CSS432: Network Security1 CSS432 Network Security Textbook Ch8 Professor: Munehiro Fukuda

CSS432: Network Security 1

CSS432 Network SecurityTextbook Ch8

Professor: Munehiro Fukuda


Overview Cryptography functions

Secret key (e.g., DES): sharing a common single secret key Public key (e.g., RSA): owning a private key, while publishing the

corresponding public key Message digest (e.g., MD5): generating a cryptographic checksum

Security services Privacy: preventing unauthorized release of information Authentication: verifying identity of the remote participant Integrity: making sure message has not been altered

Security

Cryptographyalgorithms

Publickey

(e.g., RSA)

Secretkey

(e.g., DES)

Messagedigest

(e.g., MD5)

Securityservices

AuthenticationPrivacy Messageintegrity


Secret Key (DES)

Plaintext

Encrypt withsecret key

Ciphertext

Plaintext

Decrypt withsecret key


64-bit key (56-bits + 8-bit parity) 16 rounds

Initial permutation

Round 1

Round 2

Round 16

56-bitkey

Final permutation

…

+

F

Li – 1 Ri – 1

Ri

Ki

Li

• Each RoundLeft half Right half

Ex-OR

Combiner function


Repeat for larger messages

Block1

IV

DES

Cipher1

Block2

DES

Block3

DES

Block4

DES

+

Cipher2 Cipher3 Cipher4

+++Initialization vector(Random number)

64bits 64bits 64bits 64bits


Public Key (RSA)

Encryption: c = memod n where <e, n> is a public key Decryption: m = cdmod n where <d, n> is a private key The main goal is to find a pair of e and d

Plaintext

Encrypt withpublic key

Ciphertext

Plaintext

Decrypt withprivate key


RSA (cont) Choose two large prime numbers p and q (each

256 bits) n = p x q Choose the encryption key e, such that e and (p -

1) x (q - 1) are relatively prime. Two numbers are relatively prime if they have no

common factor greater than one Compute decryption key d such that

d = e-1mod ((p - 1) x (q - 1)) Construct public key as (e, n) Construct private key as (d, n) Discard (do not disclose) original primes p and q Encryption: c = memod n Decryption: m = cdmod n

Algorithm Example p = 3, q = 5

n = 3 x 5 = 15 (3-1) x (5 – 1) = 8 e = 7 7d = 1 mod 8 d = 15 7 x 15 = 105

= 1 mod 8

m = 2 c = 27 mod 15 = 8 m = 815 mod 15 = 2


Message Digest

message

checksum

message

checksum checksum

message

checksum checksum

message

checksum checksum

message

checksum

message

checksum

Sender

ReceiverErrors

Wrong

Errors detected

altered

altered

No alternation detected

Adversary knowsthe checksum computation

No errors


Message Digest

message

message

MD

MD MDNo errors nor alternations

message

MD

message

MD

Errors

Wrong

Errors detectedMD

message

MD

message

MD MD

altered

altered

Alternation detected

Adversary doesn’t knowthe key used in MD


Message DigestMessage (padded)

128-bit Initial digest(constant) 512 bits 512 bits512 bits

Bitwise transformBitwise transform



Message digest


Authentication ProtocolsThree-Way Handshake

E(msg, key): msg was encrypted with key

CHK: client handshake key SHK: server handshake key Both client and server must know CHK

and SHK.

1. Client sends x encrypted with CHK.

2. Server decrypts x with CHK.

3. Server sends x + 1 and y encrypted with SHK.

4. Client decrypts x + 1 and y with SHK and knows Server has CHK.

5. Client sends y + 1 encrypted with CHK.

6. Server decrypts y + 1 with CHK and knows Client has SHK.

Client Server

ClientId, E(x, CHK)

E(y + 1, CHK)

E(SK, SHK)

E(x + 1, SHK), E(y, SHK)

What if client and server know nothing about each other?


The authentication server S assumes that A and B each share a secret key with S.

