7 – Application 6 – Presentation 4 – Transport Network ... · 143.471 Digital Communications 23/05/2007 Network Security Cryptography, Hash Functions & Digital Signatures -

143.471 Digital Communications 23/05/2007

Network Security Cryptography, Hash Functions & Digital Signatures - 1

143.471 Digital Communication Networks143.471 Digital Communication Networks

Network SecurityNetwork Security –– 1, 2 and 31, 2 and 3

Professor Richard Harris

Institute of Information Sciences andTechnology

1 – Physical

2 – Data Link

3 – Network

4 – Transport

5 – Session

6 – Presentation

7 – Application

Network SecurityNetwork Security -- 1/1/22


Presentation Outline

Overview of Identification and Authentication

The importance of identification and Authentication insecure transactions

Cryptography introduction

Cryptography Protocols

Cryptography as a basis for Identification andAuthentication

The Digital Signature

A Secure and Authenticated Communication over anOpen Network



Additional References

[1] Kaufman, Perlman and Speciner, “Network Security”, 2nd

Edition, Prentice Hall, 2002.

[2] Stallings,“Networking Standards: A Guide to OSI, ISDNLAN, and MAN Standards”, (Addison-Wesley), 1993

[3] Stallings,“Networking and InterNetwork Security”,(Prentice Hall), 1995, ISBN 0-13-180050-7

[4] FIPS 186, Digital Signature Standard (DSS).

[5] FIPS 180, Secure Hash Standard (SHS).

[6] ANSI X9.17-1990, American National Standard forFinancial Institution Key Management





Need for Security



Problems for network security

Secrecy: keeping information out of the hands ofunauthorized users.

Authentication: determining whom you are talking tobefore revealing sensitive information or entering abusiness deal.

Non-repudiation: dealing with signature, how do youprove that your customer really placed an electronicorder.

Integrity control: how can you be sure that a messageyou received was really the one sent and not somethingthat a malicious adversary modified in transit orconcocted?



Where in the protocol network doessecurity belong?

Every layer has something to contributePhysical layer, wiretapping can be foiled by enclosingtransmission lines in sealed tubes containing gas at highpressure. Any attempt to drill into a tube will release some gas,reducing the pressure and triggering an alarm.

Data link layer, packets can be encrypted as they leave onemachine and decrypted as they enter another, vulnerable toattacks from within the router. However, link Encryption can beadded to any network easily and often is useful.

In the network layer, firewalls can be installed to keep goodpackets and bad packets out.

In the transport layer, entire connections can be encrypted, endto end, process to process.

Issues such as user authentication and non-repudiation can beonly handled in the application layer.





OSI Security Mechanisms (Controls)

Encipherment

The use of algorithms to transform data into a form that is notreadily intelligible. The transformation and subsequent recoveryof the data depend on an algorithm and one or more encryptionkeys

Authentication exchange

A mechanism intended to ensure the identity of an entity bymeans of information exchange

Digital Signature

Data appended to, or a cryptographic transformation of a dataunit that allows the recipient to prove the source and integrity ofthe data unit and protects against forgery (e.g. by the recipient)

Access control

A variety of mechanisms that enforce access rights to resources



Identification and Authentication(Overview)

One of the first steps towards securing the resources of asystem is the development of the ability to verify the identity ofits users…. Since all users communicate via messages thiscomes down to verifying that messages come from the allegedsource and have not been altered

The process of verifying a user’s identity is typically referred toas user identification and authentication

Identification and Authentication are distinct steps




Identification concerns the manner in which a user provideshis/her unique identity to a system

The identity:

May be (for example), a name or a number (account number)

Must be unique so that the system can distinguish betweendifferent users, or between different classes ofusers…(remember the Control Selection Criteria of “need toknow”)

May describe one individual, more than one individual….someor all of the time

Example

“System Security Officer” is a class identity






Authentication is the process of associating an individual withhis/her unique identity… or that of associating a message with asending entity

An important distinction between Identification andAuthentication:

Identities can be public (but aren’t always)

Authentication information (but not necessarily themethodology) is kept secret and becomes the means by whicha person proves that they are who they say they are

There are three basic means by which an individual mayauthenticate his/her identity



Identification and Authentication(The Three Basic Approaches)

Something the person knows

– password

– combination

– history

– other….

Something the person possesses

– a token or a card

– a key to a lock

– other….

Something the person is(Biometrics)

– Fingerprints

– retinal pattern

– voice pattern

– other….



An Introduction to Cryptography





Cryptography (Introduction)

EncryptionIs a process designed to conceal meaning by changingintelligible messages to unintelligible messages…..

Covers both encypherment and encoding

Encypherment– The translation of individual letters (or tokens) to other letters of

tokens

Encoding– The translation of words or phrases (or groups of tokens) to other

words or phrases

Cryptography relies on two basic componentsAn algorithm (also called a cryptographic methodology)

A Key (one or more)



Cryptography(Example)

Example

In a simple system where letters are substitutedfor other letters

The Key…?

– The chart of paired letters

The Algorithm…?

