chapter€8 assuming€that€you’ve€learned€the network ... · 8:€network€security 81...

8: Network Security 81

Chapter 8Network Security

A note on the use of these ppt slides:We’re making these slides freely available to all (faculty, students, readers).They’re in PowerPoint form so you can add, modify, and delete slides(including this one) and slide content to suit your needs. They obviouslyrepresent a lot of work on our part. In return for use, we only ask thefollowing:q If you use these slides (e.g., in a class) in substantially unaltered form,that you mention their source (after all, we’d like people to use our book!)q If you post any slides in substantially unaltered form on a www site, thatyou note that they are adapted from (or perhaps identical to) our slides, andnote our copyright of this material.

Thanks and enjoy! JFK/KWR

All material copyright 19962004J.F Kurose and K.W. Ross, All Rights Reserved

Computer Networking:A Top Down ApproachFeaturing the Internet,

3rd edition.Jim Kurose, Keith RossAddisonWesley, July2004.


Assuming that you’ve learned therest from the reading, in class wewill only cover slides with titles initalics.


Chapter 8: Network SecurityChapter goals:

understand principles of network security:cryptography and its many uses beyond“confidentiality”authenticationmessage integritykey distribution

security in practice:firewallssecurity in application, transport, network, linklayers


Chapter 8 roadmap

8.1 What is network security?8.2 Principles of cryptography8.3 Authentication8.4 Integrity8.5 Key Distribution and certification8.6 Access control: firewalls8.7 Attacks and counter measures8.8 Security in many layers

Click t

o buy NOW!

PDFXCHANGE

www.docutrack.com Clic

k to buy N

OW!PDFXCHANGE

www.docutrack.com

http://www.docu-track.com/index.php?page=38



What is network security?

Confidentiality: only sender, intended receivershould “understand” message contents

sender encrypts messagereceiver decrypts message

Authentication: sender, receiver want to confirmidentity of each other

Message Integrity: sender, receiver want to ensuremessage not altered (in transit, or afterwards)without detection

Access and Availability: services must be accessibleand available to users


Friends and enemies: Alice, Bob, Trudywellknown in network security worldBob, Alice (lovers!) want to communicate “securely”Trudy (intruder) may intercept, delete, add messages

securesender

securereceiver

channel data, controlmessages

data data

Alice Bob

Trudy


Who might Bob, Alice be?

… well, reallife Bobs and Alices!Web browser/server for electronictransactions (e.g., online purchases)online banking client/serverDNS serversrouters exchanging routing table updatesother examples?


There are bad guys (and girls) out there!

Q: What can a “bad guy” do?A: a lot!

eavesdrop: intercept messagesactively insert messages into connectionimpersonation: can fake (spoof) source addressin packet (or any field in packet)hijacking: “take over” ongoing connection byremoving sender or receiver, inserting himselfin placedenial of service: prevent service from beingused by others (e.g., by overloading resources)

more on this later …

Click t

o buy NOW!

PDFXCHANGE


k to buy N

OW!PDFXCHANGE

www.docutrack.com




Chapter 8 roadmap



The language of cryptography

symmetric key crypto: sender, receiver keys identicalpublickey crypto: encryption key public, decryption key

secret (private), and, of course, different

plaintext plaintextciphertext

KA

encryptionalgorithm

decryptionalgorithm

Alice’sencryptionkey

Bob’sdecryptionkey

KB


Symmetric key cryptographysubstitution cipher: substituting one thing for another

monoalphabetic cipher: substitute one letter for another

plaintext: abcdefghijklmnopqrstuvwxyz

ciphertext: mnbvcxzasdfghjklpoiuytrewq

plaintext: bob. i love you. aliceciphertext: nkn. s gktc wky. mgsbc

E.g.:

Q: How hard to break this simple cipher?:q brute force (how hard?)q other?


