Lecture 23 (Network Security) Outline
Network Security z z
Basic requirements. Meeting these requirements: Privacy. Digital Signature.
z
Specific security standards in practice: Privacy standards: DES, RSA. Standard at application layer: PGP. Standard at transport layer: SSL.
CSC4430 – Data Communication and Computer Networks
1
23.1. Internet Security Threats Alice
data
channel
Bob
data, control messages
secure sender
secure receiver
data
Trudy
Friends: Bob, Alice want to communicate “securely”. Enemies: Trudy, the “intruder” may intercept, add, delete or modify messages.
CSC4430 – Data Communication and Computer Networks
2
23.1. Internet Security Threats
Q: What can a “bad guy” do? A: a lot! z z z
z
z
eavesdrop: intercept messages. actively insert messages into connection. impersonation: can fake (spoof) source address in packet (or any field in packet). denial of service: prevent service from being used by others (e.g., by overloading resources). hijacking: “take over” ongoing connection by removing sender or receiver, inserting himself in place.
CSC4430 – Data Communication and Computer Networks
3
23.1. Internet Security Threats
Eavesdrop = Packet sniffing: z z
Common for broadcast media. Promiscuous NIC/adapter can read unencrypted data from all passing by packets. e.g. C sniffs B’s packets containing password.
CSC4430 – Data Communication and Computer Networks
4
23.1. Internet Security Threats
Impersonation = IP spoofing: z
z
An intruder can generate “raw” IP packets directly from application and put any value into IP source address field. Receiver can not tell if source is spoofed. e.g. C pretends to be B.
C
A src:B dest:A
payload
B CSC4430 – Data Communication and Computer Networks
5
23.1. Internet Security Threats
Denial of service (DOS) attack: z
z
An intruder generates a flood of maliciously packets to “swamp” receiver. Distributed DOS (DDOS): multiple coordinated sources swamp a receiver. e.g. C and remote host SYN-attack A.
C
A
SYN
SYN SYN
SYN
SYN
B SYN SYN CSC4430 – Data Communication and Computer Networks
6
23.2. Network Security Requirements
Network security aims to provide secure communications. Four aspects of network security:
z
Privacy or Secrecy: Sender and receiver expect confidentiality. Only sender, intended receiver should “understand” message contents.
CSC4430 – Data Communication and Computer Networks
7
23.2. Network Security Requirements z
Authentication: Sender and receiver want to confirm identity of each other.
z
Message Integrity: Sender and receiver want to ensure message not altered (in transit, or afterwards) without detection. e.g. it would be disastrous if a request for transferring $100 changes to a request for 10,000 or $100,000.
z
Non-Repudiation: Receiver must be able to prove that a received message came from a specific sender. The sender must not be able to deny sending a message. e.g. bank must have proof that the customer actually requested this transaction.
CSC4430 – Data Communication and Computer Networks
8
23.3. Privacy
Privacy uses cryptography: z z
Sender encrypts the message. Receiver decrypts the message.
CSC4430 – Data Communication and Computer Networks
9
23.3.1. Traditional Cryptography
Ciphers were already studied in ancient times Caesar’s cipher: z z z z
replace a with d replace b with e ... replace z with c
Caesar’s cipher is an example of a monoalphabetic substitution cipher, which permutes the characters. Armed with simple statistical knowledge, one can easily break a Caesar cipher. z z z
most frequent letters in English: e, t, o, a, n, i, ... most frequent digrams: th, in, er, re, an, ... most frequent trigrams: the, ing, and, ion, ...
