What can Trudy do?
– eavesdrop: intercept messages
– actively insert messages into connection
Copyright By PowCoder代写 加微信 powcoder
– impersonation: can fake (spoof) source address in packet (or any field in packet)
– hijacking: “take over” ongoing connection by removing sender or receiver, inserting himself in place
– denial of service: prevent service from being used by others (e.g., by overloading resources)
http://www.kb.cert.org/vuls/
Network Security
Internet security threats: eavesdrop
Packet sniffing:
– broadcast media (but can be done in switched fabric too!)
– promiscuous NIC reads all packets passing by
– can read all unencrypted data (e.g. passwords)
– e.g.: C sniffs B’s packets
– Wireshark on the LAN or WiFi
src:B dest:A
Internet Security Threats: Impersonation
IP Spoofing:
– can generate “raw” IP packets directly from application, putting any
value into IP source address field
– receiver can’t tell if source is spoofed
– e.g.: C pretends to be B
src:B dest:A payload
Internet Security Threats: DoS
Denial of service (DOS):
– flood of maliciously generated packets “swamp” receiver
– Distributed DOS (DDOS): multiple coordinated sources swamp receiver
– For example: Exploit protocol specific features and OS implementation decisions
● Exploit TCP connection’s three way handshake (SYN, SYNACK, ACK). – host C and remote host SYN-attack host A
● Remember: IP Fragmentation? …
● understand principles of network security: – cryptography and its many uses
● security in practice:
– application layer: secure e-mail
– transport layer: Internet commerce, SSL
– network layer: IP security (not examined)
Network Security
Friends and enemies: Alice, Bob, Trudy
● well-known in network security world
● Bob, Alice (lovers!) want to communicate “securely”
● Trudy (intruder) may intercept, delete, add messages, alter messages
data, control messages
secure sender
secure receiver
What is network security?
confidentiality: only sender, intended receiver should “understand” message contents
– sender encrypts message
– receiver decrypts message
authentication: sender, receiver want to confirm identity of each other
message integrity: sender, receiver want to ensure message not altered (in transit, or afterwards) without detection
access and availability: services must be accessible and available to users
Network Security
The language of cryptography
Alice’s KA encryption
Bob’s KBdecryption
ciphertext
encryption algorithm
m plaintext message
KA(m) ciphertext, encrypted with key KA m = KB(KA(m))
Network Security
decryption algorithm
KS message, m
Symmetric key cryptography
ciphertext K S (m)
m = KS(KS(m))
encryption algorithm
decryption algorithm
symmetric key crypto: Bob and Alice share same
(symmetric) key: K
Symmetric key cryptography
Substitution cipher: substituting one thing for another – monoalphabetic cipher: substitute one letter for another
plaintext: abcdefghijklmnopqrstuvwxyz
Ciphertext: mnbvcxzasdfghjklpoiuytrewq
Plaintext: bob. i love you. alice
ciphertext: nkn. s gktc wky. mgsbc
Symmetric key cryptography
Substitution cipher: substituting one thing for another – monoalphabetic cipher: substitute one letter for another
plaintext: abcdefghijklmnopqrstuvwxyz
Ciphertext: mnbvcxzasdfghjklpoiuytrewq
Plaintext: bob. i love you. alice
ciphertext: nkn. s gktc wky. mgsbc
Encryption key?
Symmetric key cryptography
Substitution cipher: substituting one thing for another – monoalphabetic cipher: substitute one letter for another
plaintext: abcdefghijklmnopqrstuvwxyz
Ciphertext: mnbvcxzasdfghjklpoiuytrewq
Plaintext: bob. i love you. alice
ciphertext: nkn. s gktc wky. mgsbc
Encryption key: mapping from set of 26 letters to set of 26 letters
Symmetric key cryptography
Substitution cipher: substituting one thing for another – monoalphabetic cipher: substitute one letter for another
plaintext: abcdefghijklmnopqrstuvwxyz
Ciphertext: mnbvcxzasdfghjklpoiuytrewq
Plaintext: bob. i love you. alice
ciphertext: nkn. s gktc wky. mgsbc
Encryption key: mapping from set of 26 letters to set of 26 letters
Q: How hard to break this simple cipher?: •brute force (how hard?)
Symmetric key cryptography
Substitution cipher: substituting one thing for another – monoalphabetic cipher: substitute one letter for another
plaintext: abcdefghijklmnopqrstuvwxyz
Ciphertext: mnbvcxzasdfghjklpoiuytrewq
Q: How hard to break this simple cipher?: •brute force (how hard?)
Modern examples: AES (128, 192, 256), 3DES, RC4
Plaintext: bob. i love you. alice
ciphertext: nkn. s gktc wky. mgsbc
Public Key Cryptography
symmetric key crypto
● requires sender, receiver know shared secret key
● Q: how to agree on key in first place (particularly if never “met”)?
symmetric key crypto
requires sender, receiver know shared secret key
Q: how to agree on key in first place (particularly if never “met”)?