Symmetric key cryptography

symmetric key crypto: Bob and Alice share know same(symmetric) key: Ke.g., key is knowing substitution pattern in monoalphabetic substitution cipherQ: how do Bob and Alice agree on key value?

plaintextciphertext

KAB

encryptionalgorithm

decryptionalgorithm

AB

KAB

plaintextmessage, m

K (m)AB K (m)ABm = K ( )AB

Click t

o buy NOW!

PDFXCHANGE


k to buy N

OW!PDFXCHANGE

www.docutrack.com




Symmetric key crypto: DES

DES: Data Encryption StandardUS encryption standard [NIST 1993]56bit symmetric key, 64bit plaintext inputHow secure is DES?

DES Challenge: 56bitkeyencrypted phrase(“Strong cryptography makes the world a saferplace”) decrypted (brute force) in 4 monthsno known “backdoor” decryption approach

making DES more secure:use three keys sequentially (3DES) on each datumuse cipherblock chaining


Symmetric keycrypto: DES

initial permutation16 identical “rounds” of

function application,each using different48 bits of key

final permutation

DES operation


AES: Advanced Encryption Standard

new (Nov. 2001) symmetrickey NISTstandard, replacing DESprocesses data in 128 bit blocks128, 192, or 256 bit keysbrute force decryption (try each key)taking 1 sec on DES, takes 149 trillionyears for AES


Public Key Cryptography

symmetric key cryptorequires sender,receiver know sharedsecret keyQ: how to agree on keyin first place(particularly if never“met”)?

public key cryptographyradically differentapproach [DiffieHellman76, RSA78]sender, receiver donot share secret keypublic encryption keyknown to allprivate decryptionkey known only toreceiver

Click t

o buy NOW!

PDFXCHANGE


k to buy N

OW!PDFXCHANGE

www.docutrack.com




Public key cryptography

plaintextmessage, m

ciphertextencryptionalgorithm

decryptionalgorithm

Bob’s publickey

plaintextmessageK (m)B

+

KB+

Bob’s privatekey

K B

m = K (K (m))B+

B


Public key encryption algorithms

need K ( ) and K ( ) such thatB B. .

given public key K , it should beimpossible to compute privatekey K B

B

Requirements:

1

2

RSA: Rivest, Shamir, Adelson algorithm

+

K (K (m)) = mBB

+

+


RSA: Choosing keys1. Choose two large prime numbers p, q. (e.g., 1024 bits each)

2. Compute n = pq, z = (p1)(q1).

3. Choose e (with e<n) that has no common factors with z. (e, z are “relatively prime”).

4. Choose d such that ed1 is exactly divisible by z. (in other words: ed mod z = 1 ).

5. Public key is (n,e). Private key is (n,d).

KB+ KB


RSA: Encryption, decryption0. Given (n,e) and (n,d) as computed above

1. To encrypt bit pattern, m, computec = m mod ne (i.e., remainder when m is divided by n)e

2. To decrypt received bit pattern, c, computem = c mod nd (i.e., remainder when c is divided by n)d

m = (m mod n)e mod ndMagichappens!

c

Click t

o buy NOW!

PDFXCHANGE


k to buy N

OW!PDFXCHANGE

www.docutrack.com




RSA example:Bob chooses p=5, q=7. Then n=35, z=24.

e=5 (so e, z relatively prime).d=29 (so ed1 exactly divisible by z.

letter m me c = m mod ne

l 12 1524832 17

c m = c mod nd17 481968572106750915091411825223071697 12

cd letterl

encrypt:

decrypt:


RSA: Why is that m = (m mod n)e mod nd

(m mod n)e mod n = m mod nd ed

Useful number theory result: If p,q prime andn = pq, then:

x mod n = x mod ny y mod (p1)(q1)

= m mod ned mod (p1)(q1)

= m mod n1

= m

(using number theory result above)

(since we chose ed to be divisible by(p1)(q1) with remainder 1 )


RSA: another important property

The following property will be very useful later:

K (K (m)) = mBB +

K (K (m))BB+

=

use public keyfirst, followedby private key

use private keyfirst, followedby public key

Result is the same!


