![Page 1: 6/3/2015Gene Itkis: BU CAS 558 - Network Security1 CS 558: Network Security Gene Itkis](https://reader035.vdocuments.us/reader035/viewer/2022081516/56649d2b5503460f94a010e6/html5/thumbnails/1.jpg)
04/18/23 Gene Itkis: BU CAS 558 - Network Security 1
CS 558: Network Security
Gene Itkis
![Page 2: 6/3/2015Gene Itkis: BU CAS 558 - Network Security1 CS 558: Network Security Gene Itkis](https://reader035.vdocuments.us/reader035/viewer/2022081516/56649d2b5503460f94a010e6/html5/thumbnails/2.jpg)
04/18/23 Gene Itkis: BU CAS 558 - Network Security 2
Network Security
Overview
![Page 3: 6/3/2015Gene Itkis: BU CAS 558 - Network Security1 CS 558: Network Security Gene Itkis](https://reader035.vdocuments.us/reader035/viewer/2022081516/56649d2b5503460f94a010e6/html5/thumbnails/3.jpg)
04/18/23 Gene Itkis: BU CAS 558 - Network Security 3
Basic scenario
![Page 4: 6/3/2015Gene Itkis: BU CAS 558 - Network Security1 CS 558: Network Security Gene Itkis](https://reader035.vdocuments.us/reader035/viewer/2022081516/56649d2b5503460f94a010e6/html5/thumbnails/4.jpg)
04/18/23 Gene Itkis: BU CAS 558 - Network Security 4
AliceSimplified Scenario
Network:•Internet•intranet•LAN•WAN•…
Bob
How to protect?•Encrypt
•Key agreement
•Authenticate
Eve
Issues:•Protocols•Protection (crypto)
A solution: SSL/TLS
![Page 5: 6/3/2015Gene Itkis: BU CAS 558 - Network Security1 CS 558: Network Security Gene Itkis](https://reader035.vdocuments.us/reader035/viewer/2022081516/56649d2b5503460f94a010e6/html5/thumbnails/5.jpg)
04/18/23 Gene Itkis: BU CAS 558 - Network Security 5
How to protect?
![Page 6: 6/3/2015Gene Itkis: BU CAS 558 - Network Security1 CS 558: Network Security Gene Itkis](https://reader035.vdocuments.us/reader035/viewer/2022081516/56649d2b5503460f94a010e6/html5/thumbnails/6.jpg)
04/18/23 Gene Itkis: BU CAS 558 - Network Security 6
Crypto
Landscape overview
![Page 7: 6/3/2015Gene Itkis: BU CAS 558 - Network Security1 CS 558: Network Security Gene Itkis](https://reader035.vdocuments.us/reader035/viewer/2022081516/56649d2b5503460f94a010e6/html5/thumbnails/7.jpg)
04/18/23 Gene Itkis: BU CAS 558 - Network Security 7
Definitions and Concepts
![Page 8: 6/3/2015Gene Itkis: BU CAS 558 - Network Security1 CS 558: Network Security Gene Itkis](https://reader035.vdocuments.us/reader035/viewer/2022081516/56649d2b5503460f94a010e6/html5/thumbnails/8.jpg)
04/18/23 Gene Itkis: BU CAS 558 - Network Security 8
What is CryptographyCryptography?
It all started with
– EncryptionEncryption / DecryptionDecryption
“attack at midnight”
“buubdl bu njeojhiu”
- plaintext
- ciphertext
![Page 9: 6/3/2015Gene Itkis: BU CAS 558 - Network Security1 CS 558: Network Security Gene Itkis](https://reader035.vdocuments.us/reader035/viewer/2022081516/56649d2b5503460f94a010e6/html5/thumbnails/9.jpg)
04/18/23 Gene Itkis: BU CAS 558 - Network Security 9
Encryption / Decryption (cont.)
