Network Security - Uppsala University · Examples of Alice and Bob • E-commerce...

Communications Research Group

Network SecurityVolkan Cambazoglu

Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner

1

Outlook

• Secure channel

• Principles of cryptography

• Authentication, Integrity

• Security at different layers

• Firewalls and Intrusion Detection


2

Communication Channels

• Assume always that a communication channel is insecure!

Copyright © 2005 Pearson Addison-Wesley. All rights reserved. 8-

Source: Kurose Ross


3

Examples of Alice and Bob

• E-commerce applications- Amazon, Spotify, etc.

• Online banking applications- Swedbank, Nordea, etc.

• Online chat applications- Skype, Google chat, etc.

• DNS servers- Exchange messages about where a website is located

• Routers- Exchange messages about routing tables (Routing Information

Protocol)


4

What can Trudy do?

• Eavesdrop- Sniff and record traffic between users (e.g. Alice and Bob)

• Insertion- Insert messages as if it comes from a specific user (Alice/Bob)

• Modification- Alter messages going from a user (Alice) to the other one

(Bob)

• Deletion- Delete messages going from a user (Alice) to the other one

(Bob)

• Denial of service- Prevent users (Alice) from reaching an existing service

(provided by Bob)


5

Properties of Secure Communication

• Confidentiality- Only the receiver should understand the message content

• Authentication- Receiver should be able to confirm sender’s identity

• Integrity- Receiver should be able to check that the message is not

altered

• Availability- Receiver should be able to access services provided by the

senderAdapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner

6

Outlook

• Secure channel






7

Information Security

• Conceptually, the way information is recorded has not changed dramatically over time. What has changed dramatically is the - ability to copy and alter information. - technological advancements- change from physical to digital

• Cryptography is the study of mathematical techniques related to aspects of information security such as - confidentiality- entity authentication- data integrity- data origin authentication


8

The Basic Idea

• Mathematical functions f(x) that are efficient to compute. No efficient algorithm is known for the inverse function.

• such as• Discrete Logarithm• Factorizing large numbers

f(x): efficient

f (x): hard-1

x f(x)


9

Kerkhoff’s Principle

An enemy knows the whole system including all transformations, but not the secret key(s). Funktionen von Zylinder und Elektronik-Modul.

Die raffinierten Kaba elostarZylinder.

Kaba elostar Schlösser bestehenaus einem Elektronik-Zylinderund einem Elektronik-Modul. DerZylinder nimmt die elektroni-schen Informationen entgegenund leitet diese dem E-Modul zurVerarbeitung weiter. Die Kabaelostar Zylinder sind so gebaut,dass sie in fast jede herkömmli-che Türe passen und bestehende

Kaba star Zylinder problemlosersetzen können. Sie enthaltenauf kleinstem Raum einen elek-tronisch gesteuerten Sperrme-chanismus. Er wird durch Batte-rien in der Türe gespiesen, diemit einer Leistung von mehreren10 000 Öffnungs-/Schliessvor-gängen lange halten und einfachauswechselbar sind. Erkennt dieElektronik einen berechtigtenSchlüssel, treibt der Motor blitz-schnell die Riegelschnecke an,die erst nach mehreren Um-drehungen die Sperrung freigibt.

Für Ausnahmefälle:das Kaba elostar Gehäuse.

Sollte die Elektronik für einmalnicht unter dem Beschlag oderim Türfalz montiert werden kön-nen, lässt sie sich in das Kabaelostar Gehäuse integrieren. Es

wird in zwei Versionen ange-boten: mit Zylinderloch für dieMontage über dem Zylinder undohne Zylinderloch für die Mon-tage neben oder unterhalb desTürbeschlags.

Art. 1515EL-45 E-Modul Stulpversion.

Standardgehäuse für Kaba elostar time oder

für Stulpeinbau Kaba elostar.

Art. 1515EL-60 E-Modul Kaba elostar Standard.

Art. 1515EL-40 Gehäuse mit Zylinderloch,

Chromstahl.

