|
Security in Computer Networks Xiuduan Fang
|
tarix | 05.10.2018 | ölçüsü | 412,5 Kb. | | #72291 |
|
Xiuduan Fang Dept. of CS, UVa Sept 27, 2004
Agenda Introduction Basic Security Techniques Combinations of Basic Techniques Security and Network Layers Comparing IPSec, SSL/TLS, and SSH
Network Security-Issues Confidentiality/Secrecy – Data is only understandable to the communicating parties Authentication – Can you prove who you are? Integrity – Did you get the message I sent? Non-repudiability – Yes you did!
Network Security - Why is it difficult? Complexity. Resource sharing. Unknown Perimeter. Many points of attack. Anonymity. Unknown Paths.
Types of Attacks in Computer Systems
Agenda Introduction Basic Security Techniques Combinations of Basic Techniques Security and Network Layers Comparing IPSec, SSL/TLS, and SSH
Basic Security Techniques Hashing Symmetric Key Cryptography Diffie-Hellman Key Exchange Public Key Cryptography
Hashing Analogous to fingerprints One Way Function - Given x it is “easy” to compute y = f (x)
- Given y it is “hard” to compute x = f -1(y).
Hashing Principles Can be applied to data of any length Output is fixed length One way function - Relatively easy to compute h(x), given x.
- Infeasible to get x, given h(x).
Collision resistance - Weak collision resistance: given x, it is hard to find y x such that H(y) = H(x).
- Strong collision resistance: it is hard to find any pair x and y(y x) such that H(y) = H(x).
The strength mostly depends on the size of the hash result
Hashing Algorithms - MD5(16 Byte hash result)
- SHA1(20 Byte hash result)
Note - Hashing alone can’t prove integrity
- Hashing result is also called:
- Hash, digest, fingerprint, analysis, message digest
Symmetric Key Cryptography Principles Use a single secret key The cipher text has almost the same size as the original message Built on a shared secret or some random unpredictable data The strength mostly depends on the key length Encrypt large files fast and efficiently Go by many names(session key, single key, bulk encryption)
Chopping Chop the message into blocks Perform math operations on each block
Initialization Vectors Goal: making each repeated message unique Approach: inserting some random data at the beginning of a new message
Chaining Mode Chaining Mode controls how the encryption combines the results of encrypting many blocks in a single message
Cipher Block Chaining(CBC) combines each block to be encrypted with the encryption of the previous block to hide pattern
Symmetric Key Encryption/Decryption Processes Encryption Process - Pad the message to the nearest multiple of 8 bytes.
- Add an initialization vector to the front of message
- Use chaining to combine the results of the previous block
- Encrypt each block of data sequentially
Symmetric Key Algorithms DES, 3DES Rijndael (AES Winner) IDEA Twofish Blowfish RC4, RC5, RC6 Serpent MARS Feal
Diffie-Hellman Key Exchange Properties Allow 2 systems to build a shared secret Use a large prime number P (“large” = 100digits+; the larger, the more secret) Use a way function - Given G, P, and R1, computing
- GR1 mod P = S1 is pretty easy
- Given G, P, and S1, computing R1 is rather hard (Discrete logarithm)
Limitation: no authentication
Diffie-Hellman Key Exchange Algorithm Choose public numbers: P (large prime number), G (<= P) A generates random R1 and sends B: S1 = GR1 mod P B generates random R2 and sends A: S2 = GR2 mod P A calculates secret key: K = (S2 ) R1 mod P = GR2R1 mod P B calculates secret key: K = (S1 ) R2 mod P = GR2R1 mod P
Diffie-Hellman Usage Used in - SSL, SSH, IPSec, Cisco encrypting routers, Sun secure RPC and etc...
Several groups
Public Key Encryption Two keys: - public encryption key e
- private decryption key d
encryption easy when e is known decryption hard when d is not known decryption easy when d is known The most famous algorithm: RSA
RSA overview - setup Alice wants people to be able to send her encrypted messages. She chooses two (large) prime numbers, p and q and computes n=pq and z=(p-1)(q-1) She chooses a number e such that e is relatively prime to z She finds a number d such that ed-1 is exactly divisible by z She publicizes the pair (n,e) as her public key. She keeps (n,d) secret and destroys p, q, and z
RSA overview - encryption Bob wants to send a message x to Alice. He looks up her public key (n, e) in a directory. The encrypted message is Bob sends y to Alice.
To decrypt the message After Alice receives the message from Bob, Alice computes Claim: D(y) = x Symmetric key cryptography is at least 100 times faster than RSA
Tiny RSA example. Let p = 7, q = 11. Then n = 77 and z = 60 Choose e = 13. Find d = 13-1 mod 60 = 37. Let message = 2. E(2) = 213 mod 77 = 30. D(30) = 3037 mod 77=2
Agenda Introduction Basic Security Techniques Combinations of Basic Techniques Security and Network Layers Comparing IPSec, SSL/TLS, and SSH
Combinations of Basic Techniques HMAC – Hashing Message Authentication Code Digital Signature and Signed Hashes Digital Envelope
MAC Mechanisms that provide integrity check based on a secret key MAC algorithm could be made out of a symmetric cipher Can be thought as a checksum Assume message M, shared key K
MAC Process - A sends M & M1=MAC(M)=e(M||K)
- B receives both parts
- B makes his own MAC,
- If M2 != M1, data has been corrupted
- If M2 == M1, data is valid
MAC may not be used for non-repudiation
HMAC Combines a hashing function with a secret shared key HMAC can be used with any iterative cryptographic hash function, e.g., MD5, SHA-1, in combination with a secret shared key. Computationally faster and compacter than MAC Used in IPSec
Digital Signatures Desirable properties of handwritten signatures: - Signed document is authentic.
