Computer networks 1 - Chapter 13: Network security

1 Chapter 13: Network Security Advanced Principal Concepts Samples and Techniques Foundation Summary Question and Answer HCM City University of Technology Department of Computer Science and Engineering Reference: Chapter 8 - “Computer Networks”, Andrew S. Tanenbaum, 4th Edition, Prentice Hall, 2003. 2 Introduction  Network security is looming on the horizon as a potentially massive problem  Studying network security from several angles  Pointing out numerous pitfalls  Discussing many algorithms and protocols for making networks more secure  Most security problems are intentionally caused by malicious people trying to gain some benefit, get attention, or to harm someone 3 Security in Brief  It is concerned with...  Making sure that nosy people cannot read, or secretly modify messages intended for other recipients  People trying to access remote services that they are not authorized to use  The problems of legitimate messages being captured and replayed  People trying to deny that they sent certain messages  Four intertwined areas: secrecy, authentication, nonrepudiation, and integrity control 4 Most Common Perpetrators 5 Outline  Cryptography  Introduction  Symmetric-key algorithms  Public-key algorithms  Digital Signatures  Management of Public Keys  Apply to Computer Networks  Terms: Authentication, Authorization, Message Protection Secure Sockets Layer (SSL) 6 Part 1: Cryptography Advanced Principal Concepts Samples and Techniques Foundation Summary Question and Answer HCM City University of Technology Department of Computer Science and Engineering Reference: Chapter 8 - “Computer Networks”, Andrew S. Tanenbaum, 4th Edition, Prentice Hall, 2003. 7 Outline  Cryptography  Introduction  Symmetric-key algorithms  Public-key algorithms  Digital Signatures  Management of Public Keys 8 Introduction  A cipher is a character-for-character or bit-for-bit transformation  A code replaces one word with another word or symbol  Cryptography (or encryption): the process of converting ordinary information (plaintext) into unintelligible gibberish (ciphertext)  Cryptanalysis: The methods of breaking ciphers  Cryptanalyst: people search to break ciphers  Cryptology: the science on Cryptography 9 Notation  P: Plaintext  C: Ciphertext  E: Encryption  D: Decryption  K: Key  R: Random Number  t: timestamp  Kerchkhoff's principle: All algorithms must be public; only the keys are secret 10 Crytography 11 Work Factor  Real secrecy is in the key, its length is a major design issue  Encryption methods:  Substitution ciphers: each letter or group of letters is replaced by another letter or group of letters to disguise it  Transposition ciphers: reorder the letters but do not disguise them 12 Substitution Ciphers Caesar cipher. Key = 3. attack = DWWDFN  Ex: attack=QZZQEA  Ex: financial, begins at position 30 13 Transposition Ciphers  The ciphertext is read out by columns, starting with the column whose key letter is the lowest 14 One-Time Pads  Write the message: “I love you.” in binary  A one-time pad, pad 1, is randomly chosen  XORed with the message to get the ciphertext 15 Fundamental Cryptographic Principles  Messages must contain some redundancy, so that active intruders cannot send random junk and have it be interpreted as a valid message  Some method is needed to foil replay attacks: ensure that each message received can be verified as being fresh, for example including in every message a timestamp valid 16 Symmetric-Key Algorithms  Encryption and decryption functions that use the same key are called symmetric  Block ciphers: which take an n-bit block of plaintext as input and transform it using the key into n-bit block of ciphertext  Ex: DES, AES Encrypt Decrypt 17 Basic Elements of Product Ciphers (Hardware)  Cryptographic algorithms can be implemented in either hardware (for speed) or in software (for flexibility)  Ex: input=64, 256 bit, and 18 physical stages 18 Data Encryption Standard (DES)  1977: U.S. Government adopted a product cipher DES developed by IBM  Plaintext block = 64 bits, ciphertext block = 64 bits, key = 56-bit, round = 19 stages  All the complexity lies in the function: f(Ri-1,Ki)  In each of the 16 iterations, a different key is used  Diffie and Hellman (1977), designed a machine to break DES (256-entry key space) for 20 million dollars in under 1 day 19 DES Principles 20 Triple DES  1979, IBM realized that the DES key length was too short, devised triple encryption  112-bit key is adequate, backward compatibility with existing 21 Advanced Encryption Standard (AES)  1997: NIST (National Institute of Standards and Technology) sponsored a cryptographic contest  Rules for AES proposals  The algorithm must be a symmetric block cipher  The full design must be public  Key lengths of 128, 192, and 256 bits supported  Both software and hardware implementations required  The algorithm must be public or licensed on nondiscriminatory terms  Criterias: Security, efficiency, simplicity, flexibility, and memory requirements 22 AES Principles  2001: Rijndael (Joan Daemen and Vicent Rijmen) algorithm = FIPS 197  Key length = 128; 192; 256 bits (minimum key space of 2128 = 3 x 1038 keys)  Block size = 128 bits  Rijndael uses substitution and permutations, and it also uses multiple rounds  All operations involve entire bytes, to allow for efficient implementations in both hardware