Professional Documents
Culture Documents
Chapter 8 V6.0
Chapter 8 V6.0
Chapter 8 V6.0
Security
A note on the use of these ppt slides:
Were making these slides freely available to all (faculty, students, readers).
Theyre in PowerPoint form so you see the animations; and can add, modify,
and delete slides (including this one) and slide content to suit your needs.
They obviously represent a lot of work on our part. In return for use, we only
ask the following:
If you use these slides (e.g., in a class) that you mention their source
(after all, wed like people to use our book!)
If you post any slides on a www site, that you note that they are adapted
from (or perhaps identical to) our slides, and note our copyright of this
material.
Computer
Networking: A Top
Down Approach
6th edition
Jim Kurose, Keith Ross
Addison-Wesley
March 2012
security in practice:
firewalls and intrusion detection systems
security in application, transport, network, link layers
Network Security
8-2
Chapter 8 roadmap
8.1 What is network security?
8.2 Principles of cryptography
8.3 Message integrity, authentication
8.4 Securing e-mail
8.5 Securing TCP connections: SSL
8.6 Network layer security: IPsec
8.7 Securing wireless LANs
8.8 Operational security: firewalls and IDS
Network Security
8-3
8-4
Alice
Bob
channel
data
secure
sender
data, control
messages
secure
s
receiver
data
Trudy
Network Security
8-5
Network Security
8-6
8-7
Chapter 8 roadmap
8.1 What is network security?
8.2 Principles of cryptography
8.3 Message integrity, authentication
8.4 Securing e-mail
8.5 Securing TCP connections: SSL
8.6 Network layer security: IPsec
8.7 Securing wireless LANs
8.8 Operational security: firewalls and IDS
Network Security
8-8
encryption
algorithm
Bobs
K decryption
Bkey
ciphertext
decryption plaintext
algorithm
m plaintext message
KA(m) ciphertext, encrypted with key KA
m = KB(KA(m))
Network Security
8-9
known-plaintext attack:
Trudy has plaintext
corresponding to ciphertext
e.g., in monoalphabetic
cipher, Trudy determines
pairings for a,l,i,c,e,b,o,
chosen-plaintext attack:
Trudy can get ciphertext for
chosen plaintext
Network Security
8-10
KS
plaintext
message, m
encryption
algorithm
ciphertext
K
(m)
decryption plaintext
algorithm
m = KS(KS(m))
8-11
plaintext:
abcdefghijklmnopqrstuvwxyz
ciphertext:
mnbvcxzasdfghjklpoiuytrewq
e.g.:
8-12
Network Security
8-13
Network Security
8-14
Symmetric key
crypto: DES
DES operation
initial permutation
16 identical rounds of
function application,
each using different 48
bits of key
final permutation
Network Security
8-15
Network Security
8-16
radically different
approach [DiffieHellman76, RSA78]
sender, receiver do not
share secret key
public encryption key
known to all
private decryption key
known only to receiver
Network Security
8-17
plaintext
message, m
encryption
algorithm
ciphertext
+
B
K (m)
- Bobs private
B key
decryption
algorithm
plaintext
message
+
m = KB (K (m))
B
Network Security
8-18
.
B
need
K
(
)
and
K
(
)
such
that
1
B
-
K (K (m)) = m
2 given public key K +, it should be
B
impossible to compute private
key K
B
8-19
thus
(a mod n)d mod n = ad mod n
example: x=14, n=10, d=2:
(x mod n)d mod n = 42 mod 10 = 6
xd = 142 = 196 xd mod 10 = 6
Network Security
8-20
example:
Network Security
8-21
KB
KB
Network Security
8-22
Network Security
8-23
RSA example:
Bob chooses p=5, q=7. Then n=35, z=24.
e=5 (so e, z relatively prime).
d=29 (so ed-1 exactly divisible by z).
encrypting 8-bit messages.
encrypt:
decrypt:
bit pattern
me
0000l000
12
24832
c
17
481968572106750915091411825223071697
c = me mod n
17
m = cd mod n
12
Network Security
8-24
thus,
cd mod n = (me mod n)d mod n
= med mod n
= m(ed mod z) mod n
= m1 mod n
=m
Network Security
8-25
+
+ K (K (m)) = m = K (K (m))
B B
B B
8-26
Why
+
+ K (K (m)) = m = K (K (m))
B B
B B
Network Security
8-27
Network Security
8-28
session key, KS
Network Security
8-29
Chapter 8 roadmap
8.1 What is network security?
8.2 Principles of cryptography
8.3 Message integrity, authentication
8.4 Securing e-mail
8.5 Securing TCP connections: SSL
8.6 Network layer security: IPsec
8.7 Securing wireless LANs
8.8 Operational security: firewalls and IDS
Network Security
8-30
Authentication
Goal: Bob wants Alice to prove her identity to him
Protocol ap1.0: Alice says I am Alice
I am Alice
Failure scenario??
