Network Security - Uppsala University · Examples of Alice and Bob • E-commerce...
Transcript of Network Security - Uppsala University · Examples of Alice and Bob • E-commerce...
Communications Research Group
Network SecurityVolkan Cambazoglu
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
1
Outlook
• Secure channel
• Principles of cryptography
• Authentication, Integrity
• Security at different layers
• Firewalls and Intrusion Detection
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
2
Communication Channels
• Assume always that a communication channel is insecure!
Copyright © 2005 Pearson Addison-Wesley. All rights reserved. 8-
Source: Kurose Ross
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
3
Examples of Alice and Bob
• E-commerce applications- Amazon, Spotify, etc.
• Online banking applications- Swedbank, Nordea, etc.
• Online chat applications- Skype, Google chat, etc.
• DNS servers- Exchange messages about where a website is located
• Routers- Exchange messages about routing tables (Routing Information
Protocol)
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
4
What can Trudy do?
• Eavesdrop- Sniff and record traffic between users (e.g. Alice and Bob)
• Insertion- Insert messages as if it comes from a specific user (Alice/Bob)
• Modification- Alter messages going from a user (Alice) to the other one
(Bob)
• Deletion- Delete messages going from a user (Alice) to the other one
(Bob)
• Denial of service- Prevent users (Alice) from reaching an existing service
(provided by Bob)
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
5
Properties of Secure Communication
• Confidentiality- Only the receiver should understand the message content
• Authentication- Receiver should be able to confirm sender’s identity
• Integrity- Receiver should be able to check that the message is not
altered
• Availability- Receiver should be able to access services provided by the
senderAdapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
6
Outlook
• Secure channel
• Principles of cryptography
• Authentication, Integrity
• Security at different layers
• Firewalls and Intrusion Detection
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
7
Information Security
• Conceptually, the way information is recorded has not changed dramatically over time. What has changed dramatically is the - ability to copy and alter information. - technological advancements- change from physical to digital
• Cryptography is the study of mathematical techniques related to aspects of information security such as - confidentiality- entity authentication- data integrity- data origin authentication
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
8
The Basic Idea
• Mathematical functions f(x) that are efficient to compute. No efficient algorithm is known for the inverse function.
• such as• Discrete Logarithm• Factorizing large numbers
f(x): efficient
f (x): hard-1
x f(x)
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
9
Kerkhoff’s Principle
An enemy knows the whole system including all transformations, but not the secret key(s). Funktionen von Zylinder und Elektronik-Modul.
Die raffinierten Kaba elostarZylinder.
Kaba elostar Schlösser bestehenaus einem Elektronik-Zylinderund einem Elektronik-Modul. DerZylinder nimmt die elektroni-schen Informationen entgegenund leitet diese dem E-Modul zurVerarbeitung weiter. Die Kabaelostar Zylinder sind so gebaut,dass sie in fast jede herkömmli-che Türe passen und bestehende
Kaba star Zylinder problemlosersetzen können. Sie enthaltenauf kleinstem Raum einen elek-tronisch gesteuerten Sperrme-chanismus. Er wird durch Batte-rien in der Türe gespiesen, diemit einer Leistung von mehreren10 000 Öffnungs-/Schliessvor-gängen lange halten und einfachauswechselbar sind. Erkennt dieElektronik einen berechtigtenSchlüssel, treibt der Motor blitz-schnell die Riegelschnecke an,die erst nach mehreren Um-drehungen die Sperrung freigibt.
Für Ausnahmefälle:das Kaba elostar Gehäuse.
Sollte die Elektronik für einmalnicht unter dem Beschlag oderim Türfalz montiert werden kön-nen, lässt sie sich in das Kabaelostar Gehäuse integrieren. Es
wird in zwei Versionen ange-boten: mit Zylinderloch für dieMontage über dem Zylinder undohne Zylinderloch für die Mon-tage neben oder unterhalb desTürbeschlags.
Art. 1515EL-45 E-Modul Stulpversion.
Standardgehäuse für Kaba elostar time oder
für Stulpeinbau Kaba elostar.
Art. 1515EL-60 E-Modul Kaba elostar Standard.
