Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Security and It’s Issues Presenter Prosanta Gope Advisor Prof. Tzonelih Hwang Quantum Information and Network Security Lab, NCKU,2015.

Published byClarence Kennedy Modified over 9 years ago

Similar presentations

Presentation on theme: "Network Security and It’s Issues Presenter Prosanta Gope Advisor Prof. Tzonelih Hwang Quantum Information and Network Security Lab, NCKU,2015."— Presentation transcript:

1

2 Network Security and It’s Issues Presenter Prosanta Gope Advisor Prof. Tzonelih Hwang Quantum Information and Network Security Lab, NCKU,2015

3 Flash Back Part 3  Protocols 2

4 Outline  Network Security Basics.  Understating the Purpose of Mutual Authentication  Symmetric Key based Mutual Authentication.  Public Key based Mutual Authentication.  Understating Secure Socket Layer (SSL)

5 Network Security Basics

6 Network Security Services  Confidentiality  Integrity  Authentication  Nonrepudiation  Access Control  Availability

7 Network Network Security Services  Confidentiality  Maintaining the privacy of data  Integrity  Detecting that the data is not tampered with  Authentication  Establishing proof of identity  Nonrepudiation  Ability to prove that the sender actually sent the data  Access Control  Access to information resources are regulated  Availability  Computer assets are available to authorized parties when needed SERVICES

8 Something Well-known in Network Security World

9 Friends and enemies: Alice, Bob, Trudy  Bob, Alice (lovers!) want to communicate “securely”  Trudy (intruder) may intercept, delete, add messages secure sender secure receiver channel data, control messages data Alice Bob Trudy

10 Protocol  Human protocols  the rules followed in human interactions o Example: Asking a question in class  Networking protocols  rules followed in networked communication systems o Examples: HTTP, FTP, etc.  Security protocol  the (communication) rules followed in a security application o Examples: SSL, IPSec, Kerberos, etc.

11 Ideal Security Protocol  Must satisfy security requirements o Requirements need to be precise  Efficient o Small computational requirement o Small bandwidth usage, minimal delays…  Robust o Works even if environment changes  Easy to use & implement, flexible…  Difficult to satisfy all of these!

12 Secure Entry to NSA 1. Insert badge into reader 2. Enter PIN 3. Correct PIN? Yes? Enter No? Get shot by security guard

13 ATM Machine Protocol 1. Insert ATM card 2. Enter PIN 3. Correct PIN? Yes? Conduct your transaction(s) No? Machine (eventually) eats card

14 Authentication Protocols

15 Authentication  Alice must prove her identity to Bob o Alice and Bob can be humans or computers  May also require Bob to prove he’s Bob (mutual authentication)  Probably need to establish a session key  May have other requirements, such as o Use public keys o Use symmetric keys o Use hash functions o Anonymity, etc., etc.

16 Simple Authentication Alice Bob “I’m Alice” Prove it My password is “frank”  Simple and may be OK for standalone system  But insecure for networked system o Subject to a replay attack (next 2 slides) o Also, Bob must know Alice’s password

17 Authentication Attack Alice Bob “I’m Alice” Prove it My password is “frank” Trudy

18 Authentication Attack Bob “I’m Alice” Prove it My password is “frank” Trudy  This is an example of a replay attack  How can we prevent a replay?

19 Simple Authentication Alice Bob I’m Alice, my password is “frank”  More efficient, but…  … same problem as previous version

20 Better Authentication Alice Bob “I’m Alice” Prove it h(Alice’s password)  Better since it hides Alice’s password o From both Bob and Trudy  But still subject to replay

21 Challenge-Response  To prevent replay, use challenge-response o Goal is to ensure “freshness”  Suppose Bob wants to authenticate Alice o Challenge sent from Bob to Alice  Challenge is chosen so that… o Replay is not possible o Only Alice can provide the correct response o Bob can verify the response

22 Nonce  To ensure freshness, can employ a nonce o Nonce == number used once  What to use for nonces? o That is, what is the challenge?  What should Alice do with the nonce? o That is, how to compute the response?  How can Bob verify the response?  Should we rely on passwords or keys?

23 Challenge-Response Bob “I’m Alice” Nonce h(Alice’s password, Nonce)  Nonce is the challenge  The hash is the response  Nonce prevents replay, ensures freshness  Password is something Alice knows  Note: Bob must know Alice’s pwd to verify Alice

24 Generic Challenge-Response Bob “I’m Alice” Nonce Something that could only be Alice from Alice (and Bob can verify)  In practice, how to achieve this?  Hashed password works, but…  Encryption is better here (Why?)