T: timestamp L: Lifetime K: Session key KA: Secret key shared

between A and S KB: Secret key shared

between B and S

AS B

E((T, L, K, B), KA),

E((A, T), K),

E((T, L, K, A), KB)

A, B

E(T + 1, K)

E((T, L, K, A), KB)

Authentication ProtocolsTrusted Third Party (Kerberos)

A knows T, L, and KA checks if B has received K

B knows T, L, and KB responds T+1 to A

A session has been established


Public key authentication

A B

E(x, PublicB)

x

A authenticated B


Message Integrity Protocols Digital signature using RSA

Original cryptography: Encryption with a public key : c = memod n Decryption with a private key: m = cdmod n

Compute signature with private key and verify with public key Encryption with a private key : m = cdmod n Decryption with a public key: c = memod n

Large computational complexity Keyed MD5

sender: m + MD5(m + k) receiver

Sender and receiver share the key k Computes MD5(m + k) and compare it with the received

MD5(m + k) MD5 with RSA signature

sender: m + E(MD5(m), private) receiver

decrypts MD5(m) with sender’s public key compares result with MD5 checksum sent with message


Key Distribution Certificate

Special type of digitally signed document: “I certify that the public key in this document belongs to the entity

named in this document, signed X.” The name of the entity being certified The public key of the entity The name of the certified authority A digital signature

Certified Authority (CA) Administrative entity that issues certificates Useful only to someone that already holds the CA’s public key. PGP Example:

CA imports a public key from a person who wants it to certify his/her public key.

CA retrieves the finger print from this public key. CA verify it with the key’s owner over a phone or through any other

means.


Key Distribution (cont)

Chain of Trust X certifies that a certain public key belongs to Y:

X.cert( Y, publicKeyY ) Y certifies that another public key belongs to Z:

Y.cert( Z, publicKeyZ ) Someone, say A wants to verify Z’s public key has to know X’s public

key:A.knows( X, publicKeyX )

Certificate Revocation List A digitally signed list of revoked certificates Periodically updated and made available in public A revoked certificate will be listed for a certain time period

A certificate has an expiration date. PGP Example:

A person who wants to revoke his/her public key generates a revocation certificate. (This should be done before his/her public key becomes useless.)

He/she prints out the revocation certificate and sends it to CA.


Example Systems

Pretty Good Privacy (PGP) Encryption and authentication for email

Secure Shell (SSH) Secured version of Unix R commands (rlogin, rsh,

and rcp) Transport Layer Security (TLS, SSL, HTTPS)

Additional handshake to encrypt and authenticate TCP communication, in particular HTTP connections

IP Security (IPSEC) Framework to make IP packets secured


PGP A popular approach to providing encryption ad

authentication capabilities for email. A user decides the level of establishing trust

You know A well, and thus trust A’s public key. You have received B’s certificate from A.

You trust it if B is A’s colleague but not a politician. You have received B’s certificate from C and D and then trust B’s

certificate. A user collects a set of certificates with varying trust level in a key

ring (~/.gnupg/trustdb.gpg) Systems available at:

MIT distribution site for PGP: http://web.mit.edu/network/pgp.html The International PGP Home Page: http://www.pgpi.org/ The Gnu Privacy Guard: http://www.gnupg.org/


PGP (Message Encryption) Generating a key: gpg --gen-key

Required to type your real name, comments, and email address( [email protected]) Exporting a public key: gpg --output mfukuda.pub --armor --export mfukuda Importing a public key: gpg --import --armor mfukuda.pub Validating a public key: gpg --edit-key [email protected]

Command > fpr // check his finger print Command > sign // sign this public key at a favorite trust level

Encrypting a document: gpg –output doc.enc –encrypt –recipient [email protected] doc Decrypting a document: gpg –output doc –descript doc.enc

Create a random secret key k

Encrypt message usingDES with secret key k

Encrypt k using RSA withrecipient’s public key

Encode message + E(k)in ASCII for transmission Convert ASCII message

Decrypt E(k) using RSA withmy private key -> k

Decrypt message usingDES with secret key k


PGP (Message Integrity and Authentication)

Making a signature: gpg --output doc.asc --sign doc Making a signature in email format: gpg --clearsign doc // doc.asc is automatically created Verifying a signature: gpg --output doc --decrypt doc.asc

