest:A payload

5 7: Network Security5 Internet security threats IP Spoofing: m can generate “raw” IP packets directly from application, putting any value into IP source address field m receiver can’t tell if source is spoofed m e.g.: C pretends to be B A B C src:B dest:A payload

6 7: Network Security6 Internet security threats Denial of service (DOS): m flood of maliciously generated packets “swamp” receiver m Distributed DOS (DDOS): multiple coordinated sources swamp receiver m e.g., C and remote host SYN-attack A A B C SYN

7 7: Network Security7 Encryption and Data Security r For successful e-commerce, we must ensure that the sensitive data has been encrypted and secured r Encryption transforms the data using a “key” into a value that is meaningless in its normal form r This encrypted value can only be decrypted by authorized agency or person

8 7: Network Security8 The language of cryptography symmetric key crypto: sender, receiver keys identical public-key crypto: encrypt key public, decrypt key secret Figure 7.3 goes here plaintext ciphertext K A K B

9 7: Network Security9 Symmetric key cryptography substitution cipher: substituting one thing for another m monoalphabetic cipher: substitute one letter for another plaintext: abcdefghijklmnopqrstuvwxyz ciphertext: mnbvcxzasdfghjklpoiuytrewq Plaintext: bob. Transfer money now ciphertext: nkn uomjikco hkjvw jkr E.g.: Q: How hard to break this simple cipher?: brute force (how hard?) other?

10 7: Network Security10 Symmetric Key Cryptography r XOR is the fundamental logical operation involved in encrypting a message r For example, consider a byte to be sent out: It is 1011 0111 (Decimal 183) r Suppose that we select a secret 4-bit key key 1100 r We perform XOR of this key with the original data r Result is 0111 1011 (totally different binary number) (Decimal 123)

11 7: Network Security11 Symmetric Key Cryptography r Now the recipient receives this message and decrypts it by using the same key r received data is 0111 1011 r The key is 1100 r The result is: 1011 0111 (original data) r Key delivery problem??

12 7: Network Security12 Encryption Keys r There are two types of encryption schemes in use r In symmetric or secret key ciphers, the encryption and decryption keys are symmetric and identical r As an example, consider this diagram then encrypt following message with your own encryption scheme r “Please transfer six million dollars into my checking account”

13 7: Network Security13 Symmetric Cipher Adapted for academic use from “Exploring The Digital Domain” by Abernethy Allen, ITP 1999

14 7: Network Security14 Symmetric Cipher r In symmetric secret key cipher, the key must be sent to recipient, otherwise the message cannot be decrypted r Sending the key on public network is like putting your house key in locksmith’s shop and allowing everyone to duplicate it r Alternatives are to restrict access to secret key to a few individuals

15 7: Network Security15 DES r DES (Data Encryption Standard) is one example of symmetric key encryption r DES uses a 56-bit key which can be doubled in length to 112 bits r Breaking messages encrypted with DES would require a considerable amount of computing time and effort

16 7: Network Security16 Symmetric key crypto: DES DES: Data Encryption Standard r US encryption standard [NIST 1993] r 56-bit symmetric key, 64 bit plaintext input r How secure is DES? m DES Challenge: 56-bit-key-encrypted phrase (“Strong cryptography makes the world a safer place”) decrypted (brute force) in 4 months m no known “backdoor” decryption approach r making DES more secure m use three keys sequentially (3-DES) on each datum m use cipher-block chaining

17 7: Network Security17 Symmetric key crypto: DES initial permutation 16 identical “rounds” of function application, each using different 48 bits of key final permutation DES operation

18 7: Network Security18 Asymmetric or Public Keys r Asymmetric keys solve the key distribution problem r The RSA algorithm works as follows: m Sender gets the public key of recipient (available to everyone)and uses it to encrypt the message m Receiver uses private key (only known to receiver) to decrypt the message

19 7: Network Security19 Asymmetric Keys r In some apartment complexes, the laundry room is locked r Every tenant gets a key to the laundry room. This is like a “public” key r If the management wants to enforce operating hours (for example, 8am to 10pm), they would install an additional lock r The key of this lock is not duplicated. It stays with the management

20 7: Network Security20 Asymmetric Keys r In a similar way, a site creates its own public and private key pair, related to each other in “strange” ways r It lets everyone download the public key but it will keep the private key secret r Suppose that John wants to send a secret message to Citibank r John will go to the Citibank website and obtain their public key

21 7: Network Security21 Asymmetric Keys r John will encrypt the message using the public key of Citibank r The message will be transmitted over the Internet r Anyone who gets this message and tries to open it using the public key of Citibank will fail (why? Remember laundry room after 10pm?)

