Internet security protocols

Size: px
Start display at page:

Download "Internet security protocols"

Transcription

1 Internet security protocols S E G U R A N Ç A R E D E S E D A D O S / P E D R O B R A N D Ã O M A N U E L E D U A R D O C O R R E I A Slides are by Mark Stamp Information Security: Principles and Practice 2nd edition (Wiley 2011). Some other slides from Dr Lawrie Brown for Computer Security: Principles and Practice, 1/e, by William Stallings and Lawrie Brown With some minor changes/additions 2 Security Protocols 1

2 Protocol Human protocols the rules followed in human interactions Example: Asking a question in class Networking protocols rules followed in networked communication systems Examples: HTTP, FTP, etc. Security protocol the (communication) rules followed in a security application Examples: SSL, IPsec, Kerberos, etc. 3 Protocols Protocol flaws can be very subtle Several well-known security protocols have significant flaws Including WEP, GSM, and even IPsec Implementation errors can occur Such as IE implementation of SSL (CVE ) Not easy to get protocols right 4 Security Protocols 2

3 Ideal Security Protocol Satisfies security requirements Requirements must be precise Efficient Small computational requirement Small bandwidth usage, network delays Robust Works when attacker tries to break it Works even if environment changes Easy to use & implement, flexible Difficult to satisfy all of these! 5 Simple Security Protocols Security Protocols 3

4 Secure Entry to NSA 1. Insert badge into reader 2. Enter PIN 3. Correct PIN? Yes? Enter No? Get shot by security guard 7 1. Insert ATM card 2. Enter PIN ATM Machine Protocol 3. Correct PIN? Yes? Conduct your transaction(s) No? Machine (eventually) eats card 8 Security Protocols 4

5 Identify Friend or Foe (IFF) 9 Russian MIG Angola SAAF Impala K 1. N 2. E(N,K) Namibia K MIG in the Middle N SAAF Impala K 4. E(N,K) 2. N Angola 5. E(N,K) Russian MiG 1. N 6. E(N,K) Namibia K Security Protocols 5

6 Authentication Protocols Authentication Alice must prove her identity to Bob Alice and Bob can be humans or computers May also require Bob to prove he s Bob (mutual authentication) Probably need to establish a session key May have other requirements, such as Use public keys Use symmetric keys Use hash functions Anonymity, plausible deniability, etc., etc. 12 Security Protocols 6

7 Authentication Authentication on a stand-alone computer is relatively simple Hash password with salt, etc. Secure path, attacks on authentication software, keystroke logging, etc., are issues Authentication over a network is challenging Attacker can passively observe messages Attacker can replay messages Active attacks possible (insert, delete, change) 13 Simple Authentication 14 I m Alice Prove it My password is frank Alice Bob Simple and may be OK for standalone system But insecure for networked system Subject to a replay attack (next 2 slides) Also, Bob must know Alice s password Security Protocols 7

8 Authentication Attack 15 I m Alice Prove it My password is frank Alice Bob Trudy Authentication Attack 16 I m Alice Prove it My password is frank Trudy Bob This is an example of a replay attack How can we prevent a replay? Security Protocols 8

9 Better Authentication 17 I m Alice Prove it h(alice s password) Alice Bob Better since it hides Alice s password From both Bob and Trudy Subject to replay? YES Challenge-Response To prevent replay, use challenge-response Goal is to ensure freshness Suppose Bob wants to authenticate Alice Challenge sent from Bob to Alice Challenge is chosen so that Replay is not possible Only Alice can provide the correct response Bob can verify the response 18 Security Protocols 9

10 Nonce To ensure freshness, can employ a nonce Nonce == number used once What to use for nonces? That is, what is the challenge? What should Alice do with the nonce? That is, how to compute the response? How can Bob verify the response? Should we rely on passwords or keys? 19 Challenge-Response 20 I m Alice Nonce h(alice s password, Nonce) Alice Nonce is the challenge The hash is the response Nonce prevents replay, ensures freshness Password is something Alice knows Bob must know Alice s pwd to verify Bob Security Protocols 10

11 Authentication protocols Segurança de Redes e Dados 2012/13 Generic Challenge-Response 21 I m Alice Nonce Something that could only be Alice from Alice (and Bob can verify) Bob In practice, how to achieve this? Hashed pwd works Encryption is better here (Why?) 22 Symmetric Keys Security Protocols 11

12 Symmetric Key Notation Encrypt plaintext P with key K C = E(P,K) Decrypt ciphertext C with key K P = D(C,K) Here, we are concerned with attacks on protocols, not attacks on crypto We assume crypto algorithms secure 23 Authentication: Symmetric Key Alice and Bob share symmetric key K Key K known only to Alice and Bob Authenticate by proving knowledge of shared symmetric key How to accomplish this? 24 Must not reveal key, must not allow replay (or other) attack, must be verifiable, Security Protocols 12

13 Authentication with Symmetric Key 25 I m Alice R Alice, K E(R,K) Bob, K Secure method for Bob to authenticate Alice Alice does not authenticate Bob So, can we achieve mutual authentication? Mutual Authentication? 26 I m Alice, R E(R,K) Alice, K E(R,K) Bob, K What s wrong with this picture? Alice could be Trudy (or anybody else)! Security Protocols 13

14 Mutual Authentication Since we have a secure one-way authentication protocol The obvious thing to do is to use the protocol twice Once for Bob to authenticate Alice Once for Alice to authenticate Bob This has got to work 27 Mutual Authentication 28 I m Alice, R A R B, E(R A, K) E(R B, K) Alice, K Bob, K This provides mutual authentication or does it? Security Protocols 14

15 Mutual Authentication Attack I m Alice, R A 2. R B, E(R A, K) Trudy Bob, K 3. I m Alice, R B 4. R C, E(R B, K) Trudy Bob, K Mutual Authentication Our one-way authentication protocol is not secure for mutual authentication Protocols are subtle! The obvious thing may not be secure Also, if assumptions or environment change, protocol may not be secure This is a common source of security failure 30 For example, Internet protocols Security Protocols 15

16 Authentication protocols Segurança de Redes e Dados 2012/13 Symmetric Key Mutual Authentication 31 I m Alice, R A R B, E( Bob,R A,K) E( Alice,R B,K) Alice, K Bob, K Do these insignificant changes help? Yes! 32 Public Keys Security Protocols 16

17 Public Key Notation 33 Encrypt M with Alice s public key: {M} Alice Sign M with Alice s private key: [M] Alice Then [{M} Alice ] Alice = M {[M] Alice } Alice = M Anybody can use Alice s public key Only Alice can use her private key Public Key Authentication 34 I m Alice {R} Alice R Alice Bob Is this secure? Trudy can get Alice to decrypt anything! So, should have two key pairs Security Protocols 17

18 Public Key Authentication 35 I m Alice R [R] Alice Alice Is this secure? Trudy can get Alice to sign anything! Same as previous should have two key pairs Bob Public Keys Generally, a bad idea to use the same key pair for encryption and signing Instead, should have one key pair for encryption/decryption and a different key pair for signing/verifying signatures 36 Security Protocols 18

