Computer Networks. Wenzhong Li. Nanjing University

Similar documents
Chapter 8 roadmap. Network Security

CS Computer Networks 1: Authentication

Computer Communication Networks Network Security

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ

CSC 4900 Computer Networks: Security Protocols (2)

Network Security. Computer Networking: A Top Down Approach Featuring the Internet, 2 nd edition. Jim Kurose, Keith Ross Addison-Wesley, July 2002.

14. Internet Security (J. Kurose)

Kurose & Ross, Chapters (5 th ed.)

Firewalls. Firewall. means of protecting a local system or network of systems from network-based security threats creates a perimeter of defense

CSC 8560 Computer Networks: Network Security

Lecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005

ח'/סיון/תשע "א. RSA: getting ready. Public Key Cryptography. Public key cryptography. Public key encryption algorithms

Encryption. INST 346, Section 0201 April 3, 2018

Chapter 8 Security. Computer Networking: A Top Down Approach. Andrei Gurtov. 7 th edition Jim Kurose, Keith Ross Pearson/Addison Wesley April 2016

Int ernet w orking. Internet Security. Literature: Forouzan: TCP/IP Protocol Suite : Ch 28

Chapter 8 Security. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

Lecture 30. Cryptography. Symmetric Key Cryptography. Key Exchange. Advanced Encryption Standard (AES) DES. Security April 11, 2005

Chapter 8. Computer Networking: A Top Down Approach Featuring the Internet, 3 rd edition. Jim Kurose, Keith Ross Addison-Wesley, July 2004.

Computer Networking. What is network security? Chapter 7: Network security. Symmetric key cryptography. The language of cryptography

Security: Focus of Control. Authentication

UNIT - IV Cryptographic Hash Function 31.1

FIREWALLS. Firewall: isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others

Internet and Intranet Protocols and Applications

Security: Focus of Control

Ref:

SECURITY IN NETWORKS

Issues. Separation of. Distributed system security. Security services. Security policies. Security mechanism

CSC 8560 Computer Networks: Security Protocols

L13. Reviews. Rocky K. C. Chang, April 10, 2015

(2½ hours) Total Marks: 75

SECURITY IN NETWORKS 1

Firewalls and NAT. Firewalls. firewall isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others.

Chapter 8 Security. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

Distributed Systems Principles and Paradigms

CIS 6930/4930 Computer and Network Security. Final exam review

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

Chapter 8 Security. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

Chapter 8 Security. Computer Networking: A Top Down Approach

S. Erfani, ECE Dept., University of Windsor Network Security

IPSec. Slides by Vitaly Shmatikov UT Austin. slide 1

Unit III. Chapter 1: Message Authentication and Hash Functions. Overview:

IP Security IK2218/EP2120

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

Chapter 8 Network Security

Security Requirements

Network Security Chapter 8

T Cryptography and Data Security

The Network Security Model. What can an adversary do? Who might Bob and Alice be? Computer Networks 12/2/2009. CSC 257/457 - Fall

Chapter 4: Securing TCP connections

Junos Security. Chapter 8: IPsec VPNs Juniper Networks, Inc. All rights reserved. Worldwide Education Services

CSC/ECE 774 Advanced Network Security

Chapter 8 Network Security

Chapter 8 Network Security. Computer Networking: A Top Down Approach, 5 th edition. Jim Kurose, Keith Ross Addison-Wesley, April 2009.

The question paper contains 40 multiple choice questions with four choices and students will have to pick the correct one (each carrying ½ marks.).

Chapter 8 Network Security

Potential Security Violations CSE 513: Distributed Systems (Security)

06/02/ Local & Metropolitan Area Networks. 0. Overview. Terminology ACOE322. Lecture 8 Network Security

Security issues: Encryption algorithms. Threats Methods of attack. Secret-key Public-key Hybrid protocols. CS550: Distributed OS.

Spring 2010: CS419 Computer Security

BCA III Network security and Cryptography Examination-2016 Model Paper 1

CSCE 715: Network Systems Security

CSCE 715: Network Systems Security

Virtual Private Networks

Securing Internet Communication: TLS

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

Networking Security SPRING 2018: GANG WANG

Student ID: CS457: Computer Networking Date: 5/8/2007 Name:

Network Security. Chapter 8. MYcsvtu Notes.

Lecture 1: Course Introduction

CSC 774 Network Security

Distributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015

CSC Network Security

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Data Integrity. Modified by: Dr. Ramzi Saifan

Data Security and Privacy. Topic 14: Authentication and Key Establishment

CS 494/594 Computer and Network Security

9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers

CSE 127: Computer Security Cryptography. Kirill Levchenko

EEC-682/782 Computer Networks I

Cryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng

Session key establishment protocols

Cryptographic Checksums

Digital Signatures. Public-Key Signatures. Arbitrated Signatures. Digital Signatures With Encryption. Terminology. Message Authentication Code (MAC)

Distributed Systems. 27. Firewalls and Virtual Private Networks Paul Krzyzanowski. Rutgers University. Fall 2013

Session key establishment protocols

Cryptography and Network Security Chapter 16. Fourth Edition by William Stallings

Computer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018

Chapter 9: Key Management

Introduction and Overview. Why CSCI 454/554?