Art. 1515EL-40 Gehäuse mit Zylinderloch,
Chromstahl.
4
On the Complexity of AuthenticationProtocols for Weak Devices
Christian Rohner Tobias Bandh
April 26, 2004
1 Complexity for Weak Devices
Computational Complexity
Communication
Code Size
Memory Requirements
2 Authentication Protocols
2.1 Password
Phase I: Di�e-Hellman Key-Exchange
A Bx 2 [0..n] y 2 [0..n]
u = gx mod n �! � v = gy mod n
s = (gy)x mod n �! s = (gx)y mod n
Phase II: Password Encryption
A Ba = DESs(user:passwd) �! b = DESs(a)
d = DESs(c) � c = DESs(”ok”)
1
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
10
Principles of Cryptography
• Plaintext or cleartext- has some meaning
• Ciphertext- unintelligible content
• Encryption algorithm- encrypt (plaintext) = ciphertext
• Decryption algorithm- decrypt (ciphertext) = plaintext
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
11
Encryption/Decryption
• non-keyed - no secret parameters- one-way functions- e.g. MD5
• secret key- two or more entities share some common secret values- encrypt and decrypt with the same secret- e.g. Caesar cipher, AES
• public key- no shared secret keys - one secret for encryption and another secret for decryption- e.g. RSA
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
12
Symmetric Key Cryptography
f fm mc = f(m,k)
k k
ciphertextplaintext
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
13
Gaius Julius Cæsar
• Shared secret encryption/decryption• Secret is a number to shift the alphabet
abcdefghijklmnopqrstuvwxyz
k = 3
defghijklmnopqrstuvwxyzabc
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
14
There will be a secret meeting in one of the Swedish cities. We obtained the ciphertext for it! Which city is it?
toorzkz
Gaius Julius Cæsar
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
15
There will be a secret meeting in one of the Swedish cities. We obtained the ciphertext for it! Which city is it?
toorzkz
Gaius Julius Cæsar
abcdefghijklmnopqrstuvwxyz
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
15
There will be a secret meeting in one of the Swedish cities. We obtained the ciphertext for it! Which city is it?
Gaius Julius Cæsar
abcdefghijklmnopqrstuvwxyz
uppsala
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
15
Attacks on Symmetric Key Cryptography
• ciphertext-only: - statistical analysis (e,t most frequent) - typical words (the, in, it, ...ing, etc.)
• known-plaintext- Uppsala, Alice, Bob, etc.
• chosen-plaintext- “the quick brown fox jumps over the lazy dog”
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
16
Improving Symmetric Key Cryptography
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
17
Improving Symmetric Key Cryptography
• Monoalphabetic cipher
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
17
Improving Symmetric Key Cryptography
• Monoalphabetic cipher- Caesar cipher
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
17
Improving Symmetric Key Cryptography
• Monoalphabetic cipher- Caesar cipher
• Polyalphabetic cipher
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
17
Improving Symmetric Key Cryptography
• Monoalphabetic cipher- Caesar cipher
• Polyalphabetic cipher- e.g. combine two Caesar ciphers for one word
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
17
Improving Symmetric Key Cryptography
• Monoalphabetic cipher- Caesar cipher
• Polyalphabetic cipher- e.g. combine two Caesar ciphers for one word
• Block cipher
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
17
Improving Symmetric Key Cryptography
• Monoalphabetic cipher- Caesar cipher
• Polyalphabetic cipher- e.g. combine two Caesar ciphers for one word
• Block cipher- e.g. 3-bit block cipher (000:110, 001: 101, 010: 000, ...)
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
17
Improving Symmetric Key Cryptography
• Monoalphabetic cipher- Caesar cipher
• Polyalphabetic cipher- e.g. combine two Caesar ciphers for one word
• Block cipher- e.g. 3-bit block cipher (000:110, 001: 101, 010: 000, ...)
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
17
Improving Symmetric Key Cryptography
• Monoalphabetic cipher- Caesar cipher
• Polyalphabetic cipher- e.g. combine two Caesar ciphers for one word
• Block cipher- e.g. 3-bit block cipher (000:110, 001: 101, 010: 000, ...)
