Network Security1 Network Security Goals Traffic Confidentiality: –prevent Unauthorized data input and reading Traffic analysis –Sample Mechanisms: encryption,

Network Security 1

Network Security Goals

• Traffic Confidentiality: – prevent

• Unauthorized data input and reading

• Traffic analysis

– Sample Mechanisms: encryption, inserting random noise

Network Security Goals

• Traffic Integrity: – Prevent

• Data tampering

– Sample Mechanisms: ICV, FCS – Authorization mechanisms

Network Security 2

Network Security Goals

• Availability – Prevent

• Denial of service; delayed receipt of message

• Delayed access to data

– Mechanisms include redundancy

Network Security 3

Network Security Services

• Nonrepudiation – Prevent

• Repudiation of a valid transaction)

– Mechanisms include: public/private keys

Network Security 4

Network Security Services

• Nonforgeability – (can be considered part of authentication and

integrity) – Prevent

• Forging a document

– Sample Mechanism: public/private key

Network Security 5

Network Security Services

• Authentication – Prevent

• Message replay, Masquerade

– Sample Mechanisms: passwords, timestamps

Network Security 6

Network Security Services

• Access control – Prevent

• Unauthorized access to a capability of an authorized system)

– Sample Mechanisms: access control matrices– Capabilities based on need to know/use basis

Network Security 7

Network Security Services

• Authorization – Prevent

• unauthorized access to a systems

– Sample Mechanisms: • Identification (e.g., login)

• Authentication (e.g., password)

• and Access control (e.g., chmod) mechanisms

Network Security 8

Network Security 9

Types of Security Attacks

Normal Flow

Interruption

Modification

Fabrication

Interception

Network Security 10

Some mechanisms for security issues• Ensure Privacy (read protection, confidentiality)

– Encryption – Hide traffic patterns with random noise, etc.

• Ensure Integrity (tampering or write protection)– Majority of this is caused by misuse of granted authority– Must block access of viruses, worms perhaps with firewalls– Attach Integrity Check Values to message units

• Prevent misuse of equipment by personnel– Establish and circulate policies for employee use of Internet– Establish and circulate policies to prevent social engineering

• Provide authentication mechanisms– Passwords, digital signatures, palm prints

• Block access to ports, etc. (filters, firewalls)• Prevent message replay (attach timestamps, sequence numbers)• Provide availability (“scrub” denial of service attacks perhaps by proxy)

Network Security 11

Internet Issues

• The Internet is highly vulnerable

• Some mechanisms prevent security failures• Ex: VPNs, IPsec, encryption, authentication

• Some mechanisms recover from failures– Backup of state information/ data

• Location and other redundancies

Internet and NetworkVulnerabilities

• The Media– Wireless media is vulnerable to eavesdropping– Wired media is vulnerable to wiretapping

• LANs using broadcast transmission (buses, rings)

• Promiscuous mode is default for transmission at bridges; any node can be configured to receive all message traffic

Network Security 12

Network Security 13

Data vulnerability

• Copy is identical to original – in money value as well as in data value

• Software is “soft”– A copy is as useful as the original

• Music and videos are “soft”– Copying was always an issue, but networks and

digitized data makes it easier to transmit

Network Security 14

Security mechanisms at different layers

• Physical layer– Shield wires; put server in cabinet

• Military encloses lines in tubes filled with argon gas – tap will trigger an alarm

– Wireless – CDMA or other spread spectrum transmission– Modems are adding encryption, compression

• Data link layer (between adjacent machines)– Link encryption

• Since headers/trailers are examined at bridges and routers, frames are insecure at relay

– Passwords can be sniffed• Encode headers and trailers of frame• WPA2 for WiFi

Network Security 15

Security at different layers• Network layer

– Firewalls/ antivirus, etc.– Accounting/ audits– Limit Access rights to drives, files– IPSec and VPNs

• Transport Layer– SSL, TLS

• Application layer– Encryption by application, user– Firewalls (Gateways; Proxy Servers)

Network Security 16

Virtual Private Networks

• Private Network– Company network connected thru leased lines

• Relatively secure – requires tapping the lines• Expensive – typically T1 line is leased

• Virtual Private Network– Connection thru Internet minimizes cost

• Requires firewall, IPSec, etc. for security• Encapsulation• Packets are tunneled through Internet

