Download presentation
Presentation is loading. Please wait.
1
CSS432 Network Security Textbook Ch8
Professor: Munehiro Fukuda CSS432: Network Security
2
Overview Cryptography functions
Secret key (e.g., DES): sharing a common single secret key Public key (e.g., RSA): owning a private key, while publishing the corresponding public key Message digest (e.g., MD5): generating a cryptographic checksum Security services Privacy: preventing unauthorized release of information Authentication: verifying identity of the remote participant Integrity: making sure message has not been altered Security Cryptography algorithms Public key (e.g., RSA) Secret (e.g., DES) Message digest (e.g., MD5) services Authentication Privacy integrity CSS432: Network Security
3
Secret Key (DES) Plaintext Encrypt with secret key Ciphertext
Decrypt with CSS432: Network Security
4
64-bit key (56-bits + 8-bit parity) 16 rounds
Initial permutation Round 1 Round 2 Round 16 56-bit key Final permutation … Each Round Left half Right half + F L i – 1 R K Combiner function Ex-OR CSS432: Network Security
5
Repeat for larger messages
64bits 64bits 64bits 64bits Block 1 IV DES Cipher 2 3 4 + Initialization vector (Random number) CSS432: Network Security
6
Public Key (RSA) Plaintext Encrypt with public key Ciphertext Decrypt with private key Encryption: c = memod n where <e, n> is a public key Decryption: m = cdmod n where <d, n> is a private key The main goal is to find a pair of e and d CSS432: Network Security
7
RSA (cont) Algorithm Example
Choose two large prime numbers p and q (each 256 bits) n = p x q Choose the encryption key e, such that e and (p - 1) x (q - 1) are relatively prime. Two numbers are relatively prime if they have no common factor greater than one Compute decryption key d such that d = e-1mod ((p - 1) x (q - 1)) Construct public key as (e, n) Construct private key as (d, n) Discard (do not disclose) original primes p and q Encryption: c = memod n Decryption: m = cdmod n p = 3, q = 5 n = 3 x 5 = 15 (3-1) x (5 – 1) = 8 e = 7 7d = 1 mod 8 d = 15 7 x 15 = 105 = 1 mod 8 m = 2 c = 27 mod 15 = 8 m = 815 mod 15 = 2 CSS432: Network Security
8
Message Digest Sender message message message checksum checksum
Adversary knows the checksum computation Receiver Errors altered message message message Wrong altered checksum checksum checksum checksum checksum checksum No errors Errors detected No alternation detected CSS432: Network Security
9
Message Digest message message message MD MD MD Errors altered message
Adversary doesn’t know the key used in MD Errors altered message message message Wrong altered MD MD MD MD MD MD No errors nor alternations Errors detected Alternation detected CSS432: Network Security
10
Message Digest Message (padded) 128-bit Initial digest (constant)
512 bits 512 bits 512 bits Bitwise transform Bitwise transform Bitwise transform Message digest CSS432: Network Security
11
Authentication Protocols Three-Way Handshake
E(msg, key): msg was encrypted with key CHK: client handshake key SHK: server handshake key Both client and server must know CHK and SHK. Client sends x encrypted with CHK. Server decrypts x with CHK. Server sends x + 1 and y encrypted with SHK. Client decrypts x + 1 and y with SHK and knows Server has CHK. Client sends y + 1 encrypted with CHK. Server decrypts y + 1 with CHK and knows Client has SHK. What if client and server know nothing about each other? CSS432: Network Security
12
Authentication Protocols Trusted Third Party (Kerberos)
The authentication server S assumes that A and B each share a secret key with S. T: timestamp L: Lifetime K: Session key KA: Secret key shared between A and S KB: Secret key shared between B and S B A , E (( T , L , K , A knows T, L, and K A checks if B has received K E B (( T ), , K L , ), K , A A ), K ) B E (( A , E T (( ), T , K L ), , K , A ), K ) B knows T, L, and K B responds T+1 to A B K ) + 1, E ( T A session has been established CSS432: Network Security
13
Public key authentication
A authenticated B CSS432: Network Security
14
Message Integrity Protocols
Digital signature using RSA Original cryptography: Encryption with a public key : c = memod n Decryption with a private key: m = cdmod n Compute signature with private key and verify with public key Encryption with a private key : m = cdmod n Decryption with a public key: c = memod n Large computational complexity Keyed MD5 sender: m + MD5(m + k) receiver Sender and receiver share the key k Computes MD5(m + k) and compare it with the received MD5(m + k) MD5 with RSA signature sender: m + E(MD5(m), private) decrypts MD5(m) with sender’s public key compares result with MD5 checksum sent with message CSS432: Network Security
