Chapter 10. Network Security



Similar documents
Chapter 32 Internet Security

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

Chapter 8. Network Security

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

CS 356 Lecture 27 Internet Security Protocols. Spring 2013

Lecture 9 - Network Security TDTS (ht1)

Module 8. Network Security. Version 2 CSE IIT, Kharagpur

APNIC elearning: IPSec Basics. Contact: esec03_v1.0

Chapter 8. Cryptography Symmetric-Key Algorithms. Digital Signatures Management of Public Keys Communication Security Authentication Protocols

IP Security. Ola Flygt Växjö University, Sweden

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

Network Security Part II: Standards

EXAM questions for the course TTM Information Security May Part 1

INF3510 Information Security University of Oslo Spring Lecture 9 Communication Security. Audun Jøsang

INTERNET SECURITY: FIREWALLS AND BEYOND. Mehernosh H. Amroli

NETWORK ADMINISTRATION AND SECURITY

Authentication applications Kerberos X.509 Authentication services E mail security IP security Web security

CPS Computer Security Lecture 9: Introduction to Network Security. Xiaowei Yang

IT Networks & Security CERT Luncheon Series: Cryptography

Chapter 17. Transport-Level Security

Security vulnerabilities in the Internet and possible solutions

Chapter 7 Transport-Level Security

Security Engineering Part III Network Security. Security Protocols (II): IPsec

Standards and Products. Computer Security. Kerberos. Kerberos

Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Cornerstones of Security

Internet Security. Internet Security Voice over IP. Introduction. ETSF10 Internet Protocols ETSF10 Internet Protocols 2011

Network Security #10. Overview. Encryption Authentication Message integrity Key distribution & Certificates Secure Socket Layer (SSL) IPsec

Security. Friends and Enemies. Overview Plaintext Cryptography functions. Secret Key (DES) Symmetric Key

Internetwork Security

Security in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity

Transport Level Security

Network Security Fundamentals

: Network Security. Name of Staff: Anusha Linda Kostka Department : MSc SE/CT/IT

APNIC elearning: Network Security Fundamentals. 20 March :30 pm Brisbane Time (GMT+10)

CS 348: Computer Networks. - Security; 30 th - 31 st Oct Instructor: Sridhar Iyer IIT Bombay

Network Security. Outline of the Tutorial

Today s Topics SSL/TLS. Certification Authorities VPN. Server Certificates Client Certificates. Trust Registration Authorities

PA160: Net-Centric Computing II. Network Security

Final exam review, Fall 2005 FSU (CIS-5357) Network Security

Outline. INF3510 Information Security. Lecture 10: Communications Security. Communication Security Analogy. Network Security Concepts

Client Server Registration Protocol

CS 4803 Computer and Network Security

Netzwerksicherheit: Anwendungen

Securing IP Networks with Implementation of IPv6

Protocol Security Where?

Overview. SSL Cryptography Overview CHAPTER 1

Lecture 10: Communications Security

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Network Security. Lecture 3

First Semester Examinations 2011/12 INTERNET PRINCIPLES

VPN VPN requirements Encryption VPN-Types Protocols VPN and Firewalls

Multimedia Networking and Network Security

How To Understand And Understand The Ssl Protocol ( And Its Security Features (Protocol)

CS 758: Cryptography / Network Security

Content Teaching Academy at James Madison University

ETSF10 Part 3 Lect 2

CS 393 Network Security. Nasir Memon Polytechnic University Module 11 Secure

Security in Computer Networks

CSCI 454/554 Computer and Network Security. Topic 8.1 IPsec

Communication Security for Applications

Introduction to Security and PIX Firewall

How To Protect Your Data From Attack

What is network security?

CRYPTOG NETWORK SECURITY

TLS and SRTP for Skype Connect. Technical Datasheet

ECE 428 Network Security

Communication Systems SSL

Communication Systems 16 th lecture. Chair of Communication Systems Department of Applied Sciences University of Freiburg 2009

Network Security - Secure upper layer protocols - Background. Security. Question from last lecture: What s a birthday attack? Dr.