Network Security
8-31
Authentication
Goal: Bob wants Alice to prove her identity to him
Protocol ap1.0: Alice says I am Alice
I am Alice
in a network,
Bob can not see Alice,
so Trudy simply declares
herself to be Alice
Network Security
8-32
Alices
IP address
I am Alice
Failure scenario??
Network Security
8-33
Alices
IP address
Network Security
8-34
Alices
Alices
Im Alice
IP addr password
Alices
IP addr
OK
Failure scenario??
Network Security
8-35
Alices
Alices
Im Alice
IP addr password
Alices
IP addr
OK
Alices
Alices
Im Alice
IP addr password
Network Security
8-36
Alices encrypted
Im Alice
IP addr password
Alices
IP addr
OK
Failure scenario??
Network Security
8-37
Alices encrypted
Im Alice
IP addr password
Alices
IP addr
OK
record
and
playback
still works!
Alices encrypted
Im Alice
IP addr password
Network Security
8-38
Failures, drawbacks?
8-39
Authentication: ap5.0
ap4.0 requires shared symmetric key
can we authenticate using public key techniques?
ap5.0: use nonce, public key cryptography
I am Alice
Bob computes
+ -
K A (R)
send me your public key
KA
K A(K A(R)) = R
and knows only Alice
could have the private
key, that encrypted R
such that
+ K (K (R)) = R
A A
Network Security
8-40
I am Alice
R
K (R)
A
K (R)
T
+
K
T
- +
m = K (K (m))
A A
+
K (m)
A
+
A
Trudy gets
- +
m = K (K (m))
T T
sends m to Alice
encrypted with
Alices public key
+
K (m)
T
Network Security
8-41
difficult to detect:
Network Security
8-42
Chapter 8 roadmap
8.1 What is network security?
8.2 Principles of cryptography
8.3 Message integrity, authentication
8.4 Securing e-mail
8.5 Securing TCP connections: SSL
8.6 Network layer security: IPsec
8.7 Securing wireless LANs
8.8 Operational security: firewalls and IDS
Network Security
8-43
Digital signatures
cryptographic technique analogous to hand-written
signatures:
Network Security
8-44
Digital signatures
simple digital signature for message m:
Bobs message, m
Dear Alice
Oh, how I have missed
you. I think of you all the
time! (blah blah blah)
Bob
- Bobs private
KB
key
Public key
encryption
algorithm
m,K B(m)
Bob s message,
m, signed
(encrypted) with
his private key
Network Security
8-45
Digital signatures
8-46
Message digests
computationally expensive to
public-key-encrypt long
messages
compute digital
fingerprint
apply hash function H to
m, get fixed size message
digest, H(m).
large
message
m
H: Hash
Function
H(m)
Network Security
8-47
ASCII format
49 4F 55 31
30 30 2E 39
39 42 D2 42
B2 C1 D2 AC
message
IOU9
00.1
9BOB
different messages
but identical checksums!
ASCII format
49 4F 55 39
30 30 2E 31
39 42 D2 42
B2 C1 D2 AC
Network Security
8-48
H: Hash
function
Bobs
private
key
KB
digital
signature
(encrypt)
encrypted
msg digest
encrypted
msg digest
H(m)
KB(H(m))
large
message
m
H: Hash
function
KB(H(m))
Bobs
public
key
KB
digital
signature
(decrypt)
H(m)
H(m)
equal
?
Network Security
8-49
Network Security
8-50
I am Alice
R
K (R)
A
K (R)
T
+
K
T
- +
m = K (K (m))
A A
+
K (m)
A
+
A
Trudy gets
- +
m = K (K (m))
T T
sends m to Alice
encrypted with
Alices public key
+
K (m)
T
Network Security
8-51
Public-key certification
8-52
Certification authorities
entity, E.
E (person, router) registers its public key with CA.
E provides proof of identity to CA.
CA creates certificate binding E to its public key.
certificate containing Es public key digitally signed by CA CA says
this is Es public key
Bobs
public
key
Bobs
identifying
information
KB
digital
signature
(encrypt)
CA
private
key
CA
KB
certificate for
Bobs public key,
signed by CA
Network Security
8-53
Certification authorities
digital
signature
(decrypt)
CA
public
key
Bobs
public
+
K B key
K+
CA
Network Security
8-54
Chapter 8 roadmap
8.1 What is network security?
8.2 Principles of cryptography
8.3 Message integrity, authentication
8.4 Securing e-mail
8.5 Securing TCP connections: SSL
8.6 Network layer security: IPsec
8.7 Securing wireless LANs
8.8 Operational security: firewalls and IDS
Network Security
8-55
Secure e-mail
Alice
K ( .)
