Upload
gavin-jennings
View
222
Download
0
Tags:
Embed Size (px)
Citation preview
Communications Research Group
Network SecurityVolkan Cambazoglu
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
Outlook•Secure channel
•Principles of cryptography
•Authentication, Integrity
•Security at different layers
•Firewalls and Intrusion Detection
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
Communication Channels
•Assume always that a communication channel is insecure!
Source: Kurose Ross
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
Examples of Alice and Bob•E-commerce applications
- Amazon, Spotify, etc.
•Online banking applications- Swedbank, Nordea, etc.
•Online chat applications- Skype, Google chat, etc.
•DNS servers- Exchange messages about where a website is
located
•Routers- Exchange messages about routing tables (Routing
Information Protocol)Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
What can Trudy do?•Eavesdrop
- Sniff and record traffic between users (e.g. Alice and Bob)
• Insertion- Insert messages as if it comes from a specific user
(Alice/Bob)
•Modification- Alter messages going from a user (Alice) to the other
one (Bob)
•Deletion- Delete messages going from a user (Alice) to the
other one (Bob)
•Denial of service- Prevent users (Alice) from reaching an existing service
(provided by Bob)Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
Properties of Secure Communication•Confidentiality
- Only the receiver should understand the message content
•Authentication- Receiver should be able to confirm sender’s identity
• Integrity- Receiver should be able to check that the message is
not altered
•Availability- Receiver should be able to access services provided by
the senderAdapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
Outlook•Secure channel
•Principles of cryptography
•Authentication, Integrity
•Security at different layers
•Firewalls and Intrusion Detection
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
Information Security•Conceptually, the way information is recorded
has not changed dramatically over time. What has changed dramatically is the - ability to copy and alter information. - technological advancements- change from physical to digital
•Cryptography is the study of mathematical techniques related to aspects of information security such as - confidentiality- entity authentication- data integrity- data origin authentication
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
The Basic Idea
•Mathematical functions f(x) that are efficient to compute. No efficient algorithm is known for the inverse function.
•such as•Discrete Logarithm•Factorizing large numbers
f(x): efficient
f (x): hard-1
x f(x)
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
Kerkhoff’s Principle
An enemy knows the whole system including all transformations, but not the secret key(s).
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
Principles of Cryptography•Plaintext or cleartext
- has some meaning
•Ciphertext- unintelligible content
•Encryption algorithm- encrypt (plaintext) = ciphertext
•Decryption algorithm- decrypt (ciphertext) = plaintext
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
Encryption/Decryption•non-keyed
- no secret parameters- one-way functions- e.g. MD5
•secret key- two or more entities share some common secret values- encrypt and decrypt with the same secret- e.g. Caesar cipher, AES
•public key- no shared secret keys - one secret for encryption and another secret for
decryption- e.g. RSAAdapted from: Computer Networking, Kurose/Ross and lecture
notes, Rohner
Symmetric Key Cryptography
ff ffm mc = f(m,k)
k k
ciphertextplaintext
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
Gaius Julius Cæsar•Shared secret encryption/decryption•Secret is a number to shift the alphabet
abcdefghijklmnopqrstuvwxyz
k = 3
defghijklmnopqrstuvwxyzabc
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
There will be a secret meeting in one of the Swedish cities. We obtained the ciphertext for it! Which city is it?
toorzkz
Gaius Julius Cæsar
abcdefghijklmnopqrstuvwxyz
uppsala
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
Attacks on Symmetric Key Cryptography•ciphertext-only: - statistical analysis (e,t most frequent)
- typical words (the, in, it, ...ing, etc.)
•known-plaintext- Uppsala, Alice, Bob, etc.
•chosen-plaintext- “the quick brown fox jumps over the lazy dog”
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
Improving Symmetric Key Cryptography•Monoalphabetic cipher
- Caesar cipher
•Polyalphabetic cipher- e.g. combine two Caesar ciphers for one word
•Block cipher- e.g. 3-bit block cipher (000:110, 001: 101, 010: 000, ...)
- DES: 64 bit input, 16 rounds of 48 bit key from 56 bit key, final permutation 64 bit output
- AES: 128 bit blocks, accepts different key lengths (128, 192, 256)
- brute force decryption (try each key) taking 1 sec on DES, takes 149 trillion years for AESAdapted from: Computer Networking, Kurose/Ross and lecture
notes, Rohner
Public Key Cryptography•How can Alice and Bob start secure
communication, if they cannot come together in the physical world?- Send shared secret in plaintext?- Send encrypted shared secret?- Hide the secret somewhere in plaintext?- Any other crazy ideas?- Or shall we simply use public key cryptography?
