1.09k likes | 1.3k Views
4.1 Security in networks 4.1.1 Introduction 4.1.2 Cryptography 4.1.3 Cryptanalysis 4.1.4 Symmetric key 4.1.5 Asymmetric key 4.1.6 Mixed systems. Chapter 4: Virtual Networks. 4.2 Virtual Private Networks, VPN 4.2.1 Introduction 4.2.2 PPTP 4.2.3 L2TP 4.2.4 IPsec 4.2.5 SSL
E N D
4.1 Security in networks 4.1.1 Introduction 4.1.2 Cryptography 4.1.3 Cryptanalysis 4.1.4 Symmetric key 4.1.5 Asymmetric key 4.1.6 Mixed systems Chapter 4: Virtual Networks • 4.2 Virtual Private Networks, VPN • 4.2.1 Introduction • 4.2.2 PPTP • 4.2.3 L2TP • 4.2.4 IPsec • 4.2.5 SSL • 4.3 Virtual Local Area Networks, VLAN Virtual Networks
Chapter 4: Virtual Networks • 4.2 Virtual Private Networks, VPN • 4.2.1 Introduction • 4.2.2 PPTP • 4.2.3 L2TP • 4.2.4 IPsec • 4.2.5 SSL • 4.3 Virtual Local Area Networks, VLAN • 4.1 Security in networks • 4.1.1 Introduction • 4.1.2 Cryptography • 4.1.3 Cryptanalysis • 4.1.4 Symmetric key • 4.1.5 Asymmetric key • 4.1.6 Mixed systems Virtual Networks
Secure channel: Properties: Confidentiality Integrity Authenticity Non-repudiation Introduction Secure channel? Receiver Sender Virtual Networks
Confidentiality: Transmitted info in an insecure channel can only be understood by desired destination/s It must stay unintelligible for the rest Ways of protection: Dedicated physical links High cost Difficult maintenance Cipher Attack e.g.: obtaining data from sender Introduction Virtual Networks
Integrity: Ensures that transmitted info was not modified during the communication process Message in destination must be the same as in source Ways of protection: Digital signature Attack e.g.: modifying the destination address in a product bought on the internet Introduction Virtual Networks
Authenticity: Ensures the source of the info Avoids impersonation Ways of protection: Digital signature Challenge Human authentication Biometric (fingerprint, retina, facial recognition, etc.) Attack e.g.: user impersonation in bank transaction Introduction Virtual Networks
Non-repudiation: Avoid sender’s denial Avoid receiver’s denial Ways of protection: Digital signature Attack e.g.: loss of an application form Introduction Virtual Networks
Insecure channel: Non-reliable Attacks: Violation of channel security Types Passive Active Categories Interception Interruption Modification Fabrication Introduction Virtual Networks
Passive attacks: Attacker does not change the content of the transmitted information Objectives: Entity identification Traffic control Traffic analysis Usual data exchange time detection Difficult to detect Easy to avoid -> encryption Introduction Virtual Networks
Active attacks: Attacker does change the content of the transmitted information Types: Masked (impostor) Repetitive (intercepted msg, repeated later) Msg modification Service denial Difficult to prevent Easy to detect -> detection & recovery Introduction Virtual Networks
Introduction Interception: • Confidentiality attack • Passive • A non-authorized intruder achieves the access to a non-shared resource • E.g: • Traffic capture • Obtaining copies of files or programs Receiver Transmitter Intruder Virtual Networks
Introduction Interruption: • Destruction of a shared resource • Active • E.g: • Destruction of hardware • Communication breakdown Receiver Transmitter Intruder Virtual Networks
Introduction Modification: • A non-shared resource is intercepted & modified by a non-authorized host before arriving to its final destination • Active • E.g: • Change in sent data Receiver Transmitter Intruder Virtual Networks
Introduction Fabrication: • Authenticity attack • Active • Non-authorized host (impostor) generates a resource that arrives to the final destination • E.g: • Fraud information Receiver Transmitter Intruder Virtual Networks
Chapter 4: Virtual Networks • 4.2 Virtual Private Networks, VPN • 4.2.1 Introduction • 4.2.2 PPTP • 4.2.3 L2TP • 4.2.4 IPsec • 4.2.5 SSL • 4.3 Virtual Local Area Networks, VLAN • 4.1 Security in networks • 4.1.1 Introduction • 4.1.2 Cryptography • 4.1.3 Cryptanalisis • 4.1.4 Symmetric key • 4.1.5 Asymmetric key • 4.1.6 Mixed systems Virtual Networks
Introduction: Why? Way of protecting information against intruders (encryption & digital signatures) Definition Science of secret writing, for hiding information from third parties Principle Keeping privacy between two or more communication elements Cryptography Virtual Networks