Chapter 8 roadmap


Click t

o buy NOW!

PDFXCHANGE


k to buy N

OW!PDFXCHANGE

www.docutrack.com




Authentication

Goal: Bob wants Alice to “prove” her identityto him

Protocol ap1.0: Alice says “I am Alice”

Failure scenario??“I am Alice”


Authentication



in a network,Bob can not “see”

Alice, so Trudy simplydeclares

herself to be Alice“I am Alice”


Authentication: another try

Protocol ap2.0: Alice says “I am Alice” in an IP packetcontaining her source IP address

Failure scenario??

“I am Alice”Alice’sIP address




Trudy can createa packet

“spoofing”Alice’s address“I am Alice”Alice’s

IP address

Click t

o buy NOW!

PDFXCHANGE


k to buy N

OW!PDFXCHANGE

www.docutrack.com





Protocol ap3.0: Alice says “I am Alice” and sends her secret password to “prove” it.

Failure scenario??

“I’m Alice”Alice’sIP addr

Alice’spassword

OKAlice’sIP addr




playback attack: Trudyrecords Alice’s packet

and laterplays it back to Bob


Alice’spassword

OKAlice’sIP addr


Alice’spassword


Authentication: yet another try

Protocol ap3.1: Alice says “I am Alice” and sends herencrypted secret password to “prove” it.

Failure scenario??


encryptedpassword

OKAlice’sIP addr




recordand

playbackstill works!


encryptedpassword

OKAlice’sIP addr


encryptedpassword

Click t

o buy NOW!

PDFXCHANGE


k to buy N

OW!PDFXCHANGE

www.docutrack.com




Authentication: yet another tryGoal: avoid playback attack

Failures, drawbacks?

Nonce: number (R) used only once –inalifetimeap4.0: to prove Alice “live”, Bob sends Alice nonce, R.

Alicemust return R, encrypted with shared secret key

“I am Alice”

R

K (R)ABAlice is live, andonly Alice knowskey to encrypt

nonce, so it mustbe Alice!


Authentication: ap5.0

ap4.0 requires shared symmetric keycan we authenticate using public key techniques?

ap5.0: use nonce, public key cryptography

“I am Alice”R

Bob computes

K (R)A

“send me your public key”

KA+

(K (R)) = RAKA

+

and knows only Alicecould have the privatekey, that encrypted R

such that(K (R)) = RA

KA

+


ap5.0: security holeMan (woman) in the middle attack: Trudy poses as

Alice (to Bob) and as Bob (to Alice)

I am Alice I am AliceR

TK (R)

Send me your public key

TK+

AK (R)


AK+

TK (m)+

Tm = K (K (m))+

T

Trudy gets

sends m to Aliceencrypted with

Alice’s public key

AK (m)+

Am = K (K (m))+

A

R




Difficult to detect:q Bob receives everything that Alice sends, and viceversa. (e.g., so Bob, Alice can meet one week later andrecall conversation)q problem is that Trudy receives all messages as well!

Click t

o buy NOW!

PDFXCHANGE


k to buy N

OW!PDFXCHANGE

www.docutrack.com




Chapter 8 roadmap

8.1 What is network security?8.2 Principles of cryptography8.3 Authentication8.4 Message integrity8.5 Key Distribution and certification8.6 Access control: firewalls8.7 Attacks and counter measures8.8 Security in many layers


Digital Signatures

Cryptographic technique analogous to handwritten signatures.sender (Bob) digitally signs document,establishing he is document owner/creator.verifiable, nonforgeable: recipient (Alice) canprove to someone that Bob, and no one else(including Alice), must have signed document


Digital Signatures

Simple digital signature for message m:Bob signs m by encrypting with his private keyKB, creating “signed” message, KB(m)

Dear AliceOh, how I have missedyou. I think of you all thetime! … (blah blah blah)

Bob

Bob’s message, m

Public keyencryptionalgorithm

Bob’s privatekey

KB

Bob’s message,m, signed

(encrypted) withhis private key

KB(m)


Digital Signatures (more)Suppose Alice receives msg m, digital signature KB(m)Alice verifies m signed by Bob by applying Bob’spublic key KB to KB(m) then checks KB(KB(m) ) = m.If KB(KB(m) ) = m, whoever signed m must have usedBob’s private key.

