I mport ance of Net work Securit y? Think about The most pr - - PDF document

SLIDE 1

1

7: Net wor k Secur it y 1

15: Net work Securit y Basics

Last Modif ied: 4/ 21/ 2003 8:30:27 PM

7: Net wor k Secur it y 2

I mport ance of Net work Securit y?

Think about …

The most pr ivat e, embar r assing or valuable

piece of inf or mat ion you’ve ever st or ed on a comput er

How much you r ely on comput er syst ems t o be

available when you need t hem

The degr ee t o which you quest ion whet her a

piece of email r eally came f r om t he per son list ed in t he Fr om f ield

How convenient it is t o be able t o access

pr ivat e inf or mat ion online (e.g. buy wit hout ent er ing all dat a, look up your t r anscr ipt wit hout r equest ing a copy,… )

7: Net wor k Secur it y 3

I mport ance of Net work Securit y

Societ y is becoming increasingly reliant on

t he correct and secure f unct ioning of comput er syst ems

Medical r ecor ds, f inancial t r ansact ions, et c.

I t is our j obs as prof essional comput er

scient ist s:

To evaluat e t he syst ems we use t o under st and

t heir weaknesses

To educat e our selves and ot her s t o be wise

net wor k consumer s

To design net wor ked syst ems t hat ar e secur e

7: Net wor k Secur it y 4

Types of at t acks

• What ar e we wor r ied about ?
• P

assive:

I nterception: at t acks conf ident ialit y.

a.k.a., eavesdropping, “man- in- t he- middle” at t acks.

Traf f ic Analysis: at t acks conf ident ialit y, or anonymit y.

Can includet raceback on a net work, CRT radiat ion.

• Act ive:

I nterruption: at t acks availabilit y.

(a.k.a., denial- of- service at t acks

Modif ication: at t acks int egrit y. Fabrication: at t acks aut hent icit y.

7: Net wor k Secur it y 5

Fundament als of Def ense

What can we do about it ? Rest rict ed Access

Rest r ict physical access, close net wor k por t s,

isolat e f r om t he I nt er net , f ir ewalls, NAT gat eways, swit ched net wor ks Monit or ing

Know what nor mal is and wat ch f or deviat ions

Het erogeneit y/ Randomness

Var iet y of I mplement at ions, Random sequence

number s, Random por t number s Crypt ography…

…

7: Net wor k Secur it y 6

The most widely used t ool f or secur ing

inf or mat ion and ser vices is cr ypt ogr aphy.

Cr ypt ogr aphy r elies on cipher s: mat hemat ical

f unct ions used f or encr ypt ion and decr ypt ion of a message.

Encrypt ion: t he process of disguising a message in such a

way as t o hide it s subst ance.

Ciphert ext : an encrypt ed message Decrypt ion: t he process of ret urning an encrypt ed

message back int o plaint ext .

Crypt ography

Encr ypt ion Decr ypt ion Plaint ext Cipher t ext Or iginal Plaint ext

SLIDE 2

2

7: Net wor k Secur it y 7

What makes a good cipher?

subst it ut ion cipher : subst it ut ing one t hing f or anot her

monoalphabet ic cipher: subst it ut e one let t er f or anot her

plaintext: abcdefghijklmnopqrstuvwxyz ciphertext: mnbvcxzasdfghjklpoiuytrewq Plaintext: bob. i love you. alice ciphertext: nkn. s gktc wky. mgsbc E.g.: Q: How har d t o br eak t his simple cipher ?:

• br ut e f or ce (how har d?)
• ot her?

7: Net wor k Secur it y 8

Ciphers

The secur it y of a cipher (like a subst it ut ion

cipher ) may r est in t he secr ecy of it s r est r ict ed algor it hm.

Whenever a user leaves a group, t he algorit hm must

change.

Can’t be scrut inized by people smart er t han you. But , secrecy is a popular approach :(

Moder n cr ypt ogr aphy r elies on secr et keys, a

select ed value f r om a lar ge set (a keyspace), e.g., a 1024 -bit number . 21024 values!

Securit y is based on secrecy of t he key, not t he det ails

• f t he algorit hm.

Change of aut horized part icipant s requires only a change

in key.

