1

COM 360

2

Chapter 8

Network Security

3

Need For Security• Motivation: Why do we need security?

• Increased reliance on Information technology with or with out the use of networks

• The use of IT has changed our lives drastically.

• We depend on E-mail, Internet banking, and several other governmental activities that use IT

• Increased use of E-Commerce and the World wide web on the Internet as a vast repository of various kinds of information (immigration databases, flight tickets, stock markets etc.)

4

Need For Security

• Damage to any IT-based system or activity can result in severe disruption of services and losses

• Systems connected by networks are more prone to attacks and also suffer more as a result of the attacks than stand-alone systems (Reasons?)

• Concerns such as the following are common– How do I know the party I am talking on the network is really the

one I want to talk?– How can I be assured that no one else is listening and learning the

data that I send over a network– Can I ever stay relaxed that no hacker can enter my network and

play havoc?

5

More Security Concerns

• Is the web site I am downloading information from a legitimate one, or a fake?

• How do I ensure that the person I just did a financial transaction denies having done it tomorrow or at a later time?

• I want to buy some thing online, but I don’t want to let them charge my credit card before they deliver the product to me.

6

That is why…

• ..we need security– To safeguard the confidentiality, integrity,

authenticity and availability of data transmitted over insecure networks

– Internet is not the only insecure network in this world– Many internal networks in organizations are prone to

insider attacks– In fact, insider attacks are greater both in terms of

likelihood of happening and damage caused.

7

Network Security

• Unless security measures are taken, a network conversation or a distributed application may be compromised by an adversary (or “black hat”).

• For example eavesdropping: how is this done?• On an Ethernet, any node can be configured to receive

all the traffic. • Wireless communication can be monitored without a

physical connection.• More elaborate approaches include wiretapping or

planting spy ware on on nodes.

8

Taxonomy of Network Security

Security

Cryptographyalgorithms

Publickey

(e.g., RSA)

Secretkey

(e.g., DES)

Messagedigest

(e.g., MD5)

Securityservices

AuthenticationPrivacy Messageintegrity

9

Threats and Solutions

• Confidentiality and Integrity

• Authentication

• Access control

• Denial of Service (DoS) and Availability

• Non-repudiation

10

Security Threats and AttacksSecurity Threats and Attacks

11

Security Attacks

• Interruption: This is an attack on availability– Disrupting traffic– Physically breaking communication line

• Interception: This is an attack on confidentiality– Overhearing, eavesdropping over a communication

line

12

Security Attacks

• Modification: This is an attack on integrity– Corrupting transmitted data or tampering with it

before it reaches its destination

• Fabrication: This is an attack on authenticity– Faking data as if it were created by a legitimate

and authentic party

13

Passive Attacks

14

Passive Attacks-Traffic Analysis

15

Active Attacks-Masquerade

16

Active Attacks- Replay

17

Types of Threats

• Information access threats– Intercept or modify data on behalf of users who

should not have access to that data.– E.g. corruption of data by injecting malicious code

• Service threats– Exploit service flaws in computers to inhibit use by

legitimate uses.– E.g. disabling authentication, denial of service (DoS)

18

Security Goals

Integrity

Confidentiality

Availability

19

Confidentiality and Integrity• Encrypting messages provides confidentiality, because

the contents of a message cannot be easily understood.• Concealing the quantity or destination of

communications is called traffic confidentiality.• A protocol that detects message tampering provided data

integrity. The adversary could transmit an extra copy of your message in a replay attack.

• A protocol that detects replays provides originality.• A protocol that detects delaying tactics provides

timeliness.• Data integrity, originality, and timeliness are all aspects

of integrity.

20

Authentication• Another threat to a customer is unknowingly being

directed to a false web site often used in “phishing”- attempting to gather your personal information.

• This results from a DNS attack in which false information is entered into a domain name server or into the name service cache of the customer’s computer, causing a correct URL to be is translated into an incorrect IP address.

• A protocol that ensures that you are communicating with the host/person you think you are sending to is authentication.