25 Symmetric Key Notation  Encrypt plaintext P with key K C = E(P,K)  Decrypt ciphertext C with key K P = D(C,K)  Here, we are concerned with attacks on protocols, not attacks on crypto o So, we assume crypto algorithms are secure

26 Authentication: Symmetric Key  Alice and Bob share symmetric key K  Key K known only to Alice and Bob  Authenticate by proving knowledge of shared symmetric key  How to accomplish this? o Cannot reveal key, must not allow replay (or other) attack, must be verifiable, …

27 Authentication with Symmetric Key Alice, K Bob, K “I’m Alice” E(R,K)  Secure method for Bob to authenticate Alice  Alice does not authenticate Bob  So, can we achieve mutual authentication? R

28 Mutual Authentication? Alice, K Bob, K “I’m Alice”, R E(R,K)  What’s wrong with this picture?  “Alice” could be Trudy (or anybody else)!

29 Mutual Authentication  Since we have a secure one-way authentication protocol…  The obvious thing to do is to use the protocol twice o Once for Bob to authenticate Alice o Once for Alice to authenticate Bob  This has got to work…

30 Mutual Authentication Alice, K Bob, K “I’m Alice”, R A R B, E(R A, K) E(R B, K)  This provides mutual authentication…  …or does it? See the next slide

31 Mutual Authentication Attack Bob, K 1. “I’m Alice”, R A 2. R B, E(R A, K) Trudy Bob, K 3. “I’m Alice”, R B 4. R C, E(R B, K) Trudy 5. E(R B, K)

32 Let’s Resolve this Problem

33 Symmetric Key Mutual Authentication Alice, K Bob, K “I’m Alice”, R A R B, E(“Bob”,R A,K) E(“Alice”,R B,K)  Do these “insignificant” changes help?  Yes!

34 Problem Statement In Symmetric Key based Authentication Protocol Alice and Bob need to have a Shared Secret Key, Where Distribution of Keys among the Participants is a tedious Job.

35 Welcome to the World of Public-Key Crypto-System

36 35 Public Keys and Trust Public Key: P A Secret key: S A Public Key: P B Secret key: S B How are public keys stored? How to obtain the public key? How does Bob know or ‘trusts’ that P A is Alice’s public key?

37 36 Distribution of Public Keys  Public announcement: users distribute public keys to recipients or broadcast to community at large  Publicly available directory: can obtain greater security by registering keys with a public directory  Public Key Can Also Achieve Through CA

38 Public Key Notation  Encrypt M with Alice’s public key: {M} Alice  Sign M with Alice’s private key: [M] Alice  Anybody can use Alice’s public key  Only Alice can use her private key

39 Public Key Authentication Alice Bob “I’m Alice” {R} Alice R  Is this secure?  Trudy can get Alice to decrypt anything!

40 Public Key Authentication Alice Bob “I’m Alice” R [R] Alice  Is this secure?  Trudy can get Alice to sign anything!

41 Public Keys  Generally, a bad idea to use the same key pair for encryption and signing  Instead, should have… o …one key pair for encryption/decryption… o …and a different key pair for signing/verifying signatures

42 Session Key  Usually, a session key is required o I.e., a symmetric key for a particular session o Used for confidentiality and/or integrity  How to authenticate and establish a session key (i.e., shared symmetric key)? o When authentication completed, want Alice and Bob to share a session key o Trudy cannot break the authentication… o …and Trudy cannot determine the session key

43 Authentication & Session Key Alice Bob “I’m Alice”, R {R,K} Alice {R +1,K} Bob  Is this secure? o Alice is authenticated and session key is secure o Alice’s “nonce”, R, useless to authenticate Bob o The key K is acting as Bob’s nonce to Alice  No mutual authentication

44 Public Key Authentication and Session Key Alice Bob “I’m Alice”, R [R,K] Bob [R +1,K] Alice  Is this secure? o Mutual authentication (good), but… o … session key is not secret (very bad)

45 Public Key Authentication and Session Key Alice Bob “I’m Alice”, R {[R,K] Bob } Alice {[R +1,K] Alice } Bob  Is this secure?  Seems to be OK  Mutual authentication and session key!