7: Net wor k Secur it y 9

Keys: Symmet ric vs Assymet ric

The most common cr ypt ogr aphic t ools ar e

Symmet ric key ciphers

• Use same key t o encr ypt and decr ypt
• One key shar ed and kept secr et
• DES, 3DES, AES, Blowf ish, Twof ish, I DEA
• Fast and simple (based on addit ion, masks, and shif t s)
• Typical key lengt hs are 40, 128, 256, 512

Asymmet ric key ciphers

• Pair of keys: one encr ypt s and anot her decrpyt s
• One key (t he privat e key) must be kept secret ; t he ot her

key (t he public key) can be f r eely disclosed

• RSA, El Gamal
• Slow, but versat ile (usually requires exponent iat ion)
• Typical key lengt hs are 512, 1024, 2048

7: Net wor k Secur it y 10

Session Keys

Symmet r ic key algor it hms ar e f ast er t han

asymmet r ic key algor it hms

Of t en asymmet r ic key cr ypt ogr aphy used t o

exchange a shar ed secr et key

This key called a symmet r ic session key is t hen

used t o encr ypt t his conver sat ion wit h symmet r ic key crypt ograhy

Each new conver sat ion would use a dif f er ent

session key

Ot her benef it s (I n addit ion t o ef f iciency)

session keys also reduce t he key exposure or amount of

encrypt ed t ext t hat could be collect ed t o aid in analysis

I f session key compromised only get inf o in t he last

session

7: Net wor k Secur it y 11

Symmet ric key crypt o: DES

DES: Dat a Encr ypt ion St andar d

US encr ypt ion st andar d [NI ST 1993] 56-bit symmet r ic key, 64 bit plaint ext input

init ial permut at ion 16 ident ical “rounds” of f unct ion applicat ion, each using

dif f erent 48 bit s of key

f inal permut at ion

How secure is DES?

DES Challenge: 56- bit -key- encrypt ed phrase decrypt ed

(brut e f orce) in a lit t le over 22 hours (1999 DES Challenge I I I )

no known “backdoor” decrypt ion approach

making DES mor e secur e

use t hree keys sequent ially (3- DES) on each dat um use cipher - block chaining

7: Net wor k Secur it y 12

Public key encrypt ion algorit hms

need a decr ypt ion f unct ion dB ( ) and an encr ypt ion f unct ion eB ( ) such t hat

d (e (m)) = m

B B

. .

need public and pr ivat e keys f or dB ( ) and eB ( )

. .

Two int er-relat ed requirement s: 1 2 e (d (m)) = m

B B

SLIDE 3

3

7: Net wor k Secur it y 13

RSA

Ronald L. Rivest, Adi Shamir and Leonard

• M. Adleman

Won 2002 Tur ing awar d f or t his wor k!

Want a f unct ion eB t hat is easy t o do, but

hard t o undo wit hout a special decrypt ion key

Based on t he dif f icult y of f act oring large

numbers (especially ones t hat have only large prime f act ors)

7: Net wor k Secur it y 14

RSA in a nut shell

• 1. Choose t wo large prime numbers p, q.

(e.g., 1024 bit s each)

• 2. Comput e n = pq, z = (p-1)(q-1)
• 3. Choose e (wit h e<

n) t hat has no common f act or s wit h z. (e, z ar e “r elat ively pr ime”).

• 4. Choose d such t hat ed-1 is exact ly divisible by z.

(in ot her wor ds: ed mod z = 1 ).

• 5. Public key is (n,e). Pr ivat e key is (n,d).

Why? (Will hint at) How? (Won’t discuss)

7: Net wor k Secur it y 15

RSA: Encrypt ion, decrypt ion

• 0. Given (n,e) and (n,d) as comput ed above
• 1. To encr ypt bit pat t er n (message), m, comput e

c = m mod n e (i.e., r emainder when m is divided by n) e

• 2. To decr ypt r eceived bit pat t er n, c, comput e

m = c mod n d (i.e., r emainder when c is divided by n) d m = (m mod n) e mod n d Magic happens!

7: Net wor k Secur it y 16

RSA: small example

Bob chooses p=5, q=7. Then n=35, z=24. e=5 (so e, z r elat ively pr ime). d=29 (so ed-1 exact ly divisible by z. let t er m me c = m mod n e l 12 1524832 17 c m = c mod n d 17

481968572106750915091411825223072000

12 cd let t er l encrypt : decrypt :

7: Net wor k Secur it y 17

RSA: Why?

m = (m ) e mod n d (m ) e mod n = m mod n d ed Number t heor y r esult : I f p,q prime, n = pq, t hen x mod n = x mod n y y mod (p-1)(q-1) = m mod n ed mod (p-1)(q-1) = m mod n 1 = m

(using number t heory result above) (since we chose ed t o be divisible by (p- 1)(q-1) wit h remainder 1 )

I f it wer e easy t o f act or n int o p and q t hen we would be in t rouble!