19 Session Key Usually, a session key is required I.e., a symmetric key for a particular session Used for confidentiality and/or integrity How to authenticate and establish a session key (i.e., shared symmetric key)? When authentication completed, want Alice and Bob to share a session key Trudy cannot break the authentication and Trudy cannot determine the session key 37 Authentication & Session Key 38 I m Alice, R {R,K} Alice Alice {R +1,K} Bob Bob Is this secure? Alice is authenticated and session key is secure Alice s nonce, R, useless to authenticate Bob The key K is acting as Bob s nonce to Alice No mutual authentication Security Protocols 19

20 Public Key Authentication and Session Key 39 I m Alice, R [R,K] Bob [R +1,K] Alice Alice Bob Is this secure? Mutual authentication (good), but session key is not secret (very bad) Public Key Authentication and Session Key 40 I m Alice, R {[R,K] Bob } Alice {[R +1,K] Alice } Bob Alice Is this secure? Seems to be OK Mutual authentication and session key! Bob Security Protocols 20

21 Authentication protocols Public Key Authentication and Session Key 41 I m Alice, R [{R,K} Alice ] Bob [{R +1,K} Bob ] Alice Alice Is this secure? Seems to be OK Bob Anyone can see {R,K} Alice and {R +1,K} Bob 42 Public Keys and TimeStamps as nonces Security Protocols 21

22 Timestamps A timestamp T is derived from current time Timestamps used in some security protocols Kerberos, for example Timestamps reduce number of msgs (good) Like a nonce that both sides know in advance Time is a security-critical parameter (bad) Clocks never exactly the same, so must allow for clock skew creates risk of replay How much clock skew is enough? 43 Public Key Authentication with Timestamp T 44 I m Alice, {[T, K] Alice } Bob {[T +1, K] Bob } Alice Alice Bob Secure mutual authentication? Session key? Seems to be OK Security Protocols 22

23 Public Key Authentication with Timestamp T 45 I m Alice, [{T, K} Bob ] Alice [{T +1, K} Alice ] Bob Alice Bob Secure authentication and session key? Trudy can use Alice s public key to find {T, K} Bob and then Public Key Authentication with Timestamp T 46 I m Trudy, [{T, K} Bob ] Trudy [{T +1, K} Trudy ] Bob Trudy Bob Trudy obtains Alice-Bob session key K Note: Trudy must act within clock skew Security Protocols 23

24 Public Key Authentication Sign and encrypt with nonce Secure Encrypt and sign with nonce Secure Sign and encrypt with timestamp Secure Encrypt and sign with timestamp Insecure Protocols can be subtle! 47 Public Key Authentication with Timestamp T 48 I m Alice, [{T, K} Bob ] Alice [{T +1} Alice ] Bob Alice Bob Is this encrypt and sign secure? o Yes, seems to be OK Does sign and encrypt also work here? Security Protocols 24

25 Zero Knowledge Proofs Zero Knowledge Proof (ZKP) Alice wants to prove that she knows a secret without revealing any info about it Bob must verify that Alice knows secret But Bob gains no info about the secret Process is probabilistic 50 Bob can verify that Alice knows the secret to an arbitrarily high probability An interactive proof system Security Protocols 25

26 Bob s Cave Alice knows secret phrase to open path between R and S ( open sarsaparilla ) Can she convince Bob that she knows the secret without revealing phrase? 51 P Q R S Bob s Cave 52 Bob: Alice come out on S side Alice (quietly): Open sarsaparilla If Alice does not know the secret then Alice could come out from the correct side with probability ½ If Bob repeats this n times, then Alice (who does not know secret) can only fool Bob with probability 1/2 n Q P R S Security Protocols 26

27 Fiat-Shamir Protocol Cave-based protocols are inconvenient Can we achieve same effect without the cave? Finding square roots modulo N is difficult Equivalent to factoring Suppose N = pq, where p and q prime Alice has a secret S N and v=s 2 mod N are public, S is secret Alice must convince Bob that she knows S without revealing any information about S 53 Alice secret S random r Fiat-Shamir Public: Modulus N and v=s 2 mod N Alice selects random r, Bob chooses e {0,1} 54 x = r 2 mod N e {0,1} y = r S e mod N Bob must verify: y 2 = x v e mod N Why? Because y 2 = r 2 S 2e = r 2 (S 2 ) e = x v e mod N Bob random e Security Protocols 27

28 Fiat-Shamir: e = 1 Alice secret S random r x = r 2 mod N e = 1 y = r S mod N Public: Modulus N and v=s 2 mod N Alice selects random r, Bob chooses e =1 If y 2 =x v mod N then Bob accepts it I.e., Alice passes this iteration of the protocol Note that Alice must know S in this case 55 Bob random e Alice secret S random r Fiat-Shamir: e = 0 x = r 2 mod N e = 0 Public: Modulus N and v=s 2 mod N Alice selects random r, Bob chooses e = 0 Bob must check whether y 2 = x mod N Alice does not need to know S in this case! 56 y = r mod N Bob random e Security Protocols 28

29 Fiat-Shamir Public: modulus N and v = S 2 Secret: Alice knows S mod N Alice selects random r and commits to r by sending x=r 2 mod N to Bob Bob sends challenge e {0,1} to Alice Alice responds with y=r S e Bob checks whether y 2 =x v e mod N mod N Does this prove response is from Alice? 57 Does Fiat-Shamir Work? If everyone follows protocol, math works: Public: v=s 2 mod N Alice to Bob: x=r 2 mod N and y=r S e mod N Bob verifies: y 2 =x v e mod N 58 Security Protocols 29

30 Does Fiat-Shamir Work? Can Trudy convince Bob she is Alice? If Trudy expects e=0, she sends x=r 2 in msg 1 and y=r in msg 3 (i.e., follow the protocol) If Trudy expects e=1, sends x=r 2 v 1 in msg 1 and y=r in msg 3 If Bob chooses e {0,1} at random, Trudy can only trick Bob with probability ½ 59 This can be improved by making S 1, S 2, S n and e 1, e 2, e n. And then y=r S 1 e1 S 2 e2 S n en mod N Fiat-Shamir Facts Trudy can trick Bob with probability 1/2, but after n iterations, the probability that Trudy can convince Bob that she is Alice is only 1/2 n Just like Bob s cave! Bob s e {0,1} must be unpredictable Alice must use new r each iteration, or else If e=0, Alice sends r mod N in message 3 If e=1, Alice sends r S mod N in message 3 Anyone can find S given r mod N and r S mod N 60 Security Protocols 30

31 Fiat-Shamir Zero Knowledge? Zero knowledge means that nobody learns anything about the secret S Public: v = S 2 mod N Trudy sees r 2 mod N in message 1 Trudy sees r S mod N in message 3 (if e = 1) If Trudy can find r from r 2 But that requires modular square root mod N, gets S If Trudy could find modular square roots, she could get S from public v Protocol does not seem to help to find S 61 ZKP in the Real World Public key certificates identify users No anonymity if certificates sent in plaintext ZKP offers a way to authenticate without revealing identities ZKP supported in MS s Next Generation Secure Computing Base (NGSCB), where 62 ZKP used to authenticate software without revealing machine identifying data ZKP is not just pointless mathematics! Security Protocols 31

32 It depends on Best Authentication Protocol? The sensitivity of the application/data The delay that is tolerable The cost (computation) that is tolerable What crypto is supported (public key, symmetric key, ) Whether mutual authentication is required Whether PFS, anonymity, etc., are concern and possibly other factors 63 Real world Protocols Security Protocols 32

