Chapter 10. Network Security

(1)

Chapter 10 Network

Security

(2)

10.2 Chapter 10: Outline

10.1 INTRODUCTION

10.2 CONFIDENTIALITY

10.3 OTHER ASPECTS OF SECURITY 10.4 INTERNET SECURITY

10.5 FIREWALLS

(3)

Chapter 10: Objective

 We introduce network security. We discuss security goals, types of attacks, and services provided by network security.

 We introduce the first goal of security, confidentiality. We discuss symmetric-key ciphers and asymmetric-key ciphers.

 We discuss other aspects of security: message integrity, message authentication, digital signature, entity authentication, and key management.

 We apply what we have learned in the first three sections to the

(4)

10.4 10-1 INTRODUCTION

Information is an asset that has a value like

any other asset. As an asset, information

needs to be secured from attacks. To be

secured, information needs to be hidden

from unauthorized access (confidentiality),

protected from unauthorized change

(integrity), and available to an authorized

entity when it is needed (availability).

(5)

10.1.1 Security Goals

Let us first discuss three security goals:

 Confidentiality

 Integrity

 Availability

(6)

10.6 10.1.2 Attacks

Our three goals of security, confidentiality, integrity, and availability, can be threatened by security attacks. Although the literature uses different approaches to categorizing the attacks, we divide them into three groups related to the security goals.

Figure 10.1 shows the taxonomy.

(7)

10.1.2 (continued)

 Attacks Threatening Confidentiality

 Attacks Threatening Integrity

 Modification

 Masquerading

 Replaying

 Repudiation

 Snooping

 Traffic Analysis

(8)

10.8 Figure 10.1: Taxonomy of attacks with relation to security goals

(9)

10.1.3 Services and Techniques

ITU-T defines some security services to achieve security goals and prevent attacks. Each of these services is designed to prevent one or more attacks while maintaining security goals. The actual implementation of security goals needs some techniques. Two techniques are prevalent today:

 Cryptography

 Steganography

(10)

10.10 10-2 CONFIDENTIALITY

We now look at the first goal of security,

confidentiality. Confidentiality can be achieved

using ciphers. Ciphers can be divided into two

broad categories: symmetric-key and

asymmetric-key.

(11)

10.2.1 Symmetric-Key Ciphers

A symmetric-key cipher uses the same key for

both encryption and decryption, and the key

can be used for bidirectional communication,

which is why it is called symmetric. Figure 10.2

shows the general idea behind a symmetric-key

cipher.

(12)

10.12 10.2.1 (continued)

 Traditional Symmetric-Key Ciphers

 Substitution Ciphers

 Transposition Ciphers

 Stream and Block Ciphers

 Modern Symmetric-Key Ciphers

 Modern Block Ciphers

 Data Encryption Standard (DES)

 Modern Stream Ciphers

(13)

Figure 10.2: General idea of a symmetric-key cipher

(14)

10.14 Figure 10.3: Symmetric-key encipherment as locking and unlocking with

the same key

(15)

Figure 10.4: Representation of plaintext and ciphertext characters in

modulo 26

(16)

10.16 Use the additive cipher with key = 15 to encrypt the message “hello”.

Example 10.1

(17)

Use the additive cipher with key = 15 to decrypt the message “WTAAD”.

Example 10.2

(18)

10.18 Figure 10.5: An example key for a monoalphabetic substitution cipher

(19)

We can use the key in Figure 10.5 to encrypt the message

Example 10.3

(20)

10.20 Assume that Alice and Bob agreed to use an autokey cipher with initial key value k ₁ = 12. Now Alice wants to send Bob the message “Attack is today”. The three occurrences of “t”

are encrypted differently.

Example 10.4

(21)

Figure 10.6: Transposition cipher

(22)

10.22 Figure 10.7: A modern block cipher

(23)

Figure 10.8: Components of a modern block cipher

(24)

10.24 Figure 10.9: General structure of DES

(25)

Figure 10.10: DES function

(26)

10.26 Figure 10.11: Key generation

(27)

We choose a random plaintext block and a random key, and determine (using a program) what the ciphertext block would be (all in hexadecimal) as shown below.

Example 10.5

(28)

10.28 To check the effectiveness of DES when a single bit is changed in the input, we use two different plaintexts with only a single bit difference (in a program). The two ciphertexts are completely different without even changing the key. Although the two plaintext blocks differ only in the rightmost bit, the ciphertext blocks differ in 29 bits.