7: Net wor k Secur it y 18

Reversible

What t he privat e key encrypt s t he public

key decrypt s

What t he public key encrypt s t he privat e

key decrypt s

SLIDE 4

4

7: Net wor k Secur it y 19

P ract ical mat t ers

Big primes like 5 and 7 (☺) already

generat ed big numbers like

What would happen wit h 1024 bit keys? Cost ly oper at ions!

Finding big primes?

481968572106750915091411825223072000 7: Net wor k Secur it y 20

St oring your keys

For bot h symmet ric and asymmet ric

crypt ography how do you st ore t he keys?

Typical key lengt hs ar e 512, 1024, 2048

Can’t exact ly memor ize it Ok t o st ore in on your comput er? I n a

shared f ile syst em? No!

Normally st ored in a f ile encrypt ed wit h a

pass phrase

Pass phr ase != your key

7: Net wor k Secur it y 21

Using Crypt ography

7: Net wor k Secur it y 22

Uses of Crypt ography

Secrecy/ Conf ident ialit y : ensur ing

inf or mat ion is accessible only by aut horized persons

Tradit ionally, t he primary obj ect ive of crypt ography. E.g. encrypt ing a message

Aut hent icat ion : corroborat ion of t he

ident it y of an ent it y

allows receivers of a message t o ident if y it s origin makes it dif f icult f or t hird part ies t o masquerade as

someone else

e.g., your driver’s license and phot o aut hent icat es your

image t o a name, address, and birt h dat e.

7: Net wor k Secur it y 23

Uses of Crypt ography

I nt egr it y : ensur ing inf or mat ion has not been

alt er ed by unaut hor ized or unknown means

I nt egrit y makes it dif f icult f or a t hird part y t o

subst it ut e one message f or anot her.

I t allows t he recipient of a message t o verif y it has not

been modif ied in t ransit . Nonr epudiat ion : pr event ing t he denial of pr evious

commit ment s or act ions

makes it dif f icult f or t he originat or of a message t o

f alsely deny lat er t hat t hey were t he part y t hat sent t he message.

E.g., your signat ure on a document .

7: Net wor k Secur it y 24

Friends and enemies: Alice, Bob, Trudy

well-known in net wor k secur it y wor ld Bob, Alice want t o communicat e “secur ely” Tr udy, t he “int r uder ” may int er cept , delet e, add

messages Figure 7.1 goes here

SLIDE 5

5

7: Net wor k Secur it y 25

The language of crypt ography

Figure 7.3 goes here

plaint ext plaint ext ciphert ext

KA KB

7: Net wor k Secur it y 26

Digit al Signat ures

Cr ypt ogr aphic t echnique analogous t o hand- writ t en signat ures.

Sender (Bob) digit ally signs

document , est ablishing he is document owner/ creat or.

Verif iable, nonf orgeable:

recipient (Alice) can verif y t hat Bob, and no one else, signed document .

Simple digit al signat ur e f or message m:

Bob encrypt s m wit h his

privat e key d B, creat ing signed message, d B(m).

Bob sends m and d B(m) t o

Alice.

7: Net wor k Secur it y 27

Digit al Signat ures (more)

Suppose Alice r eceives

msg m , and digit al signat ur e dB(m)

Alice verif ies m signed

by Bob by applying Bob’s public key eB t o dB(m) t hen checks eB(dB(m) ) = m.

I f eB(dB(m) ) = m,

whoever signed m must have used Bob’s pr ivat e key. Alice t hus verif ies t hat :

Bob signed m

.

No one else signed m

.

Bob signed m and not m’.

Non-r epudiat ion:

Alice can t ake m, and

signat ur e dB(m) t o cour t and pr ove t hat Bob signed m .

7: Net wor k Secur it y 28

Message Digest s

Comput at ionally expensive t o public-key-encr ypt long messages Goal: f ixed-lengt h,easy t o comput e digit al signat ur e, “f inger pr int ”

apply hash f unct ion H

t o m, get f ixed size message digest , H(m).

Hash f unct ion propert ies:

Many- t o

• 1

P

roduces f ixed-size msg digest (f ingerprint )

Given message digest x,

comput at ionally inf easible t o f ind m such t hat x = H(m)

comput at ionally inf easible

t o f ind any t wo messages m and m’ such t hat H(m) = H(m’).

7: Net wor k Secur it y 29

Digit al signat ure = Signed message digest

Bob sends digit ally signed message: Alice verif ies signat ure and int egrit y of digit ally signed message:

7: Net wor k Secur it y 30

Hash Funct ion Algorit hms

I nt er net checksum

would make a poor message digest .