Network Security 17

IPSec• RFC 1636, 4301 Internet security

– Monitoring must be authorized• Encryption

– Authentication– Incorporated in IPv6 (may also be used in IPv4)

• IPv6 is below transport layer – applications are not affected

• IPv4 traffic now uses it as well

Network Security 18

IPSec Authentication Header

• http://www.isaserver.org/articles/IPSec_Passthrough.html

Network Security 19

IPSec Authentication and Encryption in Tunnel Mode

• http://www.certiguide.com/secplus/diagrams/figure20.png

Network Security 20

Authentication

• Authentication is ensuring that it is actually Bob that has logged in

• Authorization is knowing and enforcing Bob’s access rights– first must be completed before

second is enforced– first is more difficult to control

Network Security 21

Authentication and Key Distribution

• Authentication should be integrated with encryption

• Secure key distribution is critical to authentication to prevent session hijacking, message replay

Network Security 22

Authentication Techniques

• Proof by Possession– Smart cards, tokens, physical keys

• Typically applied in combination with proof by knowledge

• Proof by knowledge– Passwords, PINs (static, vulnerable)– For strong authentication, keys should be

dynamic (but humans don’t want this)• Smart cards, etc. used in combination with human

input

Network Security 23

Authentication Techniques (cont)• Dynamic – proof by knowledge

– One-time passwords• SecurID tokens

– Generates dynamic password from clock and secret DES key

» User combines static password with one-time password

» Serves as a session identifier

• Other systems (Lamport, navy) also utilize clock

• Sender and receiver synchronize clocks; receiver can verify password

Network Security 24

Authentication Techniques (cont)

• Proof by Property– Biometric properties

• Fingerprints, retinal prints, voice patterns, DNA, (signature)

• Proof by Location– BSD UNIX r-tools, GPS-based authentication,

dial-back systems; post office

Strong Authentication

• Authentication and encryption– Public/private (asymmetric) keys are

commonly used for encryption• Each party has a pair of keys (public, private)

– Sends public keys to all communicating parties

– Keeps private key to himself

– Only he can decrypt message encrypted with public key

– Addresses key distribution problem

– Addresses scalability problems

Network Security 25

Network Security 26

Authentication Techniques

• Dynamic proof by Knowledge– Challenge-response mechanism

• B sends a “random” number to A

• A encrypts number with private key and sends to B

• B uses A’s public key to decode, authenticate

• Similarly A sends “random” number to B, etc.

• If digital signature/private key is used for authentication, then we must ensure that the “random” number is not some false message (“I owe you money”).

Network Security 27

Challenge-responsewith public/private keys

B

A

B

A

randB

(EAprivatekey (randB), randA)

EBprivatekey (randA)

Authenticators

• Authenticator is a value included in a transmitted message that allows the verification of both the authenticity and data integrity of a message

Network Security 28

Network Security 29

Question• What is message replay?

– You send an order to Amazon.com for a textbook. In two days UPS delivers 1000 books to your house.

• Who pays the postage for returning the books?• Is it an inconvenience for everyone but UPS?

• The message can be encrypted so that only you and Amazon.com can decrypt it. Will that help?– No.

Network Security 30

Key Distribution• Most network security services require

cryptographic mechanisms– (Strong) Authentication– Secure data storage– Secure data transmission

• Most network security cryptographic mechanisms rely or public/private or symmetric keys

• Security requires secure key distribution

Network Security 31

IEEE 802.10 - key distribution techniques

1) Manual key distribution– Appropriate for firmware devices that must be

physically delivered– How do we authenticate sender, receiver?– There are scalability issues– Example: delivery of smart cards by certified

U.S. Mail (trusted third party)• Proof by location and by biometric property

(signature)

Network Security 32

802.10 key distribution techniques

2) Center-Based Key Distribution– Trusted Third Party (TTP),KDC,Certification Authority

• For key distribution or for key translation

– Each user must have a trust relation with TTP• Must share a “secret”

– Kerberos requires each client to request a session key from the Key Distribution Center

• Pull model• Used by Windows XP

– Banks may contact their clients to tell them to get a session key from KDC before communication