encoder
decoder
(plaintext in -ciphertext out)
ciphertext ciphertext msgmsg
(ciphertext in - plaintext out)
(should understand nothingnothing about the msg)
eavesdropper
bla-bla
cmb-cmb-cmbcmb
bla-bla
Shared Key
![Page 10: 6/3/2015Gene Itkis: BU CAS 558 - Network Security1 CS 558: Network Security Gene Itkis](https://reader035.vdocuments.us/reader035/viewer/2022081516/56649d2b5503460f94a010e6/html5/thumbnails/10.jpg)
04/18/23 Gene Itkis: BU CAS 558 - Network Security 10
Crypto tools Encryption/decryption – to hide info Key exchange - to establish shared
key Authentication – to establish shared key
with the party you really meant to– public– private
Signatures Hashing Certificates, PKI
![Page 11: 6/3/2015Gene Itkis: BU CAS 558 - Network Security1 CS 558: Network Security Gene Itkis](https://reader035.vdocuments.us/reader035/viewer/2022081516/56649d2b5503460f94a010e6/html5/thumbnails/11.jpg)
04/18/23 Gene Itkis: BU CAS 558 - Network Security 11
Adversary types
Alice and Bob want to communicate in presence of adversaries– Adversaries:
Passive – just looking Active – may change msgs
AliceAlice
BobBob
![Page 12: 6/3/2015Gene Itkis: BU CAS 558 - Network Security1 CS 558: Network Security Gene Itkis](https://reader035.vdocuments.us/reader035/viewer/2022081516/56649d2b5503460f94a010e6/html5/thumbnails/12.jpg)
04/18/23 Gene Itkis: BU CAS 558 - Network Security 12
Key exchange: man-in-the-middle
Key exchange without Authentication– Subject to Man-in-the-Middle attack
Attacker translates between the keys, reading and/or modifying the messages
– Authentication afterwards will not help!
AliceAlice BobBobShared w/AliceShare
d w/Bob
![Page 13: 6/3/2015Gene Itkis: BU CAS 558 - Network Security1 CS 558: Network Security Gene Itkis](https://reader035.vdocuments.us/reader035/viewer/2022081516/56649d2b5503460f94a010e6/html5/thumbnails/13.jpg)
04/18/23 Gene Itkis: BU CAS 558 - Network Security 13
Authentication
M
AliceAlice
BobBob
•Alice sends a msg M to Bob •Bob wants to be sure M is really from Alice
![Page 14: 6/3/2015Gene Itkis: BU CAS 558 - Network Security1 CS 558: Network Security Gene Itkis](https://reader035.vdocuments.us/reader035/viewer/2022081516/56649d2b5503460f94a010e6/html5/thumbnails/14.jpg)
04/18/23 Gene Itkis: BU CAS 558 - Network Security 14
Signatures
AliceAlice
BobBob
SAliceAlice
SigM= Sign(M, SAliceAlice )
(M, SigM)
Verify(M, SigM, …)
![Page 15: 6/3/2015Gene Itkis: BU CAS 558 - Network Security1 CS 558: Network Security Gene Itkis](https://reader035.vdocuments.us/reader035/viewer/2022081516/56649d2b5503460f94a010e6/html5/thumbnails/15.jpg)
04/18/23 Gene Itkis: BU CAS 558 - Network Security 15
Authentication: “public”
AliceAlice
BobBob
• checks• contracts•…
![Page 16: 6/3/2015Gene Itkis: BU CAS 558 - Network Security1 CS 558: Network Security Gene Itkis](https://reader035.vdocuments.us/reader035/viewer/2022081516/56649d2b5503460f94a010e6/html5/thumbnails/16.jpg)
04/18/23 Gene Itkis: BU CAS 558 - Network Security 16
Public Key Signatures
PAliceAlice
AliceAliceBobBob
SAliceAlice
SigM= Sign(M, SAliceAlice )
= (M, SigM)
Verify(M, SigM, PAlice Alice )
Public Key Secret Key
ProblemProblem: How to authenticate: How to authenticate PAliceAlice ??