21

Access Control and Availability• The owner of the web site can be attacked. The

contents or format can be remotely accessed, modified, destroyed without authorization.

• This is an issue of access control: enforcing the rules of who is allowed to do what.

• Web site have been subject to denial of service attacks (DoS), during which users cannot access it because of numerous bogus requests. Ensuring a degree of access is called availability.

22

Non-repudiation

• Both the customer and the web site face threats form each other.

• Each can deny that a transaction occurred, or invent a nonexistent transaction.

• Non-repudiation means that a bogus denial repudiation of a transaction can be disproved and nonforgeability means that claims of a bogus (forged) transaction can be disproved.

23

Cryptographic Tools

• Cryptographic algorithms – ciphers and cryptographic hashes are building blocks of a solution.

• Then the keys, or secret parameters input into the algorithms, need to be distributed securely.

• These need to be incorporated into the protocols that provide secure communications between those who possess the correct keys.

24

Principles of Ciphers

• Encryption transforms a message in such a way that it becomes unintelligible to anyone who cannot reverse the transformation.

• Sender applies an encryption function to a plaintext message, resulting in a cipher text message that is sent over the network.

• Receiver applies a secret decryption function-the inverse of the encryption function- to recover the original message.

25

Symmetric Key Encryption and Decryption

Plaintext

Encrypt withsecret key

Ciphertext

Plaintext

Decrypt withsecret key

Example: Caesar cipher

26

Principles of Ciphers

• The cipher text, transmitted across the network (in binary) is unintelligible to anyone eavesdropping on the network, who does not know the decipher function.

• The transformation represented by the encryption and its corresponding decryption function is called a cipher.

27

Principles of Ciphers• Since 1883 cryptographers have used the basic principle

that the encryption and decryption functions should be parameterized by a key and that the functions should be public knowledge- only the key must be secret.

• The cipher text produced for a given plaintext message depends on both the encryption function and the key.

• Basic requirement is that encrypted messages cannot be read by those who do not know the key.

• It is easy to encode, but hard (nearly impossible to decode).

• If a key has n bits there are 2n possible values- thus large keys are used.

28

Average time required for Average time required for exhaustiveexhaustive key search key search

2.15 milliseconds232 = 4.3 x 10932

5.9 x 1030 years2168 = 3.7 x 1050168

5.4 x 1018 years2128 = 3.4 x 1038128

10 hours256 = 7.2 x 101656

Time required at 106 Decryption/µs

Number of Alternative Keys

Key Size (bits)

29

Conventional Encryption Conventional Encryption PrinciplesPrinciples

30

Ciphers

• Block ciphers- defined to take input as a block of (64 to 128) bits. Called electronic codebook (ECB) mode encryption, it has the weakness that the same plaintext will always produce the same cipher text block. Recurring sequences will make it easier to decode.

• The are modes of operation that make the cipher text vary. Cipher block chaining XOR’s each plaintext block with the cipher text of the previous one (except the 1st, which is randomly generated.)

31

Cipher Block Chaining(CBC)

Plaintext

Encrypt withpublic key

Ciphertext

Plaintext

Decrypt withprivate key

32

Cipher Block Chaining(CBC)Plaintext block 3

Plaintext block 2

Plaintext block 1

Plaintext block 0

Encryption Function

Initialization vector

Blocks of Cipher text

XOR

33

Secret or Symmetric Key Ciphers

• In symmetric-key ciphers, both parties share the same key, which is used both for encryption and decryption.

• These are also called private-key or secret-key ciphers, because the key must remain secret.

• Data Encryption Standard (DES) was the first of these and used 56 bit keys (now too small with fast processors to decode).

• 1999 DES should only be used for legacy systems.

34

Secret or Symmetric Key Ciphers

• DES encrypts a 64 bit block using a 64 bit key, which contains 56 usable bits and 8 parity bits:

• DES has 3 phases:– The 64 bits in the block are permuted ( shuffled)– Sixteen rounds of identical operations are applied to the

resulting data and the key.– The inverse of the original permutation is applied to the

result.

• During each round, the block is broken in half and a different 48 bits are selected from the 56 bit key.