and software 23 AES Round Processing 24 Electronic Code Book Mode  Divide input to block with 64bit, the last block is padded if needed  32-byte: name=16 bytes , position=8 bytes and bonus=8 bytes  Each 8-byte block is encrypted by (triple) DES 25 Cipher Block Chaining Mode  Each plaintext block is XORed with the previous ciphertext block before being encrypted  C0 = E(P0 XOR IV), Ci = E(Pi XOR Ci-1) 26 Cipher Feedback Mode  For byte-by-byte encryption, DES algorithm operates on the 64-bit shift register to generate a 64-bit ciphertext 27 Stream Cipher Mode  Encrypting an initialization vector (IV), using a key to get an output block,...The sequence of output blocks, called the keystream  1-bit error in the transmitted ciphertext generates only a 1-bit error in the decrypted plaintext 28 Counter Mode  Plaintext is not encrypted directly  Easy to decrypt a block anywhere in the file without first having to decrypt all of its predecessors 29 Common Symmetric-Key Cryptographic Algorithms 30 Cryptanalysis  Differential cryptanalysis: used to attack any block cipher  Linear cryptanalysis: break DES with only 243 known plaintexts  Electrical power consumption: find secret keys by monitoring power consumed by each machine instruction  Timing analysis: deduce the round keys by seeing how long various programming steps take 31 Public-Key Algorithms  Also called Asymmetric-Key Algorithms  Based on some hard problems such as integer factoring,  When data is encrypted with one key, the other key must be used to decrypt the data, and vice versa  Each entity can be assigned a key pair: a private and public key Private key is known only to owner Public key is given away to the world 32 RSA (Rivest, Shamir, Adleman)  Choose two large primes, p and q (typically 1024 bits)  Compute n = p x q and z = (p - 1) x (q - 1)  Choose a number relatively prime to z and call it, d  Find e such that (e x d) = (1 mod z)  Pair key: {Public(e, n), Private(d,n)}  0 <= P < n, 2k < n  Encryption: C = Pe (mod n)  Decryption: P = Cd (mod n) 33 RSA Example  Example: p = 3, q = 11 → n = 33, z = 20, choose d = 7 → e = 3 34 RSA Notes  The method is based on the difficulty of factoring large numbers  Ex: Factoring a 500-digit number requires 1025 years using brute force  RSA is too slow for actually encrypting large volumes of data  Most RSA-based systems use public-key cryptography primarily for distributing one- time session keys for use with some symmetric-key algorithm such as AES or triple DES 35 Digital Signature Introduction  Conditions:  Receiver can verify the claimed identity of sender  Sender cannot later repudiate the contents of the message  Receiver cannot possibly have concocted the message himself  Authenticity of many legal, financial, and other documents is determined by the presence or absence of an authorized handwritten signature 36 Symmetric-Key Signatures  A central authority that knows everything and whom everyone trusts (ex: BB)  Each user then chooses a secret key and carries it by hand to BB's office 37 Public-Key Signatures  Alice can send a signed plaintext message, P, to Bob  Bob receives the message, he transforms it using his private key, then applies EA to get the original plaintext 38 Digital Signature Principle  Digital signatures are created by encrypting a hash of the data with private key  The resulting encrypted data is the signature  This hash can then only be decrypted by public key Hash Encrypt 39 Digital Signatures Verification  Given some data with signature, if someone decrypt a signature with public key and get the hash of the data, they know it was encrypted with private key Hash =? Decrypt 40 Message Digests (MD)  One-way hash function properties:  Given P, it is easy to compute MD(P).  Given MD(P), it is effectively impossible to find P.  Given P no one can find P' such that MD (P') = MD(P).  A change to the input of even 1 bit produces a very different output 41 MD Characteristics  Computing a MD is much faster than encrypting a plaintext with a public-key algorithm  Authentication scheme that does not require encrypting the entire message:  Alice first computes the message digest of her plaintext  She then signs the message digest and sends both the signed digest and the plaintext to Bob  If Trudy replaces P underway, Bob will see this when he computes MD(P) himself 42 MD5  Designed by Ronald Rivest  Every output bit is affected by every input bit  Padding the message to a length multiple of 448 bits  Original length of the message is appended as a 64-bit integer to give a total input whose length is a multiple of 512 bits  Each round takes a 512-bit block of input and mixes it thoroughly with the 128-bit buffer  The contents of the 128-bit buffer form the message digest  December 2008, "should be considered cryptographically broken and unsuitable for further use"  MD5("The quick brown fox jumps over the lazy dog") = 9e107d9d372bb6826bd81d3542a419d6 43 Secure Hash Algorithm 1 (SHA-1)  Developed by NSA  SHA-1 processes input data in 512-bit blocks  It generates a 160-bit message digest  2008, can be break theoretically within 2^51 op 44 Management of Public keys  How do you know that you have a correct public key?  Certificates  Some mechanism is needed to make sure that public keys can be exchanged securely user Subject Public Key Issuer (CA) Signature of CA Private Key (encrypted) 45 Certificate  Job of a certificate is to bind a public key to the name of a principal (individual, company,...)  