Download - Network security
Objective
ThreatsFirewall Packet-filtering firewalls Firewall policies and rules Common Problem with Packet Filtering
Virtual Private NetworksIPSec (Internet Protocol Security)
SSL (Secure Socket Layer)Cryptography Symmetric Key Signatures Public key Signatures The Birthday AttackSummary
Threats
• THREATS are possible attacks.• It includes
– The spread of computer viruses – Infiltration and theft of data from external hackers – Engineered network overloads triggered by malicious mass
e-mailing – Misuse of computer resources and confidential information
by employees – Unauthorized financial transactions and other kinds of
computer fraud conducted in the company's name – Electronic inspection of corporate computer data by
outside parties – Damage from failure, fire, or natural disasters
Threats
• Network Security threats fall into two categories. Passive threats and Active threats.
• Passive threats is also called as eavesdropping, involve attempt by an attacker to obtain information relating to a communication.
• Active threats involves some modification of the transmitted data or creation of false transmissions.
• A network security threat is any potentially adverse occurrence that can harm or interrupt the systems using the network, or cause a monetary loss to an organization.
• Once the threats are identified they are then ranked according to their occurrence.
• The next slide summarizes the most common threats to security.
Threats
What is a Firewall?
• A firewall is a method of achieving security between trusted and untrusted networks
• The choice, configuration and operation of a firewall is defined by policy, which determines the the services and type of access permitted
• Firewall = policy+implementation • Firewall = “zone of risk” for the trusted network
Gateway (DMZ)
Firewalls
• Firewalls are used to prevent intruders on the Internet from making unauthorized access and denial of service attacks to your network.
• A firewall is a router, gateway, or special purpose computer that examines packets flowing into and out of the organization’s network (usually via the Internet or corporate Intranet), restricting access to that network.
Types of firewalls
Packet Filtering firewall Operate on transport and network layers of the
TCP/IP stack
Application Gateways/Proxies Operate on the application protocol level
Internal NetworkExternalNetwork
Packet Filtering Firewall
Proxy Client
Actual ServerProxy Firewall
Packet Filtering Firewall
Operate on transport and network layers of the TCP/IP stack
Decides what to do with a packet depending upon the following criteria: Transport protocol (TCP,UDP,ICMP), Source and destination IP address The source and destination ports ICMP message type/code Various TCP options such as packet size,
fragmentation etc
Packet Filtering
• Example 1: block incoming and outgoing datagrams with IP protocol field = 17 and with either source or dest port = 23.– All incoming and outgoing UDP flows and telnet
connections are blocked.
• Example 2: Block inbound TCP segments with ACK=0 or with SYN bit set and ACK bit unset.– Prevents external clients from making TCP
connections with internal clients, but allows internal clients to connect to outside.
Packet Filtering Firewall: Terminology
• Stateless Firewall: The firewall makes a decision on a packet by packet basis.
• Stateful Firewall : The firewall keeps state information about transactions (connections).
• NAT - Network Address translation– Translates public IP address(es) to private IP
address(es) on a private LAN.– We looked at this already (must be stateful)
Packet Filtering Firewall: Functions
• Forward the packet(s) on to the intended destination
• Reject the packet(s) and notify the sender (ICMP dest unreach/admin prohibited)
• Drop the packet(s) without notifying the sender.
• Log accepted and/or denied packet information
• NAT - Network Address Translation
Packet Filtering Firewall: Disadvantages
• Filters can be difficult to configure. It’s not always easy to anticipate traffic patterns and create filtering rules to fit.
• Filter rules are sometimes difficult to test• Packet filtering can degrade router performance• Attackers can “tunnel” malicious traffic through
allowed ports on the filter.
Application Gateway (Proxy Server)
Operate at the application protocol level. (Telnet, FTP, HTTP)
Filters packets on application data as well as on IP/TCP/UDP fields
Application Gateways “Understand” the protocol and can be configured to allow or deny specific protocol operations.
Typically, proxy servers sit between the client and actual service. Both the client and server talk to the proxy rather than directly with each other.