33 Real world protocols Internet Security Protocols and Standards Secure Sockets Layer (SSL) / Transport Layer Security (TLS) IPsec S/MIME (Secure/Multipurpose Internet Mail Extension) Protocols SSL Security Protocols 33

34 What is SSL? 67 SSL is the protocol used for majority of secure transactions on the Internet For example, if you want to buy a book at amazon.com You want to be sure you are dealing with Amazon (authentication) Your credit card information must be protected in transit (confidentiality and/or integrity) As long as you have money, Amazon doesn t really care who you are So, no need for mutual authentication Secure Sockets Layer (SSL) 68 Transport layer security service originally developed by Netscape version 3 designed with public input Subsequently became Internet standard RFC2246: Transport Layer Security (TLS) Current version is TLS 1.2 RFC5246 Use TCP to provide a reliable end-to-end service May be provided in underlying protocol suite or embedded in specific packages Security Protocols 34

35 SSL Protocol Stack 69 Socket layer lives between application and transport layers SSL usually between HTTP and TCP Application Transport Network Logic Physical SSL SSL Record Protocol Services message integrity using a MAC with shared secret key similar to HMAC but with different padding confidentiality using symmetric encryption with a shared secret key defined by Handshake Protocol AES, IDEA, RC2-40, DES-40, DES, 3DES, Fortezza, RC4-40, RC4-128 TSL1.2: IDEA and DES remove as cipher suites TSL1.2: RC4 is 128, RC2 removed message is compressed before encryption 70 Security Protocols 35

36 SSL Record Protocol Operation 71 Simple SSL-like Protocol 72 I d like to talk to you securely Here s my certificate {K} Bob Alice protected HTTP Bob Is Alice sure she s talking to Bob? Is Bob sure he s talking to Alice? Security Protocols 36

37 Simplified SSL Protocol 73 Can we talk?, cipher list, R A certificate, cipher, R B {S} Bob, E(h(msgs,CLNT,K),K) h(msgs,srvr,k) Alice Data protected with key K Bob S is known as pre-master secret K = h(s,r A,R B ) msgs means all previous messages CLNT and SRVR are constants SSL Keys 6 keys derived from K = h(s,r A,R B ) 2 encryption keys: send and receive 2 integrity keys: send and receive 2 IVs: send and receive 74 Why different keys in each direction? Q: Why is h(msgs,clnt,k) encrypted? A: Apparently, it adds no security Security Protocols 37

38 SSL Authentication Alice authenticates Bob, not vice-versa How does client authenticate server? Why would server not authenticate client? Mutual authentication is possible: Bob sends certificate request in message 2 Then client must have a valid certificate 75 If server wants to authenticate client, server could instead require password SSL MITM Attack? 76 R A R A certificate T, R B certificate B, R B {S 1 } Trudy,E(X 1,K 1 ) {S 2 } Bob,E(X 2,K 2 ) h(y 1,K 1 ) h(y 2,K 2 ) Alice E(data,K 1 ) Trudy E(data,K 2 ) Bob Q: What prevents this MITM attack? A: Bob s certificate must be signed by a certificate authority (CA) What does browser do if signature not valid? What does user do when browser complains? Security Protocols 38

39 SSL Sessions vs Connections SSL session is established as shown on previous slides SSL designed for use with HTTP 1.0 HTTP 1.0 often opens multiple simultaneous (parallel) connections Multiple connections per session SSL session is costly, public key operations SSL has an efficient protocol for opening new connections given an existing session 77 Several flaws on SSL RFC 6176 prohibits the use of SSL v2.0 in TLS due to: Message authentication uses MD5 (see RFC6151) Handshake messages are not protected. This permits a manin-the-middle to trick the client into picking a weaker cipher suite than it would normally choose. Message integrity and message encryption use the same key, which is a problem if the client and server negotiate a weak encryption algorithm. Sessions can be easily terminated. A man-in-the-middle can easily insert a TCP FIN to close the session, and the peer is unable to determine whether or not it was a legitimate end of the session. Security Protocols 39

40 Real world protocols Segurança de Redes e Dados 2012/13 79 Protocols IPsec IP Security various application security mechanisms eg. S/MIME, PGP, Kerberos, SSL/HTTPS security concerns cross protocol layers hence would like security implemented by the network for all applications authentication & encryption security features included in next-generation IPv6 also usable in existing IPv4 80 Security Protocols 40

41 general IP Security mechanisms provides authentication confidentiality key management IPsec applicable to use over LANs, across public & private WANs, & for the Internet 81 Application Transport Network Logic Physical IPsec IPsec Uses 82 Security Protocols 41

42 Benefits of IPsec in a firewall/router provides strong security to all traffic crossing the perimeter in a firewall/router is resistant to bypass is below transport layer, hence transparent to applications can be transparent to end users can provide security for individual users secures routing architecture 83 IP Security Architecture 84 mandatory in IPv6, optional in IPv4 have two security header extensions: Authentication Header (AH) Encapsulating Security Payload (ESP) Key Exchange function VPNs want both authentication/encryption hence usually use ESP specification is quite complex numerous RFC s 4301/4302/4303/5996 Two modes: Transport mode: add info/security to original packet Tunnel mode: protect the original packet by encapsulating it in new IP packet Security Protocols 42

43 Security Associations a one-way relationship between sender & receiver that affords security for traffic flow defined by 3 parameters: Security Parameters Index (SPI) IP Destination Address Security Protocol Identifier has a number of other parameters seq no, AH & ESP info, lifetime etc have a database of Security Associations 85 IPsec Transport Mode IPsec Transport Mode 86 IP header data IP header ESP/AH data Transport mode designed for host-to-host Transport mode is efficient Adds minimal amount of extra header The original header remains Passive attacker can see who is talking Security Protocols 43

44 IPsec transport mode IPsec: Host-to-Host 87 There may be firewalls in between if so, is that a problem? IPsec Tunnel Mode IPsec Tunnel Mode 88 IP header data new IP hdr ESP/AH IP header data Tunnel mode for firewall-to-firewall traffic Original IP packet encapsulated in IPsec Original IP header not visible to attacker New IP header from firewall to firewall Attacker does not know which hosts are talking Security Protocols 44

45 IPsec tunnel mode IPsec: Firewall-to-Firewall 89 No IPsec Alice s Firewall IPsec Internet Bob s Firewall No IPsec Alice Bob Local networks unprotected So, is there any advantage here? IPsec Security What kind of protection? Confidentiality? Integrity? Both? What to protect? Data? Header? Both? 90 ESP/AH do some combinations of these Security Protocols 45

46 AH vs ESP AH Authentication Header Integrity only (no confidentiality) Integrity-protect everything beyond IP header and some fields of header (why not all fields?) ESP Encapsulating Security Payload Integrity and confidentiality both required Protects everything beyond IP header Integrity-only by using NULL encryption 91 According to RFC 2410 ESP s NULL Encryption Null(P,K) = P for any P and any key K NULL encryption is a block cipher the origins of which appear to be lost in antiquity Despite rumors, there is no evidence that NSA suppressed publication of this algorithm Evidence suggests it was developed in Roman times as exportable version of Caesar s cipher Can make use of keys of varying length No IV is required 92 The bottom line: Security people are strange It is from November not an April RFC Security Protocols 46