![Page 17: 6/3/2015Gene Itkis: BU CAS 558 - Network Security1 CS 558: Network Security Gene Itkis](https://reader035.vdocuments.us/reader035/viewer/2022081516/56649d2b5503460f94a010e6/html5/thumbnails/17.jpg)
04/18/23 Gene Itkis: BU CAS 558 - Network Security 17
Certificates
“This public key PAliceAlice really belongs to Alice. Signed by Charlie, Certification Authority”
Certificates can be public! Who’s Charlie?!?Who’s Charlie?!?
AliceAliceCharlie,Charlie,
CACA
SAliceAlice
Public Key Secret Key
PAliceAlice
PAliceAlice
CA
![Page 18: 6/3/2015Gene Itkis: BU CAS 558 - Network Security1 CS 558: Network Security Gene Itkis](https://reader035.vdocuments.us/reader035/viewer/2022081516/56649d2b5503460f94a010e6/html5/thumbnails/18.jpg)
04/18/23 Gene Itkis: BU CAS 558 - Network Security 18
Public Key Infrastructures (PKI) Root CA public key
– Obtained out-of-band– Certifies other Public Keys
(of CAs, or users) Certification Chains Grain of salt: so, you have a
certificate… To be continued…
![Page 19: 6/3/2015Gene Itkis: BU CAS 558 - Network Security1 CS 558: Network Security Gene Itkis](https://reader035.vdocuments.us/reader035/viewer/2022081516/56649d2b5503460f94a010e6/html5/thumbnails/19.jpg)
04/18/23 Gene Itkis: BU CAS 558 - Network Security 19
Back to Signatures
AliceAlice
BobBob
SAliceAlice
SigM= Sign(M, SAliceAlice )
= (M, SigM)
Verify(M, SigM, …)
![Page 20: 6/3/2015Gene Itkis: BU CAS 558 - Network Security1 CS 558: Network Security Gene Itkis](https://reader035.vdocuments.us/reader035/viewer/2022081516/56649d2b5503460f94a010e6/html5/thumbnails/20.jpg)
04/18/23 Gene Itkis: BU CAS 558 - Network Security 20
Authentication: “private”AliceAlice
BobBob
SAliceAlice
SigM= Sign(M, SAliceAlice )
= (M, SigM)
SAliceAlice
Verify(M, SigM, SAliceAlice ) :
Check SigM= Sign(M, SAliceAlice )
Message Authentication Code (MAC)Sign(M, SAliceAlice )=Hash(M, SAliceAlice )
MAC = “Shared Secret Sig” = Symmetric Sig (Sign=Verify)
![Page 21: 6/3/2015Gene Itkis: BU CAS 558 - Network Security1 CS 558: Network Security Gene Itkis](https://reader035.vdocuments.us/reader035/viewer/2022081516/56649d2b5503460f94a010e6/html5/thumbnails/21.jpg)
04/18/23 Gene Itkis: BU CAS 558 - Network Security 21
Hashing
Crypto Hash:collisions may exist, but
are hard to find Given y hard to find x, s.t. Hash(x)=y
Used for: Symmetric signatures “Fingerprint” for Public Key signatures
x1 Hash y
x2collision
![Page 22: 6/3/2015Gene Itkis: BU CAS 558 - Network Security1 CS 558: Network Security Gene Itkis](https://reader035.vdocuments.us/reader035/viewer/2022081516/56649d2b5503460f94a010e6/html5/thumbnails/22.jpg)
04/18/23 Gene Itkis: BU CAS 558 - Network Security 22
Another setting
AliceAlice
BobBob
![Page 23: 6/3/2015Gene Itkis: BU CAS 558 - Network Security1 CS 558: Network Security Gene Itkis](https://reader035.vdocuments.us/reader035/viewer/2022081516/56649d2b5503460f94a010e6/html5/thumbnails/23.jpg)
04/18/23 Gene Itkis: BU CAS 558 - Network Security 23
![Page 24: 6/3/2015Gene Itkis: BU CAS 558 - Network Security1 CS 558: Network Security Gene Itkis](https://reader035.vdocuments.us/reader035/viewer/2022081516/56649d2b5503460f94a010e6/html5/thumbnails/24.jpg)