Application gateways
• Example: allow select internal users to telnet outside.
host-to-gatewaytelnet session
gateway-to-remote host telnet session
applicationgateway
router and filter
1. Require all telnet users to telnet through gateway.
2. For authorized users, gateway sets up telnet connection to dest host. Gateway relays data between 2 connections
3. Router filter blocks all telnet connections not originating from gateway.
Application Gateway (Proxy Server): Disadvantages
• Requires modification to client software application
• Some client software applications don’t accommodate the use of a proxy
• Some protocols aren’t supported by proxy servers
• Some proxy servers may be difficult to configure and may not provide all the protection you need.
Firewall Hardware/Software
• Dedicated hardware/software application such as Cisco PIX Firewall which filters traffic passing through the multiple network interfaces.
• A Unix or Windows based host with multiple network interfaces, running a firewall software package which filters incoming and outgoing traffic across the interfaces.
• A Unix or Windows based host with a single network interface, running a firewall software package which filters the incoming and outgoing traffic to the individual interface.
Firewall Architecture
In the real world, designs are far more complex
Internal NetworkExternalNetwork
Border Router
External Firewall
Web ServerIDS
Internal Firewall
DMZ
Internal Router
Core Switch
Core Switch
Core Switch
Modem
Limitations of firewalls and gateways
• IP spoofing: router can’t know if data “really” comes from claimed source
• If multiple app’s. need special treatment, each has own app. gateway.
• Client software must know how to contact gateway.– e.g., must set IP
address of proxy in Web browser
• Filters often use all or nothing policy for UDP.
• Tradeoff: degree of communication with outside world, level of security
• Many highly protected sites still suffer from attacks.
Firewall policies and rules
• Network service access policy (NSAP)– Defines which services are to be explicitly
allowed or denied+ways in which these services are to be used
• Firewall design policy (FDP)– Defines how the firewall implements
restricted access and service filtering specified by the NSAP
– FDP must be continuously updated with new vulnerabilities
Packet Traversal in a Firewall
Packet receipt by firewallLink layer filtering
Dynamic ruleset (state)Packet legality checksIP and port filteringNAT/PAT (header
rewrite)Packet reassembly
Application level analysisRouting decision
Dynamic ruleset (state)Packet sanity checksIP and port filtering
Packet release
Packet flow
Packet may be droppedPacket may be dropped
Stream may be dropped
Optional outbound filtering
BypassOnMatch
Firewall policies and rules
Filtering and Policies Filtering Overview
• Determines which packets to allow through firewall– Can apply to inbound and/or outbound traffic– Filter by protocol, port, or packet content– Allows certain traffic while denying others
• Application filtering– Authentication and virus checking
• Dynamic packet filtering– Opens ports as needed
Filtering and Policies Application Filters
• Filters based on packet contents• FTP
– Dynamically opens ports• Intrusion detection
– DNS attacks– POP3 buffer overflow attacks
• STMP– Block spam, viruses, and dangerous code
• Streaming media– Specify streaming media protocols
Filtering and Policies Stateful Inspection
• Inspects traffic source and destination• Also known as dynamic packet filtering
– Opens ports in response to user request– Closes ports when communication ends
• Outgoing packets that request specific types of incoming packets are tracked– Only replies are let back in
Filtering and Policies Firewall Policies Overview
• Network rules– Determines how two networks are connected
• Firewall policy rules– Access rules– Publishing rules
• Outgoing requests– Checks network rules– Check access rules
• Incoming requests– Checks publishing rules– Checks Web chaining rules
Filtering and Policies Configuring Policies
• Action– Allow or deny
• Protocols• Source and destination networks• Users or groups• Schedule• Application filtering
– HTTP, RPC, FTP, SMTP, etc.• Change order of rule
Common Problem with Packet Filtering
1. Filters are difficult to configure2. TCP and UDP source port are often omitted
from filtering criteria3. Special handling of start-of-connection
packets is impossible4. Tabular filtering rule structures are too
cumbersome5. Testing and monitoring filters is difficult6. RPC is very difficult to filter effectively
VPN
• What is a VPN?• Common uses of VPNs• Basic requirements of VPN• Tunneling Basics• Tunneling Protocols• Tunnel Types
What is a VPN?