– Substitution



Cryptography(The Two Basic Types)

There are two basic types of CryptographicSystems

Secret Key (also called symmetric systems)

The same key is used to encrypt and decrypt data

Two or more parties share the key

The key must remain secret

Public Key (also called asymmetric systems)





Cryptography(Secret Key and Public Key)

Secret Key Encryption

EncryptionAlgorithm

DecryptionAlgorithm

PlainText PlainTextCypherText

KeyShared by theparties involved

- Produces output that is dependent on the key

- Powerful enough to defy decryption fromexamination of the cyphertext and/or knowledgeof the algorithm

- Security is dependent on the secrecy of the key

- How do you distribute the key..??

- Key must remain secret

- Reliance on allparties

- Data Encryption Standard (DES)Federal Information ProcessingStandards (FIPS) 46-1

- DES has been widely adoptedby the commercial sector in theU.S.

- Chips available, so low costencryption/decryption isavailable, but accessis restricted



Cryptography(Secret Key and Public Key)

One of the major difficulties with Secret Key systems is thesecure distribution of the Key

Public Key Systems don’t require Key distribution…although you still need keys to encrypt and decrypt

The Public Key algorithms are asymmetric…. That is, youcannot decrypt the message with the same key that you usedto encrypt it.

This system uses key pairs, one to encrypt and one todecrypt…. If you want to receive secure messages then youcan make one key public (otherwise known as the PublicKey)…. and so long as the other key is known only to you,then you will be the only person that can read it

Needless to say, it is a requirement of this type of systemthat you cannot derive one key from the other



Cryptography(Public Key example)

Public Key Encryption

EncryptionAlgorithm

DecryptionAlgorithm

A X

- X places his/her PublicKey (Xp) in an accessibleplace…. and keeps thePrivate Key (Xs) hidden

Directory of Public Keys

Xp

- A obtains X’s public Key,encrypts a message andsends it to X

Xp

PlainText CypherText

- X uses his/her Private Key todecrypt the message

Xs

PlainText

RSA, named after its three creators,Ronald Rivest, Adi Shamir and LenAdlemen

The Digital Signature Standard (DSS)





Cryptography

Some uses

To ensure confidentiality and integrity of information

Public Key is particularly useful when key secrecy is a problem

Public Key can be used to distribute secret keys

To support controls such as authentication (how do I know youare who you say you are)

Other…..

Having set a foundation for cryptographic systems weshall take another look at the important (and related)issue of identification and authentication



Internet Communications andCryptography

The rush towards Internet Related Electronic BusinessActivities

Funds transfer associated with sales

Authorisations

Would you send your Credit Card number over the Internet…??

The Problems of - Identification and Authentication

The Problems of - Security of Information once theSender / Receiver have been authenticated

Interruption

Interception

Modification

Fabrication



Cryptography as a Basis forIdentification & Authentication

Drawbacks of Secret Key Systems

Relies on one or more parties sharing the Secret Key

In practice this means that communication can only occurbetween people with some prior relationship…. (because theymust be entrusted with the Secret Key)

The same key that allows for communication allows any of theparties to create forgeries in the name of others

Public Key Systems Provide a basis for AuthenticationIn RSA each key of a key pair can undo what the other does

If a user can unscramble a message using say, Jack’s PublicKey, then it must have been created in the first place with Jack’sPrivate Key…. This is the basis for Digital Signatures





Transposition Ciphers

Transposition ciphers reorder the letters but don’t disguise them. The cipher iskeyed by a word or phrase not containing any repeated letters. In this example,MEGABUCK is the key. The purpose in the example is to number the columns,column 1 is under the key letter closest to the start of the alphabet.

To break a transposition cipher1. Be aware it is a transposition cipher by looking at the frequency of E, T, A, etc.2. Guess the number of columns by first guessing a word or phrase. Say: “Million dollars”3. The remaining step is to order the columns.



P-Box

Transposition can be implemented with simpleelectrical circuits.

If the 8 bits are designated from top to bottom as

01234567, then

the output of this particular P-box is 36071245

By appropriate internal wiring, a P-box can bemade to perform any transposition and do it atpractically the speed of light, since no computationis involved; just signal propagation

This design follows Kerckhoff’s principle: theattacker knows that the general method ispermuting the bits. What he doesn’t know is whichbit goes where, which is the key.

Inp

utO

utp

ut



Substitution ciphers

In substitution cipher each letter or group of letters is replaced byanother letter or group of letters to disguise it.

For instancea b c d e f g h i j k l m n o p q r s t u v w x y z

Q W E R T Y U I O P A S D F G H J K L Z X C V B N M

Substitution ciphers preserve the order of the plaintext symbols butdisguise them.

The substitution ciphers can be broken by starting out withcounting the relative frequencies of all letters in the ciphertext. Thenone might tentatively assign the most common one to letter e, etc.

The general system of symbol-to-symbol substitution is calledmono-alphabetic substitution





S-Box

Substitutions are performed by S-boxIn the example, the 3-bit input selects oneof the eight lines existing from the firststage and sets it to 1; all the other linesare 0.

The second stage is a P-box.

The third stage encodes the selectedinput line in binary again. With the wiringshown, if the eight octal numbers01234567 were input one after another,the output sequence would be 24506713.In other words, 0 has been replaced by 2and 1 has been replaced by 4.

By appropriate wiring of the P-box insidethe S-box, any substitution can beaccomplished.



