Welcome to CS 336/536 Computer Network Security Please report to the professor. “This book focuses on internet security, which consists of measures to deter, prevent, detect, and correct security violations that involve transmission of information.”
Examples of Security Violations (page 3) What services do we need to compensate? Confidentiality (Data) Integrity Authentication (of participants) ? Non-repudiation
The Challenge of Computer Security (page 7): 1. Solutions not as simple as one-word labels suggest! 2. One must always consider potential attacks on security features. 3. Procedure used to provide particular services are often counterintuitive. 4. Having designed security mechanisms, where to use them? 5. Mechanisms require not only an algorithm, but also secret information. Omit Section 1.2 OSI Security Architecture
1.3 Security Attacks passive attacks: Reveals what Bob is saying to Alice An MIT Technology Report in 1979 used “Alice” and “Bob.” It became a tradition.
Reveals the fact that Bob is talking to Alice Passive attacks very difficult to detect – focus on prevention
Active attacks difficult to prevent – focus on detection and recovery (opposite of passive attacks).
1.4 Security Services ► Authentication (of participants) ► Access Control ► Data confidentiality Footnote page 14: “There is no universal agreement about many of the terms used in the security literature. ► Data integrity ► Non-repudiation ► Availability service
1.4 Security Services – continued ► Authentication This service assures the recipient that the message is from the source that it claims to be from. “Authentication of Participants” Watch for “man in the middle” ► Access Control This could be included under “Authentication of Participants”
1.4 Security Services – continued ► Data Confidentiality Protection of transmitted data from “eavesdropping” Expanded requirement: “traffic analysis” Attacker must not be able to observe source, destination, frequency, length of message stream
1.4 Security Services – continued ► Data Integrity Connectionless: Protects individual messages against tampering Connection-Oriented: Protects a stream of messages against modification (duplication, deletion, insertion, modification, reordering)
1.4 Security Services – continued ► Non-Repudiation not really an attack, but a desirable service ► Availability Service defense against denial-of-service attacks Omit section 1.5
1.6 A Model for Network Security Alice Bob Darth Figure 1.4 Model for Network Security
“All the techniques for providing security have two components: ► a security-related transformation on the information to be sent; ► some secret information shared by the two principals. A trusted third party may be needed to make secret sharing possible. Footnote page 19: In public-key cryptography only one of the two principals has the secret information
“Four basic tasks in designing a particular security service” 1. Algorithm for performing the security-related transformation 2. Generate secret to be used with #1 3. Method of distributing #2 between principals 4. Protocol to be used by the principals (protocol uses #1 and #2)
some threats do not fit into figure 1.4 – protection against “unwanted access.” ► viruses and worms ► unauthorized use of equipment Figure 1.5 Network Access Security Model We will not get into this in this course – our interest is in figure 1.4
Omit section 1.7 End of Chapter 1
Part One – CRYPTOGRAPHY Chapter 2 – Symmetric Encryption and Message Confidentiality “Symmetric encryption, also referred to as conventional encryption, secret-key, or single-key encryption, was the only type of encryption in use prior to the development of public-key encryption in the late 1970s. It remains by far the most widely used of the two types of encryption.” 2.1 Symmetric Encryption Principles
Recall Fig 1.4: Alice Bob Darth
Fig 2.1 “Five Ingredients” 1. Plaintext 2. Encryption algorithm 3. Secret key 4. ciphertext 5. Decryption algorithm (secret key)
The decryption algorithm is often the encryption algorithm “run in reverse” (not true for the Advanced Encryption Standard) Obviously, the encryption and decryption algorithms are inverse functions: C = EK ( P ) P = DK ( C ) P = DK [ EK ( P ) ]
Two requirements for secure use of symmetric encryption: 1. Strong encryption algorithm opponent who knows algorithm and has ciphertext (only) must be unable to recover plaintext extension: even if opponent has samples of plaintext, unable torecover further plaintext • Key • Sender and receiver must have obtained • copies of the secret key,and must keep it secret THE ALGORITHM IS NOT SECRET !!!