+ +

+

Alice thus verifies that:Bob signed m.No one else signed m.Bob signed m and not m’.

Nonrepudiation:ü Alice can take m, and signature KB(m) to

court and prove that Bob signed m.

Click t

o buy NOW!

PDFXCHANGE


k to buy N

OW!PDFXCHANGE

www.docutrack.com




Message Digests

Computationally expensiveto publickeyencryptlong messages

Goal: fixedlength, easytocompute digital“fingerprint”apply hash function Hto m, get fixed sizemessage digest, H(m).

Hash function properties:manyto1produces fixedsize msgdigest (fingerprint)given message digest x,computationallyinfeasible to find m suchthat x = H(m)

largemessage

m

H: HashFunction

H(m)


Internet checksum: poor crypto hashfunction

Internet checksum has some properties of hash function:produces fixed length digest (16bit sum) of messageis manytoone

But given message with given hash value, it is easy to findanother message with same hash value:

I O U 10 0 . 99 B O B

49 4F 55 3130 30 2E 3939 42 D2 42

message ASCII format

B2 C1 D2 AC

I O U 90 0 . 19 B O B

49 4F 55 3930 30 2E 3139 42 D2 42


B2 C1 D2 ACdifferent messagesbut identical checksums!


largemessage

mH: Hashfunction H(m)

digitalsignature(encrypt)

Bob’sprivate

key KB

+

Bob sends digitally signedmessage:

Alice verifies signature andintegrity of digitally signedmessage:

KB(H(m))encryptedmsg digest


largemessage

m

H: Hashfunction

H(m)

digitalsignature(decrypt)

H(m)

Bob’spublic

key KB+

equal ?

Digital signature = signed message digest


Hash Function AlgorithmsMD5 hash function widely used (RFC 1321)

computes 128bit message digest in 4stepprocess.arbitrary 128bit string x, appears difficult toconstruct msg m whose MD5 hash is equal to x.

SHA1 is also used.US standard [NIST, FIPS PUB 1801]

160bit message digest

Click t

o buy NOW!

PDFXCHANGE


k to buy N

OW!PDFXCHANGE

www.docutrack.com




Chapter 8Network Security

A note on the use of these ppt slides:We’re making these slides freely available to all (faculty, students, readers).They’re in PowerPoint form so you can add, modify, and delete slides(including this one) and slide content to suit your needs. They obviouslyrepresent a lot of work on our part. In return for use, we only ask thefollowing:q If you use these slides (e.g., in a class) in substantially unaltered form,that you mention their source (after all, we’d like people to use our book!)q If you post any slides in substantially unaltered form on a www site, thatyou note that they are adapted from (or perhaps identical to) our slides, andnote our copyright of this material.

Thanks and enjoy! JFK/KWR

All material copyright 19962004J.F Kurose and K.W. Ross, All Rights Reserved

Computer Networking:A Top Down ApproachFeaturing the Internet,

3rd edition.Jim Kurose, Keith RossAddisonWesley, July2004.

Click t

o buy NOW!

PDFXCHANGE


k to buy N

OW!PDFXCHANGE

www.docutrack.com




Assuming that you’ve learned therest from the reading, in class wewill only cover slides with titles initalics.

Click t

o buy NOW!

PDFXCHANGE


k to buy N

OW!PDFXCHANGE

www.docutrack.com




Chapter 8: Network SecurityChapter goals:

understand principles of network security:cryptography and its many uses beyond“confidentiality”authenticationmessage integritykey distribution

security in practice:firewallssecurity in application, transport, network, linklayers

Click t

o buy NOW!

PDFXCHANGE


k to buy N

OW!PDFXCHANGE

www.docutrack.com




Chapter 8 roadmap


Click t

o buy NOW!