35

High-level outline of DES

Initial permutation

Round 1

Round 2

Round 16

56-bitkey

Final permutation

36

Manipulation At Each Round Of DES

+

F

Li ─ 1

Ri ─ 1

Ri

Ki

Li

F and K are functions (See formulas pp. 585-587).

37

Secret or Symmetric Key Ciphers

• Triple DES (3DES) uses the cryptanalysis-resistance of DES and increases the key size to 168 bits (3*56) and uses 3 keys. It is slow because it was originally designed to be implemented in hardware.

• Replaced in 2001 by Advanced Encryption Standard (AES), which support bit lengths of 128, 192, or 256 bits and blocks of 128 bits.

• AES permits fast implementation in hardware and software. It requires little memory and so can be used in small mobile devices. It has proven mathematically secure properties and has not been successfully attacked.

38

Public Key Encryption (RSA)

• Asymmetric or public-key ciphers are an alternative to symmetric-key ciphers.

• A public-key cipher uses a pair of keys, one for encryption and another one for decryption. The pair of keys is “owned” by one participant.

• The owner keeps the decryption key secret so that only the owner can decrypt messages. This key is the private key.

• The encryption key is public so that anyone can encrypt a message. This key is the public key.

39

40

Pubic Key Encryption (RSA)• Public key ciphers are used primarily for Concept of

public-key ciphers was first published in 1976 by Diffie and Hellman although the British and the US National Security Agency (NSA) claim to have discovered them as early as the mid 1960’s.

• authentication.• RSA is best known, named after it developers: Rivest,

Shamir and Adleman.• It relies on the high computational cost of factoring

very large prime numbers.It needs large keys (1024 bits or greater) to be secure. Slower than public keys

41

Security Mechanisms

• Cryptographic algorithms are just one part of providing network security.

• We need a set of mechanisms and protocols to authenticate participants, techniques for assuring the integrity of messages and some approaches to the problem of distributing public keys.

42

Authenticators

• Encryption alone does not provide data integrity. Nor does encryption alone provide authentication.

• An authenticator is a value, to be included with a transmitted message, that can be used to verify simultaneously the authenticity and the data integrity of the message.

43

Authenticators

• To support data integrity an authenticator includes redundant information about the message contents. (It is like a checksum or CRC).

• To support authentication, an authenticator includes some proof that whoever created the authenticator knows some “secret” that is only known to the message sender.( For example, the secret could be a key and the proof could be some value encrypted using the key.)

44

Authentication

• There are three common protocols for implementing authentication.

• Two use secret key cryptography (DES) and the third uses public-key cryptography (RSA).

• During authentication, two participants establish the session key that is used to establish privacy during the communication.

45

Simple Three Way Handshake• A simple authentication protocol is possible when two

participants who want to authenticate each other- think of them as a client and server- already share a secret key.

• The use a 3-way handshake, where E(m,k) denotes the encryption of a message m with a key k and D(m,k) denotes the decryption of the message. SHK is the server handshake key.

• The client also decrypts a random number (y) sent by the server and returns it to the server.

• Situation is similar to user(client) having an account on a server, where both know the password.

46

Three Way HandshakeClient Server

ClientId, E ( , CHK)

E(y+ , CHK)

E(SK, SHK)

Y

Protocol for authentication

47

Trusted Third Party

• Two participants may know nothing about each other, but both may trust a third party.

• Third part is called an authentication server and uses a protocol to help the two parties authenticate each other.

• There are several different protocols. Kerberos, developed at MIT, is a common one.

48

KERBEROS

In Greek mythology, a many headed dog, the guardian of the entrance of Hades

49

Kerberos

• Kerberos is a computer network authentication protocol which allows individuals communicating over an insecure network to prove their identity to one another in a secure manner.

• Kerberos prevents eavesdropping or replay attacks, and ensures the integrity of the data.