Too easy t o f ind

t wo messages wit h same checksum.

MD5 hash f unct ion widely

used.

Comput es 128-bit

message digest in 4-st ep pr ocess.

ar bit r ar y 128-bit st ring

x, appears dif f icult t o const r uct msg m whose MD5 hash is equal t o x.

SHA-1 is also used.

US st andar d 160-bit message digest

SLIDE 6

6

7: Net wor k Secur it y 31

Aut hent icat ion

Goal: Bob want s Alice t o “prove” her ident it y t o him

Pr ot ocol ap1.0: Alice says “I am Alice” Failur e scenar io??

7: Net wor k Secur it y 32

Aut hent icat ion: anot her t ry

Pr ot ocol ap3.0: Alice says “I am Alice” and sends her secr et passwor d t o “pr ove” it . Failur e scenar io?

7: Net wor k Secur it y 33

Aut hent icat ion: yet anot her t r y

Pr ot ocol ap3.1: Alice says “I am Alice” and sends her encr ypt ed secr et passwor d t o “pr ove” it . Failur e scenar io? Tr udy can’t decr ypt passwor d But can st ill r eplay it

I am Alice encrypt (password)

7: Net wor k Secur it y 34

ap4.0: Aut hent icat ion: yet anot her t r y

Goal: avoid playback at t ack Failur es, dr awbacks? Figure 7.11 goes here Nonce: number (R) used onlyonce in a lif et ime ap4.0: t o pr ove Alice “live”, Bob sends Alice nonce, R. Alice must r et ur n R, encr ypt ed wit h shar ed secr et key

7: Net wor k Secur it y 35

Figure 7.12 goes here

Aut hent icat ion: ap5.0

ap4.0 requires shared symmet ric key

pr oblem: how do Bob, Alice agr ee on key? ar e public key t echniques any bet t er ?

ap5.0: use nonce, public key crypt ography

What pr oves eA is Alice’s public key?

7: Net wor k Secur it y 36

Figure 7.14 goes here

ap5.0: securit y hole

Man (woman) in t he middle at t ack: Trudy poses as Alice (t o Bob) and as Bob (t o Alice)

Need “cert if ied” public keys

SLIDE 7

7

7: Net wor k Secur it y 37

Tr ust ed I nt er mediar ies

P roblem:

How do t wo ent it ies

est ablish shared secr et key over net wor k? Solut ion:

t r ust ed key

dist r ibut ion cent er (KDC) act ing as int er mediar y bet ween ent it ies P roblem:

When Alice obt ains

Bob’s public key (f r om web sit e, e- mail, disket t e), how does she know it is Bob’s public key, not Trudy’s? Solut ion:

t r ust ed cer t if icat ion

aut hor it y (CA)

7: Net wor k Secur it y 38

Key Dist ribut ion Cent er (KDC)

Alice,Bob need shar ed

symmet r ic key.

KDC: server shares

dif f er ent secr et key wit h each r egist er ed user .

Alice, Bob know own

symmet r ic keys, KA- KDC KB- KDC , f or communicat ing wit h KDC

.

Alice communicat es wit h

KDC, get s session key R1, and KB-KDC(A,R1)

Alice sends Bob

KB-KDC(A,R1), Bob ext ract s R1

Alice, Bob now share t he

symmet ric key R1.

7: Net wor k Secur it y 39

Cert if icat ion Aut horit ies

Cert if icat ion aut horit y

(CA) binds public key t o part icular ent it y.

Ent it y (person, rout er,

et c.) can regist er it s public key wit h CA.

Ent it y provides “proof

• f ident it y” t o CA.

CA creat es cert if icat e

binding ent it y t o public key.

Cert if icat e digit ally

signed by CA.

Public key of CA can be

univer sally known (on billboard, embedded in sof t war e) - unless have t o change because privat e key compr omised When Alice want s Bob’s public

key:

get s Bob’s cert if icat e (Bob or

elsewhere).

Apply CA’s public key t o Bob’s

cert if icat e, get Bob’s public key

7: Net wor k Secur it y 40

Est ablishing Trust

I s t he pr oblem of est ablishing “t r ust ” wit h a key

aut hor it y or cer t if icat ion aut hor it y t he same as est ablishing “t r ust ” wit h anyone else?

P

rivat e Key: How do you agree on a shared secret key wit h t he key aut horit y?

Public Key: CA can put t heir public key on a bullet in board

but how do you convince t hem t hat your public key really is your public key? Problem is t he same!!

Use out of band means

BUT!!!! Once you est ablish t r ust wit h t hem you can

use t hat t o boot st r ap t r ust wit h ot her s