CSC4430 – Data Communication and Computer Networks
10
23.3.1. Traditional Cryptography
The first description of the frequency analysis attack appears in a book written in the 9th century by the Arab philosopher al-Kindi. Example (S. Singh, The Code Book, 1999): PCQ VMJYPD LBYK LYSO KBXBJXWXV BXV ZCJPO EYPD KBXBJYUXJ LBJOO KCPK. CP LBO LBCMKXPV XPV IYJKL PYDBL, QBOP KBO BXV OPVOV LBO LXRO CI SX'XJMI, KBO JCKO XPV EYKKOV LBO DJCMPV ZOICJO BYS, KXUYPD: “DJOXL EYPD, ICJ X LBCMKXPV XPV CPO PYDBLK Y BXNO ZOOP JOACMPLYPD LC UCM LBO IXZROK CI FXKL XDOK XPV LBO RODOPVK CI XPAYOPL EYPDK. SXU Y SXEO KC ZCRV XK LC AJXNO X IXNCMJ CI UCMJ SXGOKLU?” OFYRCDMO, LXROK IJCS LBO LBCMKXPV XPV CPO PYDBLK
CSC4430 – Data Communication and Computer Networks
11
23.3.1. Traditional Cryptography
We identify the most common characters, digrams and trigrams in the ciphertext Example PCQ VMJYPD LBYK LYSO KBXBJXWXV BXV ZCJPO EYPD KBXBJYUXJ LBJOO KCPK. CP LBO LBCMKXPV XPV IYJKL PYDBL, QBOP KBO BXV OPVOV LBO LXRO CI SX'XJMI, KBO JCKO XPV EYKKOV LBO DJCMPV ZOICJO BYS, KXUYPD: “DJOXL EYPD, ICJ X LBCMKXPV XPV CPO PYDBLK Y BXNO ZOOP JOACMPLYPD LC UCM LBO IXZROK CI FXKL XDOK XPV LBO RODOPVK CI XPAYOPL EYPDK. SXU Y SXEO KC ZCRV XK LC AJXNO X IXNCMJ CI UCMJ SXGOKLU?” OFYRCDMO, LXROK IJCS LBO LBCMKXPV XPV CPO PYDBLK First guess: z
LBO is THE
CSC4430 – Data Communication and Computer Networks
12
23.3.1. Traditional Cryptography
Assuming LBO represents THE, we replace L with T, B with H, and O with E and get PCQ VMJYPD THYK TYSE KHXHJXWXV HXV ZCJPE EYPD KHXHJYUXJ THJEE KCPK. CP THE THCMKXPV XPV IYJKT PYDHT, QHEP KHO HXV EPVEV THE LXRE CI SX'XJMI, KHE JCKE XPV EYKKEV THE DJCMPV ZEICJE HYS, KXUYPD: “DJEXT EYPD, ICJ X THCMKXPV XPV CPE PYDHTK Y HXNE ZEEP JEACMPTYPD TC UCM THE IXZREK CI FXKT XDEK XPV THE REDEPVK CI XPAYEPT EYPDK. SXU Y SXEE KC ZCRV XK TC AJXNE X IXNCMJ CI UCMJ SXGEKTU?” EFYRCDME, TXREK IJCS THE THCMKXPV XPV CPE PYDBTK
CSC4430 – Data Communication and Computer Networks
13
23.3.1. Traditional Cryptography
Code: X Z A V O I D B Y G E R S P C F H J K L M N Q T U W A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Ciphertext: PCQ VMJYPD LBYK LYSO KBXBJXWXV BXV ZCJPO EYPD KBXBJYUXJ LBJOO KCPK. CP LBO LBCMKXPV XPV IYJKL PYDBL, QBOP KBO BXV OPVOV LBO LXRO CI SX'XJMI, KBO JCKO XPV EYKKOV LBO DJCMPV ZOICJO BYS, KXUYPD: “DJOXL EYPD, ICJ X LBCMKXPV XPV CPO PYDBLK Y BXNO ZOOP JOACMPLYPD LC UCM LBO IXZROK CI FXKL XDOK XPV LBO RODOPVK CI XPAYOPL EYPDK. SXU Y SXEO KC ZCRV XK LC AJXNO X IXNCMJ CI UCMJ SXGOKLU?” OFYRCDMO, LXROK IJCS LBO LBCMKXPV XPV CPO PYDBLK Plaintext: Now during this time Shahrazad had borne King Shahriyar three sons. On the thousand and first night, when she had ended the tale of Ma'aruf, she rose and kissed the ground before him, saying: “Great King, for a thousand and one nights I have been recounting to you the fables of past ages and the legends of ancient kings. May I make so bold as to crave a favour of your majesty?” Epilogue, Tales from the Thousand and One Nights
CSC4430 – Data Communication and Computer Networks
14
23.3.2. Modern Cryptography
Two categories of modern cryptography: z
Secret key or Symmetric key crypto: Sender and receiver use the same key. The decryption algorithm is the inverse of the encryption algorithm.
CSC4430 – Data Communication and Computer Networks
15
23.3.2. Modern Cryptography z
Secret key or Symmetric key crypto (continued): Commonly used to encrypt and decrypt long messages. Advantage: Efficient – takes less time to encrypt message than using public key crypto due to the smaller key.
Disadvantages: Each pair of users must have a secret key. So, for N users to communicate, we need N(N-1)/2 keys. Difficult to distribute the key between two parties.
Most common method: DES (Data Encryption Standard).