- DES: 64 bit input, 16 rounds of 48 bit key from 56 bit key, final permutation 64 bit output
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
17
Improving Symmetric Key Cryptography
• Monoalphabetic cipher- Caesar cipher
• Polyalphabetic cipher- e.g. combine two Caesar ciphers for one word
• Block cipher- e.g. 3-bit block cipher (000:110, 001: 101, 010: 000, ...)
- DES: 64 bit input, 16 rounds of 48 bit key from 56 bit key, final permutation 64 bit output
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
17
Improving Symmetric Key Cryptography
• Monoalphabetic cipher- Caesar cipher
• Polyalphabetic cipher- e.g. combine two Caesar ciphers for one word
• Block cipher- e.g. 3-bit block cipher (000:110, 001: 101, 010: 000, ...)
- DES: 64 bit input, 16 rounds of 48 bit key from 56 bit key, final permutation 64 bit output
- AES: 128 bit blocks, accepts different key lengths (128, 192, 256)
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
17
Improving Symmetric Key Cryptography
• Monoalphabetic cipher- Caesar cipher
• Polyalphabetic cipher- e.g. combine two Caesar ciphers for one word
• Block cipher- e.g. 3-bit block cipher (000:110, 001: 101, 010: 000, ...)
- DES: 64 bit input, 16 rounds of 48 bit key from 56 bit key, final permutation 64 bit output
- AES: 128 bit blocks, accepts different key lengths (128, 192, 256)
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
17
Improving Symmetric Key Cryptography
• Monoalphabetic cipher- Caesar cipher
• Polyalphabetic cipher- e.g. combine two Caesar ciphers for one word
• Block cipher- e.g. 3-bit block cipher (000:110, 001: 101, 010: 000, ...)
- DES: 64 bit input, 16 rounds of 48 bit key from 56 bit key, final permutation 64 bit output
- AES: 128 bit blocks, accepts different key lengths (128, 192, 256)
- brute force decryption (try each key) taking 1 sec on DES, takes 149 trillion years for AES
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
17
Public Key Cryptography
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
18
Public Key Cryptography
• How can Alice and Bob start secure communication, if they cannot come together in the physical world?
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
18
Public Key Cryptography
• How can Alice and Bob start secure communication, if they cannot come together in the physical world?- Send shared secret in plaintext?
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
18
Public Key Cryptography
• How can Alice and Bob start secure communication, if they cannot come together in the physical world?- Send shared secret in plaintext?- Send encrypted shared secret?
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
18
Public Key Cryptography
• How can Alice and Bob start secure communication, if they cannot come together in the physical world?- Send shared secret in plaintext?- Send encrypted shared secret?- Hide the secret somewhere in plaintext?
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
18
Public Key Cryptography
• How can Alice and Bob start secure communication, if they cannot come together in the physical world?- Send shared secret in plaintext?- Send encrypted shared secret?- Hide the secret somewhere in plaintext?- Any other crazy ideas?
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
18
Public Key Cryptography
• How can Alice and Bob start secure communication, if they cannot come together in the physical world?- Send shared secret in plaintext?- Send encrypted shared secret?- Hide the secret somewhere in plaintext?- Any other crazy ideas?- Or shall we simply use public key cryptography?
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
18
Plaintextmessage
m = KB-(KB+(m))
Public Key Cryptography
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
encryptionalgorithm
decryptionalgorithm
Plaintextmessage, m
CiphertextKB+(m)
Public key: KB+(m)Private key: KB-(m)
19
Plaintextmessage
m = KB-(KB+(m))
Public Key Cryptography
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
encryptionalgorithm
decryptionalgorithm
Plaintextmessage, m
CiphertextKB+(m)
Public key: KB+(m)Private key: KB-(m)
What could go wrong here?•Hint 1: Who can use the public key?•Hint 2: What happens when same text, algorithm and key are used?