One-time pads

1. Choose a random bit string as the key.

2. Then convert the plaintext into a bit string, for exampleby using its ASCII representation.

3. Finally compute the XOR of these two strings, bit by bit.The resulting ciphertext cannot be broken, because in asufficiently large sample of ciphertext, each letter will occurequally often.

The biggest disadvantage is that both sender and receiver mustcarry the pads which greatly reduces their practical utility.



One-time pads

Message 1, “I love you.”

Message 2, “Elvis lives”





Prime Numbers

Prime numbers only have divisors of 1 and self

they cannot be written as a product of other numbers

note: 1 is prime, but is generally not of interest

eg. 2,3,5,7 are prime, 4,6,8,9,10 are not

Prime numbers are central to number theory

List of prime number less than 200 is:2 3 5 7 11 13 17 19 23 29 31 37 41 43 47 53 59 61 67 71 73 79 83 8997 101 103 107 109 113 127 131 137 139 149 151 157 163 167 173179 181 191 193 197 199



Prime Factorisation

To factor a number n involves writing it as a product ofother numbers: n = a × b × c

Note that factoring a number is relatively hard comparedto multiplying the factors together to generate thenumber!

The prime factorisation of a number n is when its writtenas a product of primes

eg. 91=7×13



Relatively Prime Numbers & GCD

Two numbers a, b are relatively prime if they have nocommon divisors apart from 1

eg. 8 & 15 are relatively prime since factors of 8 are 1,2,4,8 and of15 are 1,3,5,15 and 1 is the only common factor

Conversely can determine the Greatest Common Divisorby comparing their prime factorizations and using leastpowers

eg. 300 = 22×31×52 18=21×32

hence GCD(18,300) = 21×31×50 = 6





Fermat's Theorem

ap-1 mod p = 1

where p is prime and gcd(a,p) = 1

Also known as Fermat’s Little Theorem

Useful in public key



Euler Totient Function ø(n) – (1)

When doing arithmetic modulo n, complete set ofresidues is: 0…n-1

Reduced set of residues is those numbers (residues)which are relatively prime to n

eg for n = 10,

complete set of residues is {0,1,2,3,4,5,6,7,8,9}

reduced set of residues is {1,3,7,9}

Number of elements in a reduced set of residues iscalled the Euler Totient Function ø(n)



Euler Totient Function ø(n) – (2)

To compute ø(n) need to count number of elements to beexcluded

In general need prime factorization, but

for p (p is a prime) ø(p) = p -1

for p.q (p and q are primes) ø(p.q) = (p-1)(q-1)

eg.

ø(37) = 36

ø(21) = (3–1)×(7–1) = 2×6 = 12





Generalization of Euler’s theorem

For numbers n = pq where p and q are primes,

akø(n) + 1 = a mod n, for all a < n, as long as k is anon-negative integer.



Digital Signature Standard - DSS(A Brief Introduction)

To reduce costs and increase productivity, many businesses areattempting to transform paper-based systems into automatedelectronic systems.

Unfortunately they generally end up with a Hybrid system… One ofthe culprits is the use of signatures to identify and authenticate aperson

There is a need for a reliable, cost-effective way to replace ahandwritten signature with a digital signature. Like a handwrittensignature, a digital signature can be used to identify andauthenticate the originator of the information.

A digital signature can also be used to verify that information hasnot been altered after it is signed; this provides message integrity.The DSS specifies a Digital Signature Algorithm (DSA) for use incomputing and verifying digital signatures.



Digital Signatures

The Digital Signature Standard is a special version ofPublic Key Cryptography

The Digital Signature Standard can be used to

Identify and Authenticate the originator

Verify that the message has not been altered after it has beensigned

Determine whether playback is occurring

Guard against; interception, Modification and Fabrication

Digital Signature Standard uses the Secure HashAlgorithm to aid in the detection of modification…..

We need to look at Hash functions before we cancontinue





Building Towards StrongAuthentication

The Digital Signature Standard is a special version ofPublic Key Cryptography…… Designed toauthenticate both the sender and the message

The Generate a Digital Signature

The owner of the Private Key applies a one way function(such as the Secure Hash Algorithm [Ref 4]) to the message

This results in a condensed representation of the messageknown as a Message Digest

You can’t get the original message back from the digest

Choosing a different message that digests to the samemessage is difficult

It is this digest which is encrypted with the Private Key



Message Digest

One criticism of signature methods is that they often couple twodistinct functions : authentication and secrecy.

Often authentication is needed but secrecy is not.

Encryption

Protects against passive attack (eavesdropping).

A different requirement is to protect against active attack(falsification of data and transactions).

Protection against such attacks is known as message authentication.

A message digest or MD, is based on a hash function, and it is anauthentication scheme that does not require encrypting the entiremessage, but provides a message authentication function.



