Network Security
Volkan Cambazoglu
Adapted from: Computer Networking, Kurose/Ross and lecture notes,
Rohner
Communications Research Group
Outlook
•
Secure channel
•
Principles of cryptography
•
Authentication, Integrity
•
Security at different layers
•
Firewalls and Intrusion Detection
Adapted from: Computer Networking, Kurose/Ross and lecture notes,
Rohner
Communication Channels
• Assume always that a communication
channel is insecure!
Adapted from: Computer Networking, Kurose/Ross and lecture notes,
Rohner
Source: Kurose Ross
Examples of Alice and Bob
•
•
•
•
•
E-commerce applications
-
Amazon, Spotify, etc.
Online banking applications
-
Swedbank, Nordea, etc.
Online chat applications
-
Skype, Google chat, etc.
DNS servers
-
Exchange messages about where a website is located
Routers
-
Exchange messages about routing tables (Routing
Information Protocol)
Adapted from: Computer Networking, Kurose/Ross and lecture notes,
Rohner
What can Trudy do?
•
•
•
•
•
Eavesdrop
-
Sniff and record traffic between users (e.g. Alice and
Bob)
Insertion
-
Insert messages as if it comes from a specific user
(Alice/Bob)
Modification
-
Alter messages going from a user (Alice) to the other
one (Bob)
Deletion
-
Delete messages going from a user (Alice) to the other
one (Bob)
Denial of service
-
Prevent users (Alice) from reaching an existing service
Adapted from: Computer Networking, Kurose/Ross and lecture notes,
Rohner
Properties of Secure
Communication
•
•
•
•
Confidentiality
-
Only the receiver should understand the message
content
Authentication
-
Receiver should be able to confirm sender’s identity
Integrity
-
Receiver should be able to check that the message is
not altered
Availability
-
Receiver should be able to access services provided by
the sender
Adapted from: Computer Networking, Kurose/Ross and lecture notes,
Rohner
Outlook
•
Secure channel
•
Principles of cryptography
•
Authentication, Integrity
•
Security at different layers
•
Firewalls and Intrusion Detection
Adapted from: Computer Networking, Kurose/Ross and lecture notes,
Rohner
Information Security
•
Conceptually, the way information is recorded has
not changed dramatically over time. What has
changed dramatically is the
-
•
ability to copy and alter information.
technological advancements
change from physical to digital
Cryptography is the study of mathematical
techniques related to aspects of information
security such as
-
confidentiality
entity authentication
data integrity
data origin authentication
Adapted from: Computer Networking, Kurose/Ross and lecture notes,
Rohner
The Basic Idea
• Mathematical functions f(x) that are
efficient to compute. No efficient
algorithm is known for the inverse
function.
f(x): efficient
x
f(x)
-1
f (x): hard
• such as
• Discrete Logarithm
• Factorizing large numbers
Adapted from: Computer Networking, Kurose/Ross and lecture notes,
Rohner
Kerkhoff’s Principle
An enemy knows the whole system including
all transformations, but not the secret key(s).
Adapted from: Computer Networking, Kurose/Ross and lecture notes,
Rohner
Principles of Cryptography
•
•
•
•
Plaintext or cleartext
-
has some meaning
Ciphertext
-
unintelligible content
Encryption algorithm
-
encrypt (plaintext) = ciphertext
Decryption algorithm
-
decrypt (ciphertext) = plaintext
Adapted from: Computer Networking, Kurose/Ross and lecture notes,
Rohner
Encryption/Decryption
•
•
•
non-keyed
-
no secret parameters
one-way functions
e.g. MD5
secret key
-
two or more entities share some common secret values
encrypt and decrypt with the same secret
e.g. Caesar cipher, AES
public key
-
no shared secret keys
one secret for encryption and another secret for
decryption
e.g. RSA
Adapted from: Computer Networking, Kurose/Ross and lecture notes,
Rohner
Symmetric Key Cryptography
plaintext
m
ciphertext
f
c = f(m,k)
k
Adapted from: Computer Networking, Kurose/Ross and lecture notes,
Rohner
f
k
m
Gaius Julius Cæsar
•Shared secret encryption/decryption
•Secret is a number to shift the alphabet
•abcdefghijklmnopqrstuvwxyz
•k = 3
•defghijklmnopqrstuvwxyzabc
Adapted from: Computer Networking, Kurose/Ross and lecture notes,
Rohner
Gaius Julius Cæsar
•
There will be a secret meeting in one of the
Swedish cities. We obtained the ciphertext for it!
