Data and Computer Communications

Data and Computer Data and Computer CommunicationsCommunications

Eighth EditionEighth Edition

by William Stallingsby William Stallings

Lecture slides by Lawrie BrownLecture slides by Lawrie Brown

Chapter 21 – Network SecurityChapter 21 – Network Security

Network SecurityNetwork Security

To guard against the baneful influence exerted by strangers is therefore an elementary dictate of savage prudence. Hence before strangers are allowed to enter a district, or at least before they are permitted to mingle freely with the inhabitants, certain ceremonies are often performed by the natives of the country for the purpose of disarming the strangers of their magical powers, or of disinfecting, so to speak, the tainted atmosphere by which they are supposed to be surrounded.—The Golden Bough, Sir James George Frazer

Security RequirementsSecurity Requirements

confidentiality - protect data content/accessconfidentiality - protect data content/access integrity - protect data accuracyintegrity - protect data accuracy availability - ensure timely serviceavailability - ensure timely service authenticity - protect data originauthenticity - protect data origin

Passive AttacksPassive Attacks

eavesdropping on transmissionseavesdropping on transmissions to obtain informationto obtain information

release of possibly sensitive/confidential release of possibly sensitive/confidential message contentsmessage contents

traffic analysis which monitors frequency and traffic analysis which monitors frequency and length of messages to get info on senderslength of messages to get info on senders

difficult to detectdifficult to detect can be prevented using encryptioncan be prevented using encryption

Active AttacksActive Attacks

masquerademasquerade pretending to be a different entitypretending to be a different entity

replayreplay modification of messagesmodification of messages denial of servicedenial of service easy to detecteasy to detect

detection may lead to deterrentdetection may lead to deterrent hard to preventhard to prevent

focus on detection and recoveryfocus on detection and recovery

Requirements for SecurityRequirements for Security

strong encryption algorithmstrong encryption algorithm even known, unable to decrypt without keyeven known, unable to decrypt without key even if many plaintexts & ciphertexts availableeven if many plaintexts & ciphertexts available

sender and receiver must obtain secret sender and receiver must obtain secret key securelykey securely

once key is known, all communication once key is known, all communication using this key is readableusing this key is readable

Attacking EncryptionAttacking Encryption

cryptanalysiscryptanalysis relay on nature of algorithm plus some knowledge of relay on nature of algorithm plus some knowledge of

general characteristics of plaintextgeneral characteristics of plaintext attempt to deduce plaintext or keyattempt to deduce plaintext or key

brute forcebrute force try every possible key until plaintext is recoveredtry every possible key until plaintext is recovered rapidly becomes infeasible as key size increasesrapidly becomes infeasible as key size increases 56-bit key is not secure56-bit key is not secure

Block CiphersBlock Ciphers

most common symmetric algorithmsmost common symmetric algorithms process plain text in fixed block sizes process plain text in fixed block sizes

producing block of cipher text of equal sizeproducing block of cipher text of equal size most important current block ciphers:most important current block ciphers:

Data Data Encryption Standard Encryption Standard (DES)(DES) Advanced Encryption StandardAdvanced Encryption Standard

Data Encryption StandardData Encryption Standard

US standardUS standard 64 bit plain text blocks64 bit plain text blocks 56 bit key56 bit key broken in 1998 by Electronic Frontier broken in 1998 by Electronic Frontier

FoundationFoundation special purpose US$250,000 machinespecial purpose US$250,000 machine with detailed published descriptionwith detailed published description less than three daysless than three days DES now worthlessDES now worthless

Location of Encryption Location of Encryption DevicesDevices

Link EncryptionLink Encryption

each communication link equipped at both endseach communication link equipped at both ends all traffic secureall traffic secure high level of securityhigh level of security requires lots of encryption devicesrequires lots of encryption devices message must be decrypted at each switch to message must be decrypted at each switch to

read address (virtual circuit number)read address (virtual circuit number) security vulnerable at switchessecurity vulnerable at switches

particularly on public switched networkparticularly on public switched network

End to End EncryptionEnd to End Encryption

encryption done at ends of systemencryption done at ends of system data in encrypted form crosses network data in encrypted form crosses network

unalteredunaltered destination shares key with source to decryptdestination shares key with source to decrypt host can only encrypt user datahost can only encrypt user data

otherwise switching nodes could not read header or otherwise switching nodes could not read header or route packetroute packet

hence traffic pattern not securehence traffic pattern not secure

solution is to use both link and end to endsolution is to use both link and end to end