4

On the Complexity of AuthenticationProtocols for Weak Devices

Christian Rohner Tobias Bandh

April 26, 2004

1 Complexity for Weak Devices

Computational Complexity

Communication

Code Size

Memory Requirements

2 Authentication Protocols

2.1 Password

Phase I: Di�e-Hellman Key-Exchange

A Bx 2 [0..n] y 2 [0..n]

u = gx mod n �! � v = gy mod n

s = (gy)x mod n �! s = (gx)y mod n

Phase II: Password Encryption

A Ba = DESs(user:passwd) �! b = DESs(a)

d = DESs(c) � c = DESs(”ok”)

1


10

Principles of Cryptography

• Plaintext or cleartext- has some meaning

• Ciphertext- unintelligible content

• Encryption algorithm- encrypt (plaintext) = ciphertext

• Decryption algorithm- decrypt (ciphertext) = plaintext


11

Encryption/Decryption

• non-keyed - no secret parameters- one-way functions- e.g. MD5

• secret key- two or more entities share some common secret values- encrypt and decrypt with the same secret- e.g. Caesar cipher, AES

• public key- no shared secret keys - one secret for encryption and another secret for decryption- e.g. RSA


12

Symmetric Key Cryptography

f fm mc = f(m,k)

k k

ciphertextplaintext


13

Gaius Julius Cæsar

• Shared secret encryption/decryption• Secret is a number to shift the alphabet

abcdefghijklmnopqrstuvwxyz

k = 3

defghijklmnopqrstuvwxyzabc


14

There will be a secret meeting in one of the Swedish cities. We obtained the ciphertext for it! Which city is it?

toorzkz

Gaius Julius Cæsar


15


toorzkz

Gaius Julius Cæsar



15


Gaius Julius Cæsar


uppsala


15

Attacks on Symmetric Key Cryptography

• ciphertext-only: - statistical analysis (e,t most frequent) - typical words (the, in, it, ...ing, etc.)

• known-plaintext- Uppsala, Alice, Bob, etc.

• chosen-plaintext- “the quick brown fox jumps over the lazy dog”


16

Improving Symmetric Key Cryptography


17


• Monoalphabetic cipher


17


• Monoalphabetic cipher- Caesar cipher


17



• Polyalphabetic cipher


17



• Polyalphabetic cipher- e.g. combine two Caesar ciphers for one word


17




• Block cipher


17




• Block cipher- e.g. 3-bit block cipher (000:110, 001: 101, 010: 000, ...)


17





- DES: 64 bit input, 16 rounds of 48 bit key from 56 bit key, final permutation 64 bit output


17






- AES: 128 bit blocks, accepts different key lengths (128, 192, 256)


17






- AES: 128 bit blocks, accepts different key lengths (128, 192, 256)

- brute force decryption (try each key) taking 1 sec on DES, takes 149 trillion years for AES


17

Public Key Cryptography


18


• How can Alice and Bob start secure communication, if they cannot come together in the physical world?


18


• How can Alice and Bob start secure communication, if they cannot come together in the physical world?- Send shared secret in plaintext?


18


• How can Alice and Bob start secure communication, if they cannot come together in the physical world?- Send shared secret in plaintext?- Send encrypted shared secret?


18


• How can Alice and Bob start secure communication, if they cannot come together in the physical world?- Send shared secret in plaintext?- Send encrypted shared secret?- Hide the secret somewhere in plaintext?


18


• How can Alice and Bob start secure communication, if they cannot come together in the physical world?- Send shared secret in plaintext?- Send encrypted shared secret?- Hide the secret somewhere in plaintext?- Any other crazy ideas?


18


• How can Alice and Bob start secure communication, if they cannot come together in the physical world?- Send shared secret in plaintext?- Send encrypted shared secret?- Hide the secret somewhere in plaintext?- Any other crazy ideas?- Or shall we simply use public key cryptography?


18

Plaintextmessage

m = KB-(KB+(m))



encryptionalgorithm

decryptionalgorithm

Plaintextmessage, m

CiphertextKB+(m)

Public key: KB+(m)Private key: KB-(m)

19

Plaintextmessage

m = KB-(KB+(m))



encryptionalgorithm

decryptionalgorithm

Plaintextmessage, m

CiphertextKB+(m)

Public key: KB+(m)Private key: KB-(m)

What could go wrong here?•Hint 1: Who can use the public key?•Hint 2: What happens when same text, algorithm and key are used?