Example 10.6

(29)

Figure 10.12: One-time pad

(30)

10.30 10.2.2 Asymmetric-Key Ciphers

In previous sections we discussed symmetric-key ciphers. In this section, we start the discussion of asymmetric-key ciphers. Symmetric- and asymmetric-key ciphers will exist in parallel and continue to serve the community. We actually believe that they are complements of each other;

the advantages of one can compensate for the

disadvantages of the other.

(31)

10.2.2 (continued)

 General Idea

 Plaintext/Ciphertext

 Encryption/Decryption

 Need for Both

 RSA Cryptosystem

 Procedure

 Applications

(32)

10.32 Figure 10.13: Locking and unlocking in asymmetric-key cryptosystem

(33)

Figure 10.14: General idea of asymmetric-key cryptosystem

(34)

10.34 Figure 10.15: Encryption, decryption, and key generation in RSA

(35)

For the sake of demonstration, let Bob choose 7 and 11 as p and q and calculate n = 7 × 11 = 77, φ(n) = (7 − 1)(11 − 1), or 60. If he chooses e to be 13, then d is 37. Note that e × d mod 60 = 1. Now imagine that Alice wants to send the plaintext 5 to Bob. She uses the public exponent 13 to encrypt 5. This system is not safe because p and q are small.

Example 10.7

(36)

10.36 Here is a more realistic example calculated using a computer program in Java. We choose a 512-bit p and q, calculate n and φ(n). We then choose e and calculate d. Finally, we show the results of encryption and decryption. The integer p is a 159-digit number.

Example 10.8

(37)

Example 10.8 (continued)

(38)

10.38 Example 10.8 (continued)

(39)

Example 10.8 (continued)

(40)

10.40 10-3 OTHER ASPECTS OF SECURITY

The cryptography systems that we have studied so far provide confidentiality.

However, in modern communication, we

need to take care of other aspects of

security, such as integrity, message and

entity authentication, non-repudiation, and

key management. We briefly discuss these

issues in this section.

(41)

10.3.1 Message Integrity

There are occasions where we may not even need secrecy but instead must have integrity: the message should remain unchanged. For example, Alice may write a will to distribute her estate upon her death. The will does not need to be encrypted.

After her death, anyone can examine the will. The

integrity of the will, however, needs to be

preserved.

(42)

10.42 Figure 10.16: Message and digest

Insecure channel

Channel immune to change

(43)

10.3.2 Message Authentication

A digest can be used to check the integrity of a

message—that the message has not been

changed. To ensure the integrity of the message

and the data origin authentication—that Alice is

the originator of the message, not somebody

else—we need to include a secret shared by Alice

and Bob (that Eve does not possess) in the

process; we need to create a message

authentication code (MAC).

(44)

10.44 Figure 10.17: Message authentication code

M + MAC

Insecure channel

(45)

10.3.3 Digital Signature

Another way to provide message integrity and

message authentication (and some more security

services, as we will see shortly) is a digital

signature. A MAC uses a secret key to protect the

digest; a digital signature uses a pair of private-

public keys.

(46)

10.46 10.3.3 (continued)

 Comparison

 Inclusion

 Verification Method

 Relationship

 Duplicity

 Process

 Signing the Digest

 Services

 Message Authentication

 Message Integrity

 Non-repudiation

(47)

10.3.3 (continued)

 RSA Digital Signature Scheme

 Digital Signature Standard (DSS)

(48)

10.48 Figure 10.18: Digital signature process

(M, S)

(49)

Figure 10.19: Signing the digest

(50)

10.50 Figure 10.20: Using a trusted center for non-repudiation

(M, S _A ) _{(M, S} _T ₎

(51)

Figure 10.21: The RSA signature on the message digest

(52)

10.52 10.3.4 Entity Authentication

Entity authentication is a technique designed to let one party verify the identity of another party.

An entity can be a person, a process, a client, or a

server. The entity whose identity needs to be

proven is called the claimant; the party that tries

to verify the identity of the claimant is called the

verifier.

(53)

10.3.4 (continued)

 Entity versus Message Authentication

 Verification Categories

 Passwords

 Challenge-Response

 Using a Symmetric-Key Cipher

 Using an Asymmetric-Key Cipher

 Using Digital Signatures

(54)

10.54 Figure 10.22: Unidirectional, symmetric-key authentication

(55)

Figure 10.23: Unidirectional, asymmetric-key authentication

(56)

10.56 Figure 10.24: Digital signature, unidirectional authentication

(57)

10.3.5 Key Management

We discussed symmetric-key and asymmetric-key

cryptography in the previous sections. However,

we have not yet discussed how secret keys in

symmetric-key cryptography, and public keys in

asymmetric-key cryptography, are distributed and

maintained. This section touches on these two

issues.