Generating a Message Digest

Digest/Hash

Function

N possibleinputs

K possibleoutputs

Message

Apparently random mappingbetween input and output





RSA

Developed soon after the Merkle knapsack algorithm

The three inventors were Ron Rivest, Adi Shamir andLeonard Adleman, 1978

RSA gets its security from the difficulty of factoring apair of large numbers (100 or more digits)



RSA(Generating the keys)

Then randomly choose theencryption key, e, such thate and (p-1)x(q-1) are relativelyprime

Now find the decryption key d(using Euclid’s algorithm) suchthat d is the inverse of e

))1()1((mod

))1()1mod((1

1

qped

wayanotheritputtingor

qpdee and n make up the Public Key.

d is the Private Key

qpn Choose two large primenumbers p and q and find theproduct n



RSA(To Encrypt a Message)

Public Key

n n = pxq where p and q are two primes (p and q must remain secret)e randomly chosen and relatively prime to (p-1)x(q-1)

Private Key

d the inverse of e. That is, e-1 mod ((p-1)x(q-1))

Encrypting

c = me mod n

Decrypting

m = cd mod n





RSA(Example - 1)

The encryption key e must have no factors incommon with..

(p-1) X (q-1) = 46 X 70 = 3220

Choose e (at random) to be 79. In that case:

d = 79-1 mod((p-1)x(q-1)) = 1019

This number was calculated using the extendedEuclidean algorithm

Publish e and n, and keep d secret. Discard p and q.To encrypt the message, m = 6882326879666683.

First break it into small blocks. Three-digit blockswork nicely in this case. The message will beencrypted in six blocks, mi, in which

m1 = 688

m2 = 232

m3 = 687

m4 = 966

m5 = 668

m6 = 3

Choose p = 47 and q = 71.Therefore n = p x q = 3337



RSA(Example - 2)

The first block is encrypted as:..

68879 (mod 3337) = 1570 = c1

Performing the same operation on the subsequentblocks generates an encrypted message::

c = 1570 2756 2714 2276 2423 158

Decrypting the message requires performing thesame exponentiation using the decryption key of1019. So:

15701019 (mod 3337) = 688 = m1.

The rest of the message can be recovered in thismanner



Digital Signatures(The Protocol) - 1

Two people, Jack and Tanya wish to establish a securecommunication across the Internet… They also needtheir communication to be so structured so that both willhave a record that neither can repudiate

The Authentication works like thisJ -> T Hi, are you Tanya?

T -> J Jack, this is Tanya….Ts[ h(Jack, this is Tanya)]

J Use Tanya’s Public Key to obtain the DigestTp[Ts[ h(Jack, this is Tanya)]]

= h(Jack, this is Tanya)

Run the SHA on the Message and compare the result with thereceived Digest. If its the same you know its not been tamperedwith

This process must of course be two ways!





Digital Signatures(The Protocol) - 2

Tanya has sent a messageand signed it…

If Tanya’s Public Key willdecrypt a digest and thatdigest matches the plain textmessage, then Tanya sent thatPlain Text Message

When the digest of a message isencrypted using the sender’s privatekey and is appended to the originalmessage, the result is known as thedigital signature of the message.

What are the odds of being able tochange the Plain Message tosomething “malicious” but which willstill digest to the same value.?

That is, so that the receiver thinksthat the modified plaintext messagecame from Tanya



Certificates(Key Management)

Before two parties use public-keycryptography to conduct business, eachwants to be sure that the other party isauthenticated.

Before Jack accepts a message withTanya’s digital signature, he wants to besure that the public key belongs toTanya and not to someonemasquerading as Tanya on an opennetwork.

One way to be sure that the public keybelongs to Tanya is to receive it over asecure channel directly from Tanya.However, in most circumstances thissolution is not practical.

After all, I could have placed myPublic Key on the Network,whilst pretending to be Tanya

Where?

How can you besure that it was

Tanya who put itthere?



Certificates - 1

Whilst it can be proved whetherTanya sent the message or not… Youcan still be fooled by a masqueraderunless you know that the Public Keythat you think is Tanya’s does reallybelong to Tanya

How do you distribute Public Keys ina way that you know that a particularPublic Key belongs to a particularperson..??

An object called a certificate is beingdeveloped to solve this problem. Ithas in it at least the followinginformation:

The Certificate Issuer’s ID

Who this Certificate is for

The person’s Public Key

Expiry Date

The Certificate Issuer’sDigital Signature





A More Complete and PreciseCertificate Definition(X.509)

Certificate ::= SIGNED { SEQUENCE {version Version DEFAULT v1,serialNumber CertificateSerialNumber,signature AlgorithmIdentifier,issuer Name,validity Validity,subject Name,subjectPublicKeyInfo SubjectPublicKeyInfo,issuerUniqueIdentifier IMPLICIT UniqueIdentifier OPTIONAL,

-- if present, version must be v2subjectUniqueIdentifier IMPLICIT UniqueIdentifier OPTIONAL

-- if present, version must be v2 -- }}

This (incomplete) definition is in ASN.1 (Abstract Syntax Notation 1).See ITU-T Recommendation X.208

Validity ::= SEQUENCE {notBefore UTCTime,notAfter UTCTime }



Certificates(A Summary) - 1

A digital signature cryptographically binds the signed data with aunique private key, which is assumed to be under the exclusivecontrol of the person, cardholder, merchant, financial institution, orCA as appropriate.

The private key is mathematically linked to the public key of the keypair. Assuming that the private key has not been compromised, thedigital signature has the effect of binding the public key to the dataas well.

However, anyone can generate a public/private key pair, and so it isessential that some mechanism be established that binds the publickey to the entity in a trustworthy manner. This is the fundamentalpurpose of a certificate – to bind a public key to a uniquelyidentified entity.