• Virtual Private Network is a network in which some of the parts are connected using the public Internet, but the data sent across the Internet is encrypted, so the entire network is virtually private.
• A technology that allows to send confidential data securely over the internet
Common uses of VPNs1. Remote Access Over the Internet
Fig. Using a VPN connection to connect a remote client to a private intranet
Common uses of VPNs Cont.
2. Connecting Networks Over the Internet – Site-to-Site VPN
Fig. Using dedicated or dial-up lines to connect a branch office to a corporate LAN
Common uses of VPNs Cont
3. Connecting Computers over an Intranet
Fig. Using a VPN connection to connect to a secured or hidden network
Basic requirements of VPN
• User Authentication• Address Management• Data Encryption• Key Management• Multiprotocol Support
Tunneling Basics
• Tunneling is the transmission of data intended for use only within a private, usually corporate network through a public network in such a way that the routing nodes in the public network are unaware that the transmission is part of a private network
Fig. Tunneling
Tunneling Three Primary Components:
1. Passenger protocol:
– which is the protocol you are encapsulating
– IP, IPX, NetBEUI, AppleTalk, Banyan VINES, CLNS, DECnet, ...
2. Carrier protocol
– which is the tunnel protocol
– PPP, PPTP, L2F, L2TP, GRE, IPSec
3. Transport protocol
– which transports the tunnel (i.e. the encapsulated protocol) – IP
Tunneling Basics cont.
Tunneling Protocols
1. Point to Point Tunneling Protocols ( Layer 2 )2. Layer 2 Forwarding Protocols (Layer 2)
3. Layer 2 Tunneling Protocols ( Layer 2)4. IPSec ( Layer 3 )
Point-to-Point Tunneling Protocol
– Microsoft’s Implementation of VPN– Data is first encapsulated inside PPP packets– PPP packets are then encapsulated in GRE packets
and sent over the link– Developed as an extension of the
Point-to-Point Protocol (PPP).– PPTP tunnels or encapsulates, IP, IPX, or NetBEUI
protocols inside of PPP datagrams – It uses Microsoft Point-to-Point Encryption (MPPE)
L2F: Layer 2 Forwarding Protocol
• The Layer 2 Forward protocol (L2F) is used to establish a secure tunnel across a public infrastructure (such as the Internet) that connects an ISP POP to an enterprise home gateway. This tunnel creates a virtual point-to-point connection between the user and the enterprise customer's network.
• Layer Two Forwarding protocol (L2F) permits the tunneling of the link layer (i.e., HDLC, async HDLC, or SLIP frames) of higher-level protocols.
• L2F allows encapsulation of PPP/SLIP packets within L2F. The ISP NAS and the Home gateway require a common understanding of the encapsulation protocol so that SLIP/PPP packets can be successfully transmitted and received across the Internet.
Layer 2 Tunneling Protocols
• L2TP is an industry-standard Internet tunneling protocol with roughly the same functionality as the Point-to-Point Tunneling Protocol (PPTP).
• Like PPTP, L2TP encapsulates Point-to-Point Protocol (PPP) frames, which in turn encapsulate IP, IPX, or NetBEUI protocols
• With L2TP, the computer performs all security checks and validations, and enables data encryption, which makes it much safer to send information over nonsecure networks by using the new Internet Protocol security (IPSec)
• In this case data transfer through a L2TP-enabled VPN is as secure as within a single LAN at a corporate site
L2TP packet with IPSec ESP
• L2TP is a combination of PPTP and Layer 2 Forwarding (L2F), a technology proposed by Cisco Systems, Inc. L2TP represents the best features of PPTP and L2F. L2TP encapsulates PPP frames to be sent over IP, X.25, Frame Relay, or Asynchronous Transfer Mode (ATM) networks. When configured to use IP as its datagram transport, L2TP can be used as a tunneling protocol over the Internet
• L2TP over IP internetworks uses UDP and a series of L2TP messages for tunnel maintenance. L2TP also uses UDP to send L2TP-encapsulated PPP frames as the tunneled data.
