Security in Computer Networks Xiuduan Fang



Yüklə 412,5 Kb.
tarix05.10.2018
ölçüsü412,5 Kb.
#72291


Security in Computer Networks

  • Xiuduan Fang

  • Dept. of CS, UVa

  • Sept 27, 2004


Agenda

  • Introduction

  • Basic Security Techniques

  • Combinations of Basic Techniques

  • Security and Network Layers

  • Comparing IPSec, SSL/TLS, and SSH



Network Security-Issues

  • Confidentiality/Secrecy

  • – Data is only understandable to the communicating parties

  • Authentication

  • – Can you prove who you are?

  • Integrity

  • – Did you get the message I sent?

  • Non-repudiability

  • – Yes you did!



Network Security - Why is it difficult?

  • Complexity.

  • Resource sharing.

  • Unknown Perimeter.

  • Many points of attack.

  • Anonymity.

  • Unknown Paths.



Types of Attacks in Computer Systems



Agenda

  • Introduction

  • Basic Security Techniques

  • Combinations of Basic Techniques

  • Security and Network Layers

  • Comparing IPSec, SSL/TLS, and SSH



Basic Security Techniques

  • Hashing

  • Symmetric Key Cryptography

  • Diffie-Hellman Key Exchange

  • Public Key Cryptography



Hashing

  • Analogous to fingerprints

  • One Way Function

    • Given x it is “easy” to compute y = f (x)
    • Given y it is “hard” to compute x = f -1(y).


Hashing Principles

  • Can be applied to data of any length

  • Output is fixed length

  • One way function

    • Relatively easy to compute h(x), given x.
    • Infeasible to get x, given h(x).
  • Collision resistance

    • Weak collision resistance: given x, it is hard to find y  x such that H(y) = H(x).
    • Strong collision resistance: it is hard to find any pair x and y(y  x) such that H(y) = H(x).
  • The strength mostly depends on the size of the hash result



Hashing

  • Algorithms

    • MD5(16 Byte hash result)
    • SHA1(20 Byte hash result)
  • Note

    • Hashing alone can’t prove integrity
    • Hashing result is also called:
      • Hash, digest, fingerprint, analysis, message digest


Symmetric Key Cryptography Principles

  • Use a single secret key

  • The cipher text has almost the same size as the original message

  • Built on a shared secret or some random unpredictable data

  • The strength mostly depends on the key length

  • Encrypt large files fast and efficiently

  • Go by many names(session key, single key, bulk encryption)



Chopping

  • Chop the message into blocks

  • Perform math operations on each block



Initialization Vectors

  • Goal: making each repeated message unique

  • Approach: inserting some random data at the beginning of a new message



Chaining Mode

  • Chaining Mode controls how the encryption combines the results of encrypting many blocks in a single message



Cipher Block Chaining(CBC)

  • combines each block to be encrypted with the encryption of the previous block to hide pattern



Symmetric Key Encryption/Decryption Processes

  • Encryption Process

    • Pad the message to the nearest multiple of 8 bytes.
    • Add an initialization vector to the front of message
    • Use chaining to combine the results of the previous block
    • Encrypt each block of data sequentially


Symmetric Key Algorithms

  • DES, 3DES

  • Rijndael (AES Winner)

  • IDEA

  • Twofish

  • Blowfish

  • RC4, RC5, RC6

  • Serpent

  • MARS

  • Feal



Diffie-Hellman Key Exchange Properties

  • Allow 2 systems to build a shared secret

  • Use a large prime number P (“large” = 100digits+; the larger, the more secret)

  • Use a way function

    • Given G, P, and R1, computing
    • GR1 mod P = S1 is pretty easy
    • Given G, P, and S1, computing R1 is rather hard (Discrete logarithm)
  • Limitation: no authentication



Diffie-Hellman Key Exchange Algorithm

  • Choose public numbers: P (large prime number), G (<= P)

  • A generates random R1 and sends B:

  • S1 = GR1 mod P

  • B generates random R2 and sends A:

  • S2 = GR2 mod P

  • A calculates secret key:

  • K = (S2 ) R1 mod P = GR2R1 mod P

  • B calculates secret key:

  • K = (S1 ) R2 mod P = GR2R1 mod P



Diffie-Hellman Usage

  • Used in

    • SSL, SSH, IPSec, Cisco encrypting routers, Sun secure RPC and etc...
  • Several groups



Public Key Encryption

  • Two keys:

    • public encryption key e
    • private decryption key d
  • encryption easy when e is known

  • decryption hard when d is not known

  • decryption easy when d is known

  • The most famous algorithm: RSA



RSA overview - setup

  • Alice wants people to be able to send her encrypted messages.

