1 2004.6.10. this class chapter 9 next class wrap up this semester review what we have learned ...
TRANSCRIPT
1
2004.6.10.
This ClassChapter 9
Next ClassWrap up this semesterReview what we have learnedQuestionnaire/FeedbackFinal exam
2
Certificates
A special type of digitally signed document name of entity being certified public key of entity name of certificate authority (CA) digital signature
X.509 major standard of certificates
3
Certification Authorities
Certification authority (CA): binds public key to particular entity, E.
E (person, router) registers its public key with CA. E provides “proof of identity” to CA. CA creates certificate binding E to its public key. certificate containing E’s public key digitally signed by
CA – CA says “this is E’s public key”Bob’s public
key K B+
Bob’s identifying informatio
n
digitalsignature(encrypt)
CA private
key K CA-
K B+
certificate for Bob’s public
key, signed by CA
4
Certification Authorities
When Alice wants Bob’s public key: gets Bob’s certificate (Bob or elsewhere). apply CA’s public key to Bob’s certificate,
get Bob’s public key
Bob’s public
key K B+
digitalsignature(decrypt)
CA public
key K CA+
K B+
5
A certificate contains:
Serial number (unique to issuer) info about certificate owner, including
algorithm and key value itself (not shown) info about
certificate issuer valid dates digital signature by
issuer
6
Secure e-mail
Alice: generates random symmetric private key, KS. encrypts message with KS (for efficiency) also encrypts KS with Bob’s public key. sends both KS(m) and KB(KS) to Bob.
Alice wants to send confidential e-mail, m, to Bob.
KS( ).
KB( ).+
+ -
KS(m
)
KB(KS )+
m
KS
KS
KB+
Internet
KS( ).
KB( ).-
KB-
KS
mKS(m
)
KB(KS )+
7
Secure e-mail
Bob: uses his private key to decrypt and recover KS
uses KS to decrypt KS(m) to recover m
Alice wants to send confidential e-mail, m, to Bob.
KS( ).
KB( ).+
+ -
KS(m
)
KB(KS )+
m
KS
KS
KB+
Internet
KS( ).
KB( ).-
KB-
KS
mKS(m
)
KB(KS )+
8
Secure e-mail (continued)
• Alice wants to provide sender authentication message integrity.
• Alice digitally signs message.• sends both message (in the clear) and digital signature.
H( ). KA( ).-
+ -
H(m )KA(H(m))-
m
KA-
Internet
m
KA( ).+
KA+
KA(H(m))-
mH( ). H(m )
compare
9
Secure e-mail (continued)
• Alice wants to provide secrecy, sender authentication, message integrity.
Alice uses three keys: her private key, Bob’s public key, newly created symmetric key
H( ). KA( ).-
+
KA(H(m))-
m
KA-
m
KS( ).
KB( ).+
+
KB(KS )+
KS
KB+
Internet
KS
10
Pretty good privacy (PGP)
Internet e-mail encryption scheme, de-facto standard.
uses symmetric key cryptography, public key cryptography, hash function, and digital signature as described.
provides secrecy, sender authentication, integrity.
inventor, Phil Zimmerman, was target of 3-year federal investigation.
---BEGIN PGP SIGNED MESSAGE---Hash: SHA1
Bob:My husband is out of town tonight.Passionately yours, Alice
---BEGIN PGP SIGNATURE---Version: PGP 5.0Charset: noconvyhHJRHhGJGhgg/
12EpJ+lo8gE4vB3mqJhFEvZP9t6n7G6m5Gw2
---END PGP SIGNATURE---
A PGP signed message:
11
PGP (continued)
Key Distribution in PGP“PGP is for people who prefer to pack their own parachutes”
Use key rings and manage level of “trust”
12
Secure Shell (SSH)
Problem of Telnet?
SSH v2 consists of 3 protocols:SSH-TRANSSSH-AUTHSSH-CONN
13
SSH-TRANS
Provides an encrypted channel between client and serverclient authenticates server by RSAboth establish a session keyboth negotiate encryption algorithm
Q: How does client get server’s public key?