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
Plaintextmessage
m = KB-(KB
+(m))
Public Key Cryptography
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
encryptioencryptionn
algorithalgorithmm
decryptiodecryptionn
algorithalgorithmm
Plaintextmessage, m
CiphertextKB
+(m)
Public key: KB+(m)
Private key: KB-(m)
Plaintextmessage
m = KB-(KB
+(m))
Public Key Cryptography
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
encryptioencryptionn
algorithalgorithmm
decryptiodecryptionn
algorithalgorithmm
Plaintextmessage, m
CiphertextKB
+(m)
Public key: KB+(m)
Private key: KB-(m)
What could go wrong here?•Hint 1: Who can use the public key?•Hint 2: What happens when same text, algorithm and key are used?
Public Key Cryptography•Prerequisite: Modular Arithmetic•x mod n = remainder of x when divided by
n• facts:
- [(a mod n) + (b mod n)] mod n = (a+b) mod n- [(a mod n) - (b mod n)] mod n = (a-b) mod n- [(a mod n) * (b mod n)] mod n = (a*b) mod n
• thus: - (a mod n)d mod n = ad mod n
•example:- a=14, n=10, d =2- (14 mod 10)2 mod 10 = 42 mod 10 = 6- 142 mod 10 = 196 mod 10 = 6
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
RSA: Encryption/Decryption•Encryption
- c = me mod n- c is ciphertext - m is plaintext- e is encryption key- (n, e) is the public key
•Decryption- m = cd mod n = (me mod n)d mod n = me*d mod n- d is decryption key- (n, d) is the private key
• Do you notice something when m = me*d mod n?Adapted from: Computer Networking, Kurose/Ross and lecture
notes, Rohner
RSA: Creating public/private key pair•Choose two large prime numbers p and q (1024
bits each)
•Compute (n = p * q) and (z = (p-1) * (q-1))
•Choose e < n that has no common factors with z (relatively prime) - e.g. (3 and 7) and (5 and 12) are relatively prime.
•Choose d that fulfills (e * d mod z = 1)
•Public key (n,e)•Private key (n,d)Adapted from: Computer Networking, Kurose/Ross and lecture
notes, Rohner
RSA Encryption
Source: Kurose Ross
p=5q=7
n=35z=24e=5
d=29Adapted from: Computer Networking, Kurose/Ross and lecture
notes, Rohner
RSA Decryption
Source: Kurose Ross
p=5q=7
n=35z=24e=5
d=29Adapted from: Computer Networking, Kurose/Ross and lecture
notes, Rohner
Why does RSA work?•m = cd mod n •m = (me mod n)d mod n •m = me*d mod n
• fact: - cd mod n = c(d mod z) mod n- where n = p*q and z=(p-1)*(q-1)
• thus:- m = m((e*d) mod z) mod n- m = m1 mod n
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
Why is RSA secure?• We know the public key (n,e). Can we compute d
using n and e?• We need to find the factors of n= p*q• p and q are two very large prime numbers (at
least 1024 bits)
• 136064817260489928484113640026944941480975382962539945337862848254226224034275820538310008858403955437239102681465761388249980135083342434428721426840110617593953169835450968550730769430412845048185659381370857105323219453521491277894773367539216680431287506338710965204349119030528157752992551375455100484051 (309 digits)
• Factoring a big number is hard!Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
RSA in practice: Session keys•Exponentiation in RSA is computationally
intensive
•Use public key crypto to establish secure connection
•Establish symmetric session key for encrypting data- Shared secret
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
Outlook•Secure channel
•Principles of cryptography
•Authentication, Integrity
•Security at different layers
•Firewalls and Intrusion Detection
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
Message Integrity•Apply hash function H to m and get fixed
size message digest H(m).
•Good to rely on- MD5 (128 bit message digest)- SHA-1 (160 bit message digest) (US standard)
•Bad to rely on- Internet checksum (16 bit digest)- “IOU100.99BOB” and - “IOU900.19BOB” have identical checksum (B2 C1 D2 AC)
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
Message Integrity• If Alice sends (m, H(m)) to Bob, can Bob trust
the message m comes from Alice?•No; because Trudy can prevent Bob from
receiving (m, H(m)) and instead send (m’, H(m’)). Bob will check that H(m’) is indeed digest/hash of m’.
•There is a solution to this problem:- Message Authentication Code (e.g. HMAC)- Used together with a cryptographically secure hash
function such as MD5 or SHA-1- There is a shared authentication key between Alice
and Bob.
- So, Alice will send (m, H(m+s)) instead of (m, H(m)).Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
Authentication•Bob wants Alice to “prove” her identity to
him
•Bob wants to know that if he receives a message from Alice, the message actually comes from her.
•Bob wants to be sure that the message was not tampered with on its way to him.