20



21


• Prerequisite: Modular Arithmetic


21


• Prerequisite: Modular Arithmetic• x mod n = remainder of x when divided by n


21


• Prerequisite: Modular Arithmetic• x mod n = remainder of x when divided by n• facts:


21



- [(a mod n) + (b mod n)] mod n = (a+b) mod n


21



- [(a mod n) + (b mod n)] mod n = (a+b) mod n- [(a mod n) - (b mod n)] mod n = (a-b) mod n


21



- [(a mod n) + (b mod n)] mod n = (a+b) mod n- [(a mod n) - (b mod n)] mod n = (a-b) mod n- [(a mod n) * (b mod n)] mod n = (a*b) mod n


21




• thus:


21




• thus: - (a mod n)d mod n = ad mod n


21





• example:


21





• example:- a=14, n=10, d =2


21





• example:- a=14, n=10, d =2- (14 mod 10)2 mod 10 = 42 mod 10 = 6


21





• example:- a=14, n=10, d =2- (14 mod 10)2 mod 10 = 42 mod 10 = 6- 142 mod 10 = 196 mod 10 = 6


21

RSA: Encryption/Decryption

• Encryption- c = me mod n- c is ciphertext - m is plaintext- e is encryption key- (n, e) is the public key

• Decryption- m = cd mod n = (me mod n)d mod n = me*d mod n- d is decryption key- (n, d) is the private key

• Do you notice something when m = me*d mod n?


22

RSA: Creating public/private key pair

• Choose two large prime numbers p and q (1024 bits each)

• Compute (n = p * q) and (z = (p-1) * (q-1))

• Choose e < n that has no common factors with z (relatively prime) - e.g. (3 and 7) and (5 and 12) are relatively prime.

• Choose d that fulfills (e * d mod z = 1)

• Public key (n,e)

• Private key (n,d)Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner

23

RSA Encryption


Source: Kurose Ross

p=5q=7n=35z=24e=5d=29


24

RSA Decryption


Source: Kurose Ross

p=5q=7n=35z=24e=5d=29


25

Why does RSA work?

• m = cd mod n • m = (me mod n)d mod n • m = me*d mod n

• fact: - cd mod n = c(d mod z) mod n- where n = p*q and z=(p-1)*(q-1)

• thus:- m = m((e*d) mod z) mod n- m = m1 mod n


26

Why is RSA secure?• We know the public key (n,e). Can we compute d using n

and e?• We need to find the factors of n= p*q

• p and q are two very large prime numbers (at least 1024 bits)

• 136064817260489928484113640026944941480975382962539945337862848254226224034275820538310008858403955437239102681465761388249980135083342434428721426840110617593953169835450968550730769430412845048185659381370857105323219453521491277894773367539216680431287506338710965204349119030528157752992551375455100484051 (309 digits)

• Factoring a big number is hard!


27

RSA in practice: Session keys

• Exponentiation in RSA is computationally intensive

• Use public key crypto to establish secure connection

• Establish symmetric session key for encrypting data- Shared secret


28

Outlook

• Secure channel






29

Message Integrity

• Apply hash function H to m and get fixed size message digest H(m).

• Good to rely on- MD5 (128 bit message digest)- SHA-1 (160 bit message digest) (US standard)

• Bad to rely on- Internet checksum (16 bit digest)- “IOU100.99BOB” and - “IOU900.19BOB” have identical checksum (B2 C1 D2 AC)


30

Message Integrity

• If Alice sends (m, H(m)) to Bob, can Bob trust the message m comes from Alice?

• No; because Trudy can prevent Bob from receiving (m, H(m)) and instead send (m’, H(m’)). Bob will check that H(m’) is indeed digest/hash of m’.

• There is a solution to this problem:- Message Authentication Code (e.g. HMAC)- Used together with a cryptographically secure hash function

such as MD5 or SHA-1- There is a shared authentication key between Alice and

Bob.- So, Alice will send (m, H(m+s)) instead of (m, H(m)).


31

Authentication

• Bob wants Alice to “prove” her identity to him

• Bob wants to know that if he receives a message from Alice, the message actually comes from her.

• Bob wants to be sure that the message was not tampered with on its way to him.


32

RSA: Another important property• KB-(KB+(m)) = m = KB+(KB-(m))

• private(public(m)) = m = public(private(m))

• Everyone can encrypt

• Only one can decrypt

• Only one can claim it

• Everyone can check it


33

Digital Signatures

• Cryptographic technique analogous to hand-written signatures

• Bob (sender) digitally signs document, establishing he document owner/creator

• Bob signs message m by encrypting with his private key KB-, creating signed message KB-(m).