22 7: Network Security22 Public key cryptography Figure 7.7 goes here

23 7: Network Security23 RSA: Choosing keys 1. Choose two large prime numbers p, q. (e.g., 1024 bits each) 2. Compute n = pq, z = (p-1)(q-1) 3. Choose e (with e<n) that has no common factors with z. (e, z are “relatively prime”). 4. Choose d such that ed-1 is exactly divisible by z. (in other words: ed mod z = 1 ). 5. Public key is (n,e). Private key is (n,d).

24 7: Network Security24 RSA: Encryption, decryption 0. Given (n,e) and (n,d) as computed above 1. To encrypt bit pattern, m, compute c = m mod n e (i.e., remainder when m is divided by n) e 2. To decrypt received bit pattern, c, compute m = c mod n d (i.e., remainder when c is divided by n) d m = (m mod n) e mod n d Magic happens!

25 7: Network Security25 Digital Signatures r Authentication is a core issue in e- commerce r Authentication is to verify the source of a document r Authentication of paper documents is done with watermarks, stamps, signatures and seals r How to authenticate the electronic documents?

26 7: Network Security26 Authentication r With little effort, the public-private keys can be applied in reverse to perform verification of e-documents r For example, consider this e-conversation between two persons on the internet

27 7: Network Security27 Authentication r Bob--> ChuckHi, Bob here r Chuck-->BobProve you are Bob r Bob-->ChuckSend me a random message, I will return a digital signature (message digest encrypted using my private key) r Chuck-->BobRandom message r Bob-->Chuckdigital signature r Chuck decrypts the message using Bob’s public key and matches it to message digest

28 7: Network Security28 Message Digests Computationally expensive to public-key-encrypt long messages Goal: fixed-length,easy to compute digital signature, “fingerprint” r apply hash function H to m, get fixed size message digest, H(m). Hash function properties: r Many-to-1 r Produces fixed-size msg digest (fingerprint) r Given message digest x, computationally infeasible to find m such that x = H(m) r computationally infeasible to find any two messages m and m’ such that H(m) = H(m’).

29 7: Network Security29 Digital signature = Signed message digest Bob sends digitally signed message: Alice verifies signature and integrity of digitally signed message:

30 7: Network Security30 Pretty good privacy (PGP) r Internet e-mail encryption scheme, a de-facto standard. r Uses symmetric key cryptography, public key cryptography, hash function, and digital signature as described. r Provides secrecy, sender authentication, integrity. r Inventor, Phil Zimmerman, was target of 3-year federal investigation. ---BEGIN PGP SIGNED MESSAGE--- Hash: SHA1 Bob:The money that I requested has not arrived yet. Check with the bank ---BEGIN PGP SIGNATURE--- Version: PGP 5.0 Charset: noconv yhHJRHhGJGhgg/12EpJ+lo8gE4vB3mqJ hFEvZP9t6n7G6m5Gw2 ---END PGP SIGNATURE--- A PGP signed message:

31 7: Network Security31 Secure sockets layer (SSL) r PGP provides security for a specific network app. r SSL works above transport layer & below app layer. Provides security to any TCP-based app using SSL services. r SSL: used between WWW browsers, servers for E- commerce (https). r SSL security services: m server authentication m data encryption m client authentication (optional) r Server authentication: m SSL-enabled browser includes public keys for trusted CAs. m Browser requests server certificate, issued by trusted CA. m Browser uses CA’s public key to extract server’s public key from certificate. r Visit your browser’s security menu to see its trusted CAs.