15
Key Distribution Certificate
Special type of digitally signed document: “I certify that the public key in this document belongs to the entity named in this document, signed X.” The name of the entity being certified The public key of the entity The name of the certified authority A digital signature Certified Authority (CA) Administrative entity that issues certificates Useful only to someone that already holds the CA’s public key. PGP Example: CA imports a public key from a person who wants it to certify his/her public key. CA retrieves the finger print from this public key. CA verify it with the key’s owner over a phone or through any other means. CSS432: Network Security
16
Key Distribution (cont)
Chain of Trust X certifies that a certain public key belongs to Y: X.cert( Y, publicKeyY ) Y certifies that another public key belongs to Z: Y.cert( Z, publicKeyZ ) Someone, say A wants to verify Z’s public key has to know X’s public key: A.knows( X, publicKeyX ) Certificate Revocation List A digitally signed list of revoked certificates Periodically updated and made available in public A revoked certificate will be listed for a certain time period A certificate has an expiration date. PGP Example: A person who wants to revoke his/her public key generates a revocation certificate. (This should be done before his/her public key becomes useless.) He/she prints out the revocation certificate and sends it to CA. CSS432: Network Security
17
Example Systems Pretty Good Privacy (PGP) Secure Shell (SSH)
Encryption and authentication for Secure Shell (SSH) Secured version of Unix R commands (rlogin, rsh, and rcp) Transport Layer Security (TLS, SSL, HTTPS) Additional handshake to encrypt and authenticate TCP communication, in particular HTTP connections IP Security (IPSEC) Framework to make IP packets secured CSS432: Network Security
18
PGP A popular approach to providing encryption ad authentication capabilities for . A user decides the level of establishing trust You know A well, and thus trust A’s public key. You have received B’s certificate from A. You trust it if B is A’s colleague but not a politician. You have received B’s certificate from C and D and then trust B’s certificate. A user collects a set of certificates with varying trust level in a key ring (~/.gnupg/trustdb.gpg) Systems available at: MIT distribution site for PGP: The International PGP Home Page: The Gnu Privacy Guard: CSS432: Network Security
19
PGP (Message Encryption)
Generating a key: gpg --gen-key Required to type your real name, comments, and address( Exporting a public key: gpg --output mfukuda.pub --armor --export mfukuda Importing a public key: gpg --import --armor mfukuda.pub Validating a public key: gpg --edit-key Command > fpr // check his finger print Command > sign // sign this public key at a favorite trust level Encrypting a document: gpg –output doc.enc –encrypt –recipient doc Decrypting a document: gpg –output doc –descript doc.enc Create a random secret key k Encrypt message using DES with secret key k Decrypt message using DES with secret key k Encrypt k using RSA with recipient’s public key Decrypt E(k) using RSA with my private key -> k Encode message + E(k) in ASCII for transmission Convert ASCII message CSS432: Network Security
20
PGP (Message Integrity and Authentication)
Making a signature: gpg --output doc.asc --sign doc Making a signature in format: gpg --clearsign doc // doc.asc is automatically created Verifying a signature: gpg --output doc --decrypt doc.asc Sender identity and message integrity confirmed if checksums match Calculate MD5 checksum on received message and compare against received value Calculate MD5 checksum over message contents Sign checksum using RSA with sender’s private key Decrypt signed checksum with sender’s public key CSS432: Network Security
21
SSH Secured version of Unix R commands (rlogin, rsh, and rcp)
SSH-TRANS: a transport layer protocol on top a TCP connection SSH-AUTH: An authentication protocl using RSA SSH-CONN: a connection protocol enabling SSH tunnelling CSS432: Network Security
22
SSH (Protocol Exchange)
(1) Contact to port 22 /etc/ssh/ssh_host_rsa_key host1 /etc/ssh/ssh_known_hosts ~/.ssh/known_hosts host1 host2 host3 (2) SSH version host1 /etc/ssh/ssh_host_rsa_key.pub host1 (3) server (4) Server Authentication session E( , ) server host1 session server (5) Secure connection established server ~/.ssh/id_rsa (~/.ssh/identity) (6) Client Authentication ~/.ssh/authorized_keys E( random 256-bit string, ) MD5(random 256-bit string, ) session (7) All authentications completed local1 server1 CSS432: Network Security