Certificates(A Summary) - 2

Since a bogus Certificate Authority could be set up to createcertificates that would contain information nearly identical to thatcontained in a valid certificate, the signature of the CertificateAuthority itself shall be certified as authentic by a higher levelCertificate Authority.

The only exception to this requirement is the industry rootCertificate Authority.

This is the only directly trusted Certificate Authority.





Using Digital Signatures andCertificates

The Authentication works like this:

J -> T Hi, are you Tanya?

T -> J Jack, this is Tanya, Here is my certificate issued byCertification Authority 1, (Tanya<<CA1)

J Examine Certificate...Determine it’s validity by examining theIssuer’s signature...Get the Public Key that has been bound toTanya…..Now ask Tanya to prove her identity

J -> T Prove it

T -> J Jack, this is Tanya….Ts[Digest(Jack, this is Tanya)]

J Use Tanya’s Public Key to obtain the DigestRun the Hash on the Message and compare the result with thereceived Digest.If its the same you know its not been tampered with…



Summarising a Secure &Authenticated Transaction(Steps 1,2,3,4 and 5 Encryption)

1. Tanya runs the Message througha one-way algorithm to producethe message digest..

2. She then encrypts the messagedigest with her private key toproduce the digital signature.

3. Next, she generates a randomsymmetric key and uses it toencrypt the Message, hersignature and a copy of hercertificate, which contains herpublic signature key.

To decrypt the propertydescription, Bob will require asecure copy of this randomsymmetric key.

RS[(Msg), Ts[H(Msg)], (Tanya<<CA1)]

MessageDigest = H(Msg)

Digital Signature = Ts[ H(Msg)]

Random Symmetric Key = RS




4. Bob’s certificate, which Tanyamust have obtained prior toinitiating securecommunication with him,contains a copy of his publickey-exchange key.

To ensure secure transmissionof the symmetric key, Tanyaencrypts it using Bob’s publickey-exchange key. Theencrypted key, referred to asthe digital envelope, will besent to Bob along with theencrypted message itself.

Digital Envelope = Bp[RS]

Bp = The KeySection of (Bob<<CA2)]






5. Tanya sends a message to Bobconsisting of the following: thesymmetrically encryptedMessage, signature andcertificate, as well as theasymmetrically encryptedsymmetric key (the digitalenvelope).

RS[(Msg), Ts[H(Msg)], (Tanya<<CA1)]+Bp[RS]

Digital Envelope



Summarising a Secure &Authenticated Transaction(Steps 6,7,8,9 and 10 - Decryption)

6 Bob receives the messagefrom Tanya and decrypts thedigital envelope with hisprivate key-exchange key toretrieve the symmetric key.

7 He uses the symmetric keyto decrypt the propertydescription, Tanya’ssignature, and hercertificate.

8 He decrypts Tanya’s digitalsignature with her publicsignature key, which heacquires from her certificate.This recovers the originalmessage digest of theproperty description.

RS[(Msg), Ts[H(Msg)], (Tanya<<CA1)] + Bp[RS]

RS = Bs[Bp[RS]]

[(Msg), Ts[H(Msg)], (Tanya<<CA1)]= RS[RS[(Msg), Ts[H(Msg)], (Tanya<<CA1)]]

Tp = The KeySection of (Tanya<<CA1)]

H(Msg) = Tp [Ts[H(Msg)]],




9 He runs the Messagethrough the same one-way algorithm used byTanya and produces anew message digest ofthe decrypted propertydescription.

[(Msg), Ts[H(Msg)], (Tanya<<CA1)]

H(Msg) generated by Bob from the Message






10 Finally, he compares hismessage digest to theone obtained fromTanya’s digital signature.

H(Msg) generated by Bob from the Message

H(Msg) = Tp [Ts[H(Msg)]],

Compare

Yes

If they are exactly the same, he confirmsthat the message content has not beenaltered during transmission and that it wassigned using Tanya’s private signature key.

If they are not the same,then the message eitheroriginated somewhereelse or was altered afterit was signed. In thatcase, Bob takes someappropriate action suchas notifying Tanya ordiscarding the message.

SameNo



Digital Signatures - The Future

Extensive activity to set up systems that will allow worldwide business transactions over the Internet…. See“SET” standard

Governments (in particular the US Government) areproviding legislative frameworks for CertificationHierarchies

Digital Signature technology and its uses will explode…..



Definition of Terms - 1(Source: X.509)

Authentication Token(Token): Information conveyedduring a strong authenticationexchange, which can be used toauthenticate its sender.

User Certificate; Certificate: Thepublic keys of a user, together withsome other information, renderedunforgeable by encipherment withthe private key of the certificationauthority which issued it.

Certification Authority: An authoritytrusted by one or more users tocreate and assign certificates.Optionally the certification authoritymay create the users’ keys.

Certification Path: An orderedsequence of certificates of objects inthe DIT which, together with thepublic key of the initial object in thepath, can be processed to obtain thatof the final object in the path.

Cryptographic System,Cryptosystem: A collection oftransformations from plain text intociphertext and vice versa, theparticular transformation(s) to beused being selected by keys. Thetransformations are normally definedby a mathematical algorithm.