Calculate MD5 checksumover message contents

Sign checksum using RSAwith sender’s private key

Calculate MD5 checksum onreceived message and compare

against received value

Sender identity and messageintegrity confirmed

if checksums match

Decrypt signed checksumwith sender’s public key


SSH

Secured version of Unix R commands (rlogin, rsh, and rcp)

SSH-TRANS: a transport layer protocol on top a TCP connection

SSH-AUTH: An authentication protocl using RSA

SSH-CONN: a connection protocol enabling SSH tunnelling


SSH (Protocol Exchange)

~/.ssh/id_rsa(~/.ssh/identity)

mfukuda@local1

/etc/ssh/ssh_known_hosts~/.ssh/known_hosts

host1

host2

host3

local1

/etc/ssh/ssh_host_rsa_key

host1

~/.ssh/authorized_keys

mfukuda@local1

mfukuda@local2

mfukuda@local2

server1

(1) Contact to port 22

(2) SSH version

/etc/ssh/ssh_host_rsa_key.pub

host1

server

server

host1

server

(3)

session

(4) Server AuthenticationsessionE( , )

(5) Secure connection established

(6) Client Authentication

E( random 256-bit string, )

serverhost1

mfukuda@local1

MD5(random 256-bit string, ) session

(7) All authentications completed


SSH (Key Generation Example)Munehiro Fukuda@fukuda-thinkpad ~$ ssh-keygent –t rsaGenerating public/private rsa key pair.Enter file in which to save the key (/home/Munehiro Fukuda/.ssh/id_rsa):Enter passphrase (empty for no passphrase): ********Enter same passphrase again: ********Your identification has been saved in /home/Munehiro Fukuda/.ssh/id_rsa.Your public key has been saved in /home/Munehiro Fukuda/.ssh/id_rsa.pub.The key finger print is:3b:4c:e7:db:68:25:13:7e:77:a2:c8:b8:43:af:44:82 Munehiro Fukuda@fukuda-thinkpadMunehiro Fukuda@fukuda-thinkpad ~$ cd .sshMunehiro Fukuda@fukuda-thinkpad ~$ lsId_rsa id_rsa.pub known_hosts known_hosts~Munehiro Fukuda@fukuda-thinkpad ~$ sftp perseus.bothell.washington.eduConnecting to perseus.bothell.washington.edu…[email protected]’s password: ********sftp> put id_rsa.pubsftp> quitMunehiro Fukuda@fukuda-thinkpad ~$ ssh –l mfukuda perseus.bothell.washington.edumfukuda@perseus.bothell.washington.edu’s passowrd: ********[mfukuda@perseus mfukuda]$ mv id_rsa.pub .ssh/id_rsa.fukuda-thinkpad.pub[mfukuda@perseus mfukuda]$ cd .ssh[mfukuda@perseus mfukuda]$ cat id_rsa.fukuda-thinkpad.pub >> authorized_keys[mfukuda@perseus mfukuda]$ chmod 644 authorized_keys[mfukuda@perseus mfukuda]$ exitMunehiro Fukuda@fukuda-thinkpad ~$ ssh –l mfukuda perseus bothell.washington.eduEnter passphrase for key ‘/honme/Munehiro Fukuda/.ssh/id_rsa’: ********[mfukuda@perseus mfukuda]$


SSH (SSH Agent)

local server

~/.ssh/id_rsa(~/.ssh/identity)

mfukuda@local1

ssh-agent

$ ssh-add

mfukuda@local

SSH protocol exchange

Munehiro Fukuda@fukuda-thinkpad ~$ eval `ssh-agent`Agent pid 228Munehiro Fukuda@fukuda-thinkpad ~$ ssh-addEnter passphrase for /home/Munehiro Fukuda/.ssh/id_rsa: ********Identity added: /home/Munehiro Fukuda/.ssh/id_rsa (home/Munehiro Fukuda/..ssh/id_rsa)Munehiro Fukuda@fukuda-thinkpad ~$ ssh –l mfukuda perseus.bothell.washington.edu[mfukuda@perseus mfukuda]$ exitMunehiro Fukuda@fukuda-thinkpad ~$ ssh –l mfukuda perseus.bothell.washington.edu[mfukuda@perseus mfukuda]$ exitMunehiro Fukuda@fukuda-thinkpad ~$ eval `ssh-agent –k`Agent pid 228 killdMunehiro Fukuda@fukuda-thinkpad ~$ ssh –l mfukuda perseus bothell.washington.eduEnter passphrase for key ‘/honme/Munehiro Fukuda/.ssh/id_rsa’: ********[mfukuda@perseus mfukuda]$