20
Public Key Cryptography
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
21
Public Key Cryptography
• Prerequisite: Modular Arithmetic
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
21
Public Key Cryptography
• Prerequisite: Modular Arithmetic• x mod n = remainder of x when divided by n
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
21
Public Key Cryptography
• Prerequisite: Modular Arithmetic• x mod n = remainder of x when divided by n• facts:
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
21
Public Key Cryptography
• Prerequisite: Modular Arithmetic• x mod n = remainder of x when divided by n• facts:
- [(a mod n) + (b mod n)] mod n = (a+b) mod n
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
21
Public Key Cryptography
• Prerequisite: Modular Arithmetic• x mod n = remainder of x when divided by n• facts:
- [(a mod n) + (b mod n)] mod n = (a+b) mod n- [(a mod n) - (b mod n)] mod n = (a-b) mod n
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
21
Public Key Cryptography
• Prerequisite: Modular Arithmetic• x mod n = remainder of x when divided by n• facts:
- [(a mod n) + (b mod n)] mod n = (a+b) mod n- [(a mod n) - (b mod n)] mod n = (a-b) mod n- [(a mod n) * (b mod n)] mod n = (a*b) mod n
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
21
Public Key Cryptography
• Prerequisite: Modular Arithmetic• x mod n = remainder of x when divided by n• facts:
- [(a mod n) + (b mod n)] mod n = (a+b) mod n- [(a mod n) - (b mod n)] mod n = (a-b) mod n- [(a mod n) * (b mod n)] mod n = (a*b) mod n
• thus:
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
21
Public Key Cryptography
• Prerequisite: Modular Arithmetic• x mod n = remainder of x when divided by n• facts:
- [(a mod n) + (b mod n)] mod n = (a+b) mod n- [(a mod n) - (b mod n)] mod n = (a-b) mod n- [(a mod n) * (b mod n)] mod n = (a*b) mod n
• thus: - (a mod n)d mod n = ad mod n
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
21
Public Key Cryptography
• Prerequisite: Modular Arithmetic• x mod n = remainder of x when divided by n• facts:
- [(a mod n) + (b mod n)] mod n = (a+b) mod n- [(a mod n) - (b mod n)] mod n = (a-b) mod n- [(a mod n) * (b mod n)] mod n = (a*b) mod n
• thus: - (a mod n)d mod n = ad mod n
• example:
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
21
Public Key Cryptography
• Prerequisite: Modular Arithmetic• x mod n = remainder of x when divided by n• facts:
- [(a mod n) + (b mod n)] mod n = (a+b) mod n- [(a mod n) - (b mod n)] mod n = (a-b) mod n- [(a mod n) * (b mod n)] mod n = (a*b) mod n
• thus: - (a mod n)d mod n = ad mod n
• example:- a=14, n=10, d =2
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
21
Public Key Cryptography
• Prerequisite: Modular Arithmetic• x mod n = remainder of x when divided by n• facts:
- [(a mod n) + (b mod n)] mod n = (a+b) mod n- [(a mod n) - (b mod n)] mod n = (a-b) mod n- [(a mod n) * (b mod n)] mod n = (a*b) mod n
• thus: - (a mod n)d mod n = ad mod n
• example:- a=14, n=10, d =2- (14 mod 10)2 mod 10 = 42 mod 10 = 6
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
21
Public Key Cryptography
• Prerequisite: Modular Arithmetic• x mod n = remainder of x when divided by n• facts:
- [(a mod n) + (b mod n)] mod n = (a+b) mod n- [(a mod n) - (b mod n)] mod n = (a-b) mod n- [(a mod n) * (b mod n)] mod n = (a*b) mod n
• thus: - (a mod n)d mod n = ad mod n
• example:- a=14, n=10, d =2- (14 mod 10)2 mod 10 = 42 mod 10 = 6- 142 mod 10 = 196 mod 10 = 6
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
21
RSA: Encryption/Decryption
• Encryption- c = me mod n- c is ciphertext - m is plaintext- e is encryption key- (n, e) is the public key
• Decryption- m = cd mod n = (me mod n)d mod n = me*d mod n- d is decryption key- (n, d) is the private key
• Do you notice something when m = me*d mod n?
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
22
RSA: Creating public/private key pair
• Choose two large prime numbers p and q (1024 bits each)
• Compute (n = p * q) and (z = (p-1) * (q-1))
• Choose e < n that has no common factors with z (relatively prime) - e.g. (3 and 7) and (5 and 12) are relatively prime.
