1 / 126

INFO 331 Computer Networking Technology II

INFO 331 Computer Networking Technology II. Chapter 8 Security Glenn Booker. Security in Networks. Any two nodes (hosts, routers, etc.) might need to exchange data securely

garrison-pearson
Télécharger la présentation

INFO 331 Computer Networking Technology II

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. INFO 331Computer Networking Technology II Chapter 8 Security Glenn Booker INFO 331 Chapter 8

  2. Security in Networks • Any two nodes (hosts, routers, etc.) might need to exchange data securely • Secure email, transfer routing tables, military secrets, private data (SSN, Visa), DNS servers, etc. all need secure communication • Security has many aspects • End-point Authentication: If Bob and Carol are communicating, how do they know it’s really Bob and Carol? INFO 331 Chapter 8

  3. Security in Networks • Confidentiality: How do we keep others from reading their exchange? • Message integrity: How do we ensure a message isn’t changed en route? • Nonrepudiation: How can we prove a message was sent be a specific sender? • Operational security: How do we protect the network infrastructure from things like denial of service (DoS) attacks or hackers? INFO 331 Chapter 8

  4. Basic Defense Strategy • In any kind of security approach, we need to consider three aspects in our strategy • Prevent: Protect the network to make it harder for an attack to take place • Detect: How do you know if you’ve been attacked? • Often very difficult in networking • Mitigate: As or after an attack happens, how do you minimize the damage it did? INFO 331 Chapter 8

  5. Non-network Example • Consider the problem of a bomb on a plane • Prevent: might prevent the problem by 1) scanning luggage and passengers, 2) requiring security checks for airport employees, and 3) controlling access to planes on the ground • Detect: detect the problem by 1) a bomb going off, or 2) someone identifying they have a bomb • Mitigate: Reduce damage by 1) reducing altitude before the bomb goes off, 2) design the plane to avoid duplicate systems next to each other INFO 331 Chapter 8

  6. Non-network Example • This illustrates some important principles • Security costs effort and money • Security is often inconvenient, even annoying • Security measures often directly reduce productivity • Security often affects systems beyond the immediately obvious ones • Design of the system is often affected by security risks, even if they are rare events INFO 331 Chapter 8

  7. Security vs classification • In discussing security, the notion of classification (e.g. Confidential, Secret, Top Secret, etc.) can emerge • Systems to handle classified material are known as ‘trusted’ systems – look for that keyword • Often based on old standards such as the Rainbow Series’ Orange Book INFO 331 Chapter 8

  8. Passive Intruder • Going back to Bob and Carol, what happens if someone is listening to their exchange? • A passive intruder could • Eavesdrop – listen to and record the secure exchange • Modify, insert, or delete messages that Bob and Carol were trying to exchange • Could lead to stealing data, impersonating another user, hijacking a session or causing DoS INFO 331 Chapter 8

  9. Cryptography • Codes for communication go back millennia • There are tons of resources on the subject: • RSA, NIST Computer Security Resource Center • The CERT Coordination Center • A plain (or clear) text message (e.g. “Sell IBM stock now!”) is encrypted into cipher text (which is illegible) using an encryption algorithm, KA • The key is an input to the algorithm (= cipher) • (Plain text + key)  via algorithm  ciphertext INFO 331 Chapter 8

  10. Cryptography • At the receiving end, the cipher text is turned back into plain text using a decryption algorithm, KB) INFO 331 Chapter 8

  11. Keys • A key is a string of characters, numbers, and other ASCII symbols that feeds into the encryption and decryption algorithms • The longer the key (in bits), the harder it is to break • DES uses a 56-bit key • RC5-64 is a 64-bit key, RC5-72 is 72-bit • RSA and AES use up to 128-bit keys • PGP uses up to 4096-bit keys (great crypto paper) INFO 331 Chapter 8