Message AuthenticationMessage Authentication

protection against active attacks withprotection against active attacks with falsification of datafalsification of data falsification of sourcefalsification of source

authentication allows receiver to verify that authentication allows receiver to verify that message is authenticmessage is authentic has not been alteredhas not been altered is from claimed/authentic sourceis from claimed/authentic source timelinesstimeliness

Authentication Using Authentication Using Symmetric EncryptionSymmetric Encryption

assume sender & receiver only know keyassume sender & receiver only know key only sender could have encrypted only sender could have encrypted

message for other partymessage for other party message must include one of:message must include one of:

error detection code error detection code sequence numbersequence number time stamptime stamp

Authentication Without Authentication Without EncryptionEncryption

authentication tag generated and appended to authentication tag generated and appended to each messageeach message

message not encryptedmessage not encrypted useful when don’t want encryption because:useful when don’t want encryption because:

messages broadcast to multiple destinationsmessages broadcast to multiple destinations• have one destination responsible for authenticationhave one destination responsible for authentication

one side heavily loadedone side heavily loaded• encryption adds to workloadencryption adds to workload• can authenticate random messagescan authenticate random messages

programs authenticated without encryption can be programs authenticated without encryption can be executed without decodingexecuted without decoding

Message Authentication CodeMessage Authentication Code

generate authentication code based on shared generate authentication code based on shared key and messagekey and message

common key shared between A and Bcommon key shared between A and B if only sender and receiver know key and code if only sender and receiver know key and code

matches:matches: receiver assured message has not alteredreceiver assured message has not altered receiver assured message is from alleged senderreceiver assured message is from alleged sender if message has sequence number, receiver assured if message has sequence number, receiver assured

of proper sequenceof proper sequence

can use various algorithms, eg. DES can use various algorithms, eg. DES

RSA RSA AlgorithmAlgorithm

RSA ExampleRSA Example

RSA SecurityRSA Security

brute force search of all keysbrute force search of all keys given size of parameters is infeasiblegiven size of parameters is infeasible but larger keys do slow calculationsbut larger keys do slow calculations

factor n to recover p & qfactor n to recover p & q a hard problema hard problem well known 129 digit challenge broken in 1994well known 129 digit challenge broken in 1994 key size of 1024-bits (300 digits) currently key size of 1024-bits (300 digits) currently

secure for most appssecure for most apps

Public Key CertificatesPublic Key Certificates

WiFi Protected AccessWiFi Protected Access

WiFi Protected Access (WPA) extensions WiFi Protected Access (WPA) extensions to address 802.11 security issuesto address 802.11 security issues based on current 802.11i standardbased on current 802.11i standard addresses authentication, key management, addresses authentication, key management,

data transfer privacydata transfer privacy uses authentication server and a more uses authentication server and a more

robust protocolrobust protocol encryption with AES or 104-bit RC4encryption with AES or 104-bit RC4

WiFi Protected AccessWiFi Protected Access

802.11i Access Control802.11i Access Control

802.11i Privacy & Integrity802.11i Privacy & Integrity

have Temporal Key Integrity Protocol have Temporal Key Integrity Protocol (TKIP) or WPA-1(TKIP) or WPA-1 s/w only changes to existing equipments/w only changes to existing equipment using same RC4 algorithm as older WEPusing same RC4 algorithm as older WEP

and Counter Mode CBC MAC (CCMP) or and Counter Mode CBC MAC (CCMP) or WPA-2 using AES encryptionWPA-2 using AES encryption

both add message integrity code (MIC)both add message integrity code (MIC) generated using Michael algorithmgenerated using Michael algorithm