47 Authentication Header AH Transport Mode Source: Stephen J. Friedl, IPsec illustrated Guide Security Protocols 47

48 95 AH Tunnel mode Source: Stephen J. Friedl, Ipsec illustrated Guide 96 AH and NAT Source: Stephen J. Friedl, Ipsec illustrated Guide Security Protocols 48

49 Encapsulating Security Payload (ESP) ESP Transport mode Source: Stephen J. Friedl, Ipsec illustrated Guide Security Protocols 49

50 99 ESP - Tunnel Mode Source: Stephen J. Friedl, Ipsec illustrated Guide Why Does AH Exist? (1) 100 Cannot encrypt IP header Routers must look at the IP header IP addresses, TTL, etc. IP header exists to route packets! AH protects immutable fields in IP header Cannot integrity protect all header fields TTL, for example, will change ESP does not protect IP header at all Security Protocols 50

51 Why Does AH Exist? (2) ESP encrypts everything beyond the IP header (if non-null encryption) If ESP-encrypted, firewall cannot look at TCP header (e.g., port numbers) Why not use ESP with NULL encryption? 101 Firewall sees ESP header, but does not know whether null encryption is used End systems know, but not the firewalls Why Does AH Exist? (3) 102 The real reason why AH exists: At one IETF meeting someone from Microsoft gave an impassioned speech about how AH was useless everyone in the room looked around and said `Hmm. He s right, and we hate AH also, but if it annoys Microsoft let s leave it in since we hate Microsoft more than we hate AH. Security Protocols 51

52 Key Management handles key generation & distribution typically need 2 pairs of keys A pair per direction for AH & ESP manual key management sysadmin manually configures every system automated key management automated system for on demand creation of keys for SA s in large systems has Oakley & ISAKMP elements Internet Security Association and Key Management Protocol Uses Inter Key Exchange protocol (IKE) RFC IKE has 2 phases IKE 104 Phase 1 IKE security association (SA) Phase 2 AH/ESP security association Phase 1 is comparable to SSL session Phase 2 is comparable to SSL connection Not an obvious need for two phases in IKE If multiple Phase 2 s do not occur, then it is more costly to have two phases! Security Protocols 52

53 Result of IKE phase 1 is Mutual authentication Shared symmetric key IKE Phase 1 Summary IKE Security Association (SA) But phase 1 is expensive 105 Especially in public key and/or main mode Developers of IKE thought it would be used for lots of things not just IPsec Partly explains the over-engineering Plausible Deniability in Phase 1 Trudy can create conversation that appears to be between Alice and Bob Public Key main and aggressive mode Appears valid, even to Alice and Bob! A security failure? 106 In this mode of IPSec, it is a feature Plausible deniability: Alice and Bob can deny that any conversation took place! In some cases it might create a problem E.g., if Alice makes a purchase from Bob, she could later repudiate it (unless she had signed) Security Protocols 53

54 IKE Summary Phase 1 establishes IKE SA Phase 2 establishes IPsec SA Both sides have a shared symmetric key 107 IPsec SSL vs IPsec Lives at the network layer (part of the OS) Encryption, integrity, authentication, etc. Is overly complex (some security issues) SSL (and TLS) 108 Lives at socket layer (part of user space) Encryption, integrity, authentication, etc. Relatively simple and elegant specification Security Protocols 54

55 Real world protocols SSL vs IPsec IPsec: OS must be aware, but not apps SSL: Apps must be aware, but not OS SSL built into Web early-on (Netscape) IPsec often used in VPNs (secure tunnel) Reluctance to retrofit applications for SSL IPsec not widely deployed (complexity, etc.) The bottom line Internet less secure than it should be! Protocols S/MIME Security Protocols 55

56 S/MIME (Secure/Multipurpose Internet Mail Extensions) security enhancement to MIME original Internet RFC822 was text only MIME provided support for varying content types and multipart messages (RFC2045) with encoding of binary data to textual form S/MIME added security enhancements (RFC5751) have S/MIME support in many mail agents 111 eg MS Outlook, Mozilla, Mac Mail etc enveloped data S/MIME Functions encrypted content and associated keys signed data encoded message + signed digest clear-signed data clear text message + encoded signed digest signed & enveloped data 112 nesting of signed & encrypted entities Security Protocols 56

57 S/MIME Process 113 S/MIME Cryptographic Algorithms digital signatures: RSA hash functions: SHA-256 (SHA-1 & MD5 backward compatibility) session key encryption: RSA 114 message encryption: AES, 3DES, etc MAC: HMAC with SHA-1, DES-MAC must map binary values to printable ASCII use radix-64 or base64 mapping Security Protocols 57

58 S/MIME Public Key Certificates S/MIME has effective encryption and signature services but also need to manage public-keys S/MIME uses X.509 v3 certificates each client has a list of trusted CA s certs and own public/private key pairs & certs certificates must be signed by trusted CA s Mail certificate Security Protocols 58

59 Real world protocols 117 Kerberos Kerberos In Greek mythology, Kerberos is 3-headed dog that guards entrance to Hades Wouldn t it make more sense to guard the exit? In security, Kerberos is an authentication protocol based on symmetric key crypto Originated at MIT Based on work by Needham and Schroeder Relies on a Trusted Third Party (TTP) RFC Security Protocols 59

60 Motivation for Kerberos Authentication using public keys N users N key pairs Authentication using symmetric keys N users requires (on the order of) N 2 keys Symmetric key case does not scale! Kerberos based on symmetric keys but only requires N keys for N users - Security depends on TTP + No PKI is needed 119 Kerberos KDC Kerberos Key Distribution Center or KDC KDC acts as the TTP 120 TTP is trusted, so it must not be compromised KDC shares symmetric key K A with Alice, key K B with Bob, key K C with Carol, etc. Master key K KDC known only to KDC KDC enables authentication, session keys Session key for confidentiality and integrity In practice, crypto algorithm is AES Security Protocols 60

61 Kerberos Tickets KDC issue tickets containing info needed to access network resources KDC also issues Ticket-Granting Tickets or TGTs that are used to obtain tickets Each TGT contains Session key User s ID Expiration time 121 Every TGT is encrypted with K KDC So, TGT can only be read by the KDC Kerberized Login Alice enters her password Then Alice s computer 122 Derives K A from Alice s password Uses K A to get TGT for Alice from KDC Alice then uses her TGT (credentials) to securely access network resources Plus: Security is transparent to Alice Minus: KDC must be secure it s trusted! Security Protocols 61

62 Kerberized Login 123 Alice wants Alice s password a TGT E(S A,TGT,K A ) Alice Computer Key K A = h(alice s password) KDC KDC creates session key S A Alice s computer decrypts S A and TGT Then it forgets K A TGT = E( Alice, S A, K KDC ) Alice Requests Ticket to Bob Talk to Bob 124 I want to talk to Bob REQUEST REPLY Alice Computer REQUEST = (TGT, authenticator) authenticator = E(timestamp, S A ) REPLY = E( Bob, K AB, ticket to Bob, S A ) ticket to Bob = E( Alice, K AB, K B ) KDC gets S A from TGT to verify timestamp TGT = E( Alice, SA, K KDC ) KDC Security Protocols 62

