COMP 3400 Networks Lecture 9: Selected Network Security Topics
major resource: Computer Networking (4th Edition), Kurose and Ross, Addison Wesley, 2008

[ previous | schedule | next ]

Network Security Intro

• Consider various dimensions of network security
  • Secure transmission of credit card, bank account, or other private information
  • Denial of service attacks
  • Virus and worms
  • Trojan horses
  • Authentication: knowing who you're dealing with
  • Pharming (request to a website is redirected to a different one)
  • impersonation
  • and so forth...
• We focus on sender, receiver, channel and intruder
  • sender, receiver, intruder may be people (Alice, Bob, Trudy - a.k.a. Eve)
  • sender, receiver, intruder may be electronic (browser, server, router, virus)
  • sender, receiver, intruder may be combination of people and electronic
  • We can illustrate using people but same principles/practices apply to electronics
• Major concerns thus are:
  • confidentiality (only Alice and Bob can see the correct message contents)
  • authentication (Bob can be assured message really came from Alice not Trudy)
  • integrity (Bob can be assured message contents were not altered by Trudy)
  • availability (message sending service is available and operational for Alice and Bob)
• The foundation for security is cryptography : principles and practice of hiding information using secret codes

Cryptography

Some terminology

• plaintext: information written in a format understandable to sender and receiver
• encryption: process of transforming plaintext into secret form
• cipher: algorithm for encryption
• ciphertext: information written in encrypted form
• decryption: process of transforming ciphertext back into plaintext
• key: parameter that determines functional output of a cipher
• brute-force attack: attempt to decrypt by trying every possible key value

Traditional, Symmetric, cryptography methods

• Symmetric: both sender and receiver must know the key and cipher, but no one else can
• Date to the age of Julius Caesar ("Caesar ciphers")
• Combination of substitution and transposition
• Substitution : disguise symbols
• Transposition : re-order symbols
• Example: Caesar cipher and key
  • cipher: For a given letter, substitute the letter X positions further along in the alphabet (circular)
  • key: selected value of X
  • How hard would this be to break?
• How can the key be securely exchanged?
• Example: DES
  • Data Encryption Standard
  • Message is encrypted in 64-bit blocks
  • The key is 56 bit number (64 bits when 8 parity bits are added, one per 7 bit group)
  • The 64 bit block is permuted (shuffled) l6 times (16 "rounds"), each permutation based on different 48-bit combination from key, followed by a 17th permutation that is the inverse of the first one
• DES supplanted by AES (Advanced Encryption Standard) that uses 128-bit blocks, longer keys (128, 192 or 256 bit)

Public Key Cryptography

• Public Key Cryptography was developed by Hellman and Diffie at Stanford in 1976, independently by British scientists in a project
• Essence:
  • Encryption key E is public, everyone can know it
  • Decryption key D is private, only one person can know it
  • Plaintext message M.
  • Characteristics of D and E:
    1. D (private) is "very difficult" to deduce from E
    2. E (public) cannot be broken by plaintext attack
    3. D(E(M)) = M
  • Procedure:
    1. Sender encrypts M using receiver's algorithm and receiver's public key E_R to get E_R(M)
    2. Sender transmits E_R(M)
    3. Receiver decrypts using its private key D_R as follows: D_R(E_R(M)) = M
• Rivest, Shamir, Adleman (RSA), a public-key encryption method
• Start with two very large prime numbers P and Q
• Calculate N = P * Q
• Calculate Z = (P-1) * (Q-1)
• Select E such that E < N and E is relatively prime to Z
• Select D such that E * D mod Z = 1 (e.g., remainder of (E * D) / Z is 1)
• Public key consists of N and E.
• Private key consists of N and D.
• The algorithm:
  • Given plaintext M, ciphertext C = M^E mod N
  • Given ciphertext C, plaintext M = C^D mod N
• RSA is widely used but very computationally expensive
• Public key encryption is often used in conjunction with symmetric encryption: Use public key encryption to communicate the symmetric key between Alice and Bob, who proceed to use symmetric encryption like DES to communicate