(58)

10.58 10.3.5 (continued)

 Symmetric-Key Distribution

 Symmetric-Key Agreement

 Diffie-Hellman Key Agreement

 Public-Key Distribution

 Public Announcement

 Certification Authority

 X.509

 Key Distribution Center (KDC)

(59)

Figure 10.25: Multiple KDCs

(60)

10.60 Figure 10.26: Creating a session key using KDC

(61)

Figure 10.27: Diffie-Hellman method

(62)

10.62 Example 10.9

Let us give a trivial example to make the procedure clear.

Our example uses small numbers, but note that in a real situation, the numbers are very large. Assume that g = 7 and p = 23. The steps are as follows:

1. Alice chooses x = 3 and calculates R ₁ = 7 ³ mod 23 = 21.

Bob chooses y = 6 and calculates R ₂ = 7 ⁶ mod 23 = 4.

2. Alice sends the number 21 to Bob.

(63)

Example 10.9 (continued)

3. Bob sends the number 4 to Alice.

4. Alice calculates the symmetric key K = 4 ³ mod 23 = 18.

Bob calculates the symmetric key K = 21 ⁶ mod 23 = 18.

Conclusion:

The value of K is the same for both Alice and Bob;

g ^xy mod p = 7 ¹⁸ mod 23 = 18.

(64)

10.64 Figure 10.28: Certification authority

(65)

10-4 INTERNET SECURITY

In this section, we discuss how the

principles of cryptography are applied to the

Internet. We discuss security in the

application layer, transport layer, and

network layer. Security at the data-link layer

is normally a proprietary issue and is

implemented by the designers of LANs and

(66)

10.66 10.4.1 Application-Layer Security

This section discusses two protocols providing

security services for e-mails: Pretty Good Privacy

(PGP) and Secure/Multipurpose Internet Mail

Extension (S/MIME).

(67)

10.4.1 (continued)

 E-mail Security

 Cryptographic Algorithms

 Cryptographic Secrets

 Certificates

 Pretty Good Privacy (PGP)

 Scenarios

 Segmentation

 Key Rings

 PGP Algorithms

(68)

10.68 10.4.1 (continued)

 S/MIME

 Cryptographic Message Syntax (CMS)

 Key Management

 Cryptographic Algorithms

 Applications of S/MIME

(69)

Figure 10.29: A plaintext message

(70)

10.70 Figure 10.30: An authenticated message

(71)

Figure 10.31: A compressed message

(72)

10.72 Figure 10.32: A confidential message

(73)

Figure 10.33: Key rings in PGP

(74)

10.74 Figure 10.34: Trust model

(75)

Figure 10.35: Signed-data content type

(76)

10.76 Figure 10.36: Enveloped-data content type

(77)

Figure 10.37: Digested-data content type

(78)

10.78 Figure 10.38: Authenticated-data content type

(79)

Example 10.10

The following shows an example of an enveloped-data in

which a small message is encrypted using triple DES..

(80)

10.80 10.4.2 Transport-Layer Security

Two protocols are dominant today for providing

security at the transport layer: the Secure Sockets

Layer (SSL) protocol and the Transport Layer

Security (TLS) protocol. The latter is actually an

IETF version of the former. We discuss SSL in this

section; TLS is very similar. Figure 10.39 shows

the position of SSL and TLS in the Internet model.

(81)

10.4.2 (continued)

 SSL Architecture

 Services

 Key Exchange Algorithms

 Encryption/Decryption Algorithms

 Hash Algorithms

 Cipher Suite

 Compression Algorithms

 Cryptographic Parameter Generation

 Sessions and Connections

(82)

10.82 10.4.2 (continued)

 Four Protocols

 Handshake Protocol

 ChangeCipherSpec Protocol

 Alert Protocol

 Record Protocol

(83)

Figure 10.39: Location of SSL and TLS in the Internet model

(84)

10.84 Figure 10.40: Calculation of master secret from pre-master secret

(85)

Figure 10.41: Calculation of key material from master secret

(86)

10.86 Figure 10.42: Extractions of cryptographic secrets from key material

(87)

Figure 10.43: Four SSL protocols

(88)

10.88 Figure 10.44: Handshake Protocol

(89)

Figure 10.45: Processing done by the Record Protocol

(90)

10.90 10.4.3 Network-Layer Security

We need security at the network layer for three reasons. First, not all client/server programs are protected at the application layer. Second, not all client/server programs at the application layer use the services of TCP to be protected by the transport-layer security. Third, many applications, such as routing protocols, directly use the service of IP; they need security services at the IP layer.