63 Alice Uses Ticket to Bob 125 ticket to Bob, authenticator E(timestamp + 1, K AB ) Alice s Computer Bob ticket to Bob = E( Alice, K AB, K B ) authenticator = E(timestamp, K AB ) Bob decrypts ticket to Bob to get K AB which he then uses to verify timestamp Kerberos Key S A used in authentication For confidentiality/integrity Timestamps for replay protection Recall, that timestamps 126 Reduce the number of messages like a nonce that is known in advance But, time is a security-critical parameter Security Protocols 63

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide Network Security [2] Public Key Encryption Also used in message authentication & key distribution Based on mathematical algorithms, not only on operations over bit patterns (as conventional) => much overhead

More information

CS 356 Lecture 27 Internet Security Protocols. Spring 2013

CS 356 Lecture 27 Internet Security Protocols. Spring 2013 CS 356 Lecture 27 Internet Security Protocols Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists

More information

Authentication applications Kerberos X.509 Authentication services E mail security IP security Web security

Authentication applications Kerberos X.509 Authentication services E mail security IP security Web security UNIT 4 SECURITY PRACTICE Authentication applications Kerberos X.509 Authentication services E mail security IP security Web security Slides Courtesy of William Stallings, Cryptography & Network Security,

More information

Network Security Part II: Standards

Network Security Part II: Standards Network Security Part II: Standards Raj Jain Washington University Saint Louis, MO 63131 Jain@cse.wustl.edu These slides are available on-line at: http://www.cse.wustl.edu/~jain/cse473-05/ 18-1 Overview

More information

Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1 Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions

More information

Cryptography and Network Security

Cryptography and Network Security Cryptography and Network Security Spring 2012 http://users.abo.fi/ipetre/crypto/ Lecture 9: Authentication protocols, digital signatures Ion Petre Department of IT, Åbo Akademi University 1 Overview of

More information

Key Management (Distribution and Certification) (1)

Key Management (Distribution and Certification) (1) Key Management (Distribution and Certification) (1) Remaining problem of the public key approach: How to ensure that the public key received is really the one of the sender? Illustration of the problem

More information

Chapter 10. Network Security

Chapter 10. Network Security Chapter 10 Network Security 10.1. Chapter 10: Outline 10.1 INTRODUCTION 10.2 CONFIDENTIALITY 10.3 OTHER ASPECTS OF SECURITY 10.4 INTERNET SECURITY 10.5 FIREWALLS 10.2 Chapter 10: Objective We introduce

More information

Transport Level Security

Transport Level Security Transport Level Security Overview Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/

More information

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security? 7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk

More information

INF3510 Information Security University of Oslo Spring 2011. Lecture 9 Communication Security. Audun Jøsang

INF3510 Information Security University of Oslo Spring 2011. Lecture 9 Communication Security. Audun Jøsang INF3510 Information Security University of Oslo Spring 2011 Lecture 9 Communication Security Audun Jøsang Outline Network security concepts Communication security Perimeter security Protocol architecture

More information

Real-Time Communication Security: SSL/TLS. Guevara Noubir noubir@ccs.neu.edu CSU610

Real-Time Communication Security: SSL/TLS. Guevara Noubir noubir@ccs.neu.edu CSU610 Real-Time Communication Security: SSL/TLS Guevara Noubir noubir@ccs.neu.edu CSU610 1 Some Issues with Real-time Communication Session key establishment Perfect Forward Secrecy Diffie-Hellman based PFS

More information

APNIC elearning: IPSec Basics. Contact: training@apnic.net. esec03_v1.0

APNIC elearning: IPSec Basics. Contact: training@apnic.net. esec03_v1.0 APNIC elearning: IPSec Basics Contact: training@apnic.net esec03_v1.0 Overview Virtual Private Networks What is IPsec? Benefits of IPsec Tunnel and Transport Mode IPsec Architecture Security Associations

More information

Chapter 6 CDMA/802.11i

Chapter 6 CDMA/802.11i Chapter 6 CDMA/802.11i IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 Some material copyright 1996-2012 J.F Kurose and K.W. Ross,

More information

Client Server Registration Protocol

Client Server Registration Protocol Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are

More information

Chapter 7 Transport-Level Security

Chapter 7 Transport-Level Security Cryptography and Network Security Chapter 7 Transport-Level Security Lectured by Nguyễn Đức Thái Outline Web Security Issues Security Socket Layer (SSL) Transport Layer Security (TLS) HTTPS Secure Shell

More information

Chapter 8. Network Security

Chapter 8. Network Security Chapter 8 Network Security Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic Principles Need for Security Some people who

More information

Network Security Essentials Chapter 5

Network Security Essentials Chapter 5 Network Security Essentials Chapter 5 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 5 Transport-Level Security Use your mentality Wake up to reality From the song, "I've Got

More information

Chapter 17. Transport-Level Security

Chapter 17. Transport-Level Security Chapter 17 Transport-Level Security Web Security Considerations The World Wide Web is fundamentally a client/server application running over the Internet and TCP/IP intranets The following characteristics

More information

Network Security - Secure upper layer protocols - Background. Email Security. Question from last lecture: What s a birthday attack? Dr.

Network Security - Secure upper layer protocols - Background. Email Security. Question from last lecture: What s a birthday attack? Dr. Network Security - Secure upper layer protocols - Dr. John Keeney 3BA33 Question from last lecture: What s a birthday attack? might think a m-bit hash is secure but by Birthday Paradox is not the chance

More information

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust Security in Wireless LANs and Mobile Networks Wireless Magnifies Exposure Vulnerability Information going across the wireless link is exposed to anyone within radio range RF may extend beyond a room or

More information

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1 Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 8-1 Public Key Cryptography symmetric key crypto v requires sender, receiver know shared secret

More information

Standards and Products. Computer Security. Kerberos. Kerberos

Standards and Products. Computer Security. Kerberos. Kerberos 3 4 Standards and Products Computer Security Standards and Products Public Key Infrastructure (PKI) IPsec SSL/TLS Electronic Mail Security: PEM, S/MIME, and PGP March 24, 2004 2004, Bryan J. Higgs 1 2

More information

Outline. INF3510 Information Security. Lecture 10: Communications Security. Communication Security Analogy. Network Security Concepts

Outline. INF3510 Information Security. Lecture 10: Communications Security. Communication Security Analogy. Network Security Concepts Outline INF3510 Information Security Lecture 10: Communications Security Network security concepts Communication security Perimeter security Protocol architecture and security services Example security

More information

Key Hopping A Security Enhancement Scheme for IEEE 802.11 WEP Standards

Key Hopping A Security Enhancement Scheme for IEEE 802.11 WEP Standards White Paper Key Hopping A Security Enhancement Scheme for IEEE 802.11 WEP Standards By Dr. Wen-Ping Ying, Director of Software Development, February 2002 Introduction Wireless LAN networking allows the

More information

Network Security. Marcus Bendtsen Institutionen för Datavetenskap (IDA) Avdelningen för Databas- och Informationsteknik (ADIT)