04/18/23 Gene Itkis: BU CAS 558 - Network Security 24
![Page 25: 6/3/2015Gene Itkis: BU CAS 558 - Network Security1 CS 558: Network Security Gene Itkis](https://reader035.vdocuments.us/reader035/viewer/2022081516/56649d2b5503460f94a010e6/html5/thumbnails/25.jpg)
04/18/23 Gene Itkis: BU CAS 558 - Network Security 25
![Page 26: 6/3/2015Gene Itkis: BU CAS 558 - Network Security1 CS 558: Network Security Gene Itkis](https://reader035.vdocuments.us/reader035/viewer/2022081516/56649d2b5503460f94a010e6/html5/thumbnails/26.jpg)
04/18/23 Gene Itkis: BU CAS 558 - Network Security 26
![Page 27: 6/3/2015Gene Itkis: BU CAS 558 - Network Security1 CS 558: Network Security Gene Itkis](https://reader035.vdocuments.us/reader035/viewer/2022081516/56649d2b5503460f94a010e6/html5/thumbnails/27.jpg)
04/18/23 Gene Itkis: BU CAS 558 - Network Security 27
![Page 28: 6/3/2015Gene Itkis: BU CAS 558 - Network Security1 CS 558: Network Security Gene Itkis](https://reader035.vdocuments.us/reader035/viewer/2022081516/56649d2b5503460f94a010e6/html5/thumbnails/28.jpg)
04/18/23 Gene Itkis: BU CAS 558 - Network Security 28
![Page 29: 6/3/2015Gene Itkis: BU CAS 558 - Network Security1 CS 558: Network Security Gene Itkis](https://reader035.vdocuments.us/reader035/viewer/2022081516/56649d2b5503460f94a010e6/html5/thumbnails/29.jpg)
04/18/23 Gene Itkis: BU CAS 558 - Network Security 29
![Page 30: 6/3/2015Gene Itkis: BU CAS 558 - Network Security1 CS 558: Network Security Gene Itkis](https://reader035.vdocuments.us/reader035/viewer/2022081516/56649d2b5503460f94a010e6/html5/thumbnails/30.jpg)
04/18/23 Gene Itkis: BU CAS 558 - Network Security 30
![Page 31: 6/3/2015Gene Itkis: BU CAS 558 - Network Security1 CS 558: Network Security Gene Itkis](https://reader035.vdocuments.us/reader035/viewer/2022081516/56649d2b5503460f94a010e6/html5/thumbnails/31.jpg)
04/18/23 Gene Itkis: BU CAS 558 - Network Security 31
![Page 32: 6/3/2015Gene Itkis: BU CAS 558 - Network Security1 CS 558: Network Security Gene Itkis](https://reader035.vdocuments.us/reader035/viewer/2022081516/56649d2b5503460f94a010e6/html5/thumbnails/32.jpg)
04/18/23 Gene Itkis: BU CAS 558 - Network Security 32
![Page 33: 6/3/2015Gene Itkis: BU CAS 558 - Network Security1 CS 558: Network Security Gene Itkis](https://reader035.vdocuments.us/reader035/viewer/2022081516/56649d2b5503460f94a010e6/html5/thumbnails/33.jpg)
04/18/23 Gene Itkis: BU CAS 558 - Network Security 33
![Page 34: 6/3/2015Gene Itkis: BU CAS 558 - Network Security1 CS 558: Network Security Gene Itkis](https://reader035.vdocuments.us/reader035/viewer/2022081516/56649d2b5503460f94a010e6/html5/thumbnails/34.jpg)
04/18/23 Gene Itkis: BU CAS 558 - Network Security 34
![Page 35: 6/3/2015Gene Itkis: BU CAS 558 - Network Security1 CS 558: Network Security Gene Itkis](https://reader035.vdocuments.us/reader035/viewer/2022081516/56649d2b5503460f94a010e6/html5/thumbnails/35.jpg)
04/18/23 Gene Itkis: BU CAS 558 - Network Security 35