• Verifiable, non-forgeable: Alice (recipient) can prove to someone that Bob and no one else must have signed the document

• Non-repudiation:- Alice can take m and signature KB-(m) to court and prove

that Bob signed m- Only Bob possesses KB-


34

Digital Signature


Source: Kurose Ross


35

Signed Message Digests

• Computationally expensive to encrypt long messages with public key crypto

• Goal:- Fixed-length- Easy-to-compute- Digital fingerprint

• Apply hash function H to m and get fixed size message digest H(m).

• Sign H(m)• Send (m, KB-(H(m)))


36

Digital Signature


Source: Kurose Ross


37

Impersonation Attack


Source: Kurose Ross


38

Impersonation Attack


Source: Kurose Ross


39

Replay Attack


Source: Kurose Ross


40

Nonce (timeliness)

• Nonce: number R used only once-in-a-lifetime• KA-B : Shared secret key

Copyright © 2005 Pearson Addison-Wesley. All rights reserved. 8-Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner

41

Nonce (timeliness)


Source: Kurose Ross


42

(Wo)Man-in-the-Middle Attack


Source: Kurose RossAdapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner

43

(Wo)Man-in-the-Middle Attack

• Difficult to detect

• Alice receives everything Bob sends

• Bob and Alice can meet later and still recall the last conversation

• Trudy receives all messages as well!


44

Public Key Certification

• Certification Authority (CA)- binds public key to particular entity (Bob)

• Bob provides proof of identity to CA• CA creates certificate binding Bob to his public key• Certificate containing Bob’s public key digitally signed

by CA - CA says “this is Bob’s public key”

• When Alice wants Bob’s public key- gets Bob’s certificate (from Bob or elsewhere)- apply CA’s public key to Bob’s certificate- gets Bob’s public key


45

Outlook

• Secure channel






46

Security at Different Layers

ApplicationMail: MIME/S, PGP

TransportTLS (Secure Socket Layer, SSL)

NetworkIP Security (IPSec)Packet Filter

LinkFrame Filter, WPA

PhysicalWEP


47

Outlook

• Secure channel






48

Firewalls

• Isolates organization’s internal network from larger Internet, allowing some packets to pass, blocking others



49

Firewalls

• Prevent denial of service attacks- SYN flooding: attacker establishes many bogus TCP

connections, no resources left for real connections

• Prevent illegal modification/access of internal data- Attacker replaces website’s homepage with something else

• Allow only authorized access to inside network- Set of authenticated users

• Three types of firewalls- Stateless packet filters- Stateful packet filters- Application gateways


50

Stateless Packet Filtering

• Internal network connected to Internet via router firewall

• Router filters packet-by-packet, decision to forward/drop packet based on- Source IP address, destination IP address- TCP/UDP source and destination port numbers- ICMP message type- TCP SYN and ACK bits

• Example: - Block incoming and outgoing datagrams with IP protocol field

17- All incoming and outgoing UDP flows are blocked


51

Access Control Lists

Action SourceAddress

DestAddress

Protocol

SourcePort

DestPort

Flag Bit

allow 222.22/16 outside of222.22/16

TCP >1023 80 any

allow outside of222.22/16

222.22/16 TCP 80 >1023 ACK

deny all all all all all all


52

Stateful Packet Filtering

• Stateless packet filtering- Admits packets that makes no sense- e.g. dest port=80, ACK bit set, even though no TCP

connection established

• Stateful packet filtering tracks- Status of every TCP connection- Connection setup (SYN)- Connection teardown (FIN)- Timeout inactive connections at firewall


53

Intrusion Detection Systems

• Packet filtering- operates on TCP/IP headers only- no correlation check among sessions

• Intrusion Detection System- Deep packet inspection: Look at packet contents for viruses,

attack patterns, etc.

- Examine correlation among multiple packets for port scanning, network mapping, Denial of Service (DoS) attack, etc.


54

Network Security - Uppsala University · Examples of Alice and Bob • E-commerce...

Documents

Transcript of Network Security - Uppsala University · Examples of Alice and Bob • E-commerce...