Chapter 11 Security Protocols. Network Security Threats Security and Cryptography Network Security Protocols Cryptographic Algorithms

Secure Remote Monitoring of the Critical System Infrastructure. An Application Note from the Experts in Business-Critical Continuity

Chapter 8 Network Security. Slides adapted from the book and Tomas Olovsson

IP SECURITY (IPSEC) PROTOCOLS

Chapter 9. IP Secure

Network Security. Marcus Bendtsen Institutionen för Datavetenskap (IDA) Avdelningen för Databas- och Informationsteknik (ADIT)

Real-Time Communication Security: SSL/TLS. Guevara Noubir CSU610

Network Security Essentials Chapter 5

3.2: Transport Layer: SSL/TLS Secure Socket Layer (SSL) Transport Layer Security (TLS) Protocol

Transport Layer Security Protocols

Part III-b. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai Siemens AG 2001, ICN M NT

An Introduction to Cryptography as Applied to the Smart Grid

CS 494/594 Computer and Network Security

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Virtual Private Networks

12/8/2015. Review. Final Exam. Network Basics. Network Basics. Network Basics. Network Basics. 12/10/2015 Thursday 5:30~6:30pm Science S-3-028

Chapter 5: Network Layer Security

Overview. Protocols. VPN and Firewalls

Introduction to Network Security. 1. Introduction. And People Eager to Take Advantage of the Vulnerabilities

WEB Security & SET. Outline. Web Security Considerations. Web Security Considerations. Secure Socket Layer (SSL) and Transport Layer Security (TLS)

Dr. Arjan Durresi. Baton Rouge, LA These slides are available at:

Overview Windows NT 4.0 Security Cryptography SSL CryptoAPI SSPI, Certificate Server, Authenticode Firewall & Proxy Server IIS Security IE Security

NETWORK SECURITY. Farooq Ashraf. Department of Computer Engineering King Fahd University of Petroleum and Minerals Dhahran 31261, Saudi Arabia

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu

Príprava štúdia matematiky a informatiky na FMFI UK v anglickom jazyku

Savitribai Phule Pune University

Network Security Protocols

Transcription:

Chapter 10 Network Security 10.1.

Chapter 10: Outline 10.1 INTRODUCTION 10.2 CONFIDENTIALITY 10.3 OTHER ASPECTS OF SECURITY 10.4 INTERNET SECURITY 10.5 FIREWALLS 10.2

Chapter 10: Objective We introduce network security. We discuss security goals, types of attacks, and services provided by network security. We introduce the first goal of security, confidentiality. We discuss symmetric-key ciphers and asymmetric-key ciphers. We discuss other aspects of security: message integrity, message authentication, digital signature, entity authentication, and key management. We apply what we have learned in the first three sections to the top three layers of the TCP/IP suite. Finally, we discuss firewalls: packet-filter and proxy. 10.3

10-1 INTRODUCTION Information is an asset that has a value like any other asset. As an asset, information needs to be secured from attacks. To be secured, information needs to be hidden from unauthorized access (confidentiality), protected from unauthorized change (integrity), and available to an authorized entity when it is needed (availability). 10.4

10.1.1 Security Goals Let us first discuss three security goals: Confidentiality Integrity Availability 10.5

10.1.2 Attacks Our three goals of security, confidentiality, integrity, and availability, can be threatened by security attacks. Although the literature uses different approaches to categorizing the attacks, we divide them into three groups related to the security goals. Figure 10.1 shows the taxonomy. 10.6

10.1.2 (continued) Attacks Threatening Confidentiality Snooping Traffic Analysis Attacks Threatening Integrity Modification Masquerading Replaying Repudiation Attacks Threatening Availability Denial of Service 10.7

Figure 10.1: Taxonomy of attacks with relation to security goals 10.8

10.1.3 Services and Techniques ITU-T defines some security services to achieve security goals and prevent attacks. Each of these services is designed to prevent one or more attacks while maintaining security goals. The actual implementation of security goals needs some techniques. Two techniques are prevalent today: Cryptography Steganography 10.9

10-2 CONFIDENTIALITY We now look at the first goal of security, confidentiality. Confidentiality can be achieved using ciphers. Ciphers can be divided into two broad categories: symmetric-key and asymmetric-key. 10.10

10.2.1 Symmetric-Key Ciphers A symmetric-key cipher uses the same key for both encryption and decryption, and the key can be used for bidirectional communication, which is why it is called symmetric. Figure 10.2 shows the general idea behind a symmetric-key cipher. 10.11

10.2.1 (continued) Traditional Symmetric-Key Ciphers Substitution Ciphers Transposition Ciphers Stream and Block Ciphers Modern Symmetric-Key Ciphers Modern Block Ciphers Data Encryption Standard (DES) Modern Stream Ciphers 10.12

Figure 10.2: General idea of a symmetric-key cipher 10.13

Figure 10.3: Symmetric-key encipherment as locking and unlocking with the same key 10.14

Figure 10.4: Representation of plaintext and ciphertext characters in modulo 26 10.15

Example 10.1 Use the additive cipher with key = 15 to encrypt the message hello. 10.16