![Page 36: 6/3/2015Gene Itkis: BU CAS 558 - Network Security1 CS 558: Network Security Gene Itkis](https://reader035.vdocuments.us/reader035/viewer/2022081516/56649d2b5503460f94a010e6/html5/thumbnails/36.jpg)
04/18/23 Gene Itkis: BU CAS 558 - Network Security 36
![Page 37: 6/3/2015Gene Itkis: BU CAS 558 - Network Security1 CS 558: Network Security Gene Itkis](https://reader035.vdocuments.us/reader035/viewer/2022081516/56649d2b5503460f94a010e6/html5/thumbnails/37.jpg)
04/18/23 Gene Itkis: BU CAS 558 - Network Security 37
![Page 38: 6/3/2015Gene Itkis: BU CAS 558 - Network Security1 CS 558: Network Security Gene Itkis](https://reader035.vdocuments.us/reader035/viewer/2022081516/56649d2b5503460f94a010e6/html5/thumbnails/38.jpg)
04/18/23 Gene Itkis: BU CAS 558 - Network Security 38
![Page 39: 6/3/2015Gene Itkis: BU CAS 558 - Network Security1 CS 558: Network Security Gene Itkis](https://reader035.vdocuments.us/reader035/viewer/2022081516/56649d2b5503460f94a010e6/html5/thumbnails/39.jpg)
04/18/23 Gene Itkis: BU CAS 558 - Network Security 39
![Page 40: 6/3/2015Gene Itkis: BU CAS 558 - Network Security1 CS 558: Network Security Gene Itkis](https://reader035.vdocuments.us/reader035/viewer/2022081516/56649d2b5503460f94a010e6/html5/thumbnails/40.jpg)
04/18/23 Gene Itkis: BU CAS 558 - Network Security 40
![Page 41: 6/3/2015Gene Itkis: BU CAS 558 - Network Security1 CS 558: Network Security Gene Itkis](https://reader035.vdocuments.us/reader035/viewer/2022081516/56649d2b5503460f94a010e6/html5/thumbnails/41.jpg)
04/18/23 Gene Itkis: BU CAS 558 - Network Security 41
![Page 42: 6/3/2015Gene Itkis: BU CAS 558 - Network Security1 CS 558: Network Security Gene Itkis](https://reader035.vdocuments.us/reader035/viewer/2022081516/56649d2b5503460f94a010e6/html5/thumbnails/42.jpg)
04/18/23 Gene Itkis: BU CAS 558 - Network Security 42
![Page 43: 6/3/2015Gene Itkis: BU CAS 558 - Network Security1 CS 558: Network Security Gene Itkis](https://reader035.vdocuments.us/reader035/viewer/2022081516/56649d2b5503460f94a010e6/html5/thumbnails/43.jpg)
04/18/23 Gene Itkis: BU CAS 558 - Network Security 43
![Page 44: 6/3/2015Gene Itkis: BU CAS 558 - Network Security1 CS 558: Network Security Gene Itkis](https://reader035.vdocuments.us/reader035/viewer/2022081516/56649d2b5503460f94a010e6/html5/thumbnails/44.jpg)
04/18/23 Gene Itkis: BU CAS 558 - Network Security 44
![Page 45: 6/3/2015Gene Itkis: BU CAS 558 - Network Security1 CS 558: Network Security Gene Itkis](https://reader035.vdocuments.us/reader035/viewer/2022081516/56649d2b5503460f94a010e6/html5/thumbnails/45.jpg)
04/18/23 Gene Itkis: BU CAS 558 - Network Security 45
![Page 46: 6/3/2015Gene Itkis: BU CAS 558 - Network Security1 CS 558: Network Security Gene Itkis](https://reader035.vdocuments.us/reader035/viewer/2022081516/56649d2b5503460f94a010e6/html5/thumbnails/46.jpg)
04/18/23 Gene Itkis: BU CAS 558 - Network Security 46
![Page 47: 6/3/2015Gene Itkis: BU CAS 558 - Network Security1 CS 558: Network Security Gene Itkis](https://reader035.vdocuments.us/reader035/viewer/2022081516/56649d2b5503460f94a010e6/html5/thumbnails/47.jpg)
04/18/23 Gene Itkis: BU CAS 558 - Network Security 47