50

Kerberos

• Uses symmetric key cryptography

• Requires a trusted third party, called a Key Distribution Center (KDC)– Authentication Server (AS)– Ticket Granting Server (TGS)

• Based on “tickets” to prove the identity of users

51

Authentication in KerberosAS B

E((T, L, K, B), KA ),E((A, T ), K),

E((T, L, K, A), KB)

A, B

E(T + 1 , K )

E ((T, L, K, A), KB)

Authentication using a trusted third party

52

Digital Signatures Using RSA• A digital signature is a special case of a message

integrity code, where the code can have been generated by only one participant.

• To sign a message you encrypt it using your private key and to verify a signature, you decrypt it using the public key of the sender.

• This is the reverse of the use of keys for privacy. (Sender uses private key to encrypt rather than the receiver’s public key and the receiver decrypts with the sender’s public key rather than the receiver’s private key.)

• This is slow, since RSA is slow.

53

Encryption using Public-Key System

54

Authentication using Public-Key System

55

Digital Signatures

• The receiver of a message with a digital signature can prove that the sender really sent that message.

• Any public-key cipher can be used for a digital signature.

• Digital signature standards (DSS) can use RSA, or one based on ElGamal or and Ellipse Curve Digital Signature Algorithm.

56

Digital Signatures: The basic idea

? private key

public key

public key

Alice Bob

57

Key Pre-distribution

• To use ciphers and authenticators, the communicating participants need to know what keys to use.

• How do participants obtain the keys?

58

Diffie-Hellman Key Agreement

• First introduced by Diffie-Hellman in 1976• Mathematical functions rather than simple

operations on bit patterns• Allows two separate keys

– Exchange keys securely– Compute discrete logarithms

• Some misconceptions, corrected– NOT more secure than symmetric key– Does NOT make symmetric key obsolete– Central agent is needed for both

59

Diffie-Hellman basics

Alice Bob

Pick secret, random X

Pick secret, random Y

gy mod p

gx mod p

Compute k=(gy)x=gxy mod p

Compute k=(gx)y=gxy mod p

60

Diffie-Hellman Key Diffie-Hellman Key ExchangeExchange

61

Key Distribution

• Session key:– Data encrypted with a one-time session key.At

the conclusion of the session the key is destroyed

• Permanent key:– Used between entities for the purpose of

distributing session keys

62

Key Management

• Distribution of public keys– Well, what’s the issue? – Can’t we just trust Mallory if she claims a key

as her public key?

? private key

public key

public key

Alice Bob

Mallory

63

Authenticity of public keys

?

Problem: How does Alice know that the public key she received is really Bob’s public key?

private key

AliceBob

public key

Bob’s key

64

Pre-distribution of Public Keys

• The algorithms to generate a pair of public and private keys are publicly known and the software is readily available.

• But how can someone publicize a public key? Not by email or the Web, because an adversary could forge it.

• The basic solution is a digital certificate.• One of the major certificate standards is known as

X.509, which included the basic certificate structure.

65

Certificates

• Certificates allow the building of chains of trust, arranged in a tree-like hierarchy.

• If everyone has the public key of the root, then any participant could provide a chain of certificates to another participant.

• What is being certified? A particular person (often identified by email), or even an entire domain.

66

Tree Structured Certification Authority Hierarchy

User User User

User User User User User

CA CA

CA

CA CA CA

PCA1 PCA2

IPRA

PCA3

CA

CA

IPRA =Internet PolicyRegistration Authority (root)

PCAn=policy certification authorityCA =certification authority

67

Certification Authorities

• Trust is binary- you either trust someone completely or not at all. Together with certificates, this allows the building of chains of trust.

• A certification authority or certificate authority (CA) is an entity claimed to be trustworthy for verifying identities and issuing public key certificates. There are commercial, government and free CA’s.

68

Certificate Revocation

• One issue that arises with certificates is how to revoke or undo them.

• When is this needed? For example when a private key has been discovered or compromised.

• A certificate authority can issue a certificate revocation list (CRL) which is a digitally signed list of certificates that have been revoked.

69

Secure Systems

• Components of a secure system include the cryptographic algorithms, key distribution mechanisms, and authentication protocols.

• Systems that use these components can be categorized by the protocol layer at which they operate.