Cryptography Three independent dimensions: 1. type of operation * substitution * transposition Combinations used all operations must be reversible ! 2. number of keys used * 1 for “symmetric" cryptography * 2 for "public-key" cryptography • way in which plaintext is processed • * block ciphers (processed one block at a time) • * stream ciphers (can be decrypted while being received)
Substitution cipher – replace letter with next letter in alphabet (Caesar). Transposition cipher: key pad
Cryptanalysis “The process of attempting to discover the plaintext or key is known as cryptanalysis.”
Types of attack on encrypted messages (continued): Ciphertext only: - only ciphertext and algorithm known - exhaustive search of all possible keys (“brute force”) How do you know when you’ve won?
Types of attack on encrypted messages (continued): “Partially-known plaintext” E-mail headers: Hitler’s Birthday!
RSA challenges – known plaintext In 1999 a 56-bit key was cracked in 22 hours by EFF machine With known plaintext, you know when you’ve won!
Types of attack on encrypted messages(continued): During WEP authentication in wireless networks the access point sends to the station a message; The station encrypts the message and returns it to the access point; Both unencrypted and encrypted forms are easily visible.
Types of attack on encrypted messages(continued): Consider a wireless LAN, connected to the Internet and an attacker who can eavesdrop on the traffic within the LAN and who has access to an outside computer. Attacker can send chosen message from outside machine to inside machine, and observe encrypted form on the wireless link. Both unencrypted and encrypted forms are available to the attacker.
Boolean Logic OR ( “Inclusive OR” ) XOR (“exclusive OR”)
Boolean Logic XOR (“exclusive OR” Arithmetic ADD
Key Feistel Parameters: Block size (2w) Size of key K Number of rounds (n) Subkey generation algorithm (K1, etc.) Round function (F) Decryption: run in “reverse” Insert ciphertext at top, use nth subkey in first round.
“Two other considerations in the design of a symmetric block cipher:” ► Fast software encryption/decryption ► Ease of analysis ( ! ) 2.2 Symmetric Block Encryption Algorithms Data Encryption Standard
Data Encryption Standard (DES/DEA) is a minor variation on the Feistel structure. Block size: 64 bits Key length: 56 bits Number of rounds: 16 Sixteen subkeys generated from original key. Decryption: run in “reverse” – insert ciphertext at top, use sixteenth subkey in first round.
Strength & Weakness of Data Encryption Standard Strength: has been exhaustively studied – no known “holes” Weakness: 56-bit key length too short (in 1999 was cracked in 22 hours by EFF machine) In ciphertext-only situation, exhaustive key search is the only way – but how do you know when you’ve won?
Triple DES If 56-bit key is too short, but DES is a “solid” algorithm, just apply it two or three times with different keys!
Effective key length is 168 bits “There is no cryptographic significance to the use of decryption in the second stage” – gives compatibility with single-stage implementations. “It is easy to see that 3DES is a formidable algorithm”
However, 3DES is not a reasonable candidate for long-term use. The algorithm is relatively sluggish in software – the original DES was designed for mid-1970s hardware implementation. The 64-bit block length is too short – larger block lengths give better efficiency and security. On page 38, the heading “Advanced Encryption Standard” belongs 1/2 way down page.
Advanced Encryption Standard History In 1997 NIST issued a call for proposals for a new Advanced Encryption Standard AES), which should have a security strength the same as, or better than, 3DES and significantly improved efficiency. After extensive consideration of proposals, in 2001 the algorithm by Joan Daemen and Vincent Rijmen was chosen – known as “Rijndael.” The new AES is not a Feistel structure! Encryption and Decryption algorithms are different. Parameters: block length: 128 bits key length: 128, 192, or 256 bits (focus on 128) rounds: 10 stages: 4 The 128-bit key and the 128-bit blocks are expressed as 4-byte x 4-byte matrices, processed by column.