Network Security. Marcus Bendtsen Institutionen för Datavetenskap (IDA) Avdelningen för Databas- och Informationsteknik (ADIT) Network Security Securing communications (SSL/TLS and IPSec) Marcus Bendtsen Institutionen för Datavetenskap (IDA) Avdelningen för Databas- och Informationsteknik (ADIT) Network communication Who are you

More information

Security vulnerabilities in the Internet and possible solutions

Security vulnerabilities in the Internet and possible solutions Security vulnerabilities in the Internet and possible solutions 1. Introduction The foundation of today's Internet is the TCP/IP protocol suite. Since the time when these specifications were finished in

More information

Module 8. Network Security. Version 2 CSE IIT, Kharagpur

Module 8. Network Security. Version 2 CSE IIT, Kharagpur Module 8 Network Security Lesson 2 Secured Communication Specific Instructional Objectives On completion of this lesson, the student will be able to: State various services needed for secured communication

More information

Chapter 6 Electronic Mail Security

Chapter 6 Electronic Mail Security Cryptography and Network Security Chapter 6 Electronic Mail Security Lectured by Nguyễn Đức Thái Outline Pretty Good Privacy S/MIME 2 Electronic Mail Security In virtually all distributed environments,

More information

Lecture 10: Communications Security

Lecture 10: Communications Security INF3510 Information Security Lecture 10: Communications Security Audun Jøsang University of Oslo Spring 2015 Outline Network security concepts Communication security Perimeter security Protocol architecture

More information

Lecture 9 - Network Security TDTS41-2006 (ht1)

Lecture 9 - Network Security TDTS41-2006 (ht1) Lecture 9 - Network Security TDTS41-2006 (ht1) Prof. Dr. Christoph Schuba Linköpings University/IDA Schuba@IDA.LiU.SE Reading: Office hours: [Hal05] 10.1-10.2.3; 10.2.5-10.7.1; 10.8.1 9-10am on Oct. 4+5,

More information

Network Security. Lecture 3

Network Security. Lecture 3 Network Security Lecture 3 Design and Analysis of Communication Networks (DACS) University of Twente The Netherlands Security protocols application transport network datalink physical Contents IPSec overview

More information

Cryptography and Network Security Chapter 15

Cryptography and Network Security Chapter 15 Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 15 Electronic Mail Security Despite the refusal of VADM Poindexter and LtCol North

More information

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP) Security Protocols Security Protocols Necessary to communicate securely across untrusted network Provide integrity, confidentiality, authenticity of communications Based on previously discussed cryptographic

More information

Network Security Essentials Chapter 7

Network Security Essentials Chapter 7 Network Security Essentials Chapter 7 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 7 Electronic Mail Security Despite the refusal of VADM Poindexter and LtCol North to appear,

More information

Final exam review, Fall 2005 FSU (CIS-5357) Network Security

Final exam review, Fall 2005 FSU (CIS-5357) Network Security Final exam review, Fall 2005 FSU (CIS-5357) Network Security Instructor: Breno de Medeiros 1. What is an insertion attack against a NIDS? Answer: An insertion attack against a network intrusion detection

More information

Authentication requirement Authentication function MAC Hash function Security of

Authentication requirement Authentication function MAC Hash function Security of UNIT 3 AUTHENTICATION Authentication requirement Authentication function MAC Hash function Security of hash function and MAC SHA HMAC CMAC Digital signature and authentication protocols DSS Slides Courtesy

More information

Lecture 17 - Network Security

Lecture 17 - Network Security Lecture 17 - Network Security CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ Idea Why donʼt we just integrate some of these neat

More information

Security in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity

Security in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity Basic Security Requirements and Techniques Confidentiality The property that stored or transmitted information cannot be read or altered by an unauthorized party Integrity The property that any alteration

More information

Overview. SSL Cryptography Overview CHAPTER 1

Overview. SSL Cryptography Overview CHAPTER 1 CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure

More information

Chapter 8. Cryptography Symmetric-Key Algorithms. Digital Signatures Management of Public Keys Communication Security Authentication Protocols

Chapter 8. Cryptography Symmetric-Key Algorithms. Digital Signatures Management of Public Keys Communication Security Authentication Protocols Network Security Chapter 8 Cryptography Symmetric-Key Algorithms Public-Key Algorithms Digital Signatures Management of Public Keys Communication Security Authentication Protocols Email Security Web Security

More information

Security: Focus of Control. Authentication

Security: Focus of Control. Authentication Security: Focus of Control Three approaches for protection against security threats a) Protection against invalid operations b) Protection against unauthorized invocations c) Protection against unauthorized

More information

Chapter 4. Authentication Applications. COSC 490 Network Security Annie Lu 1

Chapter 4. Authentication Applications. COSC 490 Network Security Annie Lu 1 Chapter 4 Authentication Applications COSC 490 Network Security Annie Lu 1 OUTLINE Kerberos X.509 Authentication Service COSC 490 Network Security Annie Lu 2 Authentication Applications authentication

More information

CS 494/594 Computer and Network Security

CS 494/594 Computer and Network Security CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Exercise: Chapters 13, 15-18 18 1. [Kaufman] 13.1

More information

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1 Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 8-1 roadmap 1 What is network security? 2 Principles of cryptography 3 Message integrity, authentication

More information

Communication Systems 16 th lecture. Chair of Communication Systems Department of Applied Sciences University of Freiburg 2009

Communication Systems 16 th lecture. Chair of Communication Systems Department of Applied Sciences University of Freiburg 2009 16 th lecture Chair of Communication Systems Department of Applied Sciences University of Freiburg 2009 1 25 Organization Welcome to the New Year! Reminder: Structure of Communication Systems lectures

More information

: Network Security. Name of Staff: Anusha Linda Kostka Department : MSc SE/CT/IT

: Network Security. Name of Staff: Anusha Linda Kostka Department : MSc SE/CT/IT Subject Code Department Semester : Network Security : XCS593 : MSc SE : Nineth Name of Staff: Anusha Linda Kostka Department : MSc SE/CT/IT Part A (2 marks) 1. What are the various layers of an OSI reference

More information

IP Security. Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49

IP Security. Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49 IP Security Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49 1 Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security

More information

Netzwerksicherheit: Anwendungen

Netzwerksicherheit: Anwendungen Internet-Technologien (CS262) Netzwerksicherheit: Anwendungen 22. Mai 2015 Christian Tschudin & Thomas Meyer Departement Mathematik und Informatik, Universität Basel Chapter 8 Security in Computer Networks

More information

Computer Networks - CS132/EECS148 - Spring 2013 --------------------------------------------------------------------------

Computer Networks - CS132/EECS148 - Spring 2013 -------------------------------------------------------------------------- Computer Networks - CS132/EECS148 - Spring 2013 Instructor: Karim El Defrawy Assignment 5 Deadline : May 30th 9:30pm (hard and soft copies required) --------------------------------------------------------------------------

More information

SECURITY IN NETWORKS

SECURITY IN NETWORKS SECURITY IN NETWORKS GOALS Understand principles of network security: Cryptography and its many uses beyond confidentiality Authentication Message integrity Security in practice: Security in application,

More information

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives CIS 6930 Emerging Topics in Network Security Topic 2. Network Security Primitives 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange; Hash functions; Application of hash

