1 / 87

Chapter 11 Security Protocols

Chapter 11 Security Protocols. Network Security Threats Security and Cryptography Network Security Protocols Cryptographic Algorithms. Chapter 11 Security Protocols. Network Security Threats. Network Security.

airell
Download Presentation

Chapter 11 Security Protocols

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 11Security Protocols Network Security Threats Security and Cryptography Network Security Protocols Cryptographic Algorithms

  2. Chapter 11Security Protocols Network Security Threats

  3. Network Security • The combination of low-cost powerful computing and high-performance networks is a two-edged sword: • Many powerful new services and applications are enabled • But computer systems and networks become highly susceptible to a wide variety of security threats • Network security involves countermeasures to protect computer systems from intruders • Firewalls, security protocols, security practices • We will focus on security protocols

  4. Threats, Security Requirements, and Countermeasures • Network Security Threats • Eavesdropping, man-in-the-middle, client and server imposters • Denial of Service attacks • Viruses, worms, and other malicious code • Network Security Requirements • Privacy, Integrity, Authentication, Non-Repudiation, Availability • Countermeasures • Communication channel security • Border security

  5. Security Requirements Security threats motivate the following requirements: • Privacy: information should be readable only by intended recipient • Integrity: recipient can confirm that a message has not been altered during transmission • Authentication: it is possible to verify that sender or receiver is who he claims to be • Non-repudiation: sender cannot deny having sent a given message. • Availability: of information and services

  6. replay Request Server Client Response Eavesdropping • Information transmitted over network can be observed and recorded by eavesdroppers (using a packet sniffer) • Information can be replayed in attempts to access server • Requirements: privacy, authentication, non-repudiation

  7. Server Client Imposter Client Imposter • Imposters attempt to gain unauthorized access to server • Ex. bank account or database of personal records • For example, in IP spoofing imposter sends packets with false source IP address • Requirements: privacy, authentication

  8. Server Attacker Denial of Service Attack • Attacker can flood a server with requests, overloading the server resources • Results in denial of service to legitimate clients • Distributed denial of service attack on a server involves coordinated attack from multiple (usually hijacked) computers • Requirement: availability

  9. Server Imposter Client Server Imposter • An imposter impersonates a legitimate server to gain sensitive information from a client • E.g. bank account number and associated user password • Requirements: privacy, authentication, non-repudiation

  10. Man in the middle Client Server Man-in-the-Middle Attack • An imposter manages to place itself as man in the middle • convincing the server that it is legitimate client • convincing legitimate client that it is legitimate server • gathering sensitive information and possibly hijacking session • Requirements: integrity, authentication

  11. Server Imposter Client Malicious Code • A client becomes infected with malicious code • Opening attachments in email messages • Executing code from bulletin boards or other sources • Virus: code that, when executed, inserts itself in other programs • Worms: code that installs copies of itself in other machines attached to a network • Many variations of malicious code • Requirements: privacy, integrity, availability

  12. Countermeasures Secure communication channels • Encryption • Cryptographic checksums and hashes • Authentication • Digital Signatures

  13. Countermeasures Secure borders • Firewalls • Virus checking • Intrusion detection • Authentication • Access Control

  14. Chapter 11Security Protocols Security and Cryptography

  15. Cryptography • Encryption: transformation of plaintext message into encrypted (and unreadable) message called ciphertext • Decryption: recovery of plaintext from ciphertext • Cipher: algorithm for encryption & decryption • A secret key is required to perform encryption & decryption

  16. Substitution Ciphers Substitution Cipher: Map each letter or numeral into another letter of numeral: a b c d e f g h i j k l m n o p q r s t u v w x y z z y x w v u t s r q p o n m l k j i h g f e d c b a • Example: • hvxfirgb security • Substitution ciphers are easy to break • Take histogram of frequency of occurrence of letters in a ciphertext message • Match to known frequencies of letters

  17. Transposition Cipher Transposition Cipher: Rearrange order of letters/numerals in a message using a particular rearrangement: • interchange character k with character k+1 • Example: • security esuciryt • Transposition Ciphers are easy to break • Suppose plaintext and ciphertext are known • Matching of letters in plaintext and ciphertext will reveal transposition mapping