PDFXCHANGE


k to buy N

OW!PDFXCHANGE

www.docutrack.com




What is network security?

Confidentiality: only sender, intended receivershould “understand” message contents

sender encrypts messagereceiver decrypts message

Authentication: sender, receiver want to confirmidentity of each other

Message Integrity: sender, receiver want to ensuremessage not altered (in transit, or afterwards)without detection

Access and Availability: services must be accessibleand available to users

Click t

o buy NOW!

PDFXCHANGE


k to buy N

OW!PDFXCHANGE

www.docutrack.com




Friends and enemies: Alice, Bob, Trudywellknown in network security worldBob, Alice (lovers!) want to communicate “securely”Trudy (intruder) may intercept, delete, add messages

securesender

securereceiver

channel data, controlmessages

data data

Alice Bob

Trudy

Click t

o buy NOW!

PDFXCHANGE


k to buy N

OW!PDFXCHANGE

www.docutrack.com




Who might Bob, Alice be?

… well, reallife Bobs and Alices!Web browser/server for electronictransactions (e.g., online purchases)online banking client/serverDNS serversrouters exchanging routing table updatesother examples?

Click t

o buy NOW!

PDFXCHANGE


k to buy N

OW!PDFXCHANGE

www.docutrack.com




There are bad guys (and girls) out there!Q: What can a “bad guy” do?A: a lot!

eavesdrop: intercept messagesactively insert messages into connectionimpersonation: can fake (spoof) source addressin packet (or any field in packet)hijacking: “take over” ongoing connection byremoving sender or receiver, inserting himselfin placedenial of service: prevent service from beingused by others (e.g., by overloading resources)

more on this later …

Click t

o buy NOW!

PDFXCHANGE


k to buy N

OW!PDFXCHANGE

www.docutrack.com




Chapter 8 roadmap


Click t

o buy NOW!

PDFXCHANGE


k to buy N

OW!PDFXCHANGE

www.docutrack.com




The language of cryptography

symmetric key crypto: sender, receiver keys identicalpublickey crypto: encryption key public, decryption key

secret (private), and, of course, different

plaintext plaintextciphertext

KA

encryptionalgorithm

decryptionalgorithm

Alice’sencryptionkey

Bob’sdecryptionkey

KB

Click t

o buy NOW!

PDFXCHANGE


k to buy N

OW!PDFXCHANGE

www.docutrack.com




Symmetric key cryptographysubstitution cipher: substituting one thing for another

monoalphabetic cipher: substitute one letter for another

plaintext: abcdefghijklmnopqrstuvwxyz

ciphertext: mnbvcxzasdfghjklpoiuytrewq

plaintext: bob. i love you. aliceciphertext: nkn. s gktc wky. mgsbc

E.g.:

Q: How hard to break this simple cipher?:q brute force (how hard?)q other?

Click t

o buy NOW!

PDFXCHANGE


k to buy N

OW!PDFXCHANGE

www.docutrack.com




Symmetric key cryptography

symmetric key crypto: Bob and Alice share know same(symmetric) key: Ke.g., key is knowing substitution pattern in monoalphabetic substitution cipherQ: how do Bob and Alice agree on key value?

plaintextciphertext

KAB

encryptionalgorithm

decryptionalgorithm

AB

KAB

plaintextmessage, m

K (m)AB K (m)ABm = K ( )AB

Click t

o buy NOW!

PDFXCHANGE


k to buy N

OW!PDFXCHANGE

www.docutrack.com




Symmetric key crypto: DES

DES: Data Encryption StandardUS encryption standard [NIST 1993]56bit symmetric key, 64bit plaintext inputHow secure is DES?

DES Challenge: 56bitkeyencrypted phrase(“Strong cryptography makes the world a saferplace”) decrypted (brute force) in 4 monthsno known “backdoor” decryption approach

making DES more secure:use three keys sequentially (3DES) on each datumuse cipherblock chaining

Click t

o buy NOW!

