L8. Reviews

1. L8. Reviews Rocky K. C. Chang, May 2011

2. Foci of this course • Understand the 3 fundamental cryptographic functions and how they are used in network security. • Understand the main elements in securing today’s Internet infrastructure. • Exposed to some current Internet security problems.

3. Types of attacks • Passive attacks (eavesdropping), e.g., • ciphertext-only attacks (recognizable plaintext attacks) • Fred has seen some ciphertext. • known-plaintext attacks • Fred has obtained some <plaintext, ciphertext> pairs. • chosen-plaintext attacks • Fred can choose any plaintext he wants. • Active attacks, e.g., • pretend to be someone else (impersonation) • introduce new messages in the protocol • delete existing messages • substituting one message for another • replay old messages

4. Three cryptographic functions • Hash functions: require 0 key • Secret key functions: require 1 key • Public key functions: require 2 keys

6. Symmetric cryptography • Secret key functions • Stream cipher vs block cipher • Symmetric cryptography based on substitution (confusion) and diffusion • 64-bit DES and 128/192/256-bit AES • Secrecy service • Encrypting data of any size: cipher block chaining (CBC) • Security problems with CBC, e.g., identical and nonidentical ciphertext blocks.

8. Cryptographic hash functions and MAC • Hash functions • 3 properties: pre-image resistance, collision resistance, and mixing transformation • The birthday problem and attack • k  1.774q, where q is the number of distinct hash outputs • The length of a secure hash output ≥ 256 bits • Hash function standards (MDx, SHA-x) • 2 problems: length extension and partial message collision • Message authentication codes • A successful attack on MAC • CBC-MAC and HMAC

10. The public-key cryptography • Prime numbers, modulo a prime • A group for the set of numbers modulo a prime p without 0 under multiplication • Compute the multiplicative inverse using the extended Euclid algorithm. • Generate a large prime number. • The Rabin-Miller test determines whether an odd integer is prime. • Each party involved in a public-key cryptographic system is one secret and one public “key”.

11. The Diffie-Hellman (DH) protocol • The DH protocol uses the multiplicative group modulo p, where p is a very large prime. • A generator g generates a set of numbers 1, g, g2, …, gt-1 (gt = 1 again). • Subgroups (t < p-1) and group (t = p-1) • The basic Diffie-Hellman (DH) protocol • (g, p) and a random number in (1, 2, …, p-1) • The discrete logarithm problem • Security problems • Using a smaller subgroup ({1}, {1, p-1}) and a safe prime • Squares and nonsquares • Man in the middle attack

13. The RSA algorithm • In RSA, we perform modulo a composite number n = p  q, where p and q are large primes. • Use 2 different exponents e (public) and d (private), such that e  d = 1 mod t, where t = lcm(p – 1, q – 1). • To encrypt m, compute c = me mod n; to decrypt c, compute cd mod n = m. • To sign m, compute s = m1/e mod n; to verify the signature, compute se = m mod n. • Choices of e, p, and q • Pitfalls of using RSA, e.g., encrypting a small message, message signing.

15. Authentication • Network-based, password-based • Cryptographic authentication • Symmetric and asymmetric • Challenge and response • Mutual authentication  2 x one-way authentication. • Reflection attack and man in the middle attack • Principles: • One-way: Have the responder influence on what she encrypts or hashes. • Have both parties have some influence over the quantity signed.

17. Authenticated key exchange • Authenticated Diffie-Hellman exchange • Perfect forward secrecy • Allow both sides to agree on the crypto. algorithms and the DH parameters. • A partial solution to denial-of service attacks using cookies • It is prudent to couple the key exchange with authentication.

19. Secure network protocols in practice

21. PKI • Alice generates her public/private key pair. • Keep the private key. • Take the public key to the CA, say k • The CA has to verify that Alice is who she says she is. • The CA then issues a digital statement stating that k belongs to Alice. • There will never be a single CA for all or most of all. • There are going to be a large number of PKIs. • Use different key pairs in different PKIs. • Choose between a key server approach and a PKI approach.

22. IPSec • Unicast, unidirectional security association at the IP layer • Authentication Header and Encapsulation Security Payload • Partial solution to the replay attack • Tunnel mode and transport mode • Encryption without authentication is useless. • Outbound and inbound packet processing

23. IKEv.1 • IKE phase 1 (ISAKMP association) and phase 2 • The main mode consists of 3 message pairs. • 1st pair: ISAKMP SA negotiation • 2nd pair: a D-H exchange and an exchange of nonces • 3rd pair: Peer authentication • The phase 1 is protected with encryption and authentication. • Establish IPSec associations and the necessary keys. • A new issue here is hiding the identities of the end points

24. TLS 1.0/ SSL 3.0 • Pros and cons of providing security services at the transport layer instead of the IP layer. • The TLS Handshake and Record layers. • Session states and connection states • The session states can be reused to establish a new connection. • Server and client authentication

25. Network security is more than the above • Wireless security: IEEE 802.11i, RFID, Bluetooth, IP telephony, etc • Worms and buffer overflow attacks • Denial-of-service and degradation-of-service attacks • Data security • Covert channel, privacy protection

26. Network security is more than the above • Security policies • Operational issues • Human issues • Vulnerability analysis • Auditing • Intrusion detection • System security • Program security • etc

27. “Security is a chain; it’s only as secure as the weakest link.”“Security is not a product; it itself is a process.”Bruce Schneier