23
SSH (Key Generation Example)
Munehiro ~$ ssh-keygent –t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/Munehiro Fukuda/.ssh/id_rsa): Enter passphrase (empty for no passphrase): ******** Enter same passphrase again: ******** Your identification has been saved in /home/Munehiro Fukuda/.ssh/id_rsa. Your public key has been saved in /home/Munehiro Fukuda/.ssh/id_rsa.pub. The key finger print is: 3b:4c:e7:db:68:25:13:7e:77:a2:c8:b8:43:af:44:82 Munehiro Munehiro ~$ cd .ssh Munehiro ~$ ls Id_rsa id_rsa.pub known_hosts known_hosts~ Munehiro ~$ sftp perseus.bothell.washington.edu Connecting to perseus.bothell.washington.edu… password: ******** sftp> put id_rsa.pub sftp> quit Munehiro ~$ ssh –l mfukuda perseus.bothell.washington.edu passowrd: ******** mfukuda]$ mv id_rsa.pub .ssh/id_rsa.fukuda-thinkpad.pub mfukuda]$ cd .ssh mfukuda]$ cat id_rsa.fukuda-thinkpad.pub >> authorized_keys mfukuda]$ chmod 644 authorized_keys mfukuda]$ exit Munehiro ~$ ssh –l mfukuda perseus bothell.washington.edu Enter passphrase for key ‘/honme/Munehiro Fukuda/.ssh/id_rsa’: ******** mfukuda]$ CSS432: Network Security
24
SSH (SSH Agent) $ ssh-add ssh-agent SSH protocol exchange server local
~/.ssh/id_rsa (~/.ssh/identity) server local Munehiro ~$ eval `ssh-agent` Agent pid 228 Munehiro ~$ ssh-add Enter passphrase for /home/Munehiro Fukuda/.ssh/id_rsa: ******** Identity added: /home/Munehiro Fukuda/.ssh/id_rsa (home/Munehiro Fukuda/..ssh/id_rsa) Munehiro ~$ ssh –l mfukuda perseus.bothell.washington.edu mfukuda]$ exit Munehiro ~$ eval `ssh-agent –k` Agent pid 228 killd Munehiro ~$ ssh –l mfukuda perseus bothell.washington.edu Enter passphrase for key ‘/honme/Munehiro Fukuda/.ssh/id_rsa’: ******** mfukuda]$ CSS432: Network Security
25
SSH (Agent Forwarding)
SSH protocol exchange sshd proxy agent SSH protocol exchange $ ssh-add ssh-agent sshd ~/.ssh/id_rsa authentication authentication forwarded authentication scp scp scp local Server X Server X #Enable agent forwarding ssh –A …. sftp CSS432: Network Security
26
SSH (Port Forwarding) Local forwarding Remote forwarding
ssh -L x:appserver:y Ex: ssh –L 80:localhost:8080 Localhost = perseus in this example Remote forwarding ssh -R x:appclient:y Ex: ssh –R 80:localhost: Localhost = my local computer (fukuda-thinkpad) =localhost x y 22 appclient sshclient sshdserver appserver =localhost 22 y x appclient sshdserver appserver sshclient CSS432: Network Security
27
Firewalls Filter-Based Solution Example
Rest of the Internet Local site Firewall Filter-Based Solution Example ( , 1234, , 80 ) filter all packets from port 1234 on host addressed to port 80 on host (*,*, , 80 ) filter all packets address to port 80 on Default: forward or not forward? All ports initialized to forward packets All ports initialized to filter packets How dynamic? Filter initialized upon a boot Filter reinitialized at run time CSS432: Network Security
28
CISCO Example X 172.16.2.0 Internet Local Network hostname router1
hostname router1 ! Link to the Internet interface ethernet 0 ip address ip access-group 1 in ! Link to the local network interface ethernet 1 ip address ! Access-list 1 deny Access-list 1 permit CSS432: Network Security
29
Proxy-Based Firewalls
Problem: complex policy Example: web server Solution: proxy Question: What if we need to run different applications (HTTP, FTP, IMAP, etc)? Company net Firewall W eb server Random external user Remote company Internet Filter port 80 or not Some web pages should be visible, While the other should not. External client External HTTP/TCP connection Proxy Firewall Internal HTTP/TCP connection Local server CSS432: Network Security
30
DMZ and Bastion Servers
1. Forward packets from /4 Filter the others Internet Local Network Border Router Firewall System 2. What if someone spoofs X ? /24 De-Militarized Zone (DMZ) HTTP FTP IMAP Bastion Hosts 3. Solution: hostname router1 ! Link to the Internet interface ethernet 0 ip address ip access-group 1 in ! Link to the local network interface ethernet 1 ip address ! Access-list 1 deny Access-list 1 permit 4. Limitations: Attacks from within local network CSS432: Network Security
31
Reviews Cryptography algorithms: DES, RSA, and MD5
Authentication: three way handshake and Kerberos Message integrity: RSA, keyed MD5, and MD5 with RSA signature Examples: PGP and SSH Firewall: filter-based, proxy-based, and DMZ CSS432: Network Security
Similar presentations