S
+
KS
KS(m )
KS(m )
KB( )
K+
B
KB(KS )
KS( )
Internet
KB(KS )
Alice:
generates random symmetric private key, KS
encrypts message with KS (for efficiency)
also encrypts KS with Bobs public key
sends both KS(m) and KB(KS) to Bob
KS
-
KB( )
K-B
Network Security
8-56
Secure e-mail
Alice
K ( .)
KS( )
+
KS
KS(m )
KS(m )
KB( )
K+
B
KB(KS )
Internet
KS
-
KB( )
KB(KS )
K-B
Bob:
uses his private key to decrypt and recover KS
uses KS to decrypt KS(m) to recover m
Network Security
8-57
KA-
H( )
KA( )
+
m
KA(H(m))
KA(H(m))
Internet
KA( )
H(m )
compare
H( )
H(m )
Network Security
8-58
KA
H( )
KA( )
KA(H(m))
KS
KS( )
m
KS
KB( )
K+
B
Internet
KB(KS )
Alice uses three keys: her private key, Bobs public key, newly
created symmetric key
Network Security
8-59
Chapter 8 roadmap
8.1 What is network security?
8.2 Principles of cryptography
8.3 Message integrity
8.4 Securing e-mail
8.5 Securing TCP connections: SSL
8.6 Network layer security: IPsec
8.7 Securing wireless LANs
8.8 Operational security: firewalls and IDS
Network Security
8-60
deployed security
protocol
original
goals:
Web e-commerce
supported by almost all
transactions
browsers, web servers
encryption (especially
https
credit-card numbers)
billions $/year over SSL
Web-server authentication
mechanisms: [Woo 1994],
optional client
implementation: Netscape
authentication
variation -TLS: transport layer
minimum hassle in doing
business with new
security, RFC 2246
merchant
provides
available to all TCP
confidentiality
applications
integrity
secure socket interface
authentication
Network Security
8-61
Application
SSL
TCP
IP
normal application
TCP
IP
application with SSL
8-62
KA
H( )
KA ( )
KA(H(m))
KS
KS( )
m
KS
KB( )
Internet
KB(KS )
KB
8-63
8-64
Network Security
8-65
four keys:
Kc = encryption key for data sent from client to server
Mc = MAC key for data sent from client to server
Ks = encryption key for data sent from server to client
Ms = MAC key for data sent from server to client
keys derived from key derivation function (KDF)
takes master secret and (possibly) some additional random data
and creates the keys
Network Security
8-66
data
MAC
Network Security
8-67
Network Security
8-68
length
type
data
MAC
Network Security
8-69
encrypted
bob.com
Network Security
8-70
Network Security
8-71
cipher suite
public-key algorithm
symmetric encryption algorithm
MAC algorithm
RSA
Network Security
8-72
Network Security
8-73
2.
3.
4.
5.
6.
8-74
Network Security
8-75
8-76
data
fragment
record
header
data
fragment
MAC
encrypted
data and MAC
record
header
MAC
encrypted
data and MAC
8-77
2 bytes
3 bytes
SSL version
length
data
MAC
8-78
Real SSL
connection
everything
henceforth
is encrypted
8-79
Key derivation
8-80
Chapter 8 roadmap
8.1 What is network security?
8.2 Principles of cryptography
8.3 Message integrity
8.4 Securing e-mail
8.5 Securing TCP connections: SSL
8.6 Network layer security: IPsec
8.7 Securing wireless LANs
8.8 Operational security: firewalls and IDS
Network Security
8-81
blanket coverage
Network Security
8-82
Network Security
8-83
public
Internet
salesperson
in hotel
router w/
IPv4 and IPsec
router w/
IPv4 and IPsec
branch office
headquarters
Network Security
8-84
IPsec services
data integrity
origin authentication
replay attack prevention
confidentiality
AH
ESP
Network Security
8-85
IPsec
IPsec
Network Security
8-86
IPsec
IPsec
IPsec
IPsec
hosts IPsec-aware
Network Security
8-87
Network Security
8-88
Host mode
with ESP
Tunnel mode
with AH
Tunnel mode
with ESP
8-89
Network Security
8-90
Example SA from R1 to R2
Internet
headquarters
200.168.1.100
R1
172.16.1/24
branch office
193.68.2.23
security association
R2
172.16.2/24
8-91
Network Security
8-92
IPsec datagram
focus for now on tunnel mode with ESP
enchilada authenticated
encrypted
new IP
header
ESP
hdr
SPI
original
IP hdr
Seq
#
Original IP
datagram payload
padding
ESP
trl
ESP
auth
pad
next
length header
Network Security
8-93
What happens?