  18. Encryption Decryption C=E (P) Ciphertext Plaintext P P K DK(.) EK(.) Key K Key K Secret Key Cryptography • Sender encrypts P by applying mapping EK which depends on secret key K: C = EK(P) • Receiver decrypts C by applying inverse mapping DK which also depends on K: DK(EK(P)) = P

  19. What makes a good cipher? • Algorithm should be easy to implement and deploy on large scale • Algorithm should be difficult to break: • Number of keys should be very large • Attacker cannot try all possible keys • The secret key should be very hard to derive from intercepted messages • Even if a large number of plaintext & corresponding cyphertexts are known to the attacker • Examples of secret key methods discussed later: • Data Encryption Standard (DES) and Triple DES • Advanced Encryption Standard (AES)

  20. Security using Secret Key Cryptography • Privacy: secret key renders messages confidential • Integrity: alteration of the cyphertext will be detected, because the decrypted message will be gibberish • When privacy is not required, encryption of the entire message is overkill because much processing involved • We will see that cryptographic checksums provide integrity and require less processing

  21. Authentication using Secret Key Cryptography John to Jane, “let’s talk” r Receiver (Jane) Sender (John) Ek(r) r´ Ek(r´) • Reply with challenge that contains random number r, nonce = number once • Apply secret key to decrypt message. If decrypted number is r then the transmitter is authenticated • Send message identifying self • Send response with encrypted r • Can now authenticate receiver by issuing a challenge

  22. Cryptographic Checksums and Hashes CrytoChk Message • Transmitter calculates a fixed number of bits (crypto checksum/hash) that depends on secret key K: HK(P) • Receiver recalculates hash from received message & compares to received hash Message P P Crypto Checksum Calculator HK(P) K

  23. What makes a Good Hash? • To be secure, it must be very difficult to find a message that generates a given hash • If not difficult, an attacker could produce a message and corresponding hash that would be accepted as valid • Suppose message is M bits long and hash is m bits long, and m<<M • For each given hash value there are 2M/m messages that give that hash • How long does it take to find a match? • Probability that a random message generates given hash is 2-msince there are 2m hashes • Mean # tries to find given hash is: 2m

  24. Example • M = 1000, m = 128 • Number of possible messages: 21000 • Number of possible hashes: 2128 • For each hash value there are 21000/2128 = 2872 messages that generate the hash • A randomly selected message produces a desired hash value with probability 2-128 • If each attempt requires 1 microsecond, time to find matching message to a hash is: 2128x1 microsecond = 225 years

  25. Some Hashing Algorithms • Message Digest 5 (MD5) • Pad message to be multiple of 512 bits • Initialize 128 buffer to given value • Modify buffer content according to next 512 bits • Repeat until all blocks done • Buffer holds 128 bit hash • Keyed MD5 • Pad message to be multiple of 512 bits • Attach and append secret key to padded message prior to performing hash function • Could also append/attach other information such as sender ID • Secure Hash Algorithm 1 (SHA-1) • Produce a 160-bit hash; more secure than MD5 • Keyed version available

  26. Hashed Message Authentication Code Method • HMAC improves strength of a hash code • Pad secret key with zeros to length of 512 bits and X-OR with 64 repetitions of 00110110 • Pad message to multiple of 512 bits • Calculate hash of padded key followed by padded message, 128 bits for MD5, 160 bits for SHA-1 • Pad hash to 512 bits • Pad secret key with zeros to 512 bits and X-OR with 64 repetitions of 01011010 • Calculate hash of padded key and padded hash • Result is final hash

  27. Encryption Decryption C = EK1(P) P Ciphertext Plaintext P DK2(.) EK1(.) Private key K2 Public key K1 Public Key Cryptography • Public key cryptography provides privacy using two different keys: • Public key K1 available to all for encrypting messages to a certain user: C = EK1(P) • Private key K2 for user to decrypt messages: P = DK2(EK1(P))