Example 10.2 Use the additive cipher with key = 15 to decrypt the message WTAAD. 10.17

Figure 10.5: An example key for a monoalphabetic substitution cipher 10.18

Example 10.3 We can use the key in Figure 10.5 to encrypt the message 10.19

Example 10.4 Assume that Alice and Bob agreed to use an autokey cipher with initial key value k 1 = 12. Now Alice wants to send Bob the message Attack is today. The three occurrences of t are encrypted differently. 10.20

Figure 10.6: Transposition cipher 10.21

Figure 10.7: A modern block cipher 10.22

Figure 10.8: Components of a modern block cipher 10.23

Figure 10.9: General structure of DES 10.24

Figure 10.10: DES function 10.25

Figure 10.11: Key generation 10.26

Example 10.5 We choose a random plaintext block and a random key, and determine (using a program) what the ciphertext block would be (all in hexadecimal) as shown below. 10.27

Example 10.6 To check the effectiveness of DES when a single bit is changed in the input, we use two different plaintexts with only a single bit difference (in a program). The two ciphertexts are completely different without even changing the key. Although the two plaintext blocks differ only in the rightmost bit, the ciphertext blocks differ in 29 bits. 10.28

Figure 10.12: One-time pad 10.29

10.2.2 Asymmetric-Key Ciphers In previous sections we discussed symmetric-key ciphers. In this section, we start the discussion of asymmetric-key ciphers. Symmetric- and asymmetric-key ciphers will exist in parallel and continue to serve the community. We actually believe that they are complements of each other; the advantages of one can compensate for the disadvantages of the other. 10.30

10.2.2 (continued) General Idea Plaintext/Ciphertext Encryption/Decryption Need for Both RSA Cryptosystem Procedure Applications 10.31

Figure 10.13: Locking and unlocking in asymmetric-key cryptosystem 10.32

Figure 10.14: General idea of asymmetric-key cryptosystem 10.33

Figure 10.15: Encryption, decryption, and key generation in RSA 10.34

Example 10.7 For the sake of demonstration, let Bob choose 7 and 11 as p and q and calculate n = 7 11 = 77, φ(n) = (7 1)(11 1), or 60. If he chooses e to be 13, then d is 37. Note that e d mod 60 = 1. Now imagine that Alice wants to send the plaintext 5 to Bob. She uses the public exponent 13 to encrypt 5. This system is not safe because p and q are small. 10.35

Example 10.8 Here is a more realistic example calculated using a computer program in Java. We choose a 512-bit p and q, calculate n and φ(n). We then choose e and calculate d. Finally, we show the results of encryption and decryption. The integer p is a 159-digit number. 10.36

Example 10.8 (continued) 10.37

Example 10.8 (continued) 10.38

Example 10.8 (continued) 10.39

10-3 OTHER ASPECTS OF SECURITY The cryptography systems that we have studied so far provide confidentiality. However, in modern communication, we need to take care of other aspects of security, such as integrity, message and entity authentication, non-repudiation, and key management. We briefly discuss these issues in this section. 10.40

10.3.1 Message Integrity There are occasions where we may not even need secrecy but instead must have integrity: the message should remain unchanged. For example, Alice may write a will to distribute her estate upon her death. The will does not need to be encrypted. After her death, anyone can examine the will. The integrity of the will, however, needs to be preserved. Message and Message Digest Hash Functions 10.41

Figure 10.16: Message and digest Insecure channel Channel immune to change 10.42

10.3.2 Message Authentication A digest can be used to check the integrity of a message that the message has not been changed. To ensure the integrity of the message and the data origin authentication that Alice is the originator of the message, not somebody else we need to include a secret shared by Alice and Bob (that Eve does not possess) in the process; we need to create a message authentication code (MAC). HMAC 10.43

Figure 10.17: Message authentication code M + MAC Insecure channel 10.44

10.3.3 Digital Signature Another way to provide message integrity and message authentication (and some more security services, as we will see shortly) is a digital signature. A MAC uses a secret key to protect the digest; a digital signature uses a pair of privatepublic keys. 10.45

10.3.3 (continued) Comparison Inclusion Verification Method Relationship Duplicity Process Signing the Digest Services Message Authentication Message Integrity Non-repudiation 10.46

10.3.3 (continued) RSA Digital Signature Scheme Digital Signature Standard (DSS) 10.47

Figure 10.18: Digital signature process (M, S) 10.48

Figure 10.19: Signing the digest 10.49

Figure 10.20: Using a trusted center for non-repudiation (M, S A ) (M, S T ) 10.50