Hash Function: A (mathematical)function which maps values from alarge (possibly very large) domaininto a smaller range. A “good” hashfunction is such that the results ofapplying the function to a (large) setof values in the domain will be evenlydistributed (and apparently atrandom) over the range.

One-way Function: A (mathematical)function f which is easy to compute,but which for a general value y in therange, it is computationally difficult tofind a value x in the domain such thatf(x) = y. There may be a few values yfor which finding x is notcomputationally difficult.

Public Key: (In a public keycryptosystem) that key of a user’skey pair which is publicly known.

Private Key; Secret Key(In a public key cryptosystem)that key of a user’s key pairwhich is known only by that user.

Simple Authentication:Authentication by means ofsimple password arrangements.

Security Policy:The set of rules laid down by thesecurity authority governing theuse and provision of securityservices and facilities.




Strong Authentication:Authentication by means ofcryptographically derivedcredentials.

Trust:Generally, an entity can be saidto “trust” a second entity when it(the first entity) makes theassumption that the secondentity will behave exactly as thefirst entity expects. This trustmay apply only for some specificfunction.

The key role of trust in theauthentication framework is todescribe the relationshipbetween an authenticating entityand a certification authority; anauthenticating entity shall becertain that it can trust thecertification authority to createonly valid and reliablecertificates.

Certificate Serial Number:An integer value, unique withinthe issuing CA, which isunambiguously associated with acertificate issued by that CA.



Notation - 1(Source: X.509)

Notation Meaning

Xp Public key of a user X.

Xs Private key of X.

Xp[I] Encipherment of some information, I, using the public key of X.

Xs[I] Encipherment of I using the private key of X.

X{I} The signing of I by user X. It consists of I with an enciphered summary appended.

CA(X) A certification authority of user X.

CAn(X) (Where n>1): CA(CA(...n times...(X)))

X1«X2» The certificate of user X2 issued by certification authority X1.





Notation - 2(Source: X.509)

X1«X2» X2«X3» A chain of certificates (can be of arbitrary length), where each item is the certificate for thecertification authority which produced the next. It is functionally equivalent to the followingcertificate X1«Xn+1». For example, possession of A«B»B«C» provides the same capability asA«C», namely the ability to find out Cp given Ap.

X1p • X1«X2» The operation of unwrapping a certificate (or certificate chain) to extract a public key. It is an infixoperator, whose left operand is the public key of a certification authority, and whose right operandis a certificate issued by that certification authority. The outcome is the public key of the userwhose certificate is the right operand. For example:

Ap • A«B» B«C»

denotes the operation of using the public key of A to obtain B’s public key, Bp, from its certificate,followed by using Bp to unwrap C’s certificate. The outcome of the operation is the public key ofC, Cp.

AB A certification path from A to B, formed of a chain of certificates, starting with CA(A)«CA2(A)»and ending with CA(B)«B».

NOTE – In the table, the symbols X, X1, X2, etc., occur in place of the names of users, while the symbol I occurs in placeof arbitrary information.



Likelihood and Costs of Network SecurityThreats



Common Security Threats

Virus infection – most likely event

Unauthorized accessBy internal and external hackers

High cost to recover (both in $ and publicity)

Device failure (not necessarily by a malicious act)

Device theft, Natural Disaster

Denial of Service attacks

External attacks blocking access to the network

Big picture messages:Viruses: most common threat with a fairly high cost

Unauthorized access by employees: greater threat





Identify and Document Controls

Identify current in-place controls and list them in the cellfor each asset and threat

For each asset and the specific threat

Describe each control that

– Prevents,

– Detects and/or

– Corrects that threat

Place each control and its role in a numeric list (without anyranking)

Place the number in the cell (in the control spreadsheet)

– Each cell may have one or more controls



Business Continuity Planning

Make sure that organization’s data and applications willcontinue to operate even in the face of disruption,destruction, or disaster

Continuity Plan includesDevelopment of controls

To prevent these events from having a major impact

Disaster recovery plan

To enable the organization to recover if a disaster occurs



Specifics of Continuity Plan

Preventing Disruption, Destruction, and Disaster

Using Redundant Hardware

Preventing Natural Disaster

Preventing Theft

Preventing Viruses

Preventing Denial of Service

Detecting Disruption, Destruction, and Disaster

Correcting Disruption, Destruction, and DisasterDisaster Recovery Plan

Disaster Recovery Outsourcing





Using Redundant Hardware

A key principal in preventing disruption, destruction anddisaster

Examples of components that provide redundancy

Uninterruptible power supplies (UPS)

A separate battery powered power supply

Can supply power for minutes or even hours

Fault-tolerant servers (with redundant components)

Disk mirroring

A redundant second disk for every disk on the server

Every data on primary disk is duplicated on mirror

Disk duplexing (redundant disk controllers)

Can apply to other network components as wellCircuits, routers, client computers, etc.,



Preventing Natural Disasters

More difficult to do

Since the entire site can be destroyed by a disaster

Fundamental principle:

Decentralize the network resources

Store critical data in at least two separate locations (in differentpart of the country)

Best solution

Have a completely redundant network that duplicates everynetwork component, but in a different location