Which city is it?
uppsala
toorzkz
abcdefghijklmnopqrstuvwxyz
Adapted from: Computer Networking, Kurose/Ross and lecture notes,
Rohner
Attacks on Symmetric Key
Cryptography
•ciphertext-only:
• - statistical analysis (e,t most frequent)
- typical words (the, in, it, ...ing, etc.)
•known-plaintext
-
Uppsala, Alice, Bob, etc.
•chosen-plaintext
-
“the quick brown fox jumps over the lazy dog”
Adapted from: Computer Networking, Kurose/Ross and lecture notes,
Rohner
Improving Symmetric Key
Cryptography
•
•
•
Monoalphabetic cipher
-
Caesar cipher
Polyalphabetic cipher
-
e.g. combine two Caesar ciphers for one word
Block cipher
-
e.g. 3-bit block cipher (000:110, 001: 101, 010: 000, ...)
-
DES: 64 bit input, 16 rounds of 48 bit key from 56 bit key,
final permutation 64 bit output
-
AES: 128 bit blocks, accepts different key lengths (128, 192,
256)
-
brute force decryption (try each key) taking 1 sec on DES,
takes 149 trillion years for AES
Adapted from: Computer Networking, Kurose/Ross and lecture notes,
Rohner
Public Key Cryptography
•
How can Alice and Bob start secure
communication, if they cannot come together in
the physical world?
-
Send shared secret in plaintext?
Send encrypted shared secret?
Hide the secret somewhere in plaintext?
Any other crazy ideas?
Or shall we simply use public key cryptography?
Adapted from: Computer Networking, Kurose/Ross and lecture notes,
Rohner
Public Key Cryptography
Public key: KB+(m)
Private key: KB-(m)
Plaintext encryption Ciphertext decryption
message, m algorithm
KB+(m)
algorithm
Adapted from: Computer Networking, Kurose/Ross and lecture notes,
Rohner
Plaintext
message
m = KB-(KB+(m))
Public Key Cryptography
Public key: KB+(m)
Private key: KB-(m)
Plaintext encryption Ciphertext decryption
message, m algorithm
KB+(m)
algorithm
What could go wrong here?
Plaintext
message
m = KB-(KB+(m))
•Hint 1: Who can use the public key?
•Hint 2: What happens when same text, algorithm and key are
used?
Adapted from: Computer Networking, Kurose/Ross and lecture notes,
Rohner
Public Key Cryptography
•
•
•
•
•
Prerequisite: Modular Arithmetic
x mod n = remainder of x when divided by n
facts:
-
[(a mod n) + (b mod n)] mod n = (a+b) mod n
[(a mod n) - (b mod n)] mod n = (a-b) mod n
[(a mod n) * (b mod n)] mod n = (a*b) mod n
thus:
-
(a mod n)d mod n = ad mod n
example:
-
a=14, n=10, d =2
(14 mod 10)2 mod 10 = 42 mod 10 = 6
142 mod 10 = 196 mod 10 = 6
Adapted from: Computer Networking, Kurose/Ross and lecture notes,
Rohner
RSA: Encryption/Decryption
•
•
•
Encryption
-
c = me mod n
c is ciphertext
m is plaintext
e is encryption key
(n, e) is the public key
Decryption
-
m = cd mod n = (me mod n)d mod n = me*d mod n
d is decryption key
(n, d) is the private key
Do you notice something when m = me*d mod n?
Adapted from: Computer Networking, Kurose/Ross and lecture notes,
Rohner
RSA: Creating public/private key
pair
•
•
•
Choose two large prime numbers p and q (1024 bits
each)
Compute (n = p * q) and (z = (p-1) * (q-1))
Choose e < n that has no common factors with z
(relatively prime)
-
e.g. (3 and 7) and (5 and 12) are relatively prime.
•
Choose d that fulfills (e * d mod z = 1)
•
•
Public key (n,e)
Private key (n,d)
Adapted from: Computer Networking, Kurose/Ross and lecture notes,
Rohner
RSA Encryption
p=5
q=7
n=35
z=24
e=5
d=29
Adapted from: Computer Networking, Kurose/Ross and lecture notes,
Rohner
Source: Kurose Ross
RSA Decryption
p=5
q=7
n=35
z=24
e=5
d=29
Adapted from: Computer Networking, Kurose/Ross and lecture notes,
Rohner
Source: Kurose Ross
Why does RSA work?
•
•
•
m = cd mod n
m = (me mod n)d mod n
m = me*d mod n
•
fact:
•
-
cd mod n = c(d mod z) mod n
where n = p*q and z=(p-1)*(q-1)
thus:
- m = m((e*d) mod z) mod n
- m = m1 mod n
Adapted from: Computer Networking, Kurose/Ross and lecture notes,
Rohner
Why is RSA secure?