14
SSH-AUTH
3 ways to authenticateUse session key from SSH-TRANS to encrypt password
Use public key encryptionUse host-based authentication
15
SSH-CONN
Supports “port forwarding” Often used in X Windows
16
Secure sockets layer (SSL)
transport layer security to any TCP-based app using SSL services.
used between Web browsers, servers for e-commerce (shttp).
security services: server authentication data encryption client authentication
(optional)
server authentication: SSL-enabled browser
includes public keys for trusted CAs.
Browser requests server certificate, issued by trusted CA.
Browser uses CA’s public key to extract server’s public key from certificate.
check your browser’s security menu to see its trusted CAs.
17
SSL (continued)
Encrypted SSL session: Browser generates
symmetric session key, encrypts it with server’s public key, sends encrypted key to server.
Using private key, server decrypts session key.
Browser, server know session key All data sent into TCP
socket (by client or server) encrypted with session key.
SSL: basis of IETF Transport Layer Security (TLS).
SSL can be used for non-Web applications, e.g., IMAP.
Client authentication can be done with client certificates.
18
IPsec: Network Layer Security
Network-layer secrecy: sending host encrypts the
data in IP datagram TCP and UDP segments;
ICMP and SNMP messages. Network-layer authentication
destination host can authenticate source IP address
Two principle protocols: authentication header
(AH) protocol encapsulation security
payload (ESP) protocol
For both AH and ESP, source, destination handshake: create network-layer
logical channel called a security association (SA)
Each SA unidirectional. Uniquely determined by:
security protocol (AH or ESP)
source IP address 32-bit connection ID
19
Authentication Header (AH) Protocol
provides source authentication, data integrity, no confidentiality
AH header inserted between IP header, data field.
protocol field: 51 intermediate routers
process datagrams as usual
AH header includes: connection identifier authentication data:
source- signed message digest calculated over original IP datagram.
next header field: specifies type of data (e.g., TCP, UDP, ICMP)
IP header data (e.g., TCP, UDP segment)AH header
20
ESP Protocol
provides secrecy, host authentication, data integrity.
data, ESP trailer encrypted. next header field is in ESP
trailer.
ESP authentication field is similar to AH authentication field.
Protocol = 50.
IP header TCP/UDP segmentESP
headerESP
trailerESP
authent.
encryptedauthenticated
21
Firewalls
isolates organization’s internal net from larger Internet, allowing some packets to pass, blocking others.
firewall
administerednetwork
publicInternet
firewall
22
Firewalls: Why
prevent denial of service attacks: SYN flooding: attacker establishes many bogus
TCP connections, no resources left for “real” connections.
prevent illegal modification/access of internal data. e.g., attacker replaces CIA’s homepage with
something elseallow only authorized access to inside network (set of
authenticated users/hosts)two types of firewalls:
application-level packet-filtering
23
Packet Filtering
internal network connected to Internet via router firewall
router filters packet-by-packet, decision to forward/drop packet based on: source IP address, destination IP address TCP/UDP source and destination port numbers ICMP message type TCP SYN and ACK bits
Should arriving packet be allowed
in? Departing packet let out?
24
Packet Filtering
Example 1: block incoming and outgoing datagrams with IP protocol field = 17 and with either source or dest port = 23. All incoming and outgoing UDP flows and
telnet connections are blocked. Example 2: Block inbound TCP segments with
ACK=0. Prevents external clients from making TCP
connections with internal clients, but allows internal clients to connect to outside.
25
Application gateways
Filters packets on application data as well as on IP/TCP/UDP fields.
Example: allow select internal users to telnet outside.
host-to-gatewaytelnet session
gateway-to-remote host telnet session
applicationgateway
router and filter
1. Require all telnet users to telnet through gateway.2. For authorized users, gateway sets up telnet
connection to dest host. Gateway relays data between 2 connections
3. Router filter blocks all telnet connections not originating from gateway.
26
Limitations of firewalls and gateways
IP spoofing: router can’t know if data “really” comes from claimed source
if multiple app’s. need special treatment, each has own app. gateway.
client software must know how to contact gateway. e.g., must set IP address
of proxy in Web browser
filters often use all or nothing policy for UDP.
tradeoff: degree of communication with outside world, level of security
many highly protected sites still suffer from attacks.