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
RSA: Another important property• KB
-(KB+(m)) = m = KB
+(KB-(m))
• private(public(m)) = m = public(private(m))
• Everyone can encrypt• Only one can decrypt
• Only one can claim it• Everyone can check it
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
Digital Signatures•Cryptographic technique analogous to hand-
written signatures•Bob (sender) digitally signs document,
establishing he document owner/creator•Bob signs message m by encrypting with his
private key KB-, creating signed message KB
-
(m).• Verifiable, non-forgeable: Alice (recipient) can
prove to someone that Bob and no one else must have signed the document
• Non-repudiation:- Alice can take m and signature KB
-(m) to court and prove that Bob signed m
- Only Bob possesses KB-Adapted from: Computer Networking, Kurose/Ross and lecture
notes, Rohner
Digital Signature
Source: Kurose Ross
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
Signed Message Digests•Computationally expensive to encrypt long
messages with public key crypto•Goal:
- Fixed-length- Easy-to-compute- Digital fingerprint
•Apply hash function H to m and get fixed size message digest H(m).
•Sign H(m)•Send (m, KB
-(H(m)))
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
Digital Signature
Source: Kurose Ross
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
Impersonation Attack
Source: Kurose Ross
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
Impersonation Attack
Source: Kurose Ross
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
Replay Attack
Source: Kurose Ross
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
Nonce (timeliness)•Nonce: number R used only once-in-a-
lifetime•KA-B : Shared secret key
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
Nonce (timeliness)
Source: Kurose Ross
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
(Wo)Man-in-the-Middle Attack
Source: Kurose RossAdapted from: Computer Networking, Kurose/Ross and lecture
notes, Rohner
(Wo)Man-in-the-Middle Attack•Difficult to detect
•Alice receives everything Bob sends
•Bob and Alice can meet later and still recall the last conversation
•Trudy receives all messages as well!
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
Public Key Certification•Certification Authority (CA)
- binds public key to particular entity (Bob)
•Bob provides proof of identity to CA•CA creates certificate binding Bob to his public
key•Certificate containing Bob’s public key digitally
signed by CA - CA says “this is Bob’s public key”
•When Alice wants Bob’s public key- gets Bob’s certificate (from Bob or elsewhere)- apply CA’s public key to Bob’s certificate- gets Bob’s public key
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
Outlook•Secure channel
•Principles of cryptography
•Authentication, Integrity
•Security at different layers
•Firewalls and Intrusion Detection
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
Security at Different Layers
ApplicationMail: MIME/S, PGP
TransportTLS (Secure Socket Layer, SSL)
NetworkIP Security (IPSec)Packet Filter
LinkFrame Filter, WPA
PhysicalWEP
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
Outlook•Secure channel
•Principles of cryptography
•Authentication, Integrity
•Security at different layers
•Firewalls and Intrusion Detection
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
Firewalls• Isolates organization’s internal network
from larger Internet, allowing some packets to pass, blocking others
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
Firewalls•Prevent denial of service attacks
- SYN flooding: attacker establishes many bogus TCP connections, no resources left for real connections
•Prevent illegal modification/access of internal data- Attacker replaces website’s homepage with something
else
•Allow only authorized access to inside network- Set of authenticated users
•Three types of firewalls- Stateless packet filters- Stateful packet filters- Application gateways
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
Stateless Packet Filtering• Internal network connected to Internet via
router firewall
•Router filters packet-by-packet, decision to forward/drop packet based on- Source IP address, destination IP address- TCP/UDP source and destination port numbers- ICMP message type- TCP SYN and ACK bits
•Example: - Block incoming and outgoing datagrams with IP
protocol field 17- All incoming and outgoing UDP flows are blockedAdapted from: Computer Networking, Kurose/Ross and lecture
notes, Rohner
Access Control Lists
ActionAction SourceSourceAddressAddress
DestDestAddressAddress
ProtoProtocolcol
SourceSourcePortPort
DestDestPortPort Flag BitFlag Bit
allow222.22/1
6
outside of
222.22/16
TCP >1023 80 any
allow
outside of
222.22/16
222.22/16
TCP 80 >1023 ACK
deny all all all all all all
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
Stateful Packet Filtering•Stateless packet filtering
- Admits packets that makes no sense- e.g. dest port=80, ACK bit set, even though no
TCP connection established
•Stateful packet filtering tracks- Status of every TCP connection- Connection setup (SYN)- Connection teardown (FIN)- Timeout inactive connections at firewall
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner
Intrusion Detection Systems•Packet filtering
- operates on TCP/IP headers only- no correlation check among sessions
• Intrusion Detection System- Deep packet inspection: Look at packet contents
for viruses, attack patterns, etc.
- Examine correlation among multiple packets for port scanning, network mapping, Denial of Service (DoS) attack, etc.
Adapted from: Computer Networking, Kurose/Ross and lecture notes, Rohner