• At the application layer: PGP (email security)and Secure Shell SSH ( remote login)

70

Secure Systems

• At the transport layer: Transport Layer Security (TLS) and the older Secure Socket Layer (SSL).

• At the IP or network layer the IP security protocol (IPsec) provides security.

• 802.11i provides security at the data link layer of wireless networks.

71

Web of Trust

• An alternate model of trust is the web of trust exemplified by Pretty Good Privacy (PGP), which is a system for email.

• PGP operates at the application layer.

72

Pretty Good Privacy

• PGP is a popular approach to providing encryption and authentication capabilities for electronic mail.

• PGP allows certification relationships to form an arbitrary mesh and for each user to decide how much trust to place in a given certificate.

• “PGP is for people who like to pack their own parachutes” ( Paul Zimmerman)

73

Secure Shell (SSH)

• SSH provides a remote login service and is intended to replace the less secure Telnet and rlogin programs.

• SSH can be used to transfer files and remotely execute commands like the Unix rsh and rcp commands.

• SSH is most often used to provide strong client/server authentication, where SSH client runs on the desktop and the SSH server runs on the remote machine.

• It supports message integrity and confidentiality, which telnet and rlogin do not.

74

SSH Forwarding

Applicationclient

Applicationserver

SSH SSHForwarded connection

Direct connection

Host A Host B

Using SSH port forwarding to secure other TCP-based applications.

75

Transport Layer Security (TLS, SSL, HTTPS)

• As the World Wide Web became popular and e-commerce grew, a greater level of security became necessary for transactions on the Web.

• There are several issues when making a credit card purchases:– Your information might be intercepted and used to

make unauthorized purchases;– The transaction details may be modified;– The computer you are sending the information to

should belong to the vendor, etc.

76

Transport Layer Security (TLS, SSL, HTTPS)

• The designers of SLL and TLS recognized that these problems are not specific to the Web and built general purpose protocols that sit between the application (HTTP) and the transport protocol (TCP).

• From the application’s perspective, the protocol layer looks like a normal transport protocol, except that it is secure.

77

Transport Layer Security (TLS, SSL, HTTPS)

• By running the secure transport layer on top of TCP, all of the features of TCP (reliability, flow control, congestion control, etc.) are provided to the application.

• When HTTP is used in this way, it is known as secure HTTP or HTTPS. It delivers and accepts data from the SSL/TLS layer, rather than from TCP.

78

(V.Shmatikov)https://

Secure HTTP (HTTPS)

79

Secure Transport

Application (e.g., HTTP)

Secure transport layer

TCP

IP

Subnet

Secure transport layer inserted between application and TCP layers.

80

IP Security (IPsec)

• The most ambitious attempt to integrate security into the Internet happens at the IP layer.

• Support for IPsec is optional in IPv4, but mandatory in IPv6.

• IPsec is a framework (rather than a single protocol) for providing security services. It is:– Highly modular, allowing users to choose from a large menu of

security properties;

– Protect a narrow stream or wide stream of data

81

IP Security (IPsec)

• IPsec consists of two parts:– A pair of protocols that implement security services –

the Authentication Header (AH), which provides access control, connectionless message integrity, authentication, and anti-replay protection and the Encapsulating Security Payload (ESP), which also supports confidentiality;

– Support for key management – a protocol called Internet Security Association and Key Management Protocol (ISAKMP)

82

IP Security (IPsec)

• These form a security association (SA) or a simplex connection protected by security services.

• SA’s are established, modified and deleted using ISAKMP.

• It defines packet formats for exchanging key generation and authentication data.

83

Wireless Security 802.11i

• Wireless links are particularly exposed to security threats due to the lack of physical security.

• 802.11i provides authentication, message integrity, and confidentiality to 802.11 (WI-FI) at the data link layer.

• 802.11i authentication supports two modes:– Personal mode (pre-shared key mode), provides

weaker, but more convenient and economical security, especially for home networks.

84

Wireless Security 802.11i

• The wireless device and access point (AP) are pre-configured with a shared passphase- essentially a very long password- from which the pair-wise master key is cryptographically derived.