32 7: Network Security32 SSL (continued) Encrypted SSL session: r Browser generates symmetric session key, encrypts it with server’s public key, sends encrypted key to server. r Using its private key, server decrypts session key. r Browser, server agree that future msgs will be encrypted. r All data sent into TCP socket (by client or server) i encrypted with session key. r SSL: basis of IETF Transport Layer Security (TLS). r SSL can be used for non- Web applications, e.g., IMAP. r Client authentication can be done with client certificates.

33 7: Network Security33 Network Security (summary) Basic techniques…... r cryptography (symmetric and public) r authentication r message integrity …. used in many different security scenarios r secure email r secure transport (SSL) See also: firewalls, in network management

Download ppt "7: Network Security1 Chapter 7: Network security Foundations: r what is security? r cryptography r authentication r message integrity Security in practice:"

Similar presentations

Network Security7-1 Chapter 7 Network Security Computer Networking: A Top Down Approach Featuring the Internet, 2 nd edition. Jim Kurose, Keith Ross Addison-Wesley,

Network Security7-1 Chapter 7 Network Security Computer Networking: A Top Down Approach Featuring the Internet, 2 nd edition. Jim Kurose, Keith Ross Addison-Wesley,
Cryptography. 8: Network Security8-2 The language of cryptography symmetric key crypto: sender, receiver keys identical public-key crypto: encryption.

Cryptography. 8: Network Security8-2 The language of cryptography symmetric key crypto: sender, receiver keys identical public-key crypto: encryption.
1 CS 854 – Hot Topics in Computer and Communications Security Fall 2006 Introduction to Cryptography and Security.

1 CS 854 – Hot Topics in Computer and Communications Security Fall 2006 Introduction to Cryptography and Security.
Network Security Hwajung Lee. What is Computer Networks? A collection of autonomous computers interconnected by a single technology –Interconnected via:

Network Security Hwajung Lee. What is Computer Networks? A collection of autonomous computers interconnected by a single technology –Interconnected via:
1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Digital Signature Key distribution.

1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Digital Signature Key distribution.
1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Authentication Digital Signature Key distribution.

1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Authentication Digital Signature Key distribution.
7: Network Security1 Chapter 7: Network security Foundations: r what is security? r cryptography r authentication r message integrity r key distribution.

7: Network Security1 Chapter 7: Network security Foundations: r what is security? r cryptography r authentication r message integrity r key distribution.
1 Network Security What is network security? Principles of cryptography Authentication Access control: firewalls Attacks and counter measures.

1 Network Security What is network security? Principles of cryptography Authentication Access control: firewalls Attacks and counter measures.
8: Network Security8-1 21 - Security. 8: Network Security8-2 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides.

8: Network Security Security. 8: Network Security8-2 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
7: Network Security1 Chapter 7: Network security – Author? Foundations: r what is security? r cryptography r authentication r message integrity r key distribution.

7: Network Security1 Chapter 7: Network security – Author? Foundations: r what is security? r cryptography r authentication r message integrity r key distribution.
Chapter 8 Network Security Computer Networking: A Top Down Approach, 5 th edition. Jim Kurose, Keith Ross Addison-Wesley, April 2009.

Chapter 8 Network Security Computer Networking: A Top Down Approach, 5 th edition. Jim Kurose, Keith Ross Addison-Wesley, April 2009.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
8-1 Internet security threats Mapping: m before attacking: gather information – find out what services are implemented on network  Use ping to determine.

8-1 Internet security threats Mapping: m before attacking: gather information – find out what services are implemented on network  Use ping to determine.
1 Applications of Computers Lecture-3 2 E-Commerce 4 Almost all major companies have their homes on the web, mainly for advertising 4 Companies were.

1 Applications of Computers Lecture-3 2 E-Commerce 4 Almost all major companies have their homes on the web, mainly for advertising 4 Companies were.
1 ITC242 – Introduction to Data Communications Week 11 Topic 17 Chapter 18 Network Security.

1 ITC242 – Introduction to Data Communications Week 11 Topic 17 Chapter 18 Network Security.
CSE401n:Computer Networks

CSE401n:Computer Networks
Network Security understand principles of network security:

Network Security understand principles of network security:
8: Network Security8-1 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides freely available to all (faculty, students,

8: Network Security8-1 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides freely available to all (faculty, students,
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

Similar presentations

Ads by Google