chapter 8: network security data pathqyang/ele543/2020/lecture9security.pdf1 chapter 8: network...
TRANSCRIPT
1
Chapter 8: Network SecurityChapter goals: ■ understand principles of network security:– cryptography and its many uses beyond
“confidentiality”
– authentication– message integrity
■ cryptography:– Traditional cypher
– Symmetric and public key encryption/decryption
8-1Security
1
Data Path
Client Internet ExploreNetscape
The Internet
Multiple data Sources
Application Server
App.1
XML Web Server
ODBC
App 2
HTML
ODBC
ReturnData
2
Security Issues
■ Now, Information is transferred over the Internet as opposed to Intranet/Extranet
■ Do we want the information available to everyone in the world?
■ Who are authorized to get the information■ How is the authentication done?■ Define security policies■ Implement the policies
3
What is Network Security?
confidentiality: only sender, intended receiver should “understand” message contents
– sender encrypts message– receiver decrypts message
authentication: sender, receiver want to confirm identity of each othermessage integrity: sender, receiver want to ensure message not altered (in transit, or afterwards) without detectionaccess and availability: services must be accessible and available to users
4
Possible Attacks
Normal data transmission
Interruption, attk on Availe.g. Hardware/soft failure
Modification, attk on integritye.g.change file, msg, program
Interception: attk on confidentiality, e.g.wiretapping, il. copy
Fabrication, authenticityspurious msg, false id
5
■ Passive attack: InterceptionRelease of message, traffic analysis
■ Active attack:– Fabrication or Masquerade, (pretend to be some one
else); – Modification of a msg, – Interruption and denial of svc,
Types of Attacks
6
2
Friends and Enemies: Alice, Bob, Trudy
■ well-known in network security world■ Bob, Alice (lovers!) want to communicate “securely”■ Trudy (intruder) may intercept, delete, add messages
7
Who Might Bob, Alice Be?
• … well, real-life Bobs and Alices!• Web browser/server for electronic transactions (e.g.,
on-line purchases)• on-line banking client/server• DNS servers• routers exchanging routing table updates• other examples?
8
There are Bad Guys (and Girls) Out There!
Q: What can a “bad guy” do?A: A lot! See section 1.6
– eavesdrop: intercept messages– actively insert messages into connection– impersonation: can fake (spoof) source address in
packet (or any field in packet)– hijacking: “take over” ongoing connection by
removing sender or receiver, inserting himself in place– denial of service: prevent service from being used by
others (e.g., by overloading resources)
9
Principles of Cryptography
■ Plaintext---encryption-à cypher-text, ■ Cyphertext---decryption-àplaintext■ Symmetric key algorithm■ Public key algorithm
10
The Language of Cryptography
m plaintext message
( )AK m ciphertext, encrypted with key AK
( )( )B Am = K K m
11
Breaking an Encryption Scheme• cipher-text only attack:
Trudy has ciphertext she can analyze
• two approaches:– brute force: search
through all keys– statistical analysis
• known-plaintext attack: Trudy has plaintext corresponding to ciphertext– e.g., in monoalphabetic
cipher, Trudy determines pairings for a,l,i,c,e,b,o,
• chosen-plaintext attack: Trudy can get ciphertext for chosen plaintext
12
3
Symmetric Key Cryptography
symmetric key crypto: Bob and Alice share same (symmetric) key: Ks
• e.g., key is knowing substitution pattern in mono alphabetic substitution cipher
Q: how do Bob and Alice agree on key value?