  28. What makes a good public key algorithm? • EK1 and DK2should be readily implementable • Inverse relationship should hold: • P = DK2(EK1(P)) and sometimes P = EK1(DK2(P)) • K1 is a relatively small number of bits and K2 is usually a large number of bits • It is extremely difficult to decrypt EK1(P) without K2 • It should not be possible to deduce K2 from K1 • Example: RSA public key cryptography (discussed later)

  29. Integrity using Public Key Cryptography • Integrity: • Any one can send messages using public key, so integrity not assured directly • For integrity, transmitter: • encodes P with its private key K2΄ to obtain P΄ = DK2΄ P) • encodes P΄ using receiver’s public key: C = EK1(P΄) • Receiver: • decrypts C, DK2(EK1(P΄)) = P΄ • decrypts P΄ using transmitters public key, EK1΄(DK2΄(P)) = P • Only the transmitter could have sent this message.

  30. Receiver Sender Authentication using Public Key Cryptography • Transmitter identifies itself • Receiver sends a nonce encoded using the sender’s public key in a challenge message • Transmitter uses its private key to recover the nonce, and it returns the unencrypted nonce • Only the holder of the private key can find the nonce John to Jane, “let’s talk” EK1(r) r

  31. Digital Signatures using Public Key Cryptography • Digital signatures provide nonrepudiation • User “signs” a message that cannot be repudiated • Digital signature obtained as follows: • Transmitter obtains a hash of the message • Transmitter encrypts the hash using its private key; result is the digital signature • Transmitter sends message and signature • To check the signature: • Receiver obtains hash of message • Receiver decrypts signature using sender’s public key • Receiver compares hash computed from message and hash obtained from signature • Procedure also ensures message integrity

  32. Secret Key vs. Public Key • Public key systems have more capabilities • Secret key: privacy, integrity, authentication • Public key: all of above + digital signature • Public key algorithms are more complex • Require more processing and hence much slower than secret key • Practice: • Use public key method during session setup to establish a session key • Use secret key cryptography during session using the session key

  33. Example: Pretty Good Privacy (PGP) • PGP developed by Phillip Zimmerman to provide secure email • http://www.philzimmermann.com/index.shtml • http://www.pgpi.org • Notorious for becoming publicly available for download over Internet in violation of US export restrictions • Uses public key cryptography to provide • Privacy, integrity, authentication, digital signature • De facto standard for email security • Also provides privacy and integrity for stored files

  34. Key Distribution in Secret Key Systems • Every pair of users requires a separate shared secret key • N(N – 1) keys for N users; Grows quickly with N • Similar to full-mesh connections for N users • Solution: Introduce Key Distribution Centers • Each users has shared key with the KDC • User A has shared key KKA with KDC • User B has shared key KKB with KDC • KDC provides shared key when A & B need to communicate

  35. B A challenge KDC response D C request EKA(KAB), EKB(KAB) EKB(KAB) Key Distribution Center • User A contacts the KDC to request a key for use with user B. • KDC: • Authenticates user A • Selects a key KAB and encrypts it to produce EKA(KAB) and EKB(KAB). • KDC sends both versions of the encrypted key to A. • User A contacts user B and provides a ticket in the form of EKB(KAB) • Users A & B both have KAB

  36. Example: Kerberos • Kerberos: authentication service for users to access servers over network • KDC has secret key with every user • At login, user supplies ID and password • KDC authenticates user & generates session key • Session key & ticket-granting ticket (TGT) is sent to user encrypted using shared secret key • To access a particular server, user sends request to KDC with server name and TGT • KDC decrypts TGT to recover session key & then returns ticket to client for desired server

  37. Key Distribution in Public Key Systems • In public key only one pair of keys per user • Key distribution problem: How to determine whether an advertised public key is not from an imposter? • Certification Authority (CA) • Issues digitally signed certificate that provides • User’s name & public key • Certificate serial #, expiration date • Certificates can be stored in publicly accessible directories • To communicate with B, a user contacts the CA to obtain the certificate for B • Users are configured to have the CA’s public key, which they use to verify the digital signature