• In Windows 2000, IPSec Encapsulating Security Payload (ESP) is used to encrypt the L2TP packet. This is known as L2TP/IPSec.
PPTP Compared to L2TP/IPSec
PPTP1. Data encryption begins
after the PPP connection process (and, therefore, PPP authentication) is completed
2. PPTP connections use MPPE, a stream cipher that is based on the Rivest-Shamir-Aldeman (RSA) RC-4 encryption algorithm and uses 40, 56, or 128-bit encryption keys. Stream ciphers encrypt data as a bit stream
L2TP/IPSec1. Data encryption begins
before the PPP connection process by negotiating an IPSec security association
2. L2TP/IPSec connections use the Data Encryption Standard (DES), which is a block cipher that uses either a 56-bit key for DES or three 56-bit keys for 3-DES. Block ciphers encrypt data in discrete blocks (64-bit blocks, in the case of DES).
PPTP Compared to L2TP/IPSec
PPTP3. PPTP connections require only
user-level authentication through a PPP-based authentication protocol .
4. PPTP provides only per-packet data confidentiality.
L2TP/IPSec3. L2TP/IPSec connections require
the same user-level authentication and, in addition, computer-level authentication using computer certificates.
4. IPSec provides per packet data authentication (proof that the data was sent by the authorized user), data integrity (proof that the data was not modified in transit), replay protection (prevention from resending a stream of captured packets), and data confidentiality (prevention from interpreting captured packets without the encryption key).
PPTP Compared to L2TP/IPSec
PPTP5. PPTP does not require a
certificate infrastructure 6. PPTP can be used by
computers running Windows XP, Windows 2000, Windows NT version 4.0, Windows Millennium Edition (ME), Windows 98, and Windows 95 with the Windows Dial-Up Networking
7. PPTP clients and server can be placed behind a network address translator (NAT) if the NAT has the appropriate editors for PPTP traffic
L2TP/IPSec5. L2TP/IPSec requires a certificate
infrastructure for issuing computer certificates to the VPN server computer
6. L2TP/IPSec can only be used with Windows XP and Windows 2000 VPN clients.
7. L2TP/IPSec-based VPN clients or servers cannot be placed behind a NAT both support IPSec NAT Traversal (NAT-T).
Internet Protocol security (IPSec)
• IPSec is a Layer 3 protocol standard that supports the secured transfer of information across an IP internetwork. In addition to its definition of encryption mechanisms for IP traffic, IPSec defines the packet format for an IP over IP tunnel mode, generally referred to as IPSec tunnel mode. An IPSec tunnel consists of a tunnel client and a tunnel server, which are both configured to use IPSec tunneling and a negotiated encryption mechanism.
Internet Protocol security (IPSec)
• IPSec tunnel mode uses the negotiated security method (if any) to encapsulate and encrypt entire IP packets for secure transfer across a private or public IP internetwork.
• The encrypted payload is then encapsulated again with a plain-text IP header and sent on the internetwork for delivery to the tunnel server.
• Upon receipt of this datagram, the tunnel server processes and discards the plain-text IP header, and then decrypts its contents to retrieve the original payload IP packet. The payload IP packet is then processed normally and routed to its destination on the target network
Internet Protocol security (IPSec)
• IPSec provides machine-level authentication, as well as data encryption.