- Signature is unforgeable.
- Signature is not reusable.
- Signed document is unalterable.
- Signature cannot be repudiated.
- (Above not strictly true but mostly so)
Same properties and more can be achieved by digital signatures. Digital Signatures use public key cryptography.
RSA based signature Alice signs message by encrypting with private key. Bob decrypts message with Alice’s public key. If meaningful message then it must have been encrypted with Alice’s private key!
Digital Envelopes With digital signatures, the data is transmitted in the clear A digital envelope uses a one-time, symmetric key (nonce) for bulk data encryption
Digital Envelopes
Create a Digital Envelope Carrying Digitally Signed Data
Verify a Digital Envelope Carrying Digitally Signed Data
Agenda Introduction Basic Security Techniques Combinations of Basic Techniques Security and Network Layers Comparing IPSec, SSL/TLS, and SSH
Security and Network Layers But where shall we put security? Security can be applied at any of the network layers except layer 1 (Physical layer). - Even this is sometimes possible, e.g. spread spectrum techniques for limited privacy.
What are the pros and cons of applying security at each of these layers?
Security and Network Layers Data Link (Network Interface) layer: Network (Internet) layer: - covers all traffic, end-to-end.
- transparent to applications.
- little application control.
- application has no visibility of Internet layer.
- unnatural, since network layer is stateless and unreliable.
- order of data in secure channel may be crucial.
- difficult to maintain if IP datagrams are dropped, re-ordered,…
Security and Network Layers Transport layer: - end-to-end, covers all traffic using the protected transport protocol.
- applications can control when it’s used.
- application has greater visibility of transport layer.
- transport layer may be naturally stateful (TCP).
- applications must be modified (unless proxied).
Application layer: - security can be tuned to payload requirements.
- different applications may have radically different needs.
- eg VoIP applications versus sensitive data transfer.
- no leveraging effect – every application must handle it’s own security.
Agenda Introduction Basic Security Techniques Combinations of Basic Techniques Security and Network Layers Comparing IPSec, SSL/TLS, and SSH
Comparing IPSec, SSL/TLS, SSH All three have initial (authenticated) key establishment then key derivation. - IKE in IPSec
- Handshake Protocol in SSL/TLS (can be unauthenticated!)
- Authentication Protocol in SSH
All protect cipher suite negotiation. All three use keys established to build a ‘secure channel’.
Comparing IPSec, SSL/TLS, SSH Operate at different network layers - This brings pros and cons for each protocol suite.
- Recall `Where shall we put security?’ discussion.
- Naturally support different application types, can all be used to build VPNs.
All practical, but not simple. - Complexity leads to vulnerabilities.
- Complexity makes configuration and management harder.
- Complexity can create computational bottlenecks.
- Complexity necessary to give both flexibility and security.
Comparing IPSec, SSL/TLS, SSH Security of all three undermined by: Weak server platform security - Worms, malicious code, rootkits,…
Weak user platform security. - Keystroke loggers, malware,…
Limited deployment of certificates and infrastructure to support them - Especially client certificates.
Lack of user awareness and education - Users click-through on certificate warnings
- Users fail to check URLs
- Users send sensitive account details to bogus websites in response to official-looking e-mail
Further Reading Computer Networking – James F. Kurose, Keith W. Ross http://www.isg.rhul.ac.uk/msc/teaching/ic3/ic3.shtml http://seeingnetsecurity.com/Intro/StartSNS.htm AES home page http://csrc.nist.gov/encryption/aes/ MD5 http://en.wikipedia.org/wiki/MD5 SHA1 http://en.wikipedia.org/wiki/SHA-1 Diffie_Hellman http://www.rsasecurity.com/rsalabs/node.asp?id=2248 The MD5 unofficial homepage - http://userpages.umbc.edu/~mabzug1/cs/md5/md5.html Secure Hash Algorithm – SHA - http://csrc.nist.gov/fips/fip180-1.txt HMAC RFC - http://www.landfield.com/rfcs/rfc2104.html http://www.acm.jhu.edu/~upe/member_sites/zarfoss/HMAC.html#HMAC
Further Reading Digital signature and digital envelope http://www.rsasecurity.com/products/bsafe/overview/Article5-SignEnv.pdf Secure Hash Algorithm – SHA - http://csrc.nist.gov/fips/fip180-1.txt Digital Signature Standard – DSS - http://www.itl.nist.gov/fipspubs/fip186.htm X.509 page http://www.ietf.org/html.charters/pkix-charter.html Ten Risks of PKI - http://www.counterpane.com/pki-risks.html
Questions?
Dostları ilə paylaş: |
|
|