13
■ Substitution Ciphers:– Each letter in a plaintext is replaced by another letter– k-shift shift text by k letters, k is the key– Random mapping with key being 26-letter string
■Transposition Ciphers:– Reorder the letters in a plaintext using a key rather than
changing the letters
Traditional Encryption Methods
14
Simple Encryption Schemesubstitution cipher: substituting one thing for another■ monoalphabetic cipher: substitute one letter for another
e.g.:
Encryption key: mapping from set of 26 letters to set of 26 letters
15
■ Substitution Ciphers:– Key= qwer tyui opas dfgh jklz xcvb nm– abcd efgh ijkl mnop qrst uvwx yz– attack is transferred qzzqea
■ Transposition (Permutation) Ciphers:– Key = MEGABUCK– plaintext=please send a million dollars to Q. Yang
Examples of Traditional Encryptions
16
■ Transposition (Permutation) Ciphers:– Key = MEGABUCK– plaintext=please send a million dollars to Q Yang
Examples of Traditional Encryptions
M E G A B U C K
P L E A S E S E
N D A M I L L I
O N D O L L A R
S T O Q Y A N G
■ Ciphers after encryption:AMOQSILYSLANLDNTEADOEIRGPNOSELLA
17
Data Encryption Standard (DES)
56bitKey
Initial Transposition
Iteration 1
Iteration 2
Iteration 16
32 bit swap
Inverse Transposition
64 bit ciphertext
Li-1+f(Ri-1,Ki)
Li-1 32 bits Ri-1 32 bits
Li 32 bits Ri 32 bits
18
4
Symmetric Key Crypto: DES
DES: Data Encryption Standard• US encryption standard [NIST 1993]• 56-bit symmetric key, 64-bit plaintext input• block cipher with cipher block chaining• how secure is DES?
– DES Challenge: 56-bit-key-encrypted phrase decrypted (brute force) in less than a day
– no known good analytic attack• making DES more secure:
– 3DES: encrypt 3 times with 3 different keys
19
AES: Advanced Encryption Standard
• symmetric-key NIST standard, replaced DES (Nov 2001)
• processes data in 128-bit blocks• 128, 192, or 256 bits keys• brute force decryption (try each key) taking 1
sec on DES, takes 149 trillion years for AES
20
Public Key Cryptography (1 of 2)
symmetric key crypto
• requires sender, receiver know shared secret key
• Q: how to agree on key in first place (particularly if never “met”)?
public key crypto
• radically different approach [Diffie-Hellman76, RSA78]
• sender, receiver do not share secret key
• public encryption key known to all
• private decryption key known only to receiver
21
Public Key Cryptography (2 of 2)
22
Public Key Encryption Algorithms
requirements:
1. need ( ) ( )+ -B Bk . k .and such that
( )- +B Bk k (m) =m
2. given public key ,+Bk-Bk
RSA: Rivest, Shamir, Adelson algorithm
2. It should be impossible to derive
23
Prerequisite: Modular Arithmetic• x mod n = remainder of x when divide by n• facts:
( ) ( ) ( )( ) ( ) ( )( ) ( ) ( )
é ùë ûé ùë ûé ùë û
a mod n + b mod n mod n = a+b mod na mod n b mod n mod n = a b mod na mod n * b mod n mod n = a *b mod n
- -
■ thus d d(a mod n mod) n = a mod n
■ example: x=14, n=10, d=2:d 2
d 2 d
x mod n mod n = 4 mod 10 = 6 x = 14 = 196 x mod ( )
10 = 6
24
5
RSA: Getting Ready
• message: just a bit pattern
• bit pattern can be uniquely represented by an integer number
• thus, encrypting a message is equivalent to encrypting a number
example:
• m= 10010001. This message is uniquely represented by the decimal number 145.
• to encrypt m, we encrypt the corresponding number, which gives a new number (the ciphertext).
25
RSA: Creating Public/Private Key Pair
1. choose two large prime numbers p, q. (e.g., 1024 bits each)
2. compute( )- -n = pq, z = 1 (p q 1)
3. choose e (with e<n) that has no common factors with z (e, zare “relatively prime”).
4. choose d such that ed−1 is exactly divisible by z. (in other words: ed mod z = 1 ).
5.!
)"#$
public key is private key is .n e n,d+ -B BK K
( , ). (
26
RSA: Encryption, Decryption0. given (n,e) and (n,d) as computed above1. to encrypt message m (<n), compute
modc m ne =
2. to decrypt received bit pattern, c, compute
d = modm c n
magichappens! !"#"$
e dm = ( )m n nc
mod mod
27
RSA ExampleBob chooses p=5, q=7. Then n=35, z=24.
e=5 (so e, z relatively prime).d=29 (so ed-1 exactly divisible by z).
encrypting 8-bit messages.