Integrity

• To assure integrity of a message from Alice to Bob, Bob needs to verify that
  1. the message was not altered after it left Alice, and
  2. the message really came from Alice (not Trudy)
• Integrity sometimes called authentication
• The term authentication sometimes used to refer to just the "really came from Alice" part
• Integrity can be considered separately from confidentiality
  • Encryption may not be required
  • Router link-state messages, for instance, must be authenticated
  • Link-state message need not be encrypted because secrecy not needed
• Integrity part "a" (not altered) is achieved through cryptographic hash functions
• Integrity part "b" (really came from Alice) is achieved through digital signatures (details below)

Digital Signatures

• Assuring that message comes from who it says it does : digital signature
• Can implement this by extending public key encryption, given fourth characteristic: E(D(M)) = M
• RSA has this characteristic, so can be used for authentication
• Authentication procedure, without message encryption:
  1. sender applies its private D_S to M
  2. sender transmits result: D_S(M)
  3. receiver applies sender's public E_S to get E_S(D_S(M)), which is M
• If the message had come from a different sender, last step would fail.
• Authentication procedure, used in conjunction with message encryption:
  1. sender applies its private D_S to M
  2. sender encrypts the result using receiver's public E_R
  3. sender transmits result: E_R(D_S(M))
  4. receiver applies its private D_R to get D_R(E_R(D_S(M))), which is D_S(M)
  5. receiver applies sender's public E_S to get E_S(D_S(M)), which is M
• If the message had come from a different sender, last step would fail.

Combining crytographic hash and digital signature

• These techniques can be combined to provide both aspects of integrity
• Example of Alice sending message M to Bob; suppose confidentiality not required
1. Alice computes hash on message, H(M)
2. Alice applies her private key to the hash, D_A(H(M))
3. Alice transmits the D_A(H(M))
4. Bob receives D_A(H(M))
5. Bob applies Alice's public key to the encrypted hash, E_A(D_A(H(M))) -> H(M)
6. Bob computes hash on message and compares to H(M)
7. If hash and received H(M) are equal, integrity has been achieved
• Confidentiality can be easily added to this example

Playback Attacks

• Even with the above, a playback attack is possible
• Trudy eavesdrops on message from Alice to Bob
• Trudy records the message then later sends it to Bob, impersonating Alice
• Note that encryption, passwords, etc will all appear legit.
• Playback can be thwarted using a nonce
• Nonce is one-time value that Bob sends to Alice in response to the message
• Subsequent messages from Alice in this conversation need to include the nonce for authentication
• If Trudy is only recording and playing back, the playback will not include the correct nonce
• Timestamp is good choice for nonce value

How to obtain/verify secret (symmetric) or public key?

• For secret (symmetric) keys,
  • obtain from mutually trusted intermediary called Key Distribution Center (KDC)
  • KDC is key server with repository of secret keys between it and each of its clients
  • Kerberos is a well-known authentication protocol developed at MIT and incorporated into Windows; it uses KDCs
• For public (e.g. RSA) keys,
  • Consider obtaining a public key for Bob
  • Bob may post it in public place (e.g. web page), good for manual operations but not good for embedded automated encryption (e.g. web communication or secure IP routers)
  • Bob can register with mutually trusted intermediary called Certificate Authority (CA)
    • verifies Bob’s identify through an authentication procedure
    • creates a certificate containing Bob’s i.d., public key, expiration date
    • digitally signs the certificate
  • Alice then requests and obtains Bob's certificate from the CA.
  • To be sure certificate really came from the CA, Alice checks certificate's digital signature. This requires it to have the CA's public key. If it does not, it needs to obtain it in a recursive fashion! Fun and games….
• VeriSign is a well-known CA

Man-In-The-Middle Attacks

• Applies to public key situations
• man-in-the-middle: Trudy is able to impersonate Bob to Alice, and Alice to Bob
• It can occur when Alice requests Bob's public key from Bob
  • Trudy can intercept, pass the request on to Bob, then respond to Alice with her own public key
  • Bob then asks Alice for her public key -- Trudy can intercept and similarly pose as Alice
  • Trudy now controls both ends of the transmissions, transparently to both Alice and Bob
• This is prevented if both Alice and Bob request each other's public keys from Certificate Authority instead.
• Note that man-in-the-middle does not apply if Alice and Bob communicate using a shared secret (symmetric) key instead of public key