Public Key Cryptography
public key crypto
radically different approach [Diffie- Hellman76, RSA78]
sender, receiver do not share secret key
public encryption key known to all
private decryption key known only to receiver
Public key cryptography
KB- Bob’sprivate key
Bob’s public key
encryption algorithm
plaintext ciphertext
decryption algorithm
message, m
m=K (K (m))
requirements:
Public key encryption algorithms
need K ( ) and K ( ) such that
K (K (m)) = m
impossible to compute private
given public key K , it should be B
Modern examples: RSA: Rivest, Shamir, Adelson algorithm (1024), Elliptic Curve Cryptography
RSA: another important property
The following property will be very useful later:
K-(K+(m)) = m =
use public key first, followed by private key
use private key first, followed by public key
result is the same!
RSA in practice: session keys
session key, KS
● Bob and Alice use RSA to exchange a symmetric key KS
once both have KS, they use symmetric key cryptography
Network Security
Security Services: Authentication
Goal: Bob wants Alice to “prove” her identity to him Protocol ap1.0: Alice says “I am Alice”
“I am Alice”
Failure scenario??
Security Services: Authentication
Goal: Bob wants Alice to “prove” her identity to him Protocol ap1.0: Alice says “I am Alice”
“I am Alice”
in a network,
Bob can not “see” Alice, so Trudy simply declares herself to be Alice
Authentication: another try
Protocol ap2.0: Alice says “I am Alice” in an IP packet containing her source IP address
Alice’s IP address
“I am Alice”
Failure scenario??
Network Security
Authentication: another try
Protocol ap2.0: Alice says “I am Alice” in an IP packet containing her source IP address
Trudy can create a packet “spoofing” Alice’s address
Alice’s IP address
“I am Alice”
Network Security
Authentication: another try
Protocol ap3.0: Alice says “I am Alice” and sends her secret password to “prove” it.
Alice’s IP addr
Alice’s password
“I’m Alice”
Alice’s IP addr
Failure scenario??
Network Security
Authentication: another try
Protocol ap3.0: Alice says “I am Alice” and sends her secret password to “prove” it.
Alice’s IP addr
Alice’s password
“I’m Alice”
playback attack: Trudy records Alice’s packet and later
plays it back to ’s IP addr
Alice’s IP addr
Alice’s password
“I’m Alice”
Network Security
Authentication: yet another try
Protocol ap3.1: Alice says “I am Alice” and sends her encrypted secret password to “prove” it.
Alice’s IP addr
encrypted password
“I’m Alice”
Alice’s IP addr
Failure scenario??
Network Security
Authentication: yet another try
Protocol ap3.1: Alice says “I am Alice” and sends her encrypted secret password to “prove” it.
record and playback still works!
What can we do?
Alice’s IP addr
encrypted password
“I’m Alice”
Alice’s IP addr
Alice’s IP addr
encrypted password
“I’m Alice”
Authentication: yet another try
Goal: avoid playback attack
nonce: number (R) used only once-in-a-lifetime
ap4.0: to prove Alice “live”, Bob sends Alice nonce, R. Alice must return R, encrypted with shared secret key
“I am Alice” R
can we authenticate using public key techniques?
Alice is live, and only Alice knows key to encrypt nonce, so it must be Alice!
ap4.0 requires shared symmetric key
● can we authenticate using public key techniques? ap5.0: use nonce, public key cryptography
“I am Alice” R
Bob computes
K +(K – (R)) = R AA
Authentication: ap5.0
and knows only Alice could
“send me your public key” K A+
Failures, drawbacks?
have the private key, that encrypted R such that
A (KA(R)) = R
ap5.0: security hole
man (or woman) in the middle attack: Trudy poses as Alice (to Bob) and as Bob (to Alice)
I am am – (R)
Send me your public key
Send me your public key K+
Trudy gets
m=K (K (m))
sends m to Alice encrypted with Alice’s public key
m=K (K (m))
ap5.0: security hole
man (or woman) in the middle attack: Trudy poses as Alice (to Bob) and as Bob (to Alice)
difficult to detect:
Bob receives everything that Alice sends, and vice versa. (e.g., so Bob, Alice can meet one week later and recall conversation!)
problem is that Trudy receives all messages as well! Need “certified” public keys
Digital signatures
cryptographic technique analogous to hand-written signatures:
● sender (Bob) digitally signs document, establishing he is document owner/creator.