  12. Keys • There are two major encryption approaches – symmetric key and public key • Symmetric key means that KA = KB • The same key is used by both sender and receiver • Public key encryption requires a public key that anyone can know, plus different private keys for sender and receiver • Public key requires longer keys for equal security INFO 331 Chapter 8

  13. Block vs Stream • Another is whether each character is coded individually (stream cipher), or a group of characters are coded together (block cipher) • Stream cipher examples include Caesar’s code, the WWII Enigma machine, and WEP (Wired Equivalent Privacy) • Block ciphers are very common (AES, RSA, etc.) • Block sizes are typically 64 or 128 bits INFO 331 Chapter 8

  14. Cipher-Block Chaining (CBC) • Repeated phrases, like ‘HTTP/1.1’ produce the same string when encrypted, making it easier to guess their meaning • Send a 64-bit Initialization Vector (IV) first • Encrypt and send (first block of text XOR IV) • For each subsequent block, encrypt and send (previous block XOR current clear text) • This keeps duplicate blocks from appearing that way INFO 331 Chapter 8

  15. Key Breaking Approaches • There are three ways to approach breaking an encrypted message • Cipher-text-only attack – you only have the ciphertext, and little or no clue what it contains • Known-plaintext attack – when some of the message contents are known, such as certain names, words or phrases that should appear • Chosen-plaintext attack – when you can feed text (‘The quick brown fox jumps over the lazy dog’) into the cipher, and see what it produces INFO 331 Chapter 8

  16. Symmetric Key Crypto • The Caesar cipher was very simple • Just move the alphabet down some number of characters, ‘k’ • A  G (for k = 6) • Then B  H, C  I, D  J, etc. • Wrap around when you get to T  Z, U  A • If you know this is the type of cipher, there are only 25 different possible keys! INFO 331 Chapter 8

  17. Symmetric Key Crypto • Improve on this with a monoalphabetic cipher • Each letter corresponds to some other letter, but they aren’t in order • A  V, B  L, C  R, or whatever • This makes 26! (= 4.03E26 or 4.03x1026) key combinations in theory, but patterns of common words make it a lot easier to break than that would suggest INFO 331 Chapter 8

  18. Symmetric Key Crypto • Improve on the Caesar cipher with a polyalphabetic cipher (encryption) • Use multiple ciphers in a fixed pattern throughout the message, such as two Caesar ciphers with different offsets (k values) • E.g. follow a pattern of “C1 C2 C2 C1 C2” where C1 uses k=5 and C2 uses k=19 • Hence need to know pattern and k values INFO 331 Chapter 8

  19. DES • The Data Encryption Standard (DES) was invented in 1977, and updated in 1993 • It is symmetric, uses 64-bit blocks, and nominally a 64-bit key • Ok, only 56 bits of the key are usable – the rest is for parity checks 2^56 = 72E15 possible keys • How DES works is very messy • The 64 bits in a block are permuted, go through 16 cycles of math operations, and get permuted again at the end INFO 331 Chapter 8

  20. DES • Each of the 48-bit keys (K1 to K16) are different parts of the overall 56-bit key INFO 331 Chapter 8

  21. DES Code-Breaking Tests • In 1997 it took under four months to break a DES-encrypted message by brute force (keep trying keys until one works) • In February 1998 it took 41 days • In July 1998 it took 56 hours • In January 1999 it took 22.25 hours, though using nearly 100,000 PC’s INFO 331 Chapter 8

  22. Triple-DES • Ok, so DES isn’t perfect • Triple-DES (3DES) runs DES three times with different keys • Makes for a 168-bit key! • Used for PPP encryption INFO 331 Chapter 8

  23. AES • The Advanced Encryption Standard (AES) was proposed in 2001 to replace DES • Uses symmetric encryption with 128-bit blocks • Keys can be 128, 192, or 256 bits long • NIST claims if a computer could crack 56-bit DES in one second, it would take 149 trillion years to break 128-bit AES INFO 331 Chapter 8