  38. T = gx Receiver B Transmitter A R = gy K = Tymod p = gxymod p K = Rxmod p = gxymod p Key Generation: Diffie-Hellman Exchange • Generate keys instead of distributing keys • Diffie-Hellman exchange to create a shared key • A & B pick p a large prime #, and generator g < p • A picks x and sends T = gx to B; B picks y and sends R = gy • Secret key is K = (gx)y = (gy)x which are calculated by A & B • Eavesdropper that obtains p, g, T, R cannot obtain x and y because x = logT and y = logR are extremely difficult to solve

  39. T T' Man in the middle C Receiver B Transmitter A R R' K2 = T´y K1 = R´x = gxy´ K1 = T y´ = gxy´ K2 = R x´ = gx´ y = gx´ y Man-in-the-Middle Attack • An intruder C can interpose itself between A & B • C establishes a shared key K1 with A and a shared key K2 with B • C can then intercept, decipher, and re-encrypt all communications • Need mutual authentication between A & B • Alternative: Community agrees on g & p; users publish their T, R, …

  40. Diffie-Hellman Complexity • Diffie-Hellman exchange involves computation of powers of large numbers • Large number of multiplications implies heavy computational burden • Susceptible to denial-of-service attacks

  41. Chapter 11Security Protocols Network Security Protocols

  42. Internet Direct Connections to Internet • Computers A & B communicate across the Internet • Exposure to eavesdropping, imposters, DoS • Can encrypt some transmitted information • But IP headers need to be visible to routers & hence others • Eavesdropper can gather variety of usage information & deduce nature of interaction • Choice of which layer to apply security: IP, transport, or application layer B A

  43. Internet Gateway-to-Gateway • Computers A and B have gateways interposed between their internal network and Internet • Gateway can be a firewall • Controls external access to internal network • Packet filtering according to various header fields • IP addresses, port numbers, ICMP types, fields within payload • Secure tunnels can be established between gateways • All internal information including headers can be encrypted B A

  44. Internet Remote user to Gateway • Mobile host needs access to internal network • Gateway must provide user with access while barring intruders from accessing internal network • May also need to protect identity of mobile user • IP-address of mobile user changes

  45. Firewall Options • Firewalls can operate at different layers • IP-layer filtering cannot operate on payload contents • Circuit-Level Gateways • Direct client-to-server TCP connections not allowed • Relays TCP segments between actual client & actual server • Application-Level Gateways or Proxies • Interposed between actual client and actual server • Performs authentication and determines what features are available to client • Monitors, filters & relays messages

  46. Protocol Layer Options • Security Services can be provided at different layers of the protocol stack • Data Link Layer security • Point-to-point security between directly-connected devices, e.g. wireless LAN security • IP-Layer security • Security service between IP-layer & Transport layer • End-to-end security across an internet, e.g. IPsec • Transport Layer security • Security service between Transport & Application Layers • E.g. Secure Sockets Layer & Transport Layer Security

  47. Network Security Services • Integrity Service: information received from network has not been altered during transmission • Authentication Service: the receiver can authenticate that information came from purported sender • Privacy Service: information is readable only by intended recipient • In applications that require network security, integrity & authentication essential; privacy not always justified

  48. IP Security (IPsec) . • IPsec defined in RFCs 2401, 2402, 2406 • Provides authentication, integrity, confidentiality, and access control at the IP layer • Provides a key management protocol to provide automatic key distribution techniques. • Security service can be provided between a pair of communication nodes, where the node can be a host or a gateway (router or firewall). • Two protocols & two modes to provide traffic security: • Authentication Header and Encapsulating Security Payload • Transport mode or tunnel mode

  49. Security Association • A Security Association (SA) is a logical simplex connection between two network-layer entities • Two SA’s required for bidirectional secure communication • SA is specified by • A unique identifier • Security services to be used • Cryptographic algorithms to be used • How shared keys will be established • Other attributes such as lifetime • SA negotiated before security service begins

  50. Integrity & Authentication Service • Integrity can be ascertained by sending a cryptographic checksum or hash of message • Authentication also provided if hash covers: • Shared secret key, sender’s identity & message • Fields that are changed while packet traverses Internet are set to zero in calculation of hash • To protect against replay attacks, message should carry a sequence number that is covered by the hash • Receiver accepts a packet only once • Receiver maintains a window of packets it accepts • Receiver recalculates hash and compares to hash in received packet

More Related