Introduction: Functioning basis Altering original msg to avoid the access to the information of any non-authorized party E.g Original msg: “This lecture is boring” Altered msg: “Wklv ohfwxuh lv erulqj” Caesar cipher (K=3) Cryptography Virtual Networks
Cipher: Mechanism that converts a plain msg in an incomprehensible one Cipher algorithm needs a key Cryptography Decipher: • Mechanism that converts an incomprehensible msg in the original one • Necessary to know the used cipher algorithm and the key Virtual Networks
Cryptography Introduction: • Functioning scheme Receiver Transmitter cipher decipher Virtual Networks
Chapter 4: Virtual Networks • 4.2 Virtual Private Networks, VPN • 4.2.1 Introduction • 4.2.2 PPTP • 4.2.3 L2TP • 4.2.4 IPsec • 4.2.5 SSL • 4.3 Virtual Local Area Networks, VLAN • 4.1 Security in networks • 4.1.1 Introduction • 4.1.2 Cryptography • 4.1.3 Cryptanalisis • 4.1.4 Symmetric key • 4.1.5 Asymmetric key • 4.1.6 Mixed systems Virtual Networks
Introduction: Definition Set of methods used to guess the key used by the elements of communication Objective Reveal the secret of communication Attacks Brute force attack (most common) Types: Ciphertext-Only Attack Known Plaintext Attack Chosen Plaintext Attack Cryptanalysis Virtual Networks
Chapter 4: Virtual Networks • 4.2 Virtual Private Networks, VPN • 4.2.1 Introduction • 4.2.2 PPTP • 4.2.3 L2TP • 4.2.4 IPsec • 4.2.5 SSL • 4.3 Virtual Local Area Networks, VLAN • 4.1 Security in networks • 4.1.1 Introduction • 4.1.2 Cryptography • 4.1.3 Cryptanalisis • 4.1.4 Symmetric key • 4.1.5 Asymmetric key • 4.1.6 Mixed systems Virtual Networks
Features: Private key Transmitter & Receiver share the same key Symmetric Key Receiver Transmitter cipher decipher Virtual Networks
Algorithms: DES, 3DES, RC5, IDEA, AES Requirements: Neither plaintext nor the key may be extracted from the msg The cost in time & money of obtaining the information must be higher than the value of the obtained information Algorithm strength: Internal complexity Key length Symmetric Key Virtual Networks
Symmetric Key Accomplished objectives: • Confidentiality • Integrity • Authentication • Non repudiation • Depending on the number of parties sharing the secret key Virtual Networks
Advantages: Algorithm execution rate Best method to cipher great pieces of information Disadvantages: Distribution of private key Key management The number of used keys is proportional to the number of used secure channels Symmetric Key Virtual Networks
Chapter 4: Virtual Networks • 4.2 Virtual Private Networks, VPN • 4.2.1 Introduction • 4.2.2 PPTP • 4.2.3 L2TP • 4.2.4 IPsec • 4.2.5 SSL • 4.3 Virtual Local Area Networks, VLAN • 4.1 Security in networks • 4.1.1 Introduction • 4.1.2 Cryptography • 4.1.3 Cryptanalisis • 4.1.4 Symmetric key • 4.1.5 Asymmetric key • 4.1.6 Mixed systems Virtual Networks
Asymmetric Key Tx private Tx public Rx private Features: • Public Key • Every party has got a pair of keys (private-public) Rx public Receiver Transmitter cipher decipher Virtual Networks
Algorithms: Diffie-Hellman, RSA, DSA Requirements: Neither plaintext nor the key may be extracted from the msg The cost in time & money of obtaining the information must be higher than the value of the obtained information For an public-key encrypted text, there must be only a private key capable of decrypt it, and viceversa Asymmetric Key Virtual Networks
Asymmetric Key Accomplished objectives: • Confidentiality • Integrity • Authentication • Offers very good mechanisms • Non repudiation • Offers very good mechanisms Virtual Networks
Advantages: No problems for key distribution -> public key In case of the steal of a user’s private key, only the msgs sent to that user are involved Better authentication mechanisms than symmetric systems Disadvantages: Algorithm execution rate Asymmetric Key Virtual Networks
Authentication: Challenge-response Digital signature Digital certificate Non repudiation: Digital signature Digital certificate Asymmetric Key Virtual Networks
Asymmetric Key Tx private Tx public Rx private Rx public Challenge-response: • Send of a challenge in clear text. Its response is only known by the transmitter • The transmitter sends a private-key ciphered response Receiver Transmitter cipher decipher Virtual Networks