85

Firewalls• A firewall is the sole point of connectivity between the

site it protects and the rest of the network.• It is usually implemented as part of a router, although a

personal firewall may be implemented on an end-user machine.

• There should be no way to bypass the firewall via other gateways, or wireless connections.

• The “wall” metaphor is misleading since it is the absence of connectivity – not the presence of a barrier- that prevents communication.

• A firewall is like the only door (connection) through a wall ( absence of any other connection).

86

A Firewall

Company net Webserver

Randomexternaluser

Remotecompanyuser

Internet

Firewall

A firewall filters packets flowing between a site and the rest of the network.

87

Firewalls• A firewall provides access control by restricting which

messages it will relay; it forwards messages that are allowed, and filters out those that are disallowed (particular ports or IP addresses).

• Firewalls are used to create multiple zones of trust: the internal network, the demilitarized zone (DMZ) and the rest of the Internet.

• The DMZ is used for services such as DNS an email servers that need to be accessible to the outside.

• Firewalls configured based on IP, TCP, and UDP and are configured with a table of packet addresses for packets that they will and will not forward.

88

Strengths and Weaknesses of Firewalls

• A firewall protects a network from undesired access from the rest of the Internet.

• They can be deployed unilaterally while cryptography based security usually requires support at both endpoints.

• Firewalls encapsulate security in a central place, making it easier to administer.

• They do not prevent attacks from within.

89

Firewall

Rest of the Internet Local site

Firewall

90

Malware

• Malware is malicious software designed to cause damage.

• Viruses, worms and spy ware are types of malware.• Viruses make and spread copies of themselves. • A worm is a complete program and a virus is a bit

of code inserted into existing software.• Spy ware collects and transmits private

information about a computer system or its users and is usually secretly embedded in a useful program and is spread from system to system. examples of spy ware include key loggers.

91

Summary• The job of network security is to keep shared networks

from spying on or interfering with each other’s use of the network.

• Confidentiality is achieved by encrypting messages. Data integrity can be assured using cryptographic hashing.

• Private or Symmetric key ciphers such as AES and 3DES use the same secret key for both encryption and decryption.

• Public key ciphers, such as RSA, use a public key for encryption and a secret private key for decryption.

92

Figure 8.64-bit chunk

Expanded to 6 bits by stealinga bit from left and right chunks

■ ■ ■

■ ■ ■ ■ ■ ■

■ ■ ■

93

Figure 8.7

Block1

IV

DES

Cipher1

Block2

DES

Block3

DES

Block4

DES

+

Cipher2 Cipher3 Cipher4

+++

94

Figure 8.8

Transform

Initial “ digest“(constant)

Message (padded)

Transform

Transform

Message digest

512 bits 512 bits 512 bits■ ■ ■

95

Figure 8.11A B

E(x, PublicB )

x

96

Figure 8.13

Sender identity and messageintegrity confirmedif checksums match

Calculate MD5 checksum onreceived message and compare

against received value

Decrypt signed checksumwith senderÕs public key

Calculate MD5 checksumover message contents

Sign checksum using RSAwith senderÕs private key

Transmitted message

97

Figure 8.14

Decrypt message usingDES with secret keyk

Decrypt E(k) using RSA withmy private key k

Convert ASCII message

Encryptk using RSA withrecipient‘s public key

Encode message +E(k )in ASCII for transmission

Encrypt message usingDES with secret keyk

Create a random secret keyk Original message

Transmitted message

98

Figure 8.17Client Server

Hello

[Certificate] Keys

[Cert. Verify] Finished

Data

Finished

99

Figure 8.18

NextHdr PayloadLength Reserved

SPI

SeqNum

AuthenticationData

100

Figure 8.19

NextHdrPadLength

SPI

SeqNum

PayloadData

Padding (0- 255 bytes)

AuthenticationData

101

Figure 8.22

Firewall

Externalclient

External HTTP/TCP connection

Proxy

Internal HTTP/TCP connection

Localserver

102

Figure 8.23

SP

R

103

Figure 8.24

Outside world

R1 R2

net 1 net 2