  • She chooses two (large) prime numbers, p and q and computes n=pq and z=(p-1)(q-1)

  • She chooses a number e such that e is relatively prime to z

  • She finds a number d such that ed-1 is exactly divisible by z

  • She publicizes the pair (n,e) as her public key. She keeps (n,d) secret and destroys p, q, and z



RSA overview - encryption

  • Bob wants to send a message x to Alice.

  • He looks up her public key (n, e) in a directory.

  • The encrypted message is

  • Bob sends y to Alice.



RSA overview - decryption

  • To decrypt the message

  • After Alice receives the message from Bob, Alice computes

  • Claim: D(y) = x

  • Symmetric key cryptography is at least 100 times faster than RSA



Tiny RSA example.

  • Let p = 7, q = 11. Then n = 77 and

  • z = 60

  • Choose e = 13. Find d = 13-1 mod 60 = 37.

  • Let message = 2.

  • E(2) = 213 mod 77 = 30.

  • D(30) = 3037 mod 77=2



Agenda

  • Introduction

  • Basic Security Techniques

  • Combinations of Basic Techniques

  • Security and Network Layers

  • Comparing IPSec, SSL/TLS, and SSH



Combinations of Basic Techniques

  • HMAC – Hashing Message Authentication Code

  • Digital Signature and Signed Hashes

  • Digital Envelope



MAC

  • Mechanisms that provide integrity check based on a secret key

  • MAC algorithm could be made out of a symmetric cipher

  • Can be thought as a checksum

  • Assume message M, shared key K

    • MAC(M) = e(M||K)


MAC

  • Process

    • A sends M & M1=MAC(M)=e(M||K)
    • B receives both parts
    • B makes his own MAC,
        • M2 = e(M||K)
    • If M2 != M1, data has been corrupted
    • If M2 == M1, data is valid
  • MAC may not be used for non-repudiation



HMAC

  • Combines a hashing function with a secret shared key

    • HMAC = HASH(M||K)
  • HMAC can be used with any iterative cryptographic hash function, e.g., MD5, SHA-1, in combination with a secret shared key.

  • Computationally faster and compacter than MAC

  • Used in IPSec



Digital Signatures

  • Desirable properties of handwritten signatures:

    • Signed document is authentic.
    • Signature is unforgeable.
    • Signature is not reusable.
    • Signed document is unalterable.
    • Signature cannot be repudiated.
    • (Above not strictly true but mostly so)
  • Same properties and more can be achieved by digital signatures.

  • Digital Signatures use public key cryptography.



RSA based signature

  • Alice signs message by encrypting with private key.

  • Bob decrypts message with Alice’s public key.

  • If meaningful message then it must have been encrypted with Alice’s private key!



Signing With Message Digests



Digital Envelopes

  • With digital signatures, the data is transmitted in the clear

  • A digital envelope uses a one-time, symmetric key (nonce) for bulk data encryption



Digital Envelopes



Create a Digital Envelope Carrying Digitally Signed Data



Verify a Digital Envelope Carrying Digitally Signed Data



Agenda

  • Introduction

  • Basic Security Techniques

  • Combinations of Basic Techniques

  • Security and Network Layers

  • Comparing IPSec, SSL/TLS, and SSH



Security and Network Layers

  • But where shall we put security?

  • Security can be applied at any of the network layers except layer 1 (Physical layer).

    • Even this is sometimes possible, e.g. spread spectrum techniques for limited privacy.
  • What are the pros and cons of applying security at each of these layers?



