Presentation is loading. Please wait.

Presentation is loading. Please wait.

COS 461 Fall 1997 Todays Lecture u intro to security in networking –confidentiality –integrity –authentication –authorization u orientation for assignment.

Similar presentations

Presentation on theme: "COS 461 Fall 1997 Todays Lecture u intro to security in networking –confidentiality –integrity –authentication –authorization u orientation for assignment."— Presentation transcript:

1 COS 461 Fall 1997 Todays Lecture u intro to security in networking –confidentiality –integrity –authentication –authorization u orientation for assignment 3

2 COS 461 Fall 1997 Security Goals u confidentiality: Who can read this data? u integrity: Who can modify this data? u authentication: Who am I talking to? u authorization: Is this person allowed to do this operation?

3 COS 461 Fall 1997 Network Security Challenges u on the net, often communicate indirectly, through intermediaries –intermediaries can eavesdrop or corrupt messages u interact with unlimited number of parties u frequent interactions with untrusted people

4 COS 461 Fall 1997 Private Communication encrypt key decrypt key ciphertext plaintext Practical issues: - security of end systems - how to establish a shared secret key

5 COS 461 Fall 1997 In Assignment 3... u use AcmeNet.Util.AcmeCipher cipher –constructor »cipher = new AcmeCipher(long key); –to encrypt a byte »ciphertext = cipher.crypt(plaintext); »same to decrypt –64-bit (Java long) key

6 COS 461 Fall 1997 Key Establishment u use armed courier –slow and expensive u use face-to-face meeting –doesnt scale u use cryptographic tricks –good: no face-to-face meeting required –bad: hard to get right

7 COS 461 Fall 1997 Diffie-Hellman Algorithm u the big picture –two strangers have a public conversation –result is a secret shared between them –eavesdroppers cant learn the secret u patented; patent expired in September u relies on difficulty of finding discrete log –assume g and p are chosen cleverly –given g x mod p, very hard to determine x

8 COS 461 Fall 1997 Diffie-Hellman in Action AliceBob generate random Agenerate random B M a = g A mod pM b = g B mod p MaMa MbMb compute K = M b A mod p = g BA mod p compute K = M a B mod p = g AB mod p agree on g and p

9 COS 461 Fall 1997 But Wait... Alice Dr. EvilBob MaMa EaEa MbMb EbEb encrypted data

10 COS 461 Fall 1997 Whats Going On? u Diffie-Hellman gives you a private connection to somebody u but you dont know who is at the other end u need to take separate steps to prevent man- in-the-middle attack –digitally sign Diffie-Hellman messages, or –do separate authentication phase later

11 COS 461 Fall 1997 In Assignment 3... u AcmeNet.Util.DiffieHellman class implements the math –built-in choice of g, p –to do an exchange »make a new DiffieHellman object »read its gx field and send it across »get arriving message and pass it to the gotMessage method of your Diffie-Hellman object »use the key field of the Diffie-Hellman object

12 COS 461 Fall 1997 In Assignment 3... u PrivateConnection class extends Connection, adding privacy –start with an ordinary Connection –do a Diffie-Hellman exchange on the connection to generate a private key –encrypt subsequent data on the connection with the DH-generated key –no guarantees about who is on the other end

13 COS 461 Fall 1997 Authentication u How can we protect against impersonation? u two approaches –digital signatures (and similar schemes) –trusted third party u usual approach: claim identity, then prove it u sometimes, authenticate and exchange keys in a single protocol

14 COS 461 Fall 1997 Digital Signatures u everybody has two keys –a private key for signing –a public key for verifying signatures u need a secure way to find the keys of others –trusted certification authority signs key certificates, or –letter of introduction approach

15 COS 461 Fall 1997 Using Signatures (First Try) u challenge/response protocol u how Alice proves her identity to Bob –Bob sends a random challenge to Alice –Alice signs the challenge and sends it back –Bob verifies the signature u prone to man-in-the-middle attack

16 COS 461 Fall 1997 Signatures and Diffie-Hellman u after D-H exchange, each side concatenates the message it sent and the message it received, and signs the pair u verify the other sides signature u nice synergy –message sent by D-H acts as a challenge –signatures protect D-H from man-in-the-middle

17 COS 461 Fall 1997 Trusted Third Party Auth. u Alice and Bob have a three-way conversation with a third party (Trent) u result is a key that only Alice and Bob know u no need for signatures or public-key crypto u Trent must be completely trustworthy or all is lost u each party must share a key with Trent

18 COS 461 Fall 1997 Needham-Schroeder Protocol u steps –Alice and Bob state their identities »they could be lying! –Alice sends to Trent (Alice, Bob, na) –Trent generates a key K, creates a ticket (Alice, K) and encrypts it with Bobs key –Trent sends to Alice (na, Bob, K, encrypted- ticket), all encrypted with Alices key –Alice sends the encrypted ticket to Bob

19 COS 461 Fall 1997 Needham-Schroeder u in the end, either –Both parties are telling the truth about their identities, and both know the key K, or –at least one party is lying, and the liar doesnt know K u do a challenge-response handshake to verify knowledge of K in both directions u if handshake works, use K to encrypt data

20 COS 461 Fall 1997 Key Verification Handshake u steps –set up encryption using the new key K »actually, use K in one direction, K+1 in the other –send a random challenge to the other side –receive the other sides challenge, and add one to it; send the result back –verify the other sides response

21 COS 461 Fall 1997 In Assignment 3... u use a modified version of Needham- Schroeder protocol –set up PrivateConnection –do key-exchange/auth protocol –switch to newly generated shared key u trusted AuthenticationService lives at a well-known location –talk to AuthService via PrivateConnection

22 COS 461 Fall 1997 In Assignment 3... u each student has his/her own identity –String identity equal to Unix userid u each student shares a key with the AuthService –64-bit value –think of it as a password –stored in protected file accessible to AuthService

23 COS 461 Fall 1997 Generating Your Key u can use AcmeNet.Util.Login to translate a String or byte-array into a Java long –can use text passphrase rather than a number u email exchange to set up keys u please dont –use a serious secret as your key –use an easily guessable key –use the Assn 3 algorithms for high security applications

24 COS 461 Fall 1997 More About Security u public-key cryptography u key management issues u tamper-proof devices u authorization u logging, auditing and post-mortem repair u intrusion detection u policy creation and enforcement u etc.

Download ppt "COS 461 Fall 1997 Todays Lecture u intro to security in networking –confidentiality –integrity –authentication –authorization u orientation for assignment."

Similar presentations

Ads by Google