• IPSec negotiates between your computer and its remote tunnel server before an L2TP connection is established, which secures both passwords and data
• Created to add Authentication, Confidentiality, and Integrity to IP traffic
Internet Protocol security (IPSec)
• IPSec tunnel mode has the following features and limitations:• It supports IP traffic only. • It functions at the bottom of the IP stack; therefore,
applications and higher-level protocols inherit its behavior.• It is controlled by a security policy—a set of filter-matching
rules. This security policy establishes the encryption and tunneling mechanisms available, in order of preference, and the authentication methods available, also in order of preference. As soon as there is traffic, the two computers perform mutual authentication, and then negotiate the encryption methods to be used. Thereafter, all traffic is encrypted using the negotiated encryption mechanism, and then wrapped in a tunnel header
IPsec
• Definition: (Webopedia)– Short for IP Security, a set of protocols
developed by the IETF to support secure exchange of packets at the IP layer. IPsec has been deployed widely to implement Virtual Private Networks (VPNs)
Goal of IPsec
• Provides security services at IP layer– Access control– Integrity– Data origin Authentication– Rejection of replayed packets– Confidentiality
IPsec Architecture
• Components– Security Protocols – Security Associations – Key Management – Algorithms for authentication and
encryption
Security Protocols
• Authentication Header (AH)– Data Origin Authentication– Anti-replay service– Data Integrity
• Encapsulating Security Payload (ESP)– Confidentiality– Data Origin Authentication– Anti-replay service– Connectionless Integrity
Applications of IPSec
• IPSec provides the capability to secure communications across a LAN, across private and public WANs, and across the Internet. Examples of its use include: – Secure branch office connectivity over the
Internet
– Secure remote access over the Internet
Applications of IPSec
• Establishment of extranet and intranet connectivity with partners
• Enhancement of electronic commerce security
• encrypt or authenticate all traffic at the IP level
Applications of IPSec
• Using IPSec all distributed applications can be secured, – Remote logon,
– client/server,
– e-mail,
– file transfer,
– Web access
– etc.
Where can IPSec be used
• These protocols can operate in – networking devices,
• such as a router or firewall
– or they may operate directly on the workstation or server.
How can IPSec be used
• Secure Communications between devices
– Workstation to Workstation
– Protection against data changes
• Accidental or Intentional
– Contents can be hidden
• Secure communicatoins through IPSec tunnels
Benefits of IPSec
• The benefits of IPSec include: – Strong security that can be applied to all
traffic crossing the perimeter.
– Transparent to applications.
– No need to change software on a user or server system
• When IPSec is implemented in a router or firewall
Benefits of IPSec
• The benefits of IPSec include: – IPSec can be transparent to end users.
– There is no need to train users on security mechanisms
– IPSec can provide security for individual
The Scope of IPSec
• IPSec provides three main facilities– An authentication-only function,
• Referred to as Authentication Header (AH)
– Acombined authentication/ encryption function
• Called Encapsulating Security Payload (ESP)
– A key exchange function.
• IKE (ISAKMP / Oakley)
The Scope of IPSec
• Both authentication and encryption are generally desired, – (1) assure that unauthorized users do not
penetrate the virtual private network
– (2) assure that eavesdroppers on the Internet cannot read messages sent over the virtual private network.
• Because both features are generally desirable, most implementations are likely to use ESP rather than AH.
Tunnel Types
Tunnels can be created in various ways. • Voluntary tunnels: A user or client computer can
issue a VPN request to configure and create a voluntary tunnel. In this case, the user’s computer is a tunnel endpoint and acts as the tunnel client.
• Compulsory tunnels: A VPN-capable dial-up access server configures and creates a compulsory tunnel. With a compulsory tunnel, the user’s computer is not a tunnel endpoint. Another device, the dial-up access server, between the user’s computer and the tunnel server is the tunnel endpoint and acts as the tunnel client.
RADIUS• The Remote Authentication Dial-in User Service (RADIUS)
protocol is a popular method for managing remote user authentication and authorization.
• RADIUS is a lightweight, UDP-based protocol.• RADIUS servers can be located anywhere on the Internet and
provide authentication (including PPP PAP, CHAP, MS-CHAP, MS-CHAP v2, and EAP) and authorization for access servers such as NASes and VPN servers.