CSC4430 – Data Communication and Computer Networks
16
23.3.2. Modern Cryptography z
Public-key crypto: Sender and receiver uses different keys. Each user has two keys: A private key is kept by the user. A public key is announced to the public.
CSC4430 – Data Communication and Computer Networks
17
23.3.2. Modern Cryptography z
Public-key crypto (continued): Example:
All customers use the public key of the bank to encrypt the message. The bank uses its private key to decrypt the message. CSC4430 – Data Communication and Computer Networks
18
23.3.2. Modern Cryptography z
Public-key crypto (continued): More efficient for short messages. Advantages: Remove the problem in sharing the keys. The number of keys needed is reduced tremendously.
Disadvantage: Complexity of the algorithm.
Most common method: RSA (Rivest, Shamir, Adleman).
CSC4430 – Data Communication and Computer Networks
19
23.3.2. Modern Cryptography
Privacy using the combination: z
Combine the advantage of the secret key method (efficiency) with the advantage of the public key method (easy distribution of keys).
CSC4430 – Data Communication and Computer Networks
20
23.3.2. Modern Cryptography
Privacy using the combination (continued): z z z
Public key is used to encrypt the secret key. The secret key is used to encrypt the message. Procedure: Sender chooses a secret key – called one-session key. Sender uses the public key of the receiver to encrypt the secret key and sends the encrypted secret key to the receiver. Receiver uses the private key to decrypt the secret key. The sender uses the secret key to encrypt the actual message.
CSC4430 – Data Communication and Computer Networks
21
23.4. Digital Signature
Electronic equivalent of written signature. Two choices: z z
Signing the entire document. Signing the digest (condensed version) of the document.
CSC4430 – Data Communication and Computer Networks
22
23.4.1. Signing the Whole Document
Can use public key encryption, but use different roles: z z
Sender uses her private key to encrypt (sign). Receiver uses the public key of the sender to decrypt the message.
CSC4430 – Data Communication and Computer Networks
23
23.4.2. Signing the Digest
Also use public key encryption, but on the digest (shorter version) of the document. Use a hash function to create the digest.
CSC4430 – Data Communication and Computer Networks
24
23.4.2. Signing the Digest z
Properties of a hash function: Hashing is one-way. It can only create the digest from the message and not vice versa. Produces a fixed-size digest.
Hashing is one-to-one function. There is little probability that two messages will create the same digest. Any small change in the document (even a space) will give a different hashed value. z
Two most common hash function: MD5 (Message Digest 5): produces 120-bit digest. SHA-1 (Secure Hash Algorithm 1): produces 160bit digest. SHA-1 is a US standard.
CSC4430 – Data Communication and Computer Networks
25
23.4.2. Signing the Digest
Sender site:
z z z
Create the digest. Sign the digest using private key. Send the digest with original message.
CSC4430 – Data Communication and Computer Networks
26
23.4.2. Signing the Digest
Receiver site:
z z
Decrypt the digest. Compare the digest with its own digest.
CSC4430 – Data Communication and Computer Networks
27
23.4. Digital Signature
Both use public key encryption. Digital signature provides: z
Integrity: If an intruder intercepts the message and partially changes it, the decrypted message will be unreadable.
z
Authentication: If C pretends to be B (the sender), then C will use her private key to encrypt. If the receiver uses the public key of B to decrypt the message, it will be unreadable.
z
Non-repudiation: If the receiver can decrypt the message using B public key, then B must be the sender.
CSC4430 – Data Communication and Computer Networks
28
23.4. Digital Signature
Non-repudiation relies on ensuring that the public key actually belongs to B (the right sender). Thus, we need a Certification Authority (CA).
CSC4430 – Data Communication and Computer Networks
29
23.4. Digital Signature
Certification authority (CA): z
binds public key to particular entity, E.
E (person, router) registers its public key with CA. z z z
E provides “proof of identity” to CA. CA creates a certificate binding E to its public key. The certificate is digitally signed by CA – CA says “this is E’s public key”.
Bob’s public key Bob’s identifying information
+
KB
digital signature (encrypt) CA private key
CSC4430 – Data Communication and Computer Networks
K-
CA
+
KB certificate for Bob’s public key, signed by CA 30
23.4. Digital Signature
Serial number (unique to issuer) info about certificate owner, including algorithm and key value itself (not shown) info about certificate issuer valid dates digital signature by issuer
CSC4430 – Data Communication and Computer Networks
31
23.4. Digital Signature
When Alice wants Bob’s public key: z z
gets Bob’s certificate (Bob or elsewhere). apply CA’s public key to Bob’s certificate, get Bob’s public key. + KB
digital signature (decrypt) CA public key
Bob’s public + key KB
+ K CA
CSC4430 – Data Communication and Computer Networks
32
23.5. DES
DES (Data Encryption Standard): z
z
z
Originally developed in IBM, now an ANSI standard. Encrypts 64-bit plaintext using 56-bit symmetric key. How secure is DES? Using brute force, it requires 4 months to decrypt 56-bit-key-encrypted phrase. No known “backdoor” decryption approach.
