3/12/2021
1
CS 118 Discussion Week 10: Mobility and Security
Slides by Eric Newberry, UCLA Winter 2021
Reminders and Announcements
• Project 2 and Homework 4 are due at 11:59pm today!
• Please turn something in for partial credit even if it doesn’t check every box!
• “Triage” your remaining time – get regular forwarding working before trying ICMP (and save a copy of your code before this point as a backup)
• We are allowing late submissions through Sunday at 11:59pm Pacific (note that daylight saving time begins Sunday as well!)
• Lateness penalty is -15% per day or partial day late.
• Course evals are due tomorrow at 8am PST
• Final exam will be assigned on Thursday, March 18
• Similar format to midterm (X hours to do it within a 24-hour period)
3/12/2021 2
General Mobility Approaches
• Cellular
• Register with home carriertracks your general location
• When visiting other carrier network w/ agreement with your home carrier • Registerusingyourhomenetworkcredentials
• Traditional computing environments
• No concept of “home” network for your average laptop
• Have to use different credentials to connect to each network (e.g., WiFi passwords)
• Sometimes there is unified authentication infrastructure, e.g., Eduroam
3/12/2021
3
Mobility Approach: Indirect Routing
• As you move, register your current location (IP address) with your “home network”
• Senders will send data to home network
• Then, home network will forward data on to your current location
• When you respond to sender, send packet directly to them • Use your home network address as source address
• Also called “triangle routing”
• A bit inefficient since traffic must be forwarded twice
• But transparent (and therefore easier) to outside senders
3/12/2021 4
Mobility Approach: Direct Routing
• When sender attempts to communicate with a mobile host, host’s home network will inform of host’s current IP address
• Sender will then send traffic directly to host’s current IP address
• More efficient routing (send directly instead of indirectly)
• However, sender must learn location of mobile host
• Additionally, if mobile host moves, correspondent must be able to respond by getting new mobile host IP address
3/12/2021 5
3/12/2021
6
Securing Computer Networks
“CIA” – The Core Principles of Security
• Confidentiality
• Only sender and receiver(s) should be able to known message contents
• Integrity
• Message should not be able to be surreptitiously altered in transit
• Availability
• Users must be able to use services
• (not a principle, but important) Authentication
• Sender and receiver should be able to verify each other’s identities
3/12/2021 7
Symmetric Key Cryptography
Alice’s
KA encryption KB
plaintext ciphertext
m: plaintext message
KA(m): ciphertext, encrypted with key KA m = KB(KA(m))
key
Bob’s decryption key
plaintext
encryption algorithm
decryption algorithm
3/12/2021
From slides by Kurose & Ross
8
Symmetric Key Cryptography
• Same key is used to encrypt and decrypt • “Substitution Cipher”
• Both parties have a pre-shared substitution table
• Sender uses table to substitute letters one way
• Receiver uses table to reverse substitution
Input
Output
A
Z
B
Y
C
X
D
W
E
V
F
U
…
…
3/12/2021 9
Substitution Cipher
Encryption: Shift by two letters to the right
Decryption: Shift by two letters to the left (“symmetric”)
Plaintext: TWO PLUS TWO EQUALS FOUR Ciphertext:
Ciphertext: GVJGTPGV Plaintext:
3/12/2021 10
More Complex Symmetric Cryptograhpy
• Data Encryption Standard (DES)
• Small key size (56-bits)
• Very insecure with modern processing speeds
• Advanced Encryption Standard (AES) • Key size: 128-bits, 192-bits, or 256-bits
• Comparison:
• Brute force DES key in approx. 1 second • Brute force AES key in approx. 149 x 10
3/12/2021 11
Public Key Cryptography
• Symmetric has one key for both encrypting and decrypting
• Instead, use a different key for each function!
• Give out public key, which can only encrypt
• Keep safe private key, which can only decrypt
• => Anyone can encrypt data to send to you, only you can decrypt it
• (Side note: digital signatures use reverse: sign w/ private key, validate
w/ public key)
3/12/2021 12
Public Key Cryptography
plaintext message, m
Bob’s public key K -B Bob’s private key
ciphertext plaintext KB+(m) m = KB- (KB+ (m))
From slides by Kurose & Ross
+ KB
encryption algorithm
decryption algorithm
3/12/2021
13
Public Key vs. Symmetric
• Public key never needs to “move” a secret key to the other end
• Meanwhile, need a mechanism to securely share the secret key in symmetric
• Public key keeps communication between all pairs of parties secret (only recipient can decrypt communications directly to them)
• Meanwhile, anyone with the key can decrypt in symmetric
• However, public key is significantly slower (more mathematically
complex)
• Real world solution: use public-key to securely share a symmetric key • Then use this symmetric key for the communication session
• RSA!
3/12/2021 14
RSA: Rivest-Shamir-Adelson
• How do we construct a key pair so that the public key cannot be used to compute the private key?
• Essentially:
• Choose two very large (e.g., 1024-bit) prime numbers p and q
• Compute n = pq, z = (p-1)(q-1)
• Choose e