  24. AES • AES, 3DES, and Skipjack are all recognized Federal Information Processing Standards (FIPS) • Skipjack was used on the Clipper chip for hardware security; uses a 64-bit key from an 80-bit cryptovariable INFO 331 Chapter 8

  25. Public Key Encryption • So all this symmetric key stuff is good, but how to you exchange the keys securely? • Easier if we can show part of our key publicly • First public key approach was the 1976 Diffie-Hellman Key Exchange algorithm • Sender and receiver have public keys • Each receiver also uses a private keyto decrypt a message INFO 331 Chapter 8

  26. Public Key Encryption Why does this provide confidentiality? INFO 331 Chapter 8

  27. Public Key Encryption • Two main concerns with public key ciphers • An intruder can easily know a receiver’s public key, and the encryption method, so a chosen-plaintext attack is possible • Hence private keys, and verifying the sender of a message are critical – the digital signature • The best known public key algorithm is RSA • Named for Rivest, Shamir, and Adleman INFO 331 Chapter 8

  28. RSA • RSA works like this • Pick two large prime numbers, p and q • Want pq> 1024 for corporate use, pq>768 for lesser security • Let n = pq, and z = (p-1)(q-1) • Choose e < n which has no factors in common with z • Find d such that (ed-1)/z is an integer • The public key is (n,e); the private key is (n,d) INFO 331 Chapter 8

  29. RSA • To use this, take a plaintext message m • The ciphertext is c = (m^e)*mod (n) • This is the integer remainder when m^e is divided by n • The receiver gets c, and decodes the message using m = (c^d) mod n • So n and e are used for encryption; n and d are used for decryption INFO 331 Chapter 8

  30. RSA • So the theory isn’t too weird, just tedious because of the large numbers involved • Finding large prime numbers is a critical element of many crypto schemes • RSA is no exception • Also important is how to choose d and e • Such issues are beyond our scope here INFO 331 Chapter 8

  31. RSA vs DES • RSA is 100 times slower than DES in software, and 1000 to 10,000 times slower than DES in hardware • Hence RSA is often used with DES or AES • For example, a DES session key KS can be sent via public RSA key, and then the rest of the transmission can be done using DES INFO 331 Chapter 8

  32. Why does RSA work? • The trick is that p and q are prime, so • 1 = mod (p-1)(q-1) = mod z • And we chose ed so that (ed-1)/z has no remainder, hence ed mod (z) = 1 • Encryption followed by decryption of message m therefore gives • (m^e)^d = m^1 mod n = m (the original message) INFO 331 Chapter 8

  33. RSA • RSA also works because there is no fast way (yet?) to factor a large number n into the primes p and q • If you could do that, the private key d could be determined from the public key e, and RSA would be sunk INFO 331 Chapter 8

  34. Message Integrity • In our legal system, a competent adult can use their written signature to affirm a contract • Whether paying for lunch on a credit card, or signing a law into existence, the effect is similar • A digital signature does the same thing online • Need to verify that the signature came from the person claimed, and only that person • Need it verifiable, non-forgeable and not alterable • Use public key crypto to do this INFO 331 Chapter 8

  35. Digital Signature • For Fred to sign a message, m, he applies his private key to encrypt the message • The result is the signed message • To recover the message, apply his public key • Yes, this is the reverse of the way to send an encrypted message • Which was use the public key to create cipher text, then use the private key to decode it INFO 331 Chapter 8

  36. Digital Signature • Why does this work backward? • The application of public and private keys is just math operations – in this case, doing them in either order results in recovering the original message • Since only Fred knows his private key (we hope!), that proves the message was generated by him • Don’t share a private key – EVER!!! INFO 331 Chapter 8

  37. Message Digests • Digital signatures are very computationally expensive • Want a way for large volumes of data to verify the sender of a message, and make sure the data wasn’t changed • A message digest does this, while being cheaper than a full blown digital signature • A message digest is a cryptographichash function, like checksums and CRC codes INFO 331 Chapter 8