•
•
•
•
•
We know the public key (n,e). Can we compute d using
n and e?
We need to find the factors of n= p*q
p and q are two very large prime numbers (at least
1024 bits)
13606481726048992848411364002694494148097538296253994533786
28482542262240342758205383100088584039554372391026814657613
88249980135083342434428721426840110617593953169835450968550
73076943041284504818565938137085710532321945352149127789477
33675392166804312875063387109652043491190305281577529925513
75455100484051 (309 digits)
Factoring a big number is hard!
Adapted from: Computer Networking, Kurose/Ross and lecture notes,
Rohner
RSA in practice: Session keys
•
•
•
Exponentiation in RSA is computationally
intensive
Use public key crypto to establish secure
connection
Establish symmetric session key for encrypting
data
-
Shared secret
Adapted from: Computer Networking, Kurose/Ross and lecture notes,
Rohner
Outlook
•
Secure channel
•
Principles of cryptography
•
Authentication, Integrity
•
Security at different layers
•
Firewalls and Intrusion Detection
Adapted from: Computer Networking, Kurose/Ross and lecture notes,
Rohner
Message Integrity
•
•
•
Apply hash function H to m and get fixed size
message digest H(m).
Good to rely on
-
MD5 (128 bit message digest)
SHA-1 (160 bit message digest) (US standard)
Bad to rely on
-
Internet checksum (16 bit digest)
“IOU100.99BOB” and
“IOU900.19BOB” have identical checksum (B2 C1 D2 AC)
Adapted from: Computer Networking, Kurose/Ross and lecture notes,
Rohner
Message Integrity
•
•
•
If Alice sends (m, H(m)) to Bob, can Bob trust the
message m comes from Alice?
No; because Trudy can prevent Bob from
receiving (m, H(m)) and instead send (m’, H(m’)).
Bob will check that H(m’) is indeed digest/hash of
m’.
There is a solution to this problem:
-
Message Authentication Code (e.g. HMAC)
Used together with a cryptographically secure hash
function such as MD5 or SHA-1
There is a shared authentication key between Alice and
Bob.
So, Alice will send (m, H(m+s)) instead of (m, H(m)).
Adapted from: Computer Networking, Kurose/Ross and lecture notes,
Rohner
Authentication
•
•
•
Bob wants Alice to “prove” her identity to him
Bob wants to know that if he receives a message
from Alice, the message actually comes from her.
Bob wants to be sure that the message was not
tampered with on its way to him.
Adapted from: Computer Networking, Kurose/Ross and lecture notes,
Rohner
RSA: Another important property
•
•
KB-(KB+(m)) = m = KB+(KB-(m))
private(public(m)) = m = public(private(m))
•
•
Everyone can encrypt
Only one can decrypt
•
•
Only one can claim it
Everyone can check it
Adapted from: Computer Networking, Kurose/Ross and lecture notes,
Rohner
Digital Signatures
•
•
•
•
•
Cryptographic technique analogous to handwritten signatures
Bob (sender) digitally signs document,
establishing he document owner/creator
Bob signs message m by encrypting with his
private key KB-, creating signed message KB-(m).
Verifiable, non-forgeable: Alice (recipient) can prove to
someone that Bob and no one else must have signed
the document
Non-repudiation:
- Alice can take m and signature KB-(m) to court and
prove that Bob signed m
- Only Bob possesses KBAdapted from: Computer Networking, Kurose/Ross and lecture notes,
Rohner
Digital Signature
Adapted from: Computer Networking, Kurose/Ross and lecture notes,
Rohner
Source: Kurose Ross
Signed Message Digests
•
•
•
•
•
Computationally expensive to encrypt long
messages with public key crypto
Goal:
-
Fixed-length
Easy-to-compute
Digital fingerprint
Apply hash function H to m and get fixed size
message digest H(m).