More information

Cryptography and network security CNET4523

Cryptography and network security CNET4523 1. Name of Course 2. Course Code 3. Name(s) of academic staff 4. Rationale for the inclusion of the course/module in the programme Cryptography and network security CNET4523 Major The Great use of local

More information

Electronic Mail Security

Electronic Mail Security Electronic Mail Security Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-11/

More information

Computer Networks. Secure Systems

Computer Networks. Secure Systems Computer Networks Secure Systems Summary Common Secure Protocols SSH HTTPS (SSL/TSL) IPSec Wireless Security WPA2 PSK vs EAP Firewalls Discussion Secure Shell (SSH) A protocol to allow secure login to

More information

Chapter 32 Internet Security

Chapter 32 Internet Security Chapter 32 Internet Security Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 32: Outline 32.1 NETWORK-LAYER SECURITY 32.2 TRANSPORT-LAYER SECURITY 32.3

More information

Computer and Network Security

Computer and Network Security Computer and Network Security c Copyright 2000 R E Newman Computer & Information Sciences & Engineering University Of Florida Gainesville, Florida 32611-6120 nemo@ciseufledu Network Security Protocols

More information

CS 393 Network Security. Nasir Memon Polytechnic University Module 11 Secure Email

CS 393 Network Security. Nasir Memon Polytechnic University Module 11 Secure Email CS 393 Network Security Nasir Memon Polytechnic University Module 11 Secure Email Course Logistics HW 5 due Thursday Graded exams returned and discussed. Read Chapter 5 of text 4/2/02 Module 11 - Secure

More information

Authenticity of Public Keys

Authenticity of Public Keys SSL/TLS EJ Jung 10/18/10 Authenticity of Public Keys Bob s key? private key Bob public key Problem: How does know that the public key she received is really Bob s public key? Distribution of Public Keys!

More information

Transport Layer Security Protocols

Transport Layer Security Protocols SSL/TLS 1 Transport Layer Security Protocols Secure Socket Layer (SSL) Originally designed to by Netscape to secure HTTP Version 2 is being replaced by version 3 Subsequently became Internet Standard known

More information

IP SECURITY (IPSEC) PROTOCOLS

IP SECURITY (IPSEC) PROTOCOLS 29 IP SECURITY (IPSEC) PROTOCOLS One of the weaknesses of the original Internet Protocol (IP) is that it lacks any sort of general-purpose mechanism for ensuring the authenticity and privacy of data as

More information

GSM and UMTS security

GSM and UMTS security 2007 Levente Buttyán Why is security more of a concern in wireless? no inherent physical protection physical connections between devices are replaced by logical associations sending and receiving messages

More information

Chapter 8 Security. IC322 Fall 2014. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

Chapter 8 Security. IC322 Fall 2014. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 Chapter 8 Security IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 All material copyright 1996-2012 J.F Kurose and K.W. Ross, All

More information

12/8/2015. Review. Final Exam. Network Basics. Network Basics. Network Basics. Network Basics. 12/10/2015 Thursday 5:30~6:30pm Science S-3-028

12/8/2015. Review. Final Exam. Network Basics. Network Basics. Network Basics. Network Basics. 12/10/2015 Thursday 5:30~6:30pm Science S-3-028 Review Final Exam 12/10/2015 Thursday 5:30~6:30pm Science S-3-028 IT443 Network Security Administration Instructor: Bo Sheng True/false Multiple choices Descriptive questions 1 2 Network Layers Application

More information

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References Lecture Objectives Wireless Networks and Mobile Systems Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks Introduce security vulnerabilities and defenses Describe security functions

More information

PGP from: Cryptography and Network Security

PGP from: Cryptography and Network Security PGP from: Cryptography and Network Security Fifth Edition by William Stallings Lecture slides by Lawrie Brown (*) (*) adjusted by Fabrizio d'amore Electronic Mail Security Despite the refusal of VADM Poindexter

More information

Web Security Considerations

Web Security Considerations CEN 448 Security and Internet Protocols Chapter 17 Web Security Dr. Mostafa Hassan Dahshan Computer Engineering Department College of Computer and Information Sciences King Saud University mdahshan@ccis.ksu.edu.sa

More information

Part 2 D(E(M, K),K ) E(M, K) E(M, K) Plaintext M. Plaintext M. Decrypt with private key. Encrypt with public key. Ciphertext

Part 2 D(E(M, K),K ) E(M, K) E(M, K) Plaintext M. Plaintext M. Decrypt with private key. Encrypt with public key. Ciphertext Part 2 Plaintext M Encrypt with public key E(M, K) Ciphertext Plaintext M D(E(M, K),K ) Decrypt with private key E(M, K) Public and private key related mathematically Public key can be published; private

More information

Network Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Network Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23 Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest

More information

Communication Systems SSL

Communication Systems SSL Communication Systems SSL Computer Science Organization I. Data and voice communication in IP networks II. Security issues in networking III. Digital telephony networks and voice over IP 2 Network Security

More information

Security. Friends and Enemies. Overview Plaintext Cryptography functions. Secret Key (DES) Symmetric Key

Security. Friends and Enemies. Overview Plaintext Cryptography functions. Secret Key (DES) Symmetric Key Friends and Enemies Security Outline Encryption lgorithms Protocols Message Integrity Protocols Key Distribution Firewalls Figure 7.1 goes here ob, lice want to communicate securely Trudy, the intruder

More information

a. Every machine in UTK is configured with the public key of the root CA.

a. Every machine in UTK is configured with the public key of the root CA. 1. Suppose UTK implements a Top-Down with Name Constraints PKI model with two-level hierarchy. The root CA is pki.utk.edu, which has two delegated CA servers, pki.eecs.utk.edu and pki.math.utk.edu, at

More information

Network Security #10. Overview. Encryption Authentication Message integrity Key distribution & Certificates Secure Socket Layer (SSL) IPsec

Network Security #10. Overview. Encryption Authentication Message integrity Key distribution & Certificates Secure Socket Layer (SSL) IPsec Network Security #10 Parts modified from Computer Networking: A Top Down Approach Featuring the Internet, 2nd edition. Jim Kurose, Keith Ross, Addison-Wesley, 2002. 1 Overview Encryption Authentication

More information

Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213

Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213 Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213 UNCLASSIFIED Example http ://www. greatstuf f. com Wants credit card number ^ Look at lock on browser Use https

More information

Content Teaching Academy at James Madison University

Content Teaching Academy at James Madison University Content Teaching Academy at James Madison University 1 2 The Battle Field: Computers, LANs & Internetworks 3 Definitions Computer Security - generic name for the collection of tools designed to protect

More information

EXAM questions for the course TTM4135 - Information Security May 2013. Part 1

EXAM questions for the course TTM4135 - Information Security May 2013. Part 1 EXAM questions for the course TTM4135 - Information Security May 2013 Part 1 This part consists of 5 questions all from one common topic. The number of maximal points for every correctly answered question

More information

Internetwork Security

Internetwork Security Internetwork Security Why Network Security Layers? Fundamentals of Encryption Network Security Layer Overview PGP Security on Internet Layer IPSec IPv6-GCAs SSL/TLS Lower Layers 1 Prof. Dr. Thomas Schmidt

More information

CS 758: Cryptography / Network Security

CS 758: Cryptography / Network Security CS 758: Cryptography / Network Security offered in the Fall Semester, 2003, by Doug Stinson my office: DC 3122 my email address: dstinson@uwaterloo.ca my web page: http://cacr.math.uwaterloo.ca/~dstinson/index.html

More information

Securing IP Networks with Implementation of IPv6

Securing IP Networks with Implementation of IPv6 Securing IP Networks with Implementation of IPv6 R.M.Agarwal DDG(SA), TEC Security Threats in IP Networks Packet sniffing IP Spoofing Connection Hijacking Denial of Service (DoS) Attacks Man in the Middle

More information

Q: Why security protocols?