• Choose d that fulfills (e * d mod z = 1)
• Public key (n,e)
• Private key (n,d)Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
23
RSA Encryption
Copyright © 2005 Pearson Addison-Wesley. All rights reserved. 8-
Source: Kurose Ross
p=5q=7n=35z=24e=5d=29
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
24
RSA Decryption
Copyright © 2005 Pearson Addison-Wesley. All rights reserved. 8-
Source: Kurose Ross
p=5q=7n=35z=24e=5d=29
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
25
Why does RSA work?
• m = cd mod n • m = (me mod n)d mod n • m = me*d mod n
• fact: - cd mod n = c(d mod z) mod n- where n = p*q and z=(p-1)*(q-1)
• thus:- m = m((e*d) mod z) mod n- m = m1 mod n
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
26
Why is RSA secure?• We know the public key (n,e). Can we compute d using n
and e?• We need to find the factors of n= p*q
• p and q are two very large prime numbers (at least 1024 bits)
• 136064817260489928484113640026944941480975382962539945337862848254226224034275820538310008858403955437239102681465761388249980135083342434428721426840110617593953169835450968550730769430412845048185659381370857105323219453521491277894773367539216680431287506338710965204349119030528157752992551375455100484051 (309 digits)
• Factoring a big number is hard!
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
27
RSA in practice: Session keys
• Exponentiation in RSA is computationally intensive
• Use public key crypto to establish secure connection
• Establish symmetric session key for encrypting data- Shared secret
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
28
Outlook
• Secure channel
• Principles of cryptography
• Authentication, Integrity
• Security at different layers
• Firewalls and Intrusion Detection
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
29
Message Integrity
• Apply hash function H to m and get fixed size message digest H(m).
• Good to rely on- MD5 (128 bit message digest)- SHA-1 (160 bit message digest) (US standard)
• Bad to rely on- Internet checksum (16 bit digest)- “IOU100.99BOB” and - “IOU900.19BOB” have identical checksum (B2 C1 D2 AC)
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
30
Message Integrity
• If Alice sends (m, H(m)) to Bob, can Bob trust the message m comes from Alice?
• No; because Trudy can prevent Bob from receiving (m, H(m)) and instead send (m’, H(m’)). Bob will check that H(m’) is indeed digest/hash of m’.
• There is a solution to this problem:- Message Authentication Code (e.g. HMAC)- Used together with a cryptographically secure hash function
such as MD5 or SHA-1- There is a shared authentication key between Alice and
Bob.- So, Alice will send (m, H(m+s)) instead of (m, H(m)).
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
31
Authentication
• Bob wants Alice to “prove” her identity to him
• Bob wants to know that if he receives a message from Alice, the message actually comes from her.
• Bob wants to be sure that the message was not tampered with on its way to him.
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
32
RSA: Another important property• KB-(KB+(m)) = m = KB+(KB-(m))
• private(public(m)) = m = public(private(m))
• Everyone can encrypt
• Only one can decrypt
• Only one can claim it
• Everyone can check it
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
33
Digital Signatures
• Cryptographic technique analogous to hand-written signatures
• Bob (sender) digitally signs document, establishing he document owner/creator
• Bob signs message m by encrypting with his private key KB-, creating signed message KB-(m).
• Verifiable, non-forgeable: Alice (recipient) can prove to someone that Bob and no one else must have signed the document
• Non-repudiation:- Alice can take m and signature KB-(m) to court and prove
that Bob signed m- Only Bob possesses KB-
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
34
Digital Signature
Copyright © 2005 Pearson Addison-Wesley. All rights reserved. 8-
Source: Kurose Ross
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
35
Signed Message Digests
• Computationally expensive to encrypt long messages with public key crypto
• Goal:- Fixed-length- Easy-to-compute- Digital fingerprint
• Apply hash function H to m and get fixed size message digest H(m).