Asymmetric Key Tx private Tx public Rx private Digital signature: • Verifies source authenticity • Parts • Signature (transmitter) • Signature verification (receiver) Rx public Receiver Transmitter Signature verification Virtual Networks
Asymmetric Key Tx private Tx public Rx private Digital signature: • Problem: Process is slow • Use of fingerprint Rx public Receiver Transmitter Virtual Networks
Digital signature - fingerprint: Reduces encryption time Hash function Turns a variable length set of data in a summary or fingerprint. A fingerprint has a fixed length and it is illegible and nonsense Irreversible Algorithms SHA-1, MD5 Requirements Capability of turning variable length data in fixed length blocks Easy to use and implement Impossible to obtain the original fingerprint text Different texts must generate different fingerprints Problem: Key management Asymmetric Key Virtual Networks
Digital certificate: Information unit containing a pair of public-private keys, together with the necessary information to allow the owner for secure communications Contents: Public key Private key (if owner) Owner information Useful information (algorithms, allowed functions, ...) Valid-from Certificate Authority signatures Revocation is possible Asymmetric Key Virtual Networks
Chapter 4: Virtual Networks • 4.2 Virtual Private Networks, VPN • 4.2.1 Introduction • 4.2.2 PPTP • 4.2.3 L2TP • 4.2.4 IPsec • 4.2.5 SSL • 4.3 Virtual Local Area Networks, VLAN • 4.1 Security in networks • 4.1.1 Introduction • 4.1.2 Cryptography • 4.1.3 Cryptanalisis • 4.1.4 Symmetric key • 4.1.5 Asymmetric key • 4.1.6 Mixed systems Virtual Networks
Mixed systems Tx private Tx public Rx private Rx public Session keys: • Process • Session Key distribution (asymmetric) • Secure communication (symmetric) Session key Receiver Transmitter Virtual Networks
Mixed systems Tx private Tx public Rx private Rx public Session keys: • Process • Session Key distribution (asymmetric) • Secure communication (symmetric) Session key Receiver Transmitter Virtual Networks
Mixed systems Accomplished objectives: • Confidentiality • Integrity • Authentication • Non repudiation • Use of digital signatures & certificates Virtual Networks
Advantages: No problems for key distribution -> public key Improbable to guess session key May use public key authentication & non-repudiation mechanisms Algorithm execution rate Mixed systems Virtual Networks
Chapter 4: Virtual Networks • 4.2 Virtual Private Networks, VPN • 4.2.1 Introduction • 4.2.2 PPTP • 4.2.3 L2TP • 4.2.4 IPsec • 4.2.5 SSL • 4.3 Virtual Local Area Networks, VLAN • 4.1 Security in networks • 4.1.1 Introduction • 4.1.2 Cryptography • 4.1.3 Cryptanalisis • 4.1.4 Symmetric key • 4.1.5 Asymmetric key • 4.1.6 Mixed systems Virtual Networks
Virtual Private Networks Introduction: • Interconnection of users & entities • Dedicated line (intranets) • Expensive • Difficult to manage • Use os public access network • Security risks LAN Public network Virtual Networks
Virtual Private Networks Concept: • VPN: Private data channel implemented upon a public communication network • Objectives: • Linking remote subnetworks • Linking subnetworks & remote users • Use of virtual tunnel with encryption Virtual tunnel LAN Public network Virtual Networks
Requirements: Authentication & identity verification Virtual IP address range management Data cipher Management of digital certificates and public and private keys Support for many protocols Virtual Private Networks Virtual Networks
Types: Hardware-based systems optimized specific designs Very secure and simple High performance High cost Additional services (firewalls, intruder detectors, antivirus, etc.) Cisco, Stonesoft, Juniper, Nokia, Panda Security Software-based systems Virtual Private Networks Virtual Networks
Advantages: Security & confidentiality Cost reduction Scalability Simple management Compatibility with wireless links Virtual Private Networks Virtual Networks
Elements: Local or private networks Restricted access LAN with pvt IP address range Insecure networks VPN tunnels Servers Routers Remote users (road warriors) Remote offices (gateways) Virtual Private Networks Virtual Networks
Scenarios: P2P LAN - LAN LAN – remote user Virtual Private Networks LAN LAN LAN Virtual Networks