• RADIUS servers can provide a proxy service to forward authentication requests to distant RADIUS servers. For example, many ISPs have joined consortia to allow roaming subscribers to use local services from the nearest ISP for dial-up access to the Internet. These roaming alliances take advantage of the RADIUS proxy service. If an ISP recognizes a user name as being a subscriber to a remote network, the ISP uses a RADIUS proxy to forward the access request to the appropriate network.
Hardware Software Requirements for Installing VPN
• Recommended hardware are 450-MHz Pentium III with at least 256 megabytes of RAM
• Your server will need to have two network cards. One card will connect to the Internet and the other will connect to the local area network
• Software include server software like windows 2000 server and client software like windows 98,windows 2000 professional etc.
Windows 2000 server installation
• Once you have Windows 2000 Server installed, go to Start | Programs | Administrative Tools | Routing And Remote Access to pull up the RRAS Microsoft Management Console
Introduction to SSL
• SSL- Developed by Netscape Communication• SSL – accepted universally on the World Wide Web
for AUTHENTICATED and ENCRYPTED communication between clients and servers
• IETF standard called Transport Layer Security is based on SSL
• SSL protocol runs above TCP/IP and below higher level protocols such as HTTP
• Uses TCP/IP to authenticate itself to an SSL enabled client
What does SSL actually do?
• Fragments messages to be transmitted into manageable blocks
• Compresses the data• Encrypts and transmits the data• Received data is decrypted• Verified, decompressed• Reassembled and transmitted to higher layers
SSL Record Layer
Receives uninterrupted data from upper layers
Fragmentation / Reassemble data Compresses/Decompress data Encrypt/Decrypt and verification of data
SSL Handshake Protocol Maintains information about
the current state and next state called the pending state
Once the handshake is complete, the two parties have shared secrets used to encrypt records and compute keyed messages authentication codes on their contents.
Maintains the handshake state information of the client and server and ensures that the protocol state machines of client and server work consistently
SSL Record Protocol
Receives uninterrupted data from upper layers
Fragmentation / Reassemble data
Compresses/Decompress data
Encrypt/Decrypt and verification of data
Difference between http and https
• http– Stateless protocol– Non secure connection– Non Secure Sockets
• https– Session based
protocol– Secure connection – Secure Sockets
How/Why Gateways use SSL
• SSL designed to provide security between client and server and avoid man-in-the-middle attack
• SSL considers a proxy server as a middleman• Gateways act as clients and authenticate servers. Client
authentication is not possible. • Gateway/proxy can internally authenticate client within the
firewall• Packet Filtering by allowing specific ports for specific traffic.
443 in case of SSL• SSL can works with gateways that support SOCKS. SOCKS is a
networking proxy protocol that enables hosts on one side of a SOCKS server to gain full access to hosts on the other side of the SOCKS server without requiring direct IP-reach ability. SOCKS is often used as a network firewall, redirecting connection requests from hosts on opposite sides of a SOCKS server. The SOCKS server authenticates and authorizes requests, establishes a proxy connection, and relays data between hosts.
Gateways and SSL
• Proxy Server should support SOCKS to support SSL
• With SOCKS, DNS is the responsibility of the client
• SSL tunneling, DNS is the responsibility of the proxy
• Proxy Server can spoof mock on behalf of internal client. Makes connection faster
SSL brief• Secure Sockets Layer (SSL) is a technique used on
the Web that operates between the application and transport layers.
• SSL combines symmetric encryption with digital signatures. SSL has four steps:– Negotiation: browser and server first agree on
the encryption technique they will use (e.g., RC4, DES).
– Authentication: the server authenticates itself by sending its digital signature to the browser.
– Symmetric Key Exchange: browser and server exchange sym. keys used to encrypt outgoing messages.
– Sym. Key Encryption w/ Dig. Signatures: encrypted messages are then sent that include digital signatures.
Contents
• What is cryptography?• Symmetric Key• Asymmetric Key • How it works• Encryption Algorithms/Standards
What is Cryptography?
Cryptography is the science of using mathematics to encrypt and decrypt data. Cryptography enables you to store sensitive information or transmit it across insecure networks (like the Internet) so that it cannot be read by anyone except the intended recipient.
