ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 Lecture 11 Network Security (1)

ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 Outline Network Security Concepts Principles of cryptography Authentication Integrity Key Distribution and certification Security in many layers

ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 Network Security Confidentiality (Secrecy): only sender, intended receiver should “understand” message contents –sender encrypts message –receiver decrypts message Authentication: sender, receiver want to confirm identity of each other Message Integrity: sender, receiver want to ensure message is not altered (in transit, or afterwards) without detection Access and Availability: services must be accessible and available to users

ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 Friends and Enemies well-known in network security world “A” and “B” want to communicate “securely” “C” (intruder) may intercept (passive intruder), delete, add messages (active intruder) secure sender secure receiver channel data, control messages data A B C

ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 Who Might A, B and C be? Possible A and B real-life human users Web browser/server for electronic transactions (e.g., on- line purchases) on-line banking client/server DNS servers routers exchanging routing table updates Possible C –eavesdrop: intercept messages –actively insert messages into connection –impersonation: can fake (spoof) source address in packet (or any field in packet) –hijacking: “take over” ongoing connection by removing sender or receiver, inserting himself in place –denial of service: prevent service from being used by others (e.g., by overloading resources)

ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 Outline Network Security Concepts Principles of cryptography Authentication Integrity Key Distribution and certification Security in many layers

ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 The Language of Cryptography symmetric key cryptography: sender, receiver keys identical public-key cryptography: encryption key public, decryption key secret (private) plaintext ciphertext K A encryption algorithm decryption algorithm A’s encryption key B’s decryption key K B C

ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 Symmetric Key Cryptography substitution cipher: substituting one thing for another –Caesar cipher: taking each letter in the plaintext message and substituting the letter that is k letters later (allowing wraparound), i.e. if k=4, then the letter "a" in plaintext becomes "d" in cipher text; "b" in plaintext becomes "e" in cipher text, and so on. –monoalphabetic cipher: substitute one letter for another plaintext: abcdefghijklmnopqrstuvwxyz ciphertext: mnbvcxzasdfghjklpoiuytrewq Plaintext: hello there ciphertext: acggk uacoc E.g.:

ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 Symmetric Key Cryptography Vigenere ciphers: uses multiple monoalphabetic ciphers, with a specific monoalphabetic cipher to encode a letter in a specific position in the plaintext message. Example: two different Caesar ciphers C1( k=6) and C2(k=20), used in the repeating pattern C1, C2, C2. i.e. the first letter of plaintext is to encoded using C1, the second and third using C2. The pattern then repeats. Plaintext: hello there ciphertext: mxeqh mmxkj

ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 Symmetric Key Cryptography Transposition Cipher:

ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 Symmetric Key Cryptography: DES DES: Data Encryption Standard: US encryption standard [NIST 1993] DES operation 56-bit symmetric key, 64-bit plaintext input initial permutation 16 identical “rounds” of function application, each using different 48 bits of key final permutation How secure is DES? –DES Challenge: 56-bit-key-encrypted phrase (“Strong cryptography makes the world a safer place”) decrypted (brute force) in 4 months –no known “backdoor” decryption approach making DES more secure: –use three keys sequentially (3-DES) on each datum

ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 Public Key Cryptography symmetric key cryptography requires sender, receiver know shared secret key Q: how to agree on key in first place (particularly if never “met”) public key cryptography radically different approach [Diffie-Hellman76, RSA78] sender, receiver do not share secret key public encryption key known to all private decryption key known only to receiver

ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 Public Key Cryptography plaintext message, m ciphertext encryption algorithm decryption algorithm B’s public key plaintext message K (m) B + K B + B’s private key K B - m = K ( K (m) ) B + B -

ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 Public Key Encryption Algorithms Requirements: 1.need K + B (.) and K - B (.) such that 2.given public key K + B it should be impossible to compute private key K - B RSA: Rivest, Shamir, Adelson algorithm K (K (m)) = m B B - +

ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 RSA: Encryption Decryption Choosing Keys Choose two large prime numbers p, q. (e.g., 1024 bits each) Compute n = pq, z = (p-1)(q-1) Choose e (with e<n) that has no common factors with z. (e, z are “relatively prime”). Choose d such that ed-1 is exactly divisible by z. (in other words: ed mod z = 1 ). Public key is (n,e). Private key is (n,d). K B + K B - Encryption/Decryption 1.Given (n,e) and (n,d) as computed above 2.To encrypt bit pattern, m, compute c= m e mod n (i.e., remainder when m e is divided by n) 3.To decrypt received bit pattern, c, compute m = c d mod n (i.e., remainder when c d is divided by n)

ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 RSA Example B chooses p=5, q=7. Then n=35, z=24. –e=5 (so e, z relatively prime). –d=29 (so ed-1 exactly divisible by z). letter m m e c = m mod n e l c m = c mod n d c d letter l encrypt: decrypt:

ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 RSA: Property Why is that m = (m mod n) e mod n d (m mod n) e mod n = m mod n d ed Useful number theory result: If p,q prime and n = pq, then: x mod n = x mod n yy mod (p-1)(q-1) = m mod n ed mod (p-1)(q-1) = m mod n 1 = m (using number theory result above) (since we chose ed to be divisible by (p-1)(q-1) with remainder 1 )

ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 RSA: Property RSA also holds the following property: K ( K (m) ) = m B B - + K ( K (m) ) B B + - = use public key first, followed by private key use private key first, followed by public key Result is the same! (m d ) e mod n = m = (m e ) d mod n

ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 Outline Network Security Concepts Principles of cryptography Authentication Integrity Key Distribution and certification Security in many layers

ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 Authentication Goal: B wants A to “prove” its identity to him authentication must be done solely on the basis of messages and data exchanged as part of an authentication protocol. –Protocol ap1.0: A says “I am A” A B C “I am A” in a network, B can not “see” A, so C simply declares itself to be A

ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 Authentication Protocol ap2.0: A says “I am A” in an IP packet containing its source IP address A B C “I am A” A’s IP address C can create a packet “spoofing” with A’s address “I am A” A’s IP address

ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 Authentication Protocol ap3.0: A says “I am A” and sends her secret password to “prove” it. “I’m A” A’s IP addr A’s password OK A’s IP addr AB C playback attack: C records A’s packet and later plays it back to B “I’m A” A’s IP addr A’s password OK A’s IP addr “I’m A” A’s IP addr A’s password A B

ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 Authentication Protocol ap3.1: A says “I am A” and sends her encrypted secret password to “prove” it. C “I’m A” A’s IP addr encrypted password OK A’s IP addr “I’m A” A’s IP addr encrypted password A B record and playback still works!

ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 Authentication Goal: avoid playback attack Nonce: number (R) used only once –in-a-lifetime ap4.0: to prove A is “alive”, B sends nonce, R to A. A must return R, encrypted with shared secret key “I am A” R K (R) A-B A is live, and only A knows key to encrypt nonce, so it must be A! A B

ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 Authentication ap4.0 requires shared symmetric key can we authenticate using public key techniques? ap5.0: use nonce, public key cryptography “I am A” R B computes K (R) A - “send me your public key” K A + (K (R)) = R A - K A + and knows only A could have the private key, that encrypted R such that (K (R)) = R A - K A + A B

ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 Authentication: Security Hole Intruder in the middle attacks: C poses as A (to B) and as B (to A) I am A R C K (R) - Send me your public key C K + A K (R) - Send me your public key A K + C K (m) + C m = K (K (m)) + C - C gets sends m to A encrypted with A’s public key A K (m) + A m = K (K (m)) + A - R C A B

ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 Authentication: Security Hole Intruder in the middle attacks: C poses as A (to B) and as B (to A) Difficult to detect: B receives everything that A sends, and vice versa. (e.g., so B, and A can meet one week later and recall conversation) problem is that C receives all messages as well! C AB

ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 Outline Network Security Concepts Principles of cryptography Authentication Integrity Key Distribution and certification Security in many layers

ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 Digital Signatures Cryptographic technique analogous to hand-written signatures. sender (B) digitally signs document, establishing he is document owner/creator. verifiable, non-forgeable: recipient (A) can prove to someone that B, and no one else (including A), must have signed document Simple digital signature for message m: B signs m by encrypting with his private key K - B, creating “signed” message, K - B (m) Dear A Oh, how I have missed you. I think of you all the time! …(blah blah blah) B B’s message, m Public key encryption algorithm B’s private key K B - B’s message, m, signed (encrypted) with his private key K B - (m)

ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 Digital Signatures Suppose A receives message m, digital signature K - B (m) A verifies m signed by B by applying B’s public key K + B to K - B (m) then checks K + B (K - B (m) ) = m. If K + B (K - B (m) ) = m, whoever signed m must have used B’s private key. A thus verifies that: üB signed m. üNo one else signed m. üB signed m and not m’. Non-repudiation: A can take m, and signature K B (m) to court and prove that B signed m.

ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 Message Digests Computationally expensive to public-key-encrypt long messages Goal: fixed-length, easy- to-compute digital “fingerprint” apply hash function H to m, get fixed size message digest, H(m). Hash function properties: many-to-1 produces fixed-size message digest (fingerprint) given message digest x, computationally infeasible to find m such that x = H(m) large message m H: Hash Function H(m)

ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 Digital Signature = Signed Message Digest large message m H: Hash function H(m) digital signature (encrypt) B’s private key K B - + B sends digitally signed message: A verifies signature and integrity of digitally signed message: K B (H(m)) - encrypted msg digest K B (H(m)) - encrypted msg digest large message m H: Hash function H(m) digital signature (decrypt) H(m) B’s public key K B + equal ?

ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 Internet Checksum: Poor Hash Function Internet checksum has some properties of hash function: üproduces fixed length digest (16-bit sum) of message üis many-to-one But given message with given hash value, it is easy to find another message with same hash value: I O U B O B 49 4F E D2 42 message ASCII format B2 C1 D2 AC I O U B O B 49 4F E D2 42 message ASCII format B2 C1 D2 AC different messages but identical checksums!

ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 Hash Function Algorithms MD5 hash function widely used (RFC 1321) –computes 128-bit message digest in 4-step process. –arbitrary 128-bit string x, appears difficult to construct message m whose MD5 hash is equal to x. SHA-1 is also used. –US standard [ NIST, FIPS PUB 180-1] –160-bit message digest

ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 Reading Material Chapter 7 – text3 (Kurose) Chapter 8 – text2 (Tanenbaum)