IP Security is a collection of protocols designed by

the Internet Engineering

(91)

10.4.3 (continued)

 Two Modes

 Transport Mode

 Tunnel Mode

 Comparison

 Two Security Protocols

 Authentication Header (AH)

 Encapsulating Security Payload (ESP)

(92)

10.92 10.4.3 (continued)

 Services Provided by IPSec

 Access Control

 Message Integrity

 Entity Authentication

 Confidentiality

 Replay Attack Protection

 Security Association

 Idea of Security Association

 Security Association Database (SAD)

 Security Policy

 Security Policy Database

(93)

10.4.3 (continued)

 Internet Key Exchange (IKE)

 Virtual Private Network (VPN)

(94)

10.94 Figure 10.46: IPSec in transport mode

(95)

Figure 10.47: Transport mode in action

(96)

10.96 Figure 10.48: IPSec in tunnel mode

(97)

Figure 10.49: Tunnel mode in action

(98)

10.98 Figure 10.50: Transport mode versus tunnel mode

(99)

Figure 10.51: Authentication Header (AH) protocol

(100)

10.100 Figure 10.52: Encapsulating Security Payload (ESP)

(101)

Table 10.1 : IPSec services

(102)

10.102 Figure 10.53: Simple SA

(103)

Figure 10.54: SAD

(104)

10.104 Figure 10.55: Security Policy Database

(105)

Figure 10.56: Outbound processing

(106)

10.106 Figure 10.57: Inbound processing

(107)

Figure 10.58: IKE components

(108)

10.108 Figure 10.59: Virtual private network

(109)

10-5 FIREWALLS

All previous security measures cannot

prevent Eve from sending a harmful

message to a system. To control access to

a system we need firewalls. A firewall is a

device (usually a router or a computer)

installed between the internal network of an

organization and the rest of the Internet. It is

(110)

10.110 Figure 10.60: Firewall

(111)

10.5.1 Packet-Filter Firewalls

A firewall can be used as a packet filter. It can forward or block packets based on the information in the network-layer and transport-layer headers:

source and destination IP addresses, source and

destination port addresses, and type of protocol

(TCP or UDP). A packet-filter firewall is a router

that uses a filtering table to decide which packets

must be discarded (not forwarded). Figure 10.61

(112)

10.112 Figure 10.61: Packet-filter firewall

(113)

10.5.2 Proxy Firewalls

The packet-filter firewall is based on the information available in the network layer and transport layer headers (IP and TCP/UDP).

However, sometimes we need to filter a message

based on the information available in the message

itself (at the application layer). One solution is to

install a proxy computer to filter the messages.

(114)

10.114 Figure 10.62: Proxy firewall

(115)

Chapter 10: Summary

 The three goals of security can be threatened by security attacks.

Two techniques have been devised to protect information against attacks: cryptography and steganography.

 In a symmetric-key cipher the same key is used for encryption and decryption, and the key can be used for bidirectional communication. We can divide traditional symmetric-key ciphers into two broad categories: substitution ciphers and transposition ciphers.

 In an asymmetric key cryptography there are two separate keys:

(116)

10.116 Chapter 10: Summary (continued)

 Other aspects of security include integrity, message authentication, entity authentication, and key management.

 The Pretty Good Privacy (PGP), invented by Phil Zimmermann, provides e-mail with privacy, integrity, and authentication.

Another security service designed for electronic mail is Secure/Multipurpose Internet Mail Extension (S/MIME).

 A transport-layer security protocol provides end-to-end security services for applications that use the services of a reliable transport-layer protocol such as TCP. Two protocols are dominant today for providing security at the transport layer:

Secure Sockets Layer (SSL) and Transport Layer Security

(TLS).

(117)

Chapter 10: Summary (continued)

 IP Security (IPSec) is a collection of protocols designed by the IETF to provide security for a packet at the network level. IPSec operates in transport or tunnel mode. IPSec defines two protocols: Authentication Header (AH) Protocol and Encapsulating Security Payload (ESP) Protocol.