Symmetric key
• Alice and Bob agree on an encryption method and a shared key.
• Alice uses the key and the encryption method to encrypt (or encipher) a message and sends it to Bob.
• Bob uses the same key and the related decryption method to decrypt (or decipher) the message.
Symmetric Key Cryptography
EncryptionEncryption
““The quick The quick brown fox brown fox jumps over jumps over the lazy the lazy dog”dog”
““AxCv;5bmEseTfid3)fAxCv;5bmEseTfid3)fGsmWe#4^,sdgfMwirGsmWe#4^,sdgfMwir3:dkJeTsY8R\s@!3:dkJeTsY8R\s@!q3%”q3%”
““The quick The quick brown fox brown fox jumps over jumps over the lazy the lazy dog”dog”
DecryptionDecryption
Plain-text inputPlain-text input Plain-text outputPlain-text outputCipher-textCipher-text
Same keySame key(shared secret)(shared secret)
Symmetric Pros and Cons
• Strength:– Simple and really very fast (order of
1000 to 10000 faster than asymmetric mechanisms)•Super-fast (and somewhat more
secure) if done in hardware (DES, Rijndael)
• Weakness:– Must agree the key beforehand– Securely pass the key to the other party
Asymmetric ( Public Key)
• Knowledge of the encryption key doesn’t give you knowledge of the decryption key
• Receiver of information generates a pair of keys – Publish the public key in a directory
• Then anyone can send her messages that only she can read
Asymmetric ( Public Key)
• Alice generates a key value (usually a number or pair of related numbers) which she makes public.
• Alice uses her public key (and some additional information) to determine a second key (her private key).
• Alice keeps her private key (and the additional information she used to construct it) secret.
Asymmetric Key
• Bob (or Carol, or anyone else) can use Alice’s public key to encrypt a message for Alice.
• Alice can use her private key to decrypt this message.
• No-one without access to Alice’s private key (or the information used to construct it) can easily decrypt the message.
Asymmetric (Public-Key) Cryptosystems
Nosy Neighbor
Sender Recipient
Insecure Channel
Bob’sPublic Key
MyPrivate Key
Bob’sPublic Key
Asymmetric ( Public Key)
EncryptionEncryption
““The quick The quick brown fox brown fox jumps over jumps over the lazy dog”the lazy dog”
““Py75c%bn&*)9|Py75c%bn&*)9|fDe^bDFaq#xzjFr@g5=fDe^bDFaq#xzjFr@g5=&nmdFg$5knvMd’rkveg&nmdFg$5knvMd’rkvegMs”Ms”
““The quick The quick brown fox brown fox jumps over jumps over the lazy dog”the lazy dog”
DecryptionDecryption
Clear-text InputClear-text Input Clear-text OutputClear-text OutputCipher-textCipher-text
DifferentDifferent keys keys
Recipient’s public Recipient’s public keykey
Recipient’sRecipient’s private keyprivate key
privatprivatee
publicpublic
Public Key Pros and Cons
• Weakness:– Extremely slow– Susceptible to “known ciphertext” attack– Problem of trusting public key
• Strength– Solves problem of passing the key– Allows establishment of trust context between
parties
How it works?
• A cryptographic algorithm, or cipher, is a mathematical function used in the encryption and decryption process
• A cryptographic algorithm works in combination with a key — a word, number, or phrase — to encrypt the plaintext. The same plaintext encrypts to different cipher text with different keys.
• The security of encrypted data is entirely dependent on two things: the strength of the cryptographic algorithm and the secrecy of the key.