Security and Network Layers

  • Data Link (Network Interface) layer:

  • Network (Internet) layer:

    • covers all traffic, end-to-end.
    • transparent to applications.
    • little application control.
      • application has no visibility of Internet layer.
    • unnatural, since network layer is stateless and unreliable.
      • order of data in secure channel may be crucial.
      • difficult to maintain if IP datagrams are dropped, re-ordered,…


Security and Network Layers

  • Transport layer:

    • end-to-end, covers all traffic using the protected transport protocol.
    • applications can control when it’s used.
      • application has greater visibility of transport layer.
    • transport layer may be naturally stateful (TCP).
    • applications must be modified (unless proxied).
  • Application layer:

    • security can be tuned to payload requirements.
      • different applications may have radically different needs.
      • eg VoIP applications versus sensitive data transfer.
    • no leveraging effect – every application must handle it’s own security.


Agenda

  • Introduction

  • Basic Security Techniques

  • Combinations of Basic Techniques

  • Security and Network Layers

  • Comparing IPSec, SSL/TLS, and SSH



Comparing IPSec, SSL/TLS, SSH

  • All three have initial (authenticated) key establishment then key derivation.

    • IKE in IPSec
    • Handshake Protocol in SSL/TLS (can be unauthenticated!)
    • Authentication Protocol in SSH
  • All protect cipher suite negotiation.

  • All three use keys established to build a ‘secure channel’.



Comparing IPSec, SSL/TLS, SSH

  • Operate at different network layers

    • This brings pros and cons for each protocol suite.
    • Recall `Where shall we put security?’ discussion.
    • Naturally support different application types, can all be used to build VPNs.
  • All practical, but not simple.

    • Complexity leads to vulnerabilities.
    • Complexity makes configuration and management harder.
    • Complexity can create computational bottlenecks.
    • Complexity necessary to give both flexibility and security.


Comparing IPSec, SSL/TLS, SSH

  • Security of all three undermined by:

  • Implementation weaknesses

  • Weak server platform security

    • Worms, malicious code, rootkits,…
  • Weak user platform security.

    • Keystroke loggers, malware,…
  • Limited deployment of certificates and infrastructure to support them

    • Especially client certificates.
  • Lack of user awareness and education

    • Users click-through on certificate warnings
    • Users fail to check URLs
    • Users send sensitive account details to bogus websites in response to official-looking e-mail


Further Reading

  • Computer Networking – James F. Kurose, Keith W. Ross

  • http://www.isg.rhul.ac.uk/msc/teaching/ic3/ic3.shtml

  • http://seeingnetsecurity.com/Intro/StartSNS.htm

  • AES home page http://csrc.nist.gov/encryption/aes/

  • MD5 http://en.wikipedia.org/wiki/MD5

  • SHA1 http://en.wikipedia.org/wiki/SHA-1

  • Diffie_Hellman http://www.rsasecurity.com/rsalabs/node.asp?id=2248

  • The MD5 unofficial homepage - http://userpages.umbc.edu/~mabzug1/cs/md5/md5.html

  • Secure Hash Algorithm – SHA - http://csrc.nist.gov/fips/fip180-1.txt

  • HMAC RFC - http://www.landfield.com/rfcs/rfc2104.html

  • http://www.acm.jhu.edu/~upe/member_sites/zarfoss/HMAC.html#HMAC



Further Reading

  • Digital signature and digital envelope http://www.rsasecurity.com/products/bsafe/overview/Article5-SignEnv.pdf

  • Secure Hash Algorithm – SHA - http://csrc.nist.gov/fips/fip180-1.txt

  • Digital Signature Standard – DSS - http://www.itl.nist.gov/fipspubs/fip186.htm

  • X.509 page http://www.ietf.org/html.charters/pkix-charter.html

  • Ten Risks of PKI - http://www.counterpane.com/pki-risks.html



Questions?

  • Questions?



Yüklə 412,5 Kb.

Dostları ilə paylaş:




Verilənlər bazası müəlliflik hüququ ilə müdafiə olunur ©genderi.org 2024
rəhbərliyinə müraciət

    Ana səhifə