• Push model

Network Security 33

802.10 key distribution techniques

3) Certificate-based Key Distribution– Pairwise cryptographic keys may be developed

based on public and private keys, etc.– Certification authority (CA) is an entity that is

accepted for verifying identities and issuing public key certificates

• Commercial CAs, Governmental CAs, free CAs

• You must know the CA key to communicate– Firefox, Internet Explorer’s have self-certifying

certificates

PGP (Pretty Good Privacy)

• No Central Authenticator

• For email authentication

• “web of trust” – level of trust depends upon how many certificates are supplied and the level of trust of each certificate

• Uses public/ private key encryption

Network Security 34

Network Security 35

Kerberos • Network based authentication protocol• Typically uses symmetric key encryption with

trusted third party for key distribution• Developed at MIT• Open Source Software• Kerberos tickets distributed to limit duration of

sessions• Kerberos Key Distribution Center (KDC)

functions as a trusted third party • Used by Windows, Mac OS X, Linux, Solaris, etc.

Network Security 36

Radius Servers

• Remote Authentication Dial In User Service • Authentication, Authorization, and Accounting• Used by ISPs, access points, web servers• RFC 2865, RFC 2866• Uses other mechanisms, such as IPsec tunnels, to

communicate with clients

Network Security 37

Smart Cards• Used for identification, authentication, data

storage

• Integrated circuits

• Memory may be fixed or volatile

• May get power from card reader

• Contains many security features: encryption, time-stamping, connecting with database for authentication

Network Security 38

NoncesA nonce is a randomly generated cryptographic string or a time stamp used for encryption algorithms.

The encryption key becomes much harder to decrypt, since a random nonce is created (using a time stamp mechanism) for each use and joined with the key and the encrypted data to be sent.Nonces are unique, at least within a given time span.

For example, for an HTTP authentication, an algorithm called WSSE is generally used for

authenticating the username and the password. The algorithm works like this:• Start with 2 pieces of information: username and password. • Create a nonce. This is harder than it sounds; if an attacker can guess your next nonce, he can

attempt a replay attack. Most cryptography libraries have routines to generate nonces, • Generate a "creation timestamp" of the current time, in W3DTF format (ISO standard time format) • Create a password digest using the SHA1 hash-key algorithm.As an example:• Let's say Bob's username is “bob", and his password is "seemasimham". • Bob creates a nonce, "d36e316282959a9ed4c89851497a717f". • Bob created this nonce at "2003-12-15T14:43:07Z", so that's the creation timestamp. • Bob's password digest is Base64(SHA1 ("d36e316282959a9ed4c89851497a717f" + "2003-12-

15T14:43:07Z" + "seemasimham")), which is "quR/EWLAV4xLf9Zqyw4pDmfV90Y=". • Most languages have built-in libraries to create SHA-1 hashes and to encode strings in Base64

format. Ex: import java.security.MessageDigest; http://www.sha1-online.com/sha1-java/

• https://code.google.com/p/pownceapi/wiki/HowPownceAPIworks

Challenge/response mechanism

• Challenge/ response (looked at earlier) with timestamps– Alice and Bob– Alice sends Bob the timestamp

• Bob encrypts it either with his private key or with a shared symmetric key

• Can also use nonces (with Alice’s timestamp) for authentication

• Prevents message replay, etc.

Network Security 39

Network Security 40

CryptographyP: Plaintext (payload)E: Encryption algorithmD: Decryption algorithmK: (possibly different) keys as parameters to E and D

Dk (Ek’ (P)) = P

Example:P = 10111100E = rotate left (K)D = rotate right (K)K = 3 (the encryption and decryption keys need not be the same)E(P) = 10010111

In UNIX password files, there is no D (Hashing)

Network Security 41

Example

• Combination lock– Turn left, turn right, turn left (pull or push)– Note that D = E in combination locks; same key

• Use of a known algorithm so that encryption is implemented by the key– Many combinations are needed to be effective– Consider the manufacture of combination locks– Consider their use by buyers

Network Security 42

Other simple algorithms

– Substitution ciphers– Transposition ciphers

• For example arrange in horizontal rows and read in vertical columns

– Natural language• Navaho Indians in WWII

– Book held by both parties• Problem is getting the book (key) to the parties

involved

Network Security 43

Additional issues

• All cryptographic algorithms must contain redundancy to prevent intruder from passing a false message– Some possibilities must be invalid, else random bits

might be interpreted as a valid message• Ex: credit card numbers

• Must timestamp message– Old messages (or different orders) should not be

accepted as new or different messages • Compare to duplicate packets in network

Block stream ciphers• Most ciphers work on units of fixed size

blocks– Working on them independently may allow

cryptanalyst to recognize recurring block values– Block ciphers are typically chained

• Each block may be XORed with the previous block’s ciphertext before being encrypted.