PDFXCHANGE


k to buy N

OW!PDFXCHANGE

www.docutrack.com




Symmetric keycrypto: DES

initial permutation16 identical “rounds” of

function application,each using different48 bits of key

final permutation

DES operation

Click t

o buy NOW!

PDFXCHANGE


k to buy N

OW!PDFXCHANGE

www.docutrack.com




AES: Advanced Encryption Standard

new (Nov. 2001) symmetrickey NISTstandard, replacing DESprocesses data in 128 bit blocks128, 192, or 256 bit keysbrute force decryption (try each key)taking 1 sec on DES, takes 149 trillionyears for AES

Click t

o buy NOW!

PDFXCHANGE


k to buy N

OW!PDFXCHANGE

www.docutrack.com




Public Key Cryptography

symmetric key cryptorequires sender,receiver know sharedsecret keyQ: how to agree on keyin first place(particularly if never“met”)?

public key cryptographyradically differentapproach [DiffieHellman76, RSA78]sender, receiver donot share secret keypublic encryption keyknown to allprivate decryptionkey known only toreceiver

Click t

o buy NOW!

PDFXCHANGE


k to buy N

OW!PDFXCHANGE

www.docutrack.com




Public key cryptography

plaintextmessage, m

ciphertextencryptionalgorithm

decryptionalgorithm

Bob’s publickey

plaintextmessageK (m)B

+

KB+

Bob’s privatekey

K B

m = K (K (m))B+

B

Click t

o buy NOW!

PDFXCHANGE


k to buy N

OW!PDFXCHANGE

www.docutrack.com




Public key encryption algorithms

need K ( ) and K ( ) such thatB B. .

given public key K , it should beimpossible to compute privatekey K B

B

Requirements:

1

2

RSA: Rivest, Shamir, Adelson algorithm

+

K (K (m)) = mBB

+

+

Click t

o buy NOW!

PDFXCHANGE


k to buy N

OW!PDFXCHANGE

www.docutrack.com




RSA: Choosing keys1. Choose two large prime numbers p, q. (e.g., 1024 bits each)

2. Compute n = pq, z = (p1)(q1).

3. Choose e (with e<n) that has no common factors with z. (e, z are “relatively prime”).

4. Choose d such that ed1 is exactly divisible by z. (in other words: ed mod z = 1 ).

5. Public key is (n,e). Private key is (n,d).

KB+ KB

Click t

o buy NOW!

PDFXCHANGE


k to buy N

OW!PDFXCHANGE

www.docutrack.com




RSA: Encryption, decryption0. Given (n,e) and (n,d) as computed above

1. To encrypt bit pattern, m, computec = m mod ne (i.e., remainder when m is divided by n)e

2. To decrypt received bit pattern, c, computem = c mod nd (i.e., remainder when c is divided by n)d

m = (m mod n)e mod ndMagichappens!

c

Click t

o buy NOW!

PDFXCHANGE


k to buy N

OW!PDFXCHANGE

www.docutrack.com




RSA example:Bob chooses p=5, q=7. Then n=35, z=24.

e=5 (so e, z relatively prime).d=29 (so ed1 exactly divisible by z.

letter m me c = m mod ne

l 12 1524832 17

c m = c mod nd17 481968572106750915091411825223071697 12

cd letterl

encrypt:

decrypt:

Click t

o buy NOW!

PDFXCHANGE


k to buy N

OW!PDFXCHANGE

www.docutrack.com




RSA: Why is that m = (m mod n)e mod nd

(m mod n)e mod n = m mod nd ed

Useful number theory result: If p,q prime andn = pq, then:

x mod n = x mod ny y mod (p1)(q1)

= m mod ned mod (p1)(q1)

= m mod n1

= m

(using number theory result above)

(since we chose ed to be divisible by(p1)(q1) with remainder 1 )

Click t

o buy NOW!

PDFXCHANGE


k to buy N

OW!PDFXCHANGE

www.docutrack.com




RSA: another important property

The following property will be very useful later:

K (K (m)) = mBB +

K (K (m))BB+

=

use public keyfirst, followedby private key

use private keyfirst, followedby public key

Result is the same!