  38. Message Digests • To create a message digest • For a message, m, compute the hash function H(m) • Sign H(m) with your private key, KB-(H(m)) • Send the unaltered message, m, with the encoded hash function • The recipient applies the public key KB+( KB-( H(m) ) ) to recover the hash function that came with the message INFO 331 Chapter 8

  39. Message Digests • The recipient evaluates the hash function with the message received • If the message’s hash function agrees with the hash function they calculate for the message, it proves the message wasn’t altered • A hash function creates a string of fixed size • Must be infeasible to get the same hash function for any two input messages H(m) = H(n) • Consider it like a really fancy checksum INFO 331 Chapter 8

  40. Message Digests • To improve on this approach, create the hash of the message (m) AND a secret authentication key (s) • H(m+s) = a Message Authentication Code, MAC • This MAC is unrelated to the link layer MAC address • HMAC (noted later) is a popular standard for generating MACs Is a MAC encrypted? INFO 331 Chapter 8

  41. Message Digests • So two mechanisms are used in the message digest • The application of private and public keys is used “to verify the sender of a message” • The hash function is used to “make sure the data wasn’t changed” • The MD5 algorithm (Ron Rivest) is widely used for creating 128-bit message digests • See RFC 1321, if really bored on a long flight INFO 331 Chapter 8

  42. Message Digests • If MD5 isn’t good enough for you, try SHA-1, which has a 160-bit message digest • Based on MD4 (which preceded MD5) • Stands for Secure Hash Algorithm, defined by FIPS 180-2 • SHA can handle message sizes up to 264 or 2128 bits (that’s 1.8E19 or 3.4E38 bits) • Still not secure enough? • SHA-512 has, yes, 512-bit message digests INFO 331 Chapter 8

  43. Key Distribution & Certification • Both symmetric and public key crypto desperately need to control access to keys • They require a trusted intermediary • For symmetric key crypto, that role is the Key Distribution Center (KDC) • MIT’s Kerberos is a classic example • For public key crypto, that role is the Certification Authority (CA) INFO 331 Chapter 8

  44. Key Distribution Center (KDC) • Two people (Alice, Bob) on a public network can use symmetric key crypto via a KDC • Each user has a personal secret key registered with the KDC • Here call them KA-KDC and KB-KDC • Alice uses her secret key to tell the KDC she wants to talk to Bob • The KDC sends her a one-time session key, R1, and that key coded using Bob’s secret key (!) INFO 331 Chapter 8

  45. Key Distribution Center (KDC) • Alice now knows the one-time session key, and sends the encrypted key to Bob • Bob decodes it, and now also knows the one-time session key • Now Alice and Bob can communicate securely using R1 • Sneaky, huh? • The critical (and risky) part is that the KDC knows everyone’s secret key INFO 331 Chapter 8

  46. Key Distribution Center (KDC) INFO 331 Chapter 8

  47. Public Key Certification • Public keys can be made available many places • Email signature lines, web pages, or put in a public key server • But if I tell you XYZ123 is my public key, how do you know it’s really mine, and not someone else’s? • That’s the role of public key certification – to verify the identity of a public key INFO 331 Chapter 8

  48. Certification Authority (CA) • A Certification Authority (CA) binds a public key to a particular person (entity) • The CA’s rules are simple • A CA must use some means to verify a person’s identity (the rules vary!) • The CA creates a digitally signed certificate which binds the person to the public key • The CA must have a public key which is well known (so they can’t be spoofed) INFO 331 Chapter 8

  49. Certification Authority (CA) • Example of using a CA • If you order a pizza from Drexel Pizza over email • They could see your public key at, say, the bottom of your email message • They use the public key of the CA to verify that really is YOUR public key • Once your public key is verified, the order can be placed INFO 331 Chapter 8

  50. Certification Authority (CA) • The ITU and IETF both have standards for certificate authorities • ITU X.509 and RFC 1422, respectively • Verisign is among the better known CAs INFO 331 Chapter 8

More Related