Figure 10.21: The RSA signature on the message digest 10.51

10.3.4 Entity Authentication Entity authentication is a technique designed to let one party verify the identity of another party. An entity can be a person, a process, a client, or a server. The entity whose identity needs to be proven is called the claimant; the party that tries to verify the identity of the claimant is called the verifier. 10.52

10.3.4 (continued) Entity versus Message Authentication Verification Categories Passwords Challenge-Response Using a Symmetric-Key Cipher Using an Asymmetric-Key Cipher Using Digital Signatures 10.53

Figure 10.22: Unidirectional, symmetric-key authentication 10.54

Figure 10.23: Unidirectional, asymmetric-key authentication 10.55

Figure 10.24: Digital signature, unidirectional authentication 10.56

10.3.5 Key Management We discussed symmetric-key and asymmetric-key cryptography in the previous sections. However, we have not yet discussed how secret keys in symmetric-key cryptography, and public keys in asymmetric-key cryptography, are distributed and maintained. This section touches on these two issues. 10.57

10.3.5 (continued) Symmetric-Key Distribution Key Distribution Center (KDC) Symmetric-Key Agreement Diffie-Hellman Key Agreement Public-Key Distribution Public Announcement Certification Authority X.509 10.58

Figure 10.25: Multiple KDCs 10.59

Figure 10.26: Creating a session key using KDC 10.60

Figure 10.27: Diffie-Hellman method 10.61

Example 10.9 Let us give a trivial example to make the procedure clear. Our example uses small numbers, but note that in a real situation, the numbers are very large. Assume that g = 7 and p = 23. The steps are as follows: 1. Alice chooses x = 3 and calculates R 1 = 7 3 mod 23 = 21. Bob chooses y = 6 and calculates R 2 = 7 6 mod 23 = 4. 2. Alice sends the number 21 to Bob. 10.62

Example 10.9 (continued) 3. Bob sends the number 4 to Alice. 4. Alice calculates the symmetric key K = 4 3 mod 23 = 18. Bob calculates the symmetric key K = 21 6 mod 23 = 18. Conclusion: The value of K is the same for both Alice and Bob; g xy mod p = 7 18 mod 23 = 18. 10.63

Figure 10.28: Certification authority 10.64

10-4 INTERNET SECURITY In this section, we discuss how the principles of cryptography are applied to the Internet. We discuss security in the application layer, transport layer, and network layer. Security at the data-link layer is normally a proprietary issue and is implemented by the designers of LANs and WANs. 10.65

10.4.1 Application-Layer Security This section discusses two protocols providing security services for e-mails: Pretty Good Privacy (PGP) and Secure/Multipurpose Internet Mail Extension (S/MIME). 10.66

10.4.1 (continued) E-mail Security Cryptographic Algorithms Cryptographic Secrets Certificates Pretty Good Privacy (PGP) Scenarios Segmentation Key Rings PGP Algorithms PGP Certificates and Trusted Model PGP Packets Applications of PGP 10.67

10.4.1 (continued) S/MIME Cryptographic Message Syntax (CMS) Key Management Cryptographic Algorithms Applications of S/MIME 10.68

Figure 10.29: A plaintext message 10.69

Figure 10.30: An authenticated message 10.70

Figure 10.31: A compressed message 10.71

Figure 10.32: A confidential message 10.72

Figure 10.33: Key rings in PGP 10.73

Figure 10.34: Trust model 10.74

Figure 10.35: Signed-data content type 10.75

Figure 10.36: Enveloped-data content type 10.76

Figure 10.37: Digested-data content type 10.77

Figure 10.38: Authenticated-data content type 10.78

Example 10.10 The following shows an example of an enveloped-data in which a small message is encrypted using triple DES.. 10.79

10.4.2 Transport-Layer Security Two protocols are dominant today for providing security at the transport layer: the Secure Sockets Layer (SSL) protocol and the Transport Layer Security (TLS) protocol. The latter is actually an IETF version of the former. We discuss SSL in this section; TLS is very similar. Figure 10.39 shows the position of SSL and TLS in the Internet model. 10.80

10.4.2 (continued) SSL Architecture Services Key Exchange Algorithms Encryption/Decryption Algorithms Hash Algorithms Cipher Suite Compression Algorithms Cryptographic Parameter Generation Sessions and Connections 10.81

10.4.2 (continued) Four Protocols Handshake Protocol ChangeCipherSpec Protocol Alert Protocol Record Protocol 10.82

