Lecture 9 - Network Security TDTS (ht1)

Full text

(1)

Lecture 9 - Network Security

TDTS41 - 2006 (ht1)

Prof. Dr. Christoph Schuba

Linköpings University/IDA

Schuba@IDA.LiU.SE

• Reading: [Hal05] §10.1-10.2.3;

§10.2.5-10.7.1; §10.8.1

• Office hours: 9-10am on Oct. 4+5, 11+12, 25+26 Nov. 1+2, 8+9

or by appointment via e-mail

(2)

Overview

• Security Goals

• Encryption Technologies

• Non-repudiation

• Authentication

• Public Key Certification

• E-mail Privacy

• Network and Web Security

(3)

Security Goals

• Confidentiality:

Property that data is not disclosed in an unauthorized manner

• Integrity:

Property that resources/data have not been modified in an unauthorized manner

• Authenticity:

Assertion about entity identities or the origin of information

• Non-repudiation:

Concept that integrity and origin of data are verifiable

• Availability:

Timely, reliable access to resources by authorized entities

(4)

Encryption Technologies

• The model: see [Fig. 10.1]

• Terminology:

– plaintext (P, m) vs. ciphertext (C, c) – encryption E() vs. decryption D() – key K

– active vs. passive attacks

• eavesdropping, masquerading

(5)

Figure 10.1 Data encryption terminology

(6)

Two Types of Cryptosystems

• Conventional cryptosystems: EK and DK

– Both EK and DK must remain secret – EK = DK or EK ≠ DK

• Public-key cryptosystems: RS and RP

RS ≠ RP

One key (private key) must remain private Other key (public key) can be published

(7)

Conventional Cryptosystems (aka Private Key Systems)

• Age-old Technology:

– Substitution, Transposition, and Product Ciphers

• Benefits:

– Well studied and understood – High performance

• Drawbacks:

– Key distribution problem

(8)

Substitution Ciphers

• Each characters in the plaintext is substituted for another character in the ciphertext

• Four classical types:

– Simple substitution cipher (aka monoalphabetic cipher)

– Homophonic substitution cipher – Polygram substitution cipher

– Polyalphabetic substitution cipher

(9)

Simple Subsitution Cipher

• Caesar Cipher (B.C.)

– Each plaintext character is replaced by the character 3 to the right, modulo 26

• c = E(m) := (m+3) % 26

• m = D(c) := (c+23) % 26

• ROT13

– Every letter is rotated 13 places

• c = E(m) := (m+13) % 26

• m = D(c) := (c+13) % 26

(10)

Homophonic Substitution Cipher

• Duchy of Mantua (1401)

• Same as monoalphabetic substitution cipher, but each plaintext character maps to several characters of ciphertext, any of which can be chosen

• Example: Encryption:

• A -> 5, 13, 25, or 56

• B -> 7, 19, 31, or 42

• Used to smooth out observable statistical patterns

(11)

Polygram Substitution Cipher

• Leon Battista (1568)

• Blocks of plaintext characters are mapped to corresponding blocks of ciphertext characters

• Example: Encryption:

• ABA -> RTQ

• ABB -> SLL

• Examples:

– Vignère cipher (1586) – Beaufort cipher

(12)

Polyalphabetic Substitution Cipher

• Monoalphabetic ciphers with multiple keys

• Trick: increase the number of keys (period) to get better security

• In the extreme: Running Key Cipher:

– Increase the period to the length of the plaintext

(13)

Transposition Ciphers

• The plaintext remains the same, but the order of characters is modified

• Example:

– Encryption: Write plaintext in rows, then read it out in columns

– Decryption: Write ciphertext in columns, then read it out in rows

– What is the key?

• Rotor machines, e.g., Enigma (WW II)

(14)

Excursion: Enigma

http://en.wikipedia.org/wiki/Enigma_machine

(15)

Product Ciphers

• Use a combination of substitutions and transpositions

• Transpositions aka permutations (P-Boxes)

– Three types [Fig. 10.2 (a)]:

• (i) straight

• (ii) expanded

• (iii) compressed

• Subsitutions: defined through S-Boxes

– Needed to reduce the size of keys!