Encryption Algorithms/ StandardsSymmetric
• DES (Data Encryption Standard) is still the most popular
– Keys very short: 56 bits
– Brute-force attack took 3.5 hours on a machine costing US$1m in 1993. Today it is done real-time
– Triple DES (3DES) more secure, but better options about
– Just say no, unless value of data is minimal
• IDEA (International Data Encryption Standard)
– Deceptively similar to DES, and “not” from NSA
– 128 bit keys
• RC2 & RC5 (by R. Rivest)
– RC2 is older and RC5 newer (1994) - similar to DES and IDEA
• Blowfish, Twofish
– B. Schneier’s replacement for DES, followed by Twofish, one of the NIST competition finalists
Rijndael (AES)
• Standard replacement for DES for US government, and, probably for all of us as a result…– Winner of the AES (Advanced Encryption Standard)
competition run by NIST (National Institute of Standards and Technology in US) in 1997-2000
– Comes from Europe (Belgium) by Joan Daemen and Vincent Rijmen. “X-files” stories less likely (unlike DES).
• Symmetric block-cipher (128, 192 or 256 bits) with variable keys (128, 192 or 256 bits, too)
• Fast and a lot of good properties, such as good immunity from timing and power (electric) analysis
• Construction, again, deceptively similar to DES (S-boxes, XORs etc.) but really different
RC4
• Symmetric– Fast, streaming encryption
• R. Rivest in 1994– Originally secret, but “published” on sci.crypt
• Related to “one-time pad”, theoretically most secure
• But!• It relies on a really good random number
generator– And that is the problem
• Nowadays, we tend to use block ciphers in modes of operation that work for streams
RSA, DSA, ElGamal, ECC
Asymmetric– Very slow and computationally expensive – need a computer– Very secure
• Rivest, Shamir, Adleman – 1978– Popular and well researched– Strength in today’s inefficiency to factorise into prime numbers– Some worries about key generation process in some implementations
• DSA (Digital Signature Algorithm) – NSA/NIST thing– Only for digital signing, not for encryption– Variant of Schnorr and ElGamal sig algorithm
• ElGamal– Relies on complexity of discrete logarithms
• ECC (Elliptic Curve Cryptography)– Really hard maths and topology– Improves RSA (and others)
MD5, SHA
• Hash functions – part of the digital signature• Goals:
– Not reversible: can’t obtain the message from its hash– Hash much shorter than original message– Two messages won’t have the same hash
• MD5 (R. Rivest)– 512 bits hashed into 128– Mathematical model still unknown– Recently (July 2004) broken, do not use on its own
• SHA (Secure Hash Algorithm)– US standard based on MD5– SHA-0 broken (July 2004), SHA-1 probably too weak (partly
broken), use SHA-256 at least
Diffie-Hellman, “SSL”, Certs
• Methods for key generation and exchange• DH is clever since you always generate a
new “key-pair” for each asymmetric session– STS, MTI, and certs make it even safer
• Certs (certificates) are the most common way to exchange public keys– Foundation of Public Key Infrastructure (PKI)
• SSL uses a protocol to exchange keys safely
RSA
• Factoring large composite numbers is a “hard” problem– If we have two “large” primes p and q, it is
“hard” to recover p and q if all we know isn, where n = pq
• If b is relatively prime to (p-1)(q-1), then xb mod n is a trapdoor one-way function– To feasibly compute its inverse requires
knowledge of p and q
The Birthday Attack
• A birthday attack refers to a class of brute-force attacks, which gets its name from the surprising result that the probability that two or more people in a group of 23 share the same birthday is greater than 1/2; such a result is called a birthday paradox.
• Mathematically, if some function, when supplied with a random input, returns one of k equally-likely values, then by repeatedly evaluating the function for different inputs, we expect to obtain the same output after about 1.2k^1/2.
• For the above birthday paradox, replace k with 365.
The Birthday Attack
• Birthday attacks are often used to find collisions of hash functions
• To avoid this attack, the output length of the hash function used for a signature scheme can be chosen large enough so that the birthday attack becomes computationally infeasible.
Summary
IntroductionThreatsFirewall Packet-filtering firewalls Firewall policies and rules Common Problem with Packet Filtering
Virtual Private NetworksIPSec (Internet Protocol Security)
SSL (Secure Socket Layer)Cryptography Symmetric Key Signatures Public key Signatures The Birthday Attack