• A random number, called an IV (initialization vector), is provided for the first block

Network Security 44

Symmetric-Key Ciphers• (also called secret-key ciphers since key is a

secret shared by sender(s) and receiver(s))

• Same key for encryption and decryption

• Must get key to receiver(s)– This may be insecure

Network Security 45

Network Security 46

DES (Data Encryption Standard)

• D = E (same chip used for encryption/decryption)

• Key controls shifts, exclusive ors, bit ands

• No known vulnerabilities since 1999

• 56 bit key (outdated, but still used)

• Triple DES (3DES) – uses 3 keys

• AES (supports 128, 192 and 256 bit keys)– 128 block length

Network Security 47

Public-Key Ciphers

• Diffie and Hellman (1976)– D(E (P) ) = P

– E (D (P)) = P

– E is public – broadcast to all

– D is private

– Everyone can send a message to D’s owner encoded with E – only D’s owner can decode

– D can send a message to anyone; if E decodes the message it is authentic

Network Security 48

Rivest-Shamir Algorithm (RSA)

• Choose 2 large primes p and q

• Compute n = p x q

• Compute z = (p-1) * (q-1)

• Choose any D relatively prime to z

• Find E such that E * D = 1 mod z

• C (cipher ) = PE (mod n)

• Publish E, n

Network Security 49

Example (Tanenbaum)

• p = 3, q = 11• N = 33• Z = 2 * 10 = 20• D could be 3, 7, 11, 13, 17; pick D = 7• E * 7 = 1 mod (20)• E = 3 (OTHERS ARE POSSIBLE; 83)• Say P (Plaintext) = 5 (101)• P3 (mod 33) = 125 (mod 33) = 26• 267 (mod 33) should equal 5

Network Security 50

To decrypt

• Factor n

• If n is very large say 10^200, this can take a while (actually 10^210 is better)

Network Security 51

Other Public-Key Algorithms

• Hellman & Merkle– Knapsack algorithm

• Public – weight of objects in knapsack– List of all possible objects

• Private – subset of objects chosen

Network Security 52

Hellman-Merkle knapsack algorithm

• The Hellman-Merkle patent refers to an algorithm known as the knapsack algorithm. It claims:In a method of communicating securely over an insecure communication channel of the type which communicates a message from a transmitter to a receiver, the improvement characterized by: providing random numbers at the receiver; generating from said random numbers a public enciphering key at the receiver; generating from said random numbers a secret deciphering key at the receiver such that the secret deciphering key is directly related to and computationally infeasible to generate from the public enciphering key. Communicating the public enciphering key from the receiver to the transmitter; processing the message and the public enciphering key at the transmitter and generating an enciphered message by an

•

Network Security 53

Hellman-Merkle continued

• enciphering transformation, such that the enciphering transformation is easy to effect but computationally infeasible to invert without the secret deciphering key; transmitting the enciphered message from the transmitter to the receiver; and processing the enciphered message and the secret deciphering key at the receiver to transform the enciphered message with the secret deciphering key to generate the message. 2. In a method of communicating securely over an insecure communication channel as in claim 1, further comprising: authenticating the receiver's identity to the transmitter by the receiver's ability to decipher the enciphered message. 3. In a method of communicating securely over an insecure communication channel as in claim 2 wherein the step of: authenticating the receiver's identity includes the receiver transmitting a representation of the message to the transmitter. 4. [Swapping the role of the transmitter and receiver in claim 1 so as to provide a digital signature capability.]

