Top Banner

of 43

Internet and Intranet Protocols and Applications Lecture 10 Network (Internet) Security April 3, 2002 Joseph Conron Computer Science Department New York

Dec 26, 2015



  • Slide 1
  • Internet and Intranet Protocols and Applications Lecture 10 Network (Internet) Security April 3, 2002 Joseph Conron Computer Science Department New York University [email protected]
  • Slide 2
  • What is network security? Secrecy: only sender, intended receiver should understand msg contents sender encrypts msg receiver decrypts msg Authentication: sender, receiver want to confirm identity of each other Message Integrity: sender, receiver want to ensure message not altered (in transit, or afterwards) without detection Non-repudiation: sender cannot claim other than what was sent
  • Slide 3
  • Internet security threats Packet sniffing: broadcast media promiscuous NIC reads all packets passing by can read all unencrypted data (e.g. passwords) e.g.: C sniffs Bs packets A B C src:B dest:A payload
  • Slide 4
  • Internet security threats IP Spoofing: can generate raw IP packets directly from application, putting any value into IP source address field receiver cant tell if source is spoofed e.g.: C pretends to be B A B C src:B dest:A payload
  • Slide 5
  • Internet security threats Denial of service (DOS): flood of maliciously generated packets swamp receiver Distributed DOS (DDOS): multiple coordinated sources swamp receiver e.g., C and remote host SYN-attack A A B C SYN
  • Slide 6
  • Cryptography Encryption is a process applied to a bit of information that changes the informations appearance, but not its (decrypted) meaning. Decryption is the reverse process. If C is a bit of cipher text (encrypted data) and M is a message (plain text) then, C = E k (M) and M = D k (C) Where E k and D k are encryption and decryption processes respectively. E k and D k are both based on some key k.
  • Slide 7
  • Cryptography Algorithms symmetric key crypto: sender, receiver keys identical public-key crypto: encrypt key public, decrypt key secret Figure 7.3 goes here plaintext ciphertext K A K B
  • Slide 8
  • Friends and enemies: Alice, Bob, Trudy Well-known model in network security world Bob, Alice want to communicate securely Trudy, the intruder may intercept, delete, add messages Sometimes Trudys friend Mallory (malicious) may appear Figure 7.1 goes here
  • Slide 9
  • Cryptography Basics Symmetric Key Cryptography: E k = D k (and must be kept SECRET!!!) Public Key Cryptography: E k is a public key (everyone can know it) D k is a private key and belongs to ONE entity. Symmetric Key Algorithms are fast Public Key Algorithms are SLOW!!!
  • Slide 10
  • Symmetric Key Ciphers Substitution: (a = k, b = q, ) Transposition: (c1 = c12, c2 = c5, c3 = c1, ) Composition (both substitution and transposition, such as DES) One-Time code pad
  • Slide 11
  • Symmetric key cryptography substitution cipher: substituting one thing for another monoalphabetic cipher: substitute one letter for another plaintext: abcdefghijklmnopqrstuvwxyz ciphertext: mnbvcxzasdfghjklpoiuytrewq Plaintext: bob. i love you. alice ciphertext: nkn. s gktc wky. mgsbc E.g.:
  • Slide 12
  • DES: Data Encryption Standard US encryption standard [NIST 1993] 56-bit symmetric key, 64 bit plain-text input How secure is DES? DES Challenge: 56-bit-key-encrypted phrase (Strong cryptography makes the world a safer place) decrypted (brute force) in 4 months no known backdoor decryption approach
  • Slide 13
  • Symmetric key crypto: DES initial permutation 16 identical rounds of function application, each using different 48 bits of key final permutation DES operation
  • Slide 14
  • Public key cryptography Figure 7.7 goes here
  • Slide 15
  • How do public key algorithms work? They depend on the existence of some very hard mathematical problems to solve: Factoring VERY large numbers (example, a number containing 1024 bits!) Calculating discrete logarithms Find x where a x b (mod n) By hard we mean that it will take a super computer a very long time (months or years)
  • Slide 16
  • RSA encryption algorithm RSA depends on factoring large numbers. Here is the algorithm : Need d B ( ) and e B ( ) such that d (e (m)) = m B B 1 2 Need public and private keys for d B ( ) and e B ( ) Two inter-related requirements:
  • Slide 17
  • RSA: Choosing keys 1. Choose two large prime numbers p, q. (e.g., 1024 bits each) 2. Compute n = pq, z = (p-1)(q-1) 3. Choose e (with e