Other stepsDepend on the type of disaster to be prevented

Flood: Locate key components away from riversFire: Install Halon fire suppression system



Preventing Theft

Security plan must include:

An evaluation of ways to prevent equipment theft

Procedures to execute the plan

Equipment theft

A big problem

About $1 billion lost each year to theft of computersand related equipment

Attractive good second hand market

Making the m valuable to steal





Preventing Computer Viruses

Viruses (Macro viruses)

Attach themselves to other programs (documents) and spreadwhen the programs are executed (the files are opened)

Worms

Special type of virus that spread itself without humanintervention (copies itself from computer to computer)

Anti-virus software packages

Check disks and files to ensure that they are virus-free

Incoming e-mail messages

Most common source of viruses

Attachments to e-mails to be checked for viruses

Use of filtering programs that ‘clean’ incoming e-mail



Preventing Denial of Service Attacks

DoS attacks

Network disrupted by a flood of messages (prevents messages fromnormal users)

Flooding web servers, email servers

Distributed DoS (DDoS)

Places DDoS agents into many computers

Controls them by DDoS handler

Example: Issues instructions to computers to send simultaneous messagesto a target computer

Difficult to prevent DoS and DDoS attacks

Setup many servers around the world

Use Intrusion Detection Systems

Require ISPs to verify that all incoming messages have valid IPaddresses



Detecting Disruption, Destruction,Disaster

Recognize major problems quickly

Involves alerting network managers to problems forcorrective actions

Requires clear procedures describing how to report problemsquickly

Detecting minor disruptionsMore difficult

Bad spots on a drive remaining unnoticed until it is checked

Requires ongoing monitoring

Requires fault information be routinely logged





Disaster Recovery Plans (DRPs)

Identify clear responses to possible disasters

Provide for partial or complete recovery of

All data, Application software,

Network components, and Physical facilities

Includes backup and recovery controls

Make backup copies of all data and SW routinely

Encrypt them and store them offsite

Should include a documented and tested approach to recovery

Include Disaster Recovery Drills

Should address what to do in situations like

If the main database is destroyed

If the data centre is destroyed, how long



Elements of a DRP

Names of responsible individuals

Staff assignments and responsibilities

List of priorities of “fix-firsts”

Location of alternative facilities

Recovery procedures for data communications facilities,servers and application systems

Actions to be taken under various contingencies

Manual processes

Updating and Testing procedures

Safe storage of data, software and the disaster recoveryplan itself



Two-Level DRPs

Level 1:

Build enough capacity and have enough spare equipment

To recover from a minor disaster (e.g., loss of a major server orportion of the network)

Could be very expensive

Level 2:Rely on professional disaster recovery firms

To provide second level support for major disasters





Disaster Recovery Firms

Offer a range of services

Secure storage for backups

A complete networked data center that clients can use indisasters

Complete recovery of data and network within hours

Expensive, used by large organizationsMay be worthwhile when millions of dollars of lost revenue maybe at stake



Controlling Unauthorized Access

Types of intruders

Casual intruders

With Limited knowledge (“trying doorknobs”)

Script kiddies: Novice attackers using hacking tools

Security experts (hackers)

Motivation: the thrill of the hunt; show off

Crackers: hackers who cause damage

Professional hackers (espionage, fraud, etc)

Breaking into computers for specific purposes

Organization employees

With legitimate access to the network

Gain access to information not authorized to use



Preventing Unauthorized Access

Requires a proactive approach that includes routinelytesting the security systems

Best rule for high security

Do not keep extremely sensitive data online

Store them in computers isolated from the network

Security Policy

Critical to controlling risk due to access

Should define clearly

Important assets to be safeguarded and Controls needed

What employees should do

Plan for routinely training employees and testing security controlsin place





Elements of a Security Policy

Names of responsible individuals

Incident reporting system and response team

Risk assessment with priorities

Controls on access points to prevent or deterunauthorized external access

Controls within the network to ensure internal userscannot exceed their authorized access

An acceptable use policy

User training plan on security

Testing and updating plans



Aspects of Preventing UnauthorizedAccess

Securing the Network Perimeter

Securing the Interior of the networkMost ignored aspects

“candy security” – security without this aspect

“crunchy outside, soft and chewy inside”

Authenticating usersTo make sure only valid users are allowed into the network



Securing Network Perimeter

Basic access points into a network

LANs inside the organization

Dial-up access through a modem

Internet (most attacks come in this way)

Basic elements in preventing accessPhysical Security

Dial-in security

Firewalls and

Network Address Translation (NAT) Proxy servers





Physical Security

Means preventing outsiders from gaining access intooffices, server rooms, equipment

Secure both main and remote facilities

Implement proper access controls to areas where networkequipment is located

Only authorized personnel to access

Each network component to have its own level of physical security

– Have locks on power switches and passwords to disable keyboard andscreens

Be careful about distributed backup and servers

– Good for continuity, but bad for unauthorized access

– More equipment and locations to secure



Personnel Matters

Also important to

Provide proper security education

Perform background checks

Implement error and fraud controls

Reduces the possibility of attackers posing asemployees

Example: Become employed as janitor and use various listeningdevices/computers to access the network