• http://www.freepatentsonline.com/4424414.html

Network Security 54

Cryptographic Hash Functions

• Hash functions have two main properties– Algebraic transformation of input of arbitrary (though finite) bit-

length to fixed bit-length smaller in size than input• h(x) is the hashing function

– h(x) is easy to compute

• By definition of a function, h(x) is unique for a specific x• But given h(x), x is not unique

– Range of x is larger than range of h(x)

• Collision occurs if h(x) = h(y), x ≠ y

• hash functions were developed to conserve storage• In security, they are used chiefly for integrity checks

Network Security 55

Cryptographic hash functions

• Hash functions are preimage resistant if:– given h(x), x cannot be feasibly computed

• Hash functions are second-preimage (weak collision) resistant if– it is computationally infeasible, if, for a given x, to

find a y ≠ x that has the same hash value

• Hash functions are strong collision resistant if it is computationally infeasible to find any two distinct x, y that have same output, i.e., that h(x)=h(y)

Network Security 56

UNIX password file• Uses one-way encryption algorithm

– Given h(x), x cannot be found• When you enter your password x, it stores hash h(x) in password file

typically /etc/passwd or /etc/passwd has a pointer to the shadow file• Each time you give your password, UNIX verifies hash (password) in

password file– levine:*:1120:101:Dr. G. Levine:/home/faculty/levine:/usr/bin/tcsh

• Intruder who obtains password file cannot find x• However, he can generate possible passwords and see if any encrypt to

the stored value h(x)– Encryption algorithm is known

• Today, actual encrypted hash values are stored in shadow file• Encryption is salted so two identical x values do not generate same

h(x)

Network Security 57

SHA-1, MD5 iterative hash functions

• Combine each hash of data block with successive block

• Hash values of 160 bits, 128 bits• Recent advances in cryptography have made 128 bits

insufficient• IV is initialization vector

h h hh(x)

x1x2

xn

IV

Network Security 58

Digital (cryptographic) Signatures

• (not the same thing as electronic signatures although electronic signatures may be implemented by digital signatures)

• One way authentication– (receiver must also provide digital signature for

a two-way authentication)

• Frequently implemented with public/private keys

Network Security 59

Digital Signature

1) Generate a public/private key and send out the public key (CA to verify it?)

Alternatively, be assigned a public/private key by a trusted authority

2) Use a signing algorithm to produce signature from message and private key

3) Receiver uses public key to decrypt message and signature

Network Security 60

Signing algorithm

• Message is hashed before it is encrypted with private key– Makes it more efficient (shorter)– Makes it more secure (without hashing, same

encryption is repeatedly applied to more blocks – a vulnerability)

Network Security 61

RSA digital signature scheme

• securing public/private key encryption with hashes. Remember that

Dprivate key(Epublic key(P)) = Epublic key(Dprivate key(P))= P

Attach Dprivate key(Hash (P)) to end of P

• Hash is agreed-upon by both receiver & sender

Receiver decrypts (with the public key E) D(Hash(P)) and matches to the computation of Hash (P).

Network Security 62

Services supported by encryption

• Authentication

• Integrity

Computationally infeasible to modify a message and its signature so that the new signature is valid for the new message

• Time-stamps should be included (to prevent message reply), but time is not guaranteed

Network Security 63

Service of non-repudiation

• The problem is that the sender may claim that its private key was lost

• Even if a time-stamp was used, the sender may claim that an attacker who obtained the private key inserted an earlier time-stamp.

• Sender must repudiate his private key in order to repudiate the message.

Issues

• Public/private key encryption/decryption is slow

• Symmetric key encryption is not easily scalable

• We want support of integrity, authentication, and confidentiality service

• We want scalability and efficiency

Network Security 64

Network Security 65

Digital Envelop

• Use public key encryption on a prefix to the message that contains the key to be used for encoding the message

• A encrypts P with its symmetric key KA, obtaining EK (P)• A encrypts K with B’s public key kB and sends to B the

combination of kB(KA) + EK (P)• B first decrypts A’s initial part of message containing K

using his private key,

kB-1 kB(KA) = KA,then uses KA to obtain P

• To send to others (and obtain scalability), A needs only to encrypt K with each one’s public key and append to EK (P) to obtain efficiency.

Network Security 66

Services of Digital Envelops

• Note that kB(K) may serve as integrity check

• Symmetric key encrypts bulk of packet (efficient)

• Public/private keys serve as mechanisms for scalability, digital signature

• This is a bi-level encryption scheme, to obtain advantages of both methods