• Sign H(m)• Send (m, KB-(H(m)))
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
36
Digital Signature
Copyright © 2005 Pearson Addison-Wesley. All rights reserved. 8-
Source: Kurose Ross
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
37
Impersonation Attack
Copyright © 2005 Pearson Addison-Wesley. All rights reserved. 8-
Source: Kurose Ross
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
38
Impersonation Attack
Copyright © 2005 Pearson Addison-Wesley. All rights reserved. 8-
Source: Kurose Ross
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
39
Replay Attack
Copyright © 2005 Pearson Addison-Wesley. All rights reserved. 8-
Source: Kurose Ross
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
40
Nonce (timeliness)
• Nonce: number R used only once-in-a-lifetime• KA-B : Shared secret key
Copyright © 2005 Pearson Addison-Wesley. All rights reserved. 8-Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
41
Nonce (timeliness)
Copyright © 2005 Pearson Addison-Wesley. All rights reserved. 8-
Source: Kurose Ross
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
42
(Wo)Man-in-the-Middle Attack
Copyright © 2005 Pearson Addison-Wesley. All rights reserved. 8-
Source: Kurose RossAdapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
43
(Wo)Man-in-the-Middle Attack
• Difficult to detect
• Alice receives everything Bob sends
• Bob and Alice can meet later and still recall the last conversation
• Trudy receives all messages as well!
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
44
Public Key Certification
• Certification Authority (CA)- binds public key to particular entity (Bob)
• Bob provides proof of identity to CA• CA creates certificate binding Bob to his public key• Certificate containing Bob’s public key digitally signed
by CA - CA says “this is Bob’s public key”
• When Alice wants Bob’s public key- gets Bob’s certificate (from Bob or elsewhere)- apply CA’s public key to Bob’s certificate- gets Bob’s public key
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
45
Outlook
• Secure channel
• Principles of cryptography
• Authentication, Integrity
• Security at different layers
• Firewalls and Intrusion Detection
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
46
Security at Different Layers
ApplicationMail: MIME/S, PGP
TransportTLS (Secure Socket Layer, SSL)
NetworkIP Security (IPSec)Packet Filter
LinkFrame Filter, WPA
PhysicalWEP
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
47
Outlook
• Secure channel
• Principles of cryptography
• Authentication, Integrity
• Security at different layers
• Firewalls and Intrusion Detection
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
48
Firewalls
• Isolates organization’s internal network from larger Internet, allowing some packets to pass, blocking others
Copyright © 2005 Pearson Addison-Wesley. All rights reserved. 8-
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
49
Firewalls
• Prevent denial of service attacks- SYN flooding: attacker establishes many bogus TCP
connections, no resources left for real connections
• Prevent illegal modification/access of internal data- Attacker replaces website’s homepage with something else
• Allow only authorized access to inside network- Set of authenticated users
• Three types of firewalls- Stateless packet filters- Stateful packet filters- Application gateways
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
50
Stateless Packet Filtering
• Internal network connected to Internet via router firewall
• Router filters packet-by-packet, decision to forward/drop packet based on- Source IP address, destination IP address- TCP/UDP source and destination port numbers- ICMP message type- TCP SYN and ACK bits
• Example: - Block incoming and outgoing datagrams with IP protocol field
17- All incoming and outgoing UDP flows are blocked
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
51
Access Control Lists
Action SourceAddress
DestAddress
Protocol
SourcePort
DestPort
Flag Bit
allow 222.22/16 outside of222.22/16
TCP >1023 80 any
allow outside of222.22/16
222.22/16 TCP 80 >1023 ACK
deny all all all all all all
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
52
Stateful Packet Filtering
• Stateless packet filtering- Admits packets that makes no sense- e.g. dest port=80, ACK bit set, even though no TCP
connection established
• Stateful packet filtering tracks- Status of every TCP connection- Connection setup (SYN)- Connection teardown (FIN)- Timeout inactive connections at firewall
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
53
Intrusion Detection Systems
• Packet filtering- operates on TCP/IP headers only- no correlation check among sessions
• Intrusion Detection System- Deep packet inspection: Look at packet contents for viruses,
attack patterns, etc.
- Examine correlation among multiple packets for port scanning, network mapping, Denial of Service (DoS) attack, etc.
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
54