Click t

o buy NOW!

PDFXCHANGE


k to buy N

OW!PDFXCHANGE

www.docutrack.com




Chapter 8 roadmap


Click t

o buy NOW!

PDFXCHANGE


k to buy N

OW!PDFXCHANGE

www.docutrack.com




Authentication



Failure scenario??“I am Alice”

Click t

o buy NOW!

PDFXCHANGE


k to buy N

OW!PDFXCHANGE

www.docutrack.com




Authentication



in a network,Bob can not “see”

Alice, so Trudy simplydeclares

herself to be Alice“I am Alice”

Click t

o buy NOW!

PDFXCHANGE


k to buy N

OW!PDFXCHANGE

www.docutrack.com






Failure scenario??

“I am Alice”Alice’sIP address

Click t

o buy NOW!

PDFXCHANGE


k to buy N

OW!PDFXCHANGE

www.docutrack.com






Trudy can createa packet

“spoofing”Alice’s address“I am Alice”Alice’s

IP address

Click t

o buy NOW!

PDFXCHANGE


k to buy N

OW!PDFXCHANGE

www.docutrack.com






Failure scenario??


Alice’spassword

OKAlice’sIP addr

Click t

o buy NOW!

PDFXCHANGE


k to buy N

OW!PDFXCHANGE

www.docutrack.com






playback attack: Trudyrecords Alice’s packet

and laterplays it back to Bob


Alice’spassword

OKAlice’sIP addr


Alice’spassword

Click t

o buy NOW!

PDFXCHANGE


k to buy N

OW!PDFXCHANGE

www.docutrack.com




Authentication: yet another try


Failure scenario??


encryptedpassword

OKAlice’sIP addr

Click t

o buy NOW!

PDFXCHANGE


k to buy N

OW!PDFXCHANGE

www.docutrack.com






recordand

playbackstill works!


encryptedpassword

OKAlice’sIP addr


encryptedpassword

Click t

o buy NOW!

PDFXCHANGE


k to buy N

OW!PDFXCHANGE

www.docutrack.com




Authentication: yet another tryGoal: avoid playback attack

Failures, drawbacks?

Nonce: number (R) used only once –inalifetimeap4.0: to prove Alice “live”, Bob sends Alice nonce, R.

Alicemust return R, encrypted with shared secret key

“I am Alice”

R

K (R)ABAlice is live, andonly Alice knowskey to encrypt

nonce, so it mustbe Alice!

Click t

o buy NOW!

PDFXCHANGE


k to buy N

OW!PDFXCHANGE

www.docutrack.com




Authentication: ap5.0

ap4.0 requires shared symmetric keycan we authenticate using public key techniques?

ap5.0: use nonce, public key cryptography

“I am Alice”R

Bob computes

K (R)A

“send me your public key”

KA+

(K (R)) = RA

KA+

and knows only Alicecould have the privatekey, that encrypted R

such that(K (R)) = RA

KA

+

Click t

o buy NOW!

PDFXCHANGE


k to buy N

OW!PDFXCHANGE

www.docutrack.com






I am Alice I am AliceR

TK (R)


TK+

AK (R)


AK+

TK (m)+

Tm = K (K (m))+

T

Trudy gets

sends m to Aliceencrypted with

Alice’s public key

AK (m)+

Am = K (K (m))+

A

R

Click t

o buy NOW!

PDFXCHANGE


k to buy N

OW!PDFXCHANGE

www.docutrack.com






Difficult to detect:q Bob receives everything that Alice sends, and viceversa. (e.g., so Bob, Alice can meet one week later andrecall conversation)q problem is that Trudy receives all messages as well!

Click t

o buy NOW!

PDFXCHANGE


k to buy N

OW!PDFXCHANGE

www.docutrack.com




Chapter 8 roadmap

8.1 What is network security?8.2 Principles of cryptography8.3 Authentication8.4 Message integrity8.5 Key Distribution and certification8.6 Access control: firewalls8.7 Attacks and counter measures8.8 Security in many layers

Click t

o buy NOW!