Areas vulnerable to this type of access:Network Cabling

Network Devices



Securing Network Cables

Easiest targets for eavesdropping

Often run long distances and usually not checked regularly

Easier to tap into local cables

Easier to identify individual circuits/channels

Control physical access by employees or vendors toconnectors and cables

Secure local cables behind walls and above ceilings

Keep equipment room locked and alarm controlled

Choose a cable type harder to tapHarder to tap into fiber optic cables

Pressurized cables: generates alarms when cut





Securing Network Devices

Should be secured in locked wiring closets

More vulnerable: LAN devices (controllers, hubs, bridges,routers, etc.,)

A sniffer (LAN listening device) can be easily hooked up to thesedevices

Use secure hubs: requires special code before a new computersare connected



Dial-in Security

Routinely change modem numbers

Use call-back modems & automatic numberidentification (ANI)

Only users dialing in from authorized locations are grantedaccess

User dials-in and logs into his/her account

Modem (at server) hangs-up and dials back user’s modem’sprespecified number

ANI: allows the user to dial in from several prespecified locations

Use one-time only passwords

For traveling employees who can’t use call-back modems andANI



Firewalls

Prevent intruders (by securing Internet connections)

From making unauthorized access and denial of service attacks to your network

Could be a router, gateway, or special purpose computer

Examines packets flowing into and out of the organization’s network

Restricts access to that network

Placed on every connection that network has to Internet

Main types of firewalls

Packet level firewalls (i.e., packet filters)

Application-level firewalls (i.e., application gateway)





Packet Filters

Examines the source and destination address of packetspassing through

Allows only packets that have acceptable addresses to pass

Examines IP Addresses and TCP ports only

Firewall is unaware of applications and what the intruder is trying todo

IP spoofing remains a problem

Done by simply changing the source address of incomingpackets from their real address to an address inside theorganization’s network

Firewall will pass this packet



Application-Level Firewalls

Acts as an intermediate host computer (between outsideclients and internal servers)

Forces anyone to login to this firewall and allows access only toauthorized applications (e.g., Web site access)

Separates a private network from the rest of the Internet

Hides individual computers on the network behind the firewall

Some prohibits external users downloading executablefiles

Software modifications done via physical access

Requires more processing power than packet filterswhich can impact network performance

Because of the increased complexity of what they do



Network Address Translation (NAT)

Used, by most firewalls, to shield a private network fromoutside interference

Translates between private addresses inside a network andpublic addresses outside the network

Done transparently (unnoticed by external computers)

Internal IP addresses remain hidden

Performed by NAT proxy serversUses an address table to do translations

Ex: a computer inside accesses a computer outside

Change source IP address to its own address

Change source port number to a unique number

– Used as an index to the original source IP address

Performs reverse operations for response packets





Using Illegal Addresses with NAT

Used to provide additional security

Assigns illegal IP addresses to devices inside thenetwork

Even if they are discovered, no packets (with these addresses)from Internet will be delivered (illegal IP address)

Example: Assigned by ICANN: 128.192.55.xx

Assign to NAT proxy server: 128.192.55.1

Assign to internal computers: 10.3.3.xx

– 10.x.x.x is reserved for private networks (never used on Internet)

No problem with users: NAT proxy server

Big problem with intruders !!



Use of NAT Proxy Servers

Becoming popular; replacing firewalls

Slow down message transfer

Require at least two separate DNS servers

For use by external users on Internet

For use by internal users (internal DNS server)

Use of combined, layered approachUse layers of NAT proxy servers, packet filters and applicationgateways

Maintaining online resources (for public access) in a “DMZnetwork” between the internal networks and the Internet



A Network Design Using Firewalls

For initial screening- Permits web access- Denies FTP requests





Securing the Interior

Security Holes

Trojan Horses

Encryption



Security Holes

Made by flaws in network software that permitunintended access to the network

A bug that permits unauthorized access

Operating systems often contain security holes

Details can be highly technical

Once discovered, knowledge about the security holequickly circulated on the Internet

A race can then begin between

Hackers attempting to break into networks through the security holeand

Security teams working to produce a patch to eliminate the securityhole

CERT: major clearing house for Internet related holes



Other Security Holes

Flawed policies adopted by vendors

New computers come with preinstalled user accounts with wellknown passwords

Managers forgetting to change these passwords

American government's OS security levelsMinimum level (C2): provided by most OSs

Medium Level (B2): provided by some

Highest level (A1 and A2): provided by few





OS Security: Windows vs. Linux

Windows

Originally written for one user one computer

User with full control

Applications making changes to critical parts of the system

– Advantages: More powerful applications (without needing user tounderstand internals), feature rich, easy to use applications

– Disadvantages: Hostile applications taking over the system

LinuxMulti-users with various access wrights

Few system administrators with full control



Trojan Horses

Remote access management consoles that enable usersto access a computer and manage it from afar

More often concealed in another software that isdownloaded over Internet

Common carriers: Music and video files shared on Internet sites

Undetected by antivirus software

Major TrojansBack Office: attacked Windows servers

Gives the attacker the same right as the administrator

Morphed into tools such as MoSucker and Optix Pro

Powerful and easy to use

7 – Application 6 – Presentation 4 – Transport Network ... · 143.471 Digital Communications 23/05/2007 Network Security Cryptography, Hash Functions & Digital Signatures -

Documents