Triple DES: z
Improves security by using DES three times with different keys.
CSC4430 – Data Communication and Computer Networks
33
23.5. DES
DES uses bit-level encryption technique: z
z
Divide data (text, graphics, audio or video) into blocks of bits. Alter the bits by using permutation, exclusive OR, rotation, etc.
Permutation: z
Changing the position of the bits.
CSC4430 – Data Communication and Computer Networks
34
23.5. DES
Exclusive OR:
Rotation:
CSC4430 – Data Communication and Computer Networks
35
23.5. DES
Schematic diagram of DES:
z z
First step and last two steps are relatively simple. Step 2-17 use the same procedure but different key, derived from the original key.
CSC4430 – Data Communication and Computer Networks
36
23.5. DES
DES subkey generation:
One of the 16 complex steps:
CSC4430 – Data Communication and Computer Networks
37
23.6. RSA
RSA (Rivest, Shamir, Adleman): z
Is an algorithm for public-key encryption.
z
In this method: Sender uses a public key of receiver Kp. Receiver uses its secret (private) key Ks. Both use a number N.
z
It is reciprocal, i.e. Kp(Ks(P)) = P or Ks(Kp(P)) = P.
CSC4430 – Data Communication and Computer Networks
38
23.6. RSA
Encryption algorithm: z
z z
Encode the data as a number to create the plaintext P. Calculate the ciphertext C as C = PKp modulo N. Send C as the ciphertext.
Decryption algorithm: z z z
Receive C, the ciphertext. Calculate the plaintext P = CKc modulo N. Decode P to the original data.
CSC4430 – Data Communication and Computer Networks
39
23.6. RSA
Example: Kp = 5, Ks = 77, N = 119.
CSC4430 – Data Communication and Computer Networks
40
23.6. RSA
Choosing Kp, Ks and N. 1. 2. 3. 4. 5.
Pick a pair of prime number p and q. Calculate N = p × q. Calculate m = (p-1) × (q-1). Select Kp that is not a factor of m. Select Ks such that (Kp × Ks) mod m = 1. 1. 2. 3. 4. 5.
p = 7, q = 17 N = 7 ×17 = 119 m = (7-1) × (17-1) = 96 Kp = 5 Kc = 77
CSC4430 – Data Communication and Computer Networks
41
23.6. RSA
Security of RSA: z
z
z
The complexity lies in the process of picking the prime numbers (p and q) for a given N. It would take more than 70 years to find the numbers with 100 bits (N). RSA Laboratories recommends N = 1024 bits.
CSC4430 – Data Communication and Computer Networks
42
23.7. PGP
PGP (Pretty Good Privacy): z
z
z
Is an example of a good secure system as it provides all four aspects of security. Is the de-facto standard for Internet e-mail encryption. Uses: Digital signature – provide integrity, authentication and non-repudiation. Combination of secret key and public key encryption – provide privacy.
CSC4430 – Data Communication and Computer Networks
43
23.7. PGP
PGP at the sender site:
CSC4430 – Data Communication and Computer Networks
44
23.7. PGP
PGP at the receiver site:
CSC4430 – Data Communication and Computer Networks
45
23.8. SSL
SSL (Secure Socket Layer): z z
z
Works at the transport layer. Provides all four aspects of security to any TCPbased applications using SSL services. Example: secure http - used between WWW browsers and web servers. Client
Server
HTTP, telnet
HTTP, telnet
SSL
SSL
TCP/IP
TCP/IP
CSC4430 – Data Communication and Computer Networks
46
23.8. SSL z
Transaction using normal http: Can see the plaintext using packet sniffer.
z
Transaction using secure http: Only see the ciphertext.
CSC4430 – Data Communication and Computer Networks
47
23.9. Summary
Network Security: z
Four aspects of network security. Privacy – achieved using cryptography : Section 27.2. Integrity, authentication and non-repudiation – achieved using digital signature : Section 27.3.
z
Specific security standards in practice: Privacy standards: DES, RSA : Section 23.2. Application layer: PGP : Section 27.4. Transport layer: SSL.
CSC4430 – Data Communication and Computer Networks
48