SSH (Agent Forwarding)

local Server X

ssh-agent$ ssh-addmfukuda@local

SSH protocolexchange

~/.ssh/id_rsa

mfukuda@local

Server X

sshd

proxyagent

sshd

SSH protocolexchange

scp scp scp

authentication authentication

forwardedauthentication

#Enable agent forwardingssh –A ….sftp userId@serverX:file1 userId@serverY:file2

CSS432: Network Security 26=localhost

=localhost

SSH (Port Forwarding) Local forwarding

ssh -L x:appserver:y username@sshdserver Ex: ssh –L 80:localhost:8080 mfukuda@perseus

Localhost = perseus in this example

Remote forwarding ssh -R x:appclient:y username@sshdserver Ex: ssh –R 80:localhost: mfukuda@perseus

Localhost = my local computer (fukuda-thinkpad)

sshclient

sshclient

sshdserver

sshdserver

appserver

appserver

appclient

appclient

y22

22 x

x

y


Firewalls

Filter-Based Solution Example

( 192.12.13.14, 1234, 128.7.6.5, 80 )filter all packets from port 1234 on host 192.12.13.14 addressed to port 80 on host 128.7.6.5(*,*, 128.7.6.5, 80 )filter all packets address to port 80 on 128.7.6.5

Default: forward or not forward? All ports initialized to forward packets All ports initialized to filter packets

How dynamic? Filter initialized upon a boot Filter reinitialized at run time

Rest of the Internet Local siteFirewall


CISCO Example

hostname router1! Link to the Internetinterface ethernet 0 ip address 172.16.1.1 255.255.255.0 ip access-group 1 in! Link to the local networkinterface ethernet 1 ip address 192.168.1.1 255.255.255.0!Access-list 1 deny 172.16.2.0 0.0.0.255Access-list 1 permit 0.0.0.0 255.255.255.255

router1InternetX

172.16.2.0

Local Network192.168.1.1172.16.1.1


Proxy-Based Firewalls Problem: complex policy Example: web server

Solution: proxy

Question: What if we need to run different applications (HTTP,

FTP, IMAP, etc)?

Company netFirewall Webserver

Randomexternaluser

Remotecompanyuser

Internet

Externalclient

External HTTP/TCP connection

Proxy

Firewall

Internal HTTP/TCP connection

Localserver

Some web pages should be visible,While the other should not.

Filter port 80 or not


DMZ and Bastion Servers

BorderRouter

Internet FirewallSystem

Local Network

De-Militarized Zone (DMZ)

HTTP FTP IMAPBastion Hosts

192.168.1.1

192.168.1.0/24

172.16.1.1

1. Forward packets from 192.168.1.0/4 Filter the others

2. What if someone spoofs 192.168.1.X ?

3. Solution:hostname router1! Link to the Internetinterface ethernet 0 ip address 172.16.1.1 255.255.255.0 ip access-group 1 in! Link to the local networkinterface ethernet 1 ip address 192.168.1.1 255.255.255.0!Access-list 1 deny 192.168.1.0 0.0.0.255Access-list 1 permit 0.0.0.0 255.255.255.255

4. Limitations:Attacks from within local network


ReviewsCryptography algorithms: DES, RSA, and MD5Authentication: three way handshake and

KerberosMessage integrity: RSA, keyed MD5, and MD5

with RSA signature Examples: PGP and SSHFirewall: filter-based, proxy-based, and DMZ

Documents

CSS432: Network Security1 CSS432 Network Security Textbook Ch8 Professor: Munehiro Fukuda