– See [Fig. 10.2 (b)]

(16)

Figure 10.2 Product cipher components: (a) P-box examples

(17)

Figure 10.2 Product cipher components: (b) S-box example

(18)

Example of a Product Cipher

• See [Fig. 10.3]: a combination of substitutions and transpositions

• Combination of P-Boxes and S-Boxes

• Popular technology:

– DES - Data Encryption Standard

– AES - Advanced Encryption Standard

– IDEA - International Data Encryption Algorithm – and many more

(19)

Figure 10.3 Example of a product cipher

(20)

The Data Encryption Standard

• NIST: 1972 and 1974: Call for proposals

• 1976: Federal Standard, ratified ANSI 1981

• Block cipher: data blocks are 64 bits

• Key size: 56 bits

• Key is used to select 16 keys of 48 bits each see [Fig. 10.4 (a)]

(21)

Figure 10.4 DES algorithm principles: (a) overall schematic

(22)

Figure 10.4 DES algorithm principles: (b) substitution schematic

(23)

Figure 10.4 DES algorithm principles: (c) substitution operation

(24)

Triple DES

• Problem: brute force attack against a 56-bit long key is now feasible

• Interim solution: apply DES multiple (three)

times, giving it an effective security of 112 bits

• Illustrated in [Fig. 10.5]

(25)

Figure 10.5 Triple DES schematic

(26)

DES Modes of Operation (Chaining)

• Electronic Code Book (ECB)

– ciphertext blocks are independent of each other

• Chain Block Cipher (CBC)

– current plaintext is x-or'ed with previous

ciphertext to gain stream integrity properties

• Cipher Feedback Mode (CFM)

– similar to CBC, but operating on 8-bit boundaries

• Detailed figures in [Hal05 Fig. 10.6]

(27)

Two Types of Cryptosystems

• Conventional cryptosystems: EK and DK

Both EK and DK must remain secret EK = DK or EK ≠ DK

• Public-key cryptosystems: RS and RP

– RS ≠ RP

– One key (private key) must remain private – Other key (public key) can be published

(28)

Figure 10.8 RSA schematic

(29)

Public-key Cryptosystems (aka Public Key Systems)

• Fairly recent technology (1976)

– DH, RSA, ECC

• Benefits:

– Very flexible

– Can provide confidentiality, integrity,

authenticity, and non-repudiation services

• Drawbacks:

– Lower performace than conventional cryptography

(30)

Public-key Cryptography

• Alice and Bob (X) each have their own private/public key pair (K-X,K+X):

• Confidentiality, Integrity, and Autenticity are then accomplished by combining encryptions and decryptions in the right combination

Private Key Public Key Alice

Bob

K-A K+A K-B K+B

(31)

Security Goals

• Notation: {m}K-X means that message m is encrypted by X using his own private key K-X

• Confidentiality and Integrity:

A->B: {m}K+B

• Authenticity and Nonrepudiation:

A->B: {m}K-A

• All four goals at once:

A->B: {{m}K-A}K+B

(32)

More on Authentication

• Authenticity: Assertion about entity identities or the origin of information

• Authentication using a public key system:

[Fig. 10.10]

• Authentication using a private key system:

[Fig. 10.11]

(33)

Figure 10.10 User authentication using a public key scheme

(34)

The Kerberos System

• Concept of a Trusted Third Party

• Key Dristribution Server

• Tickets and Ticket Granting Server

• Service Server

(35)

Figure 10.11 User authentication using Kerberos: (a) terminology and message exchange

(36)

Figure 10.11 User authentication using Kerberos: (b) key and ticket definitions

(37)

Figure 10.11 User authentication using Kerberos: (c) message contents

(38)

Hash Functions and

Message Authentication Codes (MAC)

• Many names, same basic building block:

– hash function, one-way hash function, compression function, contraction function, message digest,

fingerprint, cryptographic checksum, message integrity check, manipulation detection code