● verifiable, nonforgeable: recipient (Alice) can prove to someone that Bob, and no one else (including Alice), must have signed document
Network Security
simple digital signature for message m:
Bob signs m by encrypting with his private key K ,
creating “signed” message, KB(m)
Bob’s message, m
KB- Bob’sprivate key
Digital signatures
Dear Alice
Oh, how I have missed you. I think of you all the time! …(blah blah blah)
’s message, m, signed (encrypted) with his private key
Public key encryption algorithm
Network Security
Alice thus verifies that:
Bob signed m
no one else signed m
Bob signed m and not m‘
Thus allows non-repudiation :
Alice can take m, and signature K- (m) to court and
prove that Bob signed m
If KB(KB(m) ) = m, whoever signed m must have used Bob’s private key.
Digital signatures
suppose Alice receives msg m, with signature: m, KB(m)
Alice verifies m signed by Bob by applying Bob’s public key KB
to KB(m) then checks KB(KB(m) ) = m.
Message is verifiable and nonforgeable
Message digests
computationally expensive to public-key-encrypt long messages
need: fixed-length, easy- to- compute digital “fingerprint”
● apply hash function H to m, get fixed size message digest, H(m).
Hash function properties:
large message m
H: Hash Function
produces fixed-size msg digest (fingerprint)
computationally expensive to public-key-encrypt long messages
need: fixed-length, easy- to- compute digital “fingerprint”
apply hash function H to
m, get fixed size message digest, H(m).
large message m
Message digests
Hash function properties:
produces fixed-size msg digest (fingerprint)
given message digest x, computationally infeasible to find m such that x = H(m)
H: Hash Function
Internet checksum: poor crypto hash function
Internet checksum has some properties of hash function: produces fixed length digest (16-bit sum) of message is many-to-one
But given message with given hash value, it is easy to find another message with same hash value:
I O U 1 0 0 . 9 9 B O B
ASCII format
49 4F 55 31 30 30 2E 39 39 42 D2 42
B2 C1 D2 AC
I O U 9 0 0 . 1 9 B O B
different messages but identical checksums!
ASCII format
49 4F 55 39 30 30 2E 31 39 42 D2 42
B2 C1 D2 AC
Network Security
Need to be vigilant
● In Aug 2004
– MD-5 (computes a 128 bit hash) found to be vulnerable!
● Can find m’ such that MD5(m) = MD5(m’)
– NOT a threat to its use, however as m’ is weird
compared to m (bears no useful relationship)
● SHA-2 (US federal standard) is considered as more secure
– However it might have a similar vulnerability to SHA-1 (2005 attack)
– We need to keep our eyes open!
Digital signature = signed message digest
Bob sends digitally signed message:
Alice verifies signature, integrity of digitally signed message:
large message m
H: Hash function
Bob’s private key
Bob’s public key
Network Security
msg digest –
digital signature (encrypt)
large message m
digital signature (decrypt)
msg digest –
H: Hash function
Recall: ap5.0 security hole
man (or woman) in the middle attack: Trudy poses as Alice (to Bob) and as Bob (to Alice)
I am am – (R)
Send me your public key
Send me your public key K+
m=K (K (m))
sends m to Alice encrypted with Alice’s public key
Trudy gets
m=K (K (m))
Certification authorities
certification authority (CA): binds public key to particular entity, E.
E (person, router) registers its public key with CA.
E provides “proof of identity” to CA.
CA creates certificate binding E to its public key.
certificate containing E’s public key digitally signed by CA – CA says “this is E’s public key”
Bob’s public K+
certificate for Bob’s public key, signed by CA
digital signature (encrypt)
Bob’s identifying information
CA private K –
key CA Network Security
Certification authorities
● when Alice wants Bob’s public key:
– gets Bob’s certificate (Bob or elsewhere).
– apply CA’s public key to Bob’s certificate, get Bob’s public key
Bob’s K+ public B key
digital signature (decrypt)
CA public key
Network Security
Secure email
Alice wants to send secret e-mail message, m, to Bob.
We want confidentiality: encrypt messages (symm. Or public ?)
Alice wants to send secret e-mail message, m, to Bob.
We want confidentiality: encrypt messages (symm. Or public ?)
Secure email
• generates random symmetric private key, KS. (session key) • encrypts message with KS
• Problem?
• Key Distribution Problem!
Secure e-mail (continued)
Alice wants to provide sender authentication & message integrity
K – ( .) A
KA(H(m)) +
KA(H(m)) –
Alice digitally signs message
sends both message (in the clear) and digital signature
Network Security
Secure e-mail (continued)
Alice wants to provide confidentiality, sender authentication, message integrity.
+ K S ( .) m+
K – ( .) A
H( ) KA(H(m)) KS
Alice uses three keys: her private key, Bob’s public key, newly created symmetric key
Network Security
程序代写 CS代考 加微信: powcoder QQ: 1823890830 Email: powcoder@163.com