Internet
headquarters
200.168.1.100
R1
branch office
193.68.2.23
security association
R2
172.16.1/24
172.16.2/24
enchilada authenticated
encrypted
new IP
header
ESP
hdr
SPI
original
IP hdr
Seq
#
Original IP
datagram payload
padding
ESP
trl
ESP
auth
pad
next
length header
Network Security
8-94
Network Security
8-95
encrypted
new IP
header
ESP
hdr
SPI
original
IP hdr
Seq
#
Original IP
datagram payload
padding
ESP
trl
ESP
auth
pad
next
length header
8-96
goal:
prevent attacker from sniffing and replaying a packet
receipt of duplicate, authenticated IP packets may
disrupt service
method:
destination checks for duplicates
doesnt keep track of all received packets; instead uses
a window
Network Security
8-97
Network Security
8-98
Network Security
8-99
IKE phases
IPsec summary
Chapter 8 roadmap
8.1 What is network security?
8.2 Principles of cryptography
8.3 Message integrity
8.4 Securing e-mail
8.5 Securing TCP connections: SSL
8.6 Network layer security: IPsec
8.7 Securing wireless LANs
8.8 Operational security: firewalls and IDS
Network Security 8-104
keystream
generator
keystream
Key+IVpacket
keystream
generator
keystreampacket
IV
Key
ID
data
ICV
MAC payload
Network Security 8-108
d2
d3
dN
CRC1 CRC4
c1
c2
c3
cN
cN+1 cN+4
802.11
IV
header
&
WEP-encrypted data
plus ICV
IV
Key
ID
data
ICV
MAC payload
receiver extracts IV
inputs IV, shared secret key into pseudo random
generator, gets keystream
XORs keystream with encrypted data to decrypt data +
ICV
verifies integrity of data with ICV
note: message integrity approach used here is different
from MAC (message authentication code) and
signatures (using PKI).
Network Security 8-110
WEP authentication
authentication request
nonce (128 bytes)
nonce encrypted shared key
Notes:
attack:
Trudy causes Alice to encrypt known plaintext d1 d2 d3 d4
AS:
wired
network
Authentication
server
1 Discovery of
security capabilities
3 AS derives
same PMK,
sends to AP
EAP TLS
EAP
EAP over LAN (EAPoL)
IEEE 802.11
RADIUS
UDP/IP
Network Security 8-116
Chapter 8 roadmap
8.1 What is network security?
8.2 Principles of cryptography
8.3 Message integrity
8.4 Securing e-mail
8.5 Securing TCP connections: SSL
8.6 Network layer security: IPsec
8.7 Securing wireless LANs
8.8 Operational security: firewalls and IDS
Network Security 8-117
Firewalls
firewall
isolates organizations internal net from larger Internet,
allowing some packets to pass, blocking others
public
Internet
administered
network
Firewalls: why
prevent denial of service attacks:
SYN flooding: attacker establishes many bogus TCP
connections, no resources left for real connections
prevent illegal modification/access of internal data
e.g., attacker replaces CIAs homepage with something else
allow only authorized access to inside network
set of authenticated users/hosts
three types of firewalls:
stateless packet filters
stateful packet filters
application gateways
Network Security 8-119
Firewall Setting
Drop all incoming UDP packets except DNS and router broadcasts.
source
address
dest
address
allow
222.22/16
outside of
222.22/16
allow
outside of
222.22/16
222.22/16
outside of
222.22/16
allow
222.22/16
allow
outside of
222.22/16
222.22/16
deny
all
all
protocol
source
port
dest
port
flag
bit
TCP
> 1023
80
TCP
80
> 1023
ACK
UDP
> 1023
53
---
UDP
53
> 1023
----
all
all
all
all
any
source
address
dest
address
outside of
222.22/16
222.22/16
protocol
source
port
dest
port
flag
bit
TCP
80
> 1023
ACK
source
address
dest
address
proto
source
port
dest
port
allow
222.22/16
outside of
222.22/16
TCP
> 1023
80
allow
outside of
222.22/16
TCP
80
> 1023
ACK
allow
222.22/16
UDP
> 1023
53
---
allow
outside of
222.22/16
222.22/16
UDP
53
> 1023
----
deny
all
all
all
all
all
all
222.22/16
outside of
222.22/16
flag
bit
check
conxion
any
Application gateways
gateway-to-remote
host telnet session
host-to-gateway
telnet session
application
gateway
Application gateways
filter packets on
application data as well as
on IP/TCP/UDP fields.
example: allow select
internal users to telnet
outside
host-to-gateway
telnet session
application
gateway
router and filter
gateway-to-remote
host telnet session
packet filtering:
operates on TCP/IP headers only
no correlation check among sessions
internal
network
IDS
sensors
Internet
Web
DNS
server FTP server
server
demilitarized
zone
Network Security 8-130
secure email
secure transport (SSL)
IP sec
802.11