Sign H(m)
Send (m, KB-(H(m)))
Adapted from: Computer Networking, Kurose/Ross and lecture notes,
Rohner
Digital Signature
Adapted from: Computer Networking, Kurose/Ross and lecture notes,
Rohner
Source: Kurose Ross
Impersonation Attack
Adapted from: Computer Networking, Kurose/Ross and lecture notes,
Rohner
Source: Kurose Ross
Impersonation Attack
Adapted from: Computer Networking, Kurose/Ross and lecture notes,
Rohner
Source: Kurose Ross
Replay Attack
Adapted from: Computer Networking, Kurose/Ross and lecture notes,
Rohner
Source: Kurose Ross
Nonce (timeliness)
•
•
Nonce: number R used only once-in-a-lifetime
KA-B : Shared secret key
Adapted from: Computer Networking, Kurose/Ross and lecture notes,
Rohner
Nonce (timeliness)
Adapted from: Computer Networking, Kurose/Ross and lecture notes,
Rohner
Source: Kurose Ross
(Wo)Man-in-the-Middle Attack
Adapted from: Computer Networking, Kurose/Ross and lecture notes,
Rohner
Source: Kurose Ross
(Wo)Man-in-the-Middle Attack
•
Difficult to detect
•
Alice receives everything Bob sends
•
•
Bob and Alice can meet later and still recall the
last conversation
Trudy receives all messages as well!
Adapted from: Computer Networking, Kurose/Ross and lecture notes,
Rohner
Public Key Certification
•
•
•
•
•
Certification Authority (CA)
-
binds public key to particular entity (Bob)
Bob provides proof of identity to CA
CA creates certificate binding Bob to his public
key
Certificate containing Bob’s public key digitally
signed by CA - CA says “this is Bob’s public key”
When Alice wants Bob’s public key
-
gets Bob’s certificate (from Bob or elsewhere)
apply CA’s public key to Bob’s certificate
gets Bob’s public key
Adapted from: Computer Networking, Kurose/Ross and lecture notes,
Rohner
Outlook
•
Secure channel
•
Principles of cryptography
•
Authentication, Integrity
•
Security at different layers
•
Firewalls and Intrusion Detection
Adapted from: Computer Networking, Kurose/Ross and lecture notes,
Rohner
Security at Different Layers
Mail: MIME/S, PGP
Application
TLS (Secure Socket Layer, SSL)
Transport
Network
IP Security (IPSec)
Packet Filter
Frame Filter, WPA
Link
WEP
Physical
Adapted from: Computer Networking, Kurose/Ross and lecture notes,
Rohner
Outlook
•
Secure channel
•
Principles of cryptography
•
Authentication, Integrity
•
Security at different layers
•
Firewalls and Intrusion Detection
Adapted from: Computer Networking, Kurose/Ross and lecture notes,
Rohner
Firewalls
•
Isolates organization’s internal network from
larger Internet, allowing some packets to pass,
blocking others
Adapted from: Computer Networking, Kurose/Ross and lecture notes,
Rohner
Firewalls
•
•
Prevent denial of service attacks
-
Prevent illegal modification/access of internal
data
-
•
•
SYN flooding: attacker establishes many bogus TCP
connections, no resources left for real connections
Attacker replaces website’s homepage with something
else
Allow only authorized access to inside network
-
Set of authenticated users
Three types of firewalls
-
Stateless packet filters
Stateful packet filters
Application gateways
Adapted from: Computer Networking, Kurose/Ross and lecture notes,
Rohner
Stateless Packet Filtering
•
•
Internal network connected to Internet via router
firewall
Router filters packet-by-packet, decision to
forward/drop packet based on
-
•
Source IP address, destination IP address
TCP/UDP source and destination port numbers
ICMP message type
TCP SYN and ACK bits
Example:
-
-
Block incoming and outgoing datagrams with IP protocol
field 17
All incoming and outgoing UDP flows are blocked
Adapted from: Computer Networking, Kurose/Ross and lecture notes,
Rohner
Access Control Lists
Action
Source
Address
Dest Protoc Source
Address
ol
Port
Dest
Port
Flag Bit
allow
outside of
222.22/16
TCP
222.22/16
>1023
80
any
allow
outside of
222.22/16 TCP
222.22/16
80
>1023
ACK
all
all
all
deny
all
all
all
Adapted from: Computer Networking, Kurose/Ross and lecture notes,
Rohner
Stateful Packet Filtering
•
•
Stateless packet filtering
-
Admits packets that makes no sense
e.g. dest port=80, ACK bit set, even though no TCP
connection established
Stateful packet filtering tracks
-
Status of every TCP connection
Connection setup (SYN)
Connection teardown (FIN)
Timeout inactive connections at firewall
Adapted from: Computer Networking, Kurose/Ross and lecture notes,
Rohner
Intrusion Detection Systems
•
•
Packet filtering
-
operates on TCP/IP headers only
no correlation check among sessions
Intrusion Detection System
-
Deep packet inspection: Look at packet contents for
viruses, attack patterns, etc.
-
Examine correlation among multiple packets for port
scanning, network mapping, Denial of Service (DoS)
attack, etc.
Adapted from: Computer Networking, Kurose/Ross and lecture notes,
Rohner
Descargar

authentication key - Department of Information Technology