PDFXCHANGE


k to buy N

OW!PDFXCHANGE

www.docutrack.com




Digital Signatures

Cryptographic technique analogous to handwritten signatures.sender (Bob) digitally signs document,establishing he is document owner/creator.verifiable, nonforgeable: recipient (Alice) canprove to someone that Bob, and no one else(including Alice), must have signed document

Click t

o buy NOW!

PDFXCHANGE


k to buy N

OW!PDFXCHANGE

www.docutrack.com




Digital Signatures

Simple digital signature for message m:Bob signs m by encrypting with his private keyKB, creating “signed” message, KB(m)

Dear AliceOh, how I have missedyou. I think of you all thetime! … (blah blah blah)

Bob

Bob’s message, m

Public keyencryptionalgorithm

Bob’s privatekeyKB

Bob’s message,m, signed

(encrypted) withhis private key

KB(m)

Click t

o buy NOW!

PDFXCHANGE


k to buy N

OW!PDFXCHANGE

www.docutrack.com




Digital Signatures (more)Suppose Alice receives msg m, digital signature KB(m)Alice verifies m signed by Bob by applying Bob’spublic key KB to KB(m) then checks KB(KB(m) ) = m.If KB(KB(m) ) = m, whoever signed m must have usedBob’s private key.

+ +

+

Alice thus verifies that:Bob signed m.No one else signed m.Bob signed m and not m’.

Nonrepudiation:ü Alice can take m, and signature KB(m) to

court and prove that Bob signed m.

Click t

o buy NOW!

PDFXCHANGE


k to buy N

OW!PDFXCHANGE

www.docutrack.com




Message Digests

Computationally expensiveto publickeyencryptlong messages

Goal: fixedlength, easytocompute digital“fingerprint”apply hash function Hto m, get fixed sizemessage digest, H(m).

Hash function properties:manyto1produces fixedsize msgdigest (fingerprint)given message digest x,computationallyinfeasible to find m suchthat x = H(m)

largemessage

m

H: HashFunction

H(m)

Click t

o buy NOW!

PDFXCHANGE


k to buy N

OW!PDFXCHANGE

www.docutrack.com




Internet checksum: poor crypto hashfunction

Internet checksum has some properties of hash function:produces fixed length digest (16bit sum) of messageis manytoone

But given message with given hash value, it is easy to findanother message with same hash value:

I O U 10 0 . 99 B O B

49 4F 55 3130 30 2E 3939 42 D2 42


B2 C1 D2 AC

I O U 90 0 . 19 B O B

49 4F 55 3930 30 2E 3139 42 D2 42


B2 C1 D2 ACdifferent messagesbut identical checksums!

Click t

o buy NOW!

PDFXCHANGE


k to buy N

OW!PDFXCHANGE

www.docutrack.com




largemessage

mH: Hashfunction H(m)

digitalsignature(encrypt)

Bob’sprivate

key KB

+

Bob sends digitally signedmessage:

Alice verifies signature andintegrity of digitally signedmessage:



largemessage

m

H: Hashfunction

H(m)

digitalsignature(decrypt)

H(m)

Bob’spublic

key KB+

equal ?

Digital signature = signed message digestClick t

o buy NOW!

PDFXCHANGE


k to buy N

OW!PDFXCHANGE

www.docutrack.com




Hash Function AlgorithmsMD5 hash function widely used (RFC 1321)

computes 128bit message digest in 4stepprocess.arbitrary 128bit string x, appears difficult toconstruct msg m whose MD5 hash is equal to x.

SHA1 is also used.US standard [NIST, FIPS PUB 1801]160bit message digest

Click t

o buy NOW!

PDFXCHANGE


k to buy N

OW!PDFXCHANGE

www.docutrack.com



chapter€8 assuming€that€you’ve€learned€the network ... · 8:€network€security 81...

Documents