Figure 10.39: Location of SSL and TLS in the Internet model 10.83

Figure 10.40: Calculation of master secret from pre-master secret 10.84

Figure 10.41: Calculation of key material from master secret 10.85

Figure 10.42: Extractions of cryptographic secrets from key material 10.86

Figure 10.43: Four SSL protocols 10.87

Figure 10.44: Handshake Protocol 10.88

Figure 10.45: Processing done by the Record Protocol 10.89

10.4.3 Network-Layer Security We need security at the network layer for three reasons. First, not all client/server programs are protected at the application layer. Second, not all client/server programs at the application layer use the services of TCP to be protected by the transport-layer security. Third, many applications, such as routing protocols, directly use the service of IP; they need security services at the IP layer. IP Security is a collection of protocols designed by the Internet Engineering 10.90

10.4.3 (continued) Two Modes Transport Mode Tunnel Mode Comparison Two Security Protocols Authentication Header (AH) Encapsulating Security Payload (ESP) IPv4 and IPv6 AH versus ESP 10.91

10.4.3 (continued) Services Provided by IPSec Access Control Message Integrity Entity Authentication Confidentiality Replay Attack Protection Security Association Idea of Security Association Security Association Database (SAD) Security Policy Security Policy Database 10.92

10.4.3 (continued) Internet Key Exchange (IKE) Virtual Private Network (VPN) 10.93

Figure 10.46: IPSec in transport mode 10.94

Figure 10.47: Transport mode in action 10.95

Figure 10.48: IPSec in tunnel mode 10.96

Figure 10.49: Tunnel mode in action 10.97

Figure 10.50: Transport mode versus tunnel mode 10.98

Figure 10.51: Authentication Header (AH) protocol 10.99

Figure 10.52: Encapsulating Security Payload (ESP) 10.100

Table 10.1: IPSec services 10.101

Figure 10.53: Simple SA 10.102

Figure 10.54: SAD 10.103

Figure 10.55: Security Policy Database 10.104

Figure 10.56: Outbound processing 10.105

Figure 10.57: Inbound processing 10.106

Figure 10.58: IKE components 10.107

Figure 10.59: Virtual private network 10.108

10-5 FIREWALLS All previous security measures cannot prevent Eve from sending a harmful message to a system. To control access to a system we need firewalls. A firewall is a device (usually a router or a computer) installed between the internal network of an organization and the rest of the Internet. It is designed to forward some packets and filter (not forward) others. 10.109

Figure 10.60: Firewall 10.110

10.5.1 Packet-Filter Firewalls A firewall can be used as a packet filter. It can forward or block packets based on the information in the network-layer and transport-layer headers: source and destination IP addresses, source and destination port addresses, and type of protocol (TCP or UDP). A packet-filter firewall is a router that uses a filtering table to decide which packets must be discarded (not forwarded). Figure 10.61 shows an example of a filtering table for this kind of a firewall. 10.111

Figure 10.61: Packet-filter firewall 10.112

10.5.2 Proxy Firewalls The packet-filter firewall is based on the information available in the network layer and transport layer headers (IP and TCP/UDP). However, sometimes we need to filter a message based on the information available in the message itself (at the application layer). One solution is to install a proxy computer to filter the messages. 10.113

Figure 10.62: Proxy firewall 10.114

Chapter 10: Summary The three goals of security can be threatened by security attacks. Two techniques have been devised to protect information against attacks: cryptography and steganography. In a symmetric-key cipher the same key is used for encryption and decryption, and the key can be used for bidirectional communication. We can divide traditional symmetric-key ciphers into two broad categories: substitution ciphers and transposition ciphers. In an asymmetric key cryptography there are two separate keys: one private and one public. Asymmetric-key cryptography means that Bob and Alice cannot use the same set of keys for two-way communication. 10.115

Chapter 10: Summary (continued) Other aspects of security include integrity, message authentication, entity authentication, and key management. The Pretty Good Privacy (PGP), invented by Phil Zimmermann, provides e-mail with privacy, integrity, and authentication. Another security service designed for electronic mail is Secure/Multipurpose Internet Mail Extension (S/MIME). A transport-layer security protocol provides end-to-end security services for applications that use the services of a reliable transport-layer protocol such as TCP. Two protocols are dominant today for providing security at the transport layer: Secure Sockets Layer (SSL) and Transport Layer Security (TLS). 10.116

Chapter 10: Summary (continued) IP Security (IPSec) is a collection of protocols designed by the IETF to provide security for a packet at the network level. IPSec operates in transport or tunnel mode. IPSec defines two protocols: Authentication Header (AH) Protocol and Encapsulating Security Payload (ESP) Protocol. A firewall is a device (usually a router or a computer) installed between the internal network of an organization and the rest of the Internet. It is designed to forward some packets and filter others. A firewall is usually classified as a packet-filter firewall or a proxy firewall. 10.117