00001100
28
Why Does RSA Work?■ must show that dc mod n = m
ewhere c = m mod n■ fact: for any x an y: ( )y mod zyx mod n = x mod n
– where n= pq and ( )z = p 1 1(q )- -■ thus,
( )
d e d
ed
ed mod z
1
c mod n = m mod n mod n = m mod n
= m mod n = m mod n
( )
= m
29
RSA: Another Important PropertyThe following property will be very useful later:
( ) ( )!"#"$ !"#"$
- + + -B B B Bk k (m) =m=k k (m)
use public key first, followed by private key
use private key first, followed by public key
result is the same!
30
6
Why K s u b B m i n u s l e f t p a r e n t h e s i s K s u b B p l u s l e f t p a r e n t h e s i s m r i g h t p a r e n t h e s i s r i g h t p a r e n t h e s i s = m = K s u b B p l u s l e f t p a r e n t h e s i s K s u b B m i n u s l e f t p a r e n t h e s i s m r i g h t p a r e n t h e s i s r i g h t p a r e n t h e s i s q u e s t i o n m a r k .( ) ( )- + + -B B B Bk k (m) = m = k k (m) ?
follows directly from modular arithmetic:
( )de edm mod n mod n = m mod nde= m mod n
d e = m mod n m( ) od n
31
Why is RSA Secure?• suppose you know Bob’s public key (n,e). How hard is it
to determine d?• essentially need to find factors of n without knowing the
two factors p and q– fact: factoring a big number is hard
32
Public Key EncryptionM = D (K_pub, E(K_prv, M));and
M = D (K_prv, E(K_pub,M));■ To protect from passive attack,
– use public key to encrypt messages, only the person with K_prvcan read it
■ To protect from active attach, – use K_prv to encrypt the message, receiver use the corresponding
public key to decrypt
■ To guarantee both authentic and private– 1st encrypt using sender’s private key, 2rd encrypt using
receiver’s public key
33
Authentication vs Authorization
■ Authentication deals with the question of whether or not you are actually communicating with a specific process
■ Authorization is concerned with what that process is permitted to do
e.g. “I am Prof. Yang and I want to change Jack’s grade from B to A”
– Is this actually Prof. Yang’s process?– Is Prof. Yang allowed to change Jack’s grade?
34
Firewalls■ To block unwanted network traffic into or out of a
private network
■ Packet filtering– Network layer– Transport layer
■ Application Gateway– Application layer exam all messages and
determine what messages are allowed to pass.
35
Firewalls
isolates organization’s internal net from larger Internet, allowing some packets to pass, blocking others.
firewall
administerednetwork
publicInternet
firewall
36
7
Firewalls: Why
prevent denial of service attacks:– SYN flooding: attacker establishes many bogus TCP
connections, no resources left for “real” connections. prevent illegal modification/access of internal data.
– e.g., attacker replaces CIA’s homepage with something else
allow only authorized access to inside network (set of authenticated users/hosts)
two types of firewalls:– application-level– packet-filtering
37
Packet Filtering
■ internal network connected to Internet via router firewall■ router filters packet-by-packet, decision to forward/drop
packet based on:– source IP address, destination IP address– TCP/UDP source and destination port numbers– ICMP message type– TCP SYN and ACK bits
Should arriving packet be allowed
in? Departing packet let out?
38
Packet Filtering
■ Example 1: block incoming and outgoing datagrams with IP protocol field = 17 and with either source or dest port = 23.– All incoming and outgoing UDP flows and
telnet connections are blocked.■ Example 2: Block inbound TCP segments with
ACK=0.– Prevents external clients from making TCP
connections with internal clients, but allows internal clients to connect to outside.
39
Application gateways
■ Filters packets on application data as well as on IP/TCP/UDP fields.
■ Example: allow select internal users to telnet outside.
host-to-gatewaytelnet session
gateway-to-remote host telnet session
applicationgateway
router and filter
1. Require all telnet users to telnet through gateway.2. For authorized users, gateway sets up telnet connection to
dest host. Gateway relays data between 2 connections3. Router filter blocks all telnet connections not originating
from gateway.
40
Limitations of firewalls and gateways
■ IP spoofing: router can’t know if data “really” comes from claimed source
■ if multiple app’s. need special treatment, each has own app. gateway.
■ client software must know how to contact gateway.– e.g., must set IP address of
proxy in Web browser
■ filters often use all or nothing policy for UDP.
■ tradeoff: degree of communication with outside world, level of security
■ many highly protected sites still suffer from attacks.
41