27
Applications
DNS SMTP, MIME, IMAP HTTP SNMP RTP SDP, SIP, H.323
28
DNS: Domain Name System
People: many identifiers: SSN, name, passport #
Internet hosts, routers: IP address (32 bit) - used
for addressing datagrams
“name”, e.g., gaia.cs.umass.edu - used by humans
Q: map between IP addresses and name ?
Domain Name System: distributed database
implemented in hierarchy of many name servers
application-layer protocol host, routers, name servers to communicate to resolve names (address/name translation) note: core Internet
function, implemented as application-layer protocol
complexity at network’s “edge”
29
DNS name servers
no server has all name-to-IP address mappings
local name servers: each ISP, company has
local (default) name server host DNS query first goes
to local name server
authoritative name server: for a host: stores that
host’s IP address, name can perform name/address
translation for that host’s name
Why not centralize DNS?
single point of failure traffic volume distant centralized
database maintenance
doesn’t scale!
30
DNS: Root name servers
contacted by local name server that can not resolve name root name server:
contacts authoritative name server if name mapping not known
gets mapping returns mapping to local name server
b USC-ISI Marina del Rey, CAl ICANN Marina del Rey, CA
e NASA Mt View, CAf Internet Software C. Palo Alto, CA
i NORDUnet Stockholm
k RIPE London
m WIDE Tokyo
a NSI Herndon, VAc PSInet Herndon, VAd U Maryland College Park, MDg DISA Vienna, VAh ARL Aberdeen, MDj NSI (TBD) Herndon, VA
13 root name servers worldwide
31
Simple DNS example
host surf.eurecom.fr wants IP address of gaia.cs.umass.edu
1. contacts its local DNS server, dns.eurecom.fr
2. dns.eurecom.fr contacts root name server, if necessary
3. root name server contacts authoritative name server, dns.umass.edu, if necessary requesting host
surf.eurecom.frgaia.cs.umass.edu
root name server
authorititive name serverdns.umass.edu
local name serverdns.eurecom.fr
1
23
4
5
6
32
DNS example
Root name server: may not know
authoritative name server
may know intermediate name server: who to contact to find authoritative name server
requesting hostsurf.eurecom.fr
gaia.cs.umass.edu
root name server
local name serverdns.eurecom.fr
1
23
4 5
6
authoritative name serverdns.cs.umass.edu
intermediate name serverdns.umass.edu
7
8
33
DNS: iterated queries
recursive query: puts burden of
name resolution on contacted name server
heavy load?
iterated query: contacted server
replies with name of server to contact
“I don’t know this name, but ask this server”
requesting hostsurf.eurecom.fr
gaia.cs.umass.edu
root name server
local name serverdns.eurecom.fr
1
23
4
5 6
authoritative name serverdns.cs.umass.edu
intermediate name serverdns.umass.edu
7
8
iterated query
34
DNS: caching and updating records
once (any) name server learns mapping, it caches mapping cache entries timeout (disappear)
after some time update/notify mechanisms under
design by IETF RFC 2136 http://www.ietf.org/html.charters/dnsind-
charter.html
35
DNS records
DNS: distributed db storing resource records (RR)
Type=NS name is domain (e.g.
foo.com) value is IP address of
authoritative name server for this domain
RR format: (name, value, type,ttl)
Type=A name is hostname value is IP address
Type=CNAME name is alias name for some
“canonical” (the real) name www.ibm.com is really servereast.backup2.ibm.com value is canonical name
Type=MX value is name of mailserver
associated with name
36
DNS protocol, messages
DNS protocol : query and reply messages, both with same message format
msg header identification: 16 bit #
for query, reply to query uses same #
flags: query or reply recursion desired recursion available reply is authoritative
37
DNS protocol, messages
Name, type fields for a query
RRs in responseto query
records forauthoritative servers
additional “helpful”info that may be used
38
Acknowledgments
Some slides are from: Computer Networking: A Top Down Approach Featuring the Internet, 2nd edition. Jim Kurose, Keith RossAddison-Wesley, July 2002. All material copyright 1996-2002
J.F Kurose and K.W. Ross, All Rights Reserved