Q: Why security protocols? Security Protocols Q: Why security protocols? Alice Bob A: To allow reliable communication over an untrusted channel (eg. Internet) 2 Security Protocols are out there Confidentiality Authentication Example:

More information

Secure Sockets Layer

Secure Sockets Layer SSL/TLS provides endpoint authentication and communications privacy over the Internet using cryptography. For web browsing, email, faxing, other data transmission. In typical use, only the server is authenticated

More information

Part III-b. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT

Part III-b. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT Part III-b Contents Part III-b Secure Applications and Security Protocols Practical Security Measures Internet Security IPSEC, IKE SSL/TLS Virtual Private Networks Firewall Kerberos SET Security Measures

More information

Secure Socket Layer. Security Threat Classifications

Secure Socket Layer. Security Threat Classifications Secure Socket Layer 1 Security Threat Classifications One way to classify Web security threats in terms of the type of the threat: Passive threats Active threats Another way to classify Web security threats

More information

HTTPS: Transport-Layer Security (TLS), aka Secure Sockets Layer (SSL)

HTTPS: Transport-Layer Security (TLS), aka Secure Sockets Layer (SSL) CSCD27 Computer and Network Security HTTPS: Transport-Layer Security (TLS), aka Secure Sockets Layer (SSL) 11 SSL CSCD27 Computer and Network Security 1 CSCD27F Computer and Network Security 1 TLS (Transport-Layer

More information

Chapter 3. Network Domain Security

Chapter 3. Network Domain Security Communication System Security, Chapter 3, Draft, L.D. Chen and G. Gong, 2008 1 Chapter 3. Network Domain Security A network can be considered as the physical resource for a communication system. This chapter

More information

Network Security. HIT Shimrit Tzur-David

Network Security. HIT Shimrit Tzur-David Network Security HIT Shimrit Tzur-David 1 Goals: 2 Network Security Understand principles of network security: cryptography and its many uses beyond confidentiality authentication message integrity key

More information

Security in IEEE 802.11 WLANs

Security in IEEE 802.11 WLANs Security in IEEE 802.11 WLANs 1 IEEE 802.11 Architecture Extended Service Set (ESS) Distribution System LAN Segment AP 3 AP 1 AP 2 MS MS Basic Service Set (BSS) Courtesy: Prashant Krishnamurthy, Univ Pittsburgh

More information

Chapter 7: Network security

Chapter 7: Network security Chapter 7: Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application layer: secure e-mail transport

More information

WEB Security: Secure Socket Layer

WEB Security: Secure Socket Layer WEB Security: Secure Socket Layer Cunsheng Ding HKUST, Hong Kong, CHINA C. Ding - COMP581 - L22 1 Outline of this Lecture Brief Information on SSL and TLS Secure Socket Layer (SSL) Transport Layer Security

More information

Managing and Securing Computer Networks. Guy Leduc. Chapter 4: Securing TCP. connections. connections. Chapter goals: security in practice:

Managing and Securing Computer Networks. Guy Leduc. Chapter 4: Securing TCP. connections. connections. Chapter goals: security in practice: Managing and Securing Computer Networks Guy Leduc Chapter 4: Securing TCP connections Computer Networking: A Top Down Approach, 6 th edition. Jim Kurose, Keith Ross Addison-Wesley, March 2012. (section

More information

What is network security?

What is network security? Network security Network Security Srinidhi Varadarajan Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application

More information

CPS 590.5 Computer Security Lecture 9: Introduction to Network Security. Xiaowei Yang xwy@cs.duke.edu

CPS 590.5 Computer Security Lecture 9: Introduction to Network Security. Xiaowei Yang xwy@cs.duke.edu CPS 590.5 Computer Security Lecture 9: Introduction to Network Security Xiaowei Yang xwy@cs.duke.edu Previous lectures Worm Fast worm design Today Network security Cryptography building blocks Existing

More information

Security Engineering Part III Network Security. Security Protocols (II): IPsec

Security Engineering Part III Network Security. Security Protocols (II): IPsec Security Engineering Part III Network Security Security Protocols (II): IPsec Juan E. Tapiador jestevez@inf.uc3m.es Department of Computer Science, UC3M Security Engineering 4th year BSc in Computer Science,

More information

Network Security (2) CPSC 441 Department of Computer Science University of Calgary

Network Security (2) CPSC 441 Department of Computer Science University of Calgary Network Security (2) CPSC 441 Department of Computer Science University of Calgary 1 Friends and enemies: Alice, Bob, Trudy well-known in network security world Bob, Alice (lovers!) want to communicate

More information

IPsec Details 1 / 43. IPsec Details

IPsec Details 1 / 43. IPsec Details Header (AH) AH Layout Other AH Fields Mutable Parts of the IP Header What is an SPI? What s an SA? Encapsulating Security Payload (ESP) ESP Layout Padding Using ESP IPsec and Firewalls IPsec and the DNS

More information

Electronic Mail Security. Email Security. email is one of the most widely used and regarded network services currently message contents are not secure

Electronic Mail Security. Email Security. email is one of the most widely used and regarded network services currently message contents are not secure Electronic Mail Security CSCI 454/554 Email Security email is one of the most widely used and regarded network services currently message contents are not secure may be inspected either in transit or by

More information

INFORMATION SECURITY PRINCIPLES AND PRACTICE

INFORMATION SECURITY PRINCIPLES AND PRACTICE INFORMATION SECURITY PRINCIPLES AND PRACTICE Mark Stamp San Jose State University 'INTERSCIENCE A JOHN WILEY & SONS, INC., PUBLICATION Preface About The Author Acknowledgments xv xix xxi 1 INTRODUCTION

More information

The Misuse of RC4 in Microsoft Word and Excel

The Misuse of RC4 in Microsoft Word and Excel The Misuse of RC4 in Microsoft Word and Excel Hongjun Wu Institute for Infocomm Research, Singapore hongjun@i2r.a-star.edu.sg Abstract. In this report, we point out a serious security flaw in Microsoft

More information

3.2: Transport Layer: SSL/TLS Secure Socket Layer (SSL) Transport Layer Security (TLS) Protocol

3.2: Transport Layer: SSL/TLS Secure Socket Layer (SSL) Transport Layer Security (TLS) Protocol Chapter 2: Security Techniques Background Chapter 3: Security on Network and Transport Layer Network Layer: IPSec Transport Layer: SSL/TLS Chapter 4: Security on the Application Layer Chapter 5: Security

More information

Network Security Protocols

Network Security Protocols Network Security Protocols EE657 Parallel Processing Fall 2000 Peachawat Peachavanish Level of Implementation Internet Layer Security Ex. IP Security Protocol (IPSEC) Host-to-Host Basis, No Packets Discrimination

More information