46 Public Key Authentication and Session Key Alice Bob “I’m Alice”, R [{R,K} Alice ] Bob [{R +1,K} Bob ] Alice  Is this secure?  Seems to be OK

47 Perfect Forward Secrecy  Consider this “issue”… o Alice encrypts message with shared key K and sends ciphertext to Bob o Trudy records ciphertext and later attacks Alice’s (or Bob’s) computer to recover K o Then Trudy decrypts recorded messages  Perfect forward secrecy (PFS): Trudy cannot later decrypt recorded ciphertext o Even if Trudy gets key K or other secret(s)  Is PFS possible?

48 Naïve Session Key Protocol  Trudy could record E(K S, K)  If Trudy later gets K then she can get K S o Then Trudy can decrypt recorded messages Alice, K Bob, K E(K S, K) E(messages, K S )

49 Then How to Achieve Perfect Forward Secrecy (PFS)

50 With the Help of Diffie-Hellman Key- Agreement Protocol

51 Key Agreement: Diffie-Hellman Protocol Key agreement protocol, both A and B contribute to the key Setup: p prime and g generator of Z p *, p and g public. K = (g b mod p) a = g ab mod p g a mod p g b mod p K = (g a mod p) b = g ab mod p Pick random, secret a Compute and send g a mod p Pick random, secret b Compute and send g b mod p

52 MIM in Diffie-Hellman g a mod n g b mod n g c mod n Alice computes g ac mod n and Bob computes g bc mod n !!!

53 Oh! No.. Can Anyone Help Me to Achieve PFS? Oh! No.. Can Anyone Help Me to Achieve PFS?

54 Perfect Forward Secrecy  Session key K S = g ab mod p  Alice forgets a, Bob forgets b  So-called Ephemeral Daffier-Hellman  Neither Alice nor Bob can later recover K S  Are there other ways to achieve PFS? Alice: K, a Bob: K, b E(g a mod p, K) E(g b mod p, K)

55 Mutual Authentication, Session Key and PFS Alice Bob “I’m Alice”, R A R B, [{R A, g b mod p} Alice ] Bob [{R B, g a mod p} Bob ] Alice  Session key is S K = g ab mod p  Alice forgets a and Bob forgets b  If Trudy later gets Bob’s and Alice’s secrets, she cannot recover session key S K

56 Three-Party Mutual Authentication and Key-Distribution Using Symmetric-Key Crypto System Part 3  Protocols 55

57 Meet Our Participants Part 3  Protocols 56

58 Part 3  Protocols 57 Trudy Alice Bob Can be Treated as Serve r

59 Assumptions Part 3  Protocols 58

60 Part 3  Protocols 59 Trudy Alice Bob ?Share Key

61 Trudy M1 M2 M3 M4

62 Trudy M1 M2 M3 M4 Decrypt: M3 Check: ? Na Get : Kab Decrypt: M4 Check: ? Nb Get : Kab Kab

63 Secure communication

64 Understanding SSL Part 3  Protocols 63

65 64 古早密碼學 古典密碼學 資安號 Privacy Integrit y Authentication Network Security Services Authentication

66 THANK YOU I have questions…

Download ppt "Network Security and It’s Issues Presenter Prosanta Gope Advisor Prof. Tzonelih Hwang Quantum Information and Network Security Lab, NCKU,2015."

Similar presentations

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Last Class: The Problem BobAlice Eve Private Message Eavesdropping.

Last Class: The Problem BobAlice Eve Private Message Eavesdropping.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution of public keys –use of public-key.

Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution of public keys –use of public-key.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Chapter 30 Message Security, User Authentication, and Key Management.

McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Chapter 30 Message Security, User Authentication, and Key Management.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
EEC 688/788 Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

EEC 688/788 Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
Topic 11: Key Distribution and Agreement 1 Information Security CS 526 Topic 11: Key Distribution & Agreement, Secure Communication.

Topic 11: Key Distribution and Agreement 1 Information Security CS 526 Topic 11: Key Distribution & Agreement, Secure Communication.
Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.

Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.
CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.
Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.

Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.
Computer Science Public Key Management Lecture 5.

Computer Science Public Key Management Lecture 5.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Rachana Y. Patil 1 1.

Rachana Y. Patil 1 1.
CS5204 – Fall 2009 1 Cryptographic Security Presenter: Hamid Al-Hamadi October 13, 2009.

CS5204 – Fall Cryptographic Security Presenter: Hamid Al-Hamadi October 13, 2009.

Similar presentations

Ads by Google