Certificates themselves are not secret or protected  Certificate can also be used to bind a public key to an attribute 46 Checking a Certificate  By checking the signature, one can determine that a public key belongs to a given user Subject Public Key Issuer Signature Hash =? Decrypt Public Key from Issuer 47 Public-Key Infrastructure (PKI) 48 PKI Components  PKI has multiple components, including users, CAs, certificates, and directories  PKI provides a way of structuring these components and define standards for the various documents and protocols  A chain of certificates going back to the root (trust anchors) is called a chain of trust or a certification path  CRL (Certificate Revocation List) giving the serial numbers of all certificates that it 49 Part 2: Apply to Computer Networks Advanced Principal Concepts Samples and Techniques Foundation Summary Question and Answer HCM City University of Technology Department of Computer Science and Engineering Reference: Chapter 8 - “Computer Networks”, Andrew S. Tanenbaum, 4th Edition, Prentice Hall, 2003. 50 Outline  Terms  Authentication  Authorization  Message Protection  Secure Sockets Layer (SSL)  E-mail security  Web Security 51 Communication Security  Most security experts believe that to be really secure, encryption and integrity checks have to be end to end (i.e., in the application layer)  It requires changing all the applications to make them security aware  Next best approach is putting encryption in the transport layer or in a new layer between the application layer and the transport layer 52 IPSec  Complete IPsec design is a framework for multiple services, algorithms and granularities  Rather than make it optional, it was decided to require encryption all the time but permit the use of a null algorithm  It is in the IP layer, it is connection oriented  A ''connection'' in the context of IPsec is called an SA (security association) 53 IPSec Components  IPsec has two principal parts:  Two new headers that can be added to packets to carry the security identifier, integrity control data, and other information  ISAKMP (Internet Security Association and Key Management Protocol) deals with establishing keys  Two modes:  Transport mode  Tunnel mode 54 IPSec Authentication Header  AH (Authentication Header) provides integrity checking and antireplay security, but not secrecy (i.e., no data encryption)  HMAC (Hashed Message Authentication Code) 55 Firewalls  Keep ''good'' bits in and ''bad'' bits out  IPsec does nothing to keep digital pests and intruders from getting onto the company LAN  All traffic to or from the company is forced through an electronic drawbridge (firewall)  Packet filters are typically driven by tables configured by the system administrator 56 Packet Filter 57 Virtual Private Networks 58 VPN Feature  Private networks work fine and are very secure with leased lines  Many companies wanted to move their data traffic to the public network  VPNs are overlay networks on top of public networks but with most of the properties of private networks  VPNs can be implemented on top of ATM, Frame Relay, or directly over the Internet 59 Authentication Protocols  Verification of identity in the face of a malicious active intruder or impostor  Complex protocols based on cryptography  Many mechanisms exist:  Username/password  Challenge-response protocol  Kerberos  Public-key Cryptography 60 Challenge-Response Protocol  A, B are the identities of Alice and Bob  Ri's are the challenges, where the subscript identifies the challenger  Ki are keys, where i indicates the owner  KS is the session key 61 Authentication Using Kerberos  Designed at M.I.T. to allow workstation users to access network resources in a secure way  Kerberos involves three servers:  Authentication Server (AS): verifies users during login  Ticket-Granting Server (TGS): issues ''proof of identity tickets''  Bob the server: actually does the work Alice (a client workstation) wants performed 62 Operation of Kerberos V4 63 Authentication Using Public-Key Cryptography 64 Authorization  Verification of rights  Many mechanisms exist for specification and enforcement:  By operating system (e.g., unix file permissions)  By application (e.g., permissions within a DBMS)  Usually requires authentication, but doesn’t always 65 Message Protection  Integrity  Authenticate the message  Verify that the message received is the same message that was sent  A signature is a message integrity mechanism that can be verified even if the sender is offline  Confidentiality  Ensure that no one but the sender and recipient can read the message 66 Secure Sockets Layer (SSL)  SSL builds a secure connection between two sockets  Parameter negotiation between client and server  Mutual authentication of client and server  Secret communication  Data integrity 67 SSL Connection Establishment 68 Data Transmission using SSL 69 PGP — Pretty Good Privacy  PGP is a complete e-mail security package that provides privacy, authentication, digital signatures, and compression  PGP encrypts data by using a block cipher called IDEA (International Data Encryption Algorithm), which uses 128-bit keys  Key management uses RSA and data integrity uses MD5  PGP supports text compression, secrecy, and digital signatures 70 Mail Security (PGP) 71 Web Security (HTTPs)