• Properties: hash value := H(pre-image)

– One-way: Computing H() is easy, H-1() is hard

– Collision-free: It's hard to find two pre-images with same hash value

– Hash function definition is public

• MAC: H(pre-image | secret key)

(39)

Public Key Certification

• Problem:

– Assertion of the binding: K+A to A – Possible attack in [Fig. 10.12]

• Countermeasure:

– Certificate: digitally signed binding between public keys and their principals

– Content: issuer name, serial#, subject name, public key, validity period, signature – Typically organized in a hierarchy:

Public key certification hierarchy (PKI)

(40)

Figure 10.12 A possible threat when using a public key system

(41)

Public-key Certification Hierarchy

Subject

Issuer name

Subject's public key Signature {m}K- Certificate

(42)

Public-key Certification Hierarchy

alice@student.liu.se K+alice@student.liu.se

Subject

Issuer name

Subject's public key Certificate

Subject: alice@student.liu.se Subject's public key: K+alice@student.liu.se

(43)

Public-key Certification Hierarchy

alice@student.liu.se ca-student.liu.se

K+alice@student.liu.se

{m}K-ca-student.liu.se

Subject

Issuer name

Subject's public key Signature {m}K- Certificate

m := (alice@student.liu.se, K+alice@student.liu.se )

(44)

Public-key Certification Hierarchy

alice@student.liu.se ca-student.liu.se

K+alice@student.liu.se

{m}K-ca-student.liu.se

Subject

Issuer name

Subject's public key Certificate

ca-student.liu.se ca-liu.se

K+ca-student.liu.se

{m}K-ca-liu.se

(45)

Public-key Certification Hierarchy

alice@student.liu.se ca-student.liu.se

K+alice@student.liu.se

{m}K-ca-student.liu.se

Subject

Issuer name

Subject's public key Signature {m}K- Certificate

ca-student.liu.se ca-liu.se

K+ca-student.liu.se

{m}K-ca-liu.se ca-liu.se

ca-se

K+ca-liu.se {m}K-ca-se

(46)

Public-key Certification Hierarchy

alice@student.liu.se ca-student.liu.se

K+alice@student.liu.se

{m}K-ca-student.liu.se

Subject

Issuer name

Subject's public key Certificate

ca-student.liu.se ca-liu.se

K+ca-student.liu.se

{m}K-ca-liu.se ca-liu.se

ca-se

K+ca-liu.se {m}K-ca-se

Well known: K+ca-se

(47)

E-mail Privacy

• Confidentiality: Property that data is not disclosed in an unauthorized manner

• Important application with day to day value

• Most popular examples:

– PGP: Pretty good privacy (PGP)

• Combination of MD5, RSA, IDEA, Base64, and Ziv- Lempel

– PEM: Privacy enhanced mail

• Internet Standard

• See [Fig. 10.13] for details

(48)

Network Security IP Security (IPSec)

• IPSec history:

– SKIP vs. IPSec and IPv6 vs. IPv4

• Technical contents:

– Authentication Header (AH)

– Encapsulating Security Payload (ESP) – Security Association (SA)

– Security Parameter Index (SPI) – Internet Key Exchange (IKE)

• Integrated into network layer

• End-to-End vs. Tunnel modes

(49)

Figure 10.15 AH protocol header position and contents in transport mode

(50)

Web Security

Secure Socket Layer (SSL)

• History:

– SSL vs. TLS (Transport Layer Security) – Netscape and the IETF

• Layered on top of TCP

• Ever noticed http vs. https in a URL?

• Notion of a session

(51)

Figure 10.19 The secure socket layer (SSL) protocol: (a) protocol stack

(52)

SSL - Protocol Phases

• Authentication (using a CA)

• Cryptographic algorithm negotiation

• Session Key exchange

• Transaction initiation

• Transaction information transfer

(53)

Figure 10.19 The secure socket layer (SSL) protocol: (b) outline of the authentication and transaction initiation phases

(54)

Questions?

Figure

Updating...

References

Updating...

Related subjects :