Real-time protocol. Chapter 16: Real-Time Communication Security

UNIT III 3.1DISCRETE LOGARITHMS

1. Diffie-Hellman Key Exchange

VPNs and VPN Technologies

Verteilte Systeme (Distributed Systems)

Spring 2010: CS419 Computer Security

Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls

Computer Security and Privacy

Key Management. Digital signatures: classical and public key Classic and Public Key exchange. Handwritten Signature

CSCI 454/554 Computer and Network Security. Topic 5.2 Public Key Cryptography

Transcription:

Computer Networks Wenzhong Li Nanjing University 1

Chapter 7. Network Security Network Attacks Cryptographic Technologies Message Integrity and Authentication Key Distribution Firewalls Transport Layer Security IP Security Securing Wireless LANs 2

Public Key for Encryption C = Encrypt(M, PUB A ) M = Decrypt(C, PRV A ) 3

Public Key for Authentication C = Encrypt(M, PRV B ) M = Decrypt(C, PUB B ) 4

Message Integrity and Authentication Receiving msgs from Alice, Bob wants to ensure: Message originally came from Alice Message not changed since sent by Alice Security handling Source impersonation / spoofing Message injection / modification Message re-sequencing / replaying 5

Authentication Functions Creating an authenticator which may involve functions of Sender / Message Text Time Stamp / Sequence Number / Random Value Secret Keys The sender computes and sends the authenticator as part of the regular message The recipient compares the received authenticator with the expected authenticator 6

Message Authentication Code (shared secret) s (message) m MAC(.) append H(m+s) m H(m+s) public Internet m H(m+s) MAC(.) H(m+s) compare s (shared secret) 7

Authentication by MAC MAC is a fixed-size code that is appended to the message Typical sizes of MAC range from 64 to 256 bits Message can be sent in the clear without encryption MAC is a function of the message and a secret key Can assure msg not altered, and from alleged sender MAC should not be reversible, decryption is not needed The strength of the MAC depends on the function and on the secrecy of the key 8

Authentication Methods Authentication by Crypto Using crypto functions of the text and secret keys CBC-MAC Authentication by Hash Using hash functions and involving secret keys in the computations MD5, 128 bit MAC, (RFC 1321) SHA-1, 160 bit MAC, (NIST, FIPS PUB 180-1) 9

Requirements of MAC Functions Operability Work on any input length Produce output of fixed size Should be easy to compute Security One-way given value Y, it is hard to find content X such that Y = MAC(X) Weak Collision Resistance given content X 1 it is hard to find another content X 2 such that MAC(X 1 ) = MAC(X 2 ) Strong Collision Resistance it is hard to find any two different contents X 1 and X 2 such that MAC(X 1 ) = MAC(X 2 ) 10

CBC-MAC Authentication Cipher block chaining message authentication code Divide message M into L blocks of size n bits each M = M 1, M 2,..., M L Let K be a secret key of the encryption algorithm E Let C 0 = IV be a random block of n bits Compute C i = E K (M i +C i 1 ) for i = 1, 2,..., L CBC-MAC K (M) = C L Let MAC K (M) = (C 0, C L ) = (IV, CBC-MAC K (M)) i.e. the first and last blocks of CBC encryption 11

Common Structure for MD5 and SHA-1 12

Common Steps Input message less than 2 64 bits Processed in 512 bit blocks Appends padding bits Message Length congruent to 448(mod 512) Adds length field Original message length is written in last 64 bits 13

MD5 Processing Uses 4-word state buffer A, B, C, D to compute the message digest Initial value: 01234567, 89abcdef, fedcba98, 76543210 Total 128 bits Process message in 16-word blocks M 0, M 1, M 15 Processing of a msg block consists of 4 similar stages Each with a different function F Each stage is composed of 16 similar operations Using F, modular +, and left rotation 14

One MD5 Operation A different F is used for each stage M i is a 32-bit word of msg K i is a 32-bit generated constant 15

SHA-1 Processing Uses 5 word state buffer A, B, C, D, E to compute the message digest Value 67452301, efcdab89, 98badcfe, 10325476, c3d2e1f0 Total 160 bits Process message in 16-word chunks M 0, M 1, M 15 Processing of a msg block consists of 4 similar stages Each with a different function F Each stage is composed of 20 similar operations 16

SHA for A Single Chunk M 0, M 1,, M 15 : 16 words of input chunk For t = 0 to 15, W t = M t For t = 16 to 79, W t = S 1 (W t 16 W t 14 W t 8 W t 3 ) F 1, F 2, F 3, F 4 : 4 different elementary functions K : distinct set of constants for each F i 17

One SHA Operation F is a nonlinear function that varies W t is the expanded message word of step t K t is the constant of step t 18

MAC Options Preferred, no need encryption/decryption 19

Digital Signature Sender (Bob) digitally signs document, making him document owner/creator Recipient (Alice) can prove to someone that Bob, and no one else, must have made the document Bob s message, m K B - Bob s private key m +K B - (m) public key encryption algorithm Bob s private key is essential 20

Digital Signature is Signed MAC Bob sends digitally signed message: large message m + H: hash function Bob s private key K B - H(m) digital signature (encrypt) encrypted msg digest - K B (H(m)) Alice verifies signature and integrity of digitally signed message: large message m H: hash function H(m) Bob s public key K B + equal? encrypted msg digest - K B (H(m)) digital signature (decrypt) H(m) 21

Key Distribution Problem How can Alice and Bob share the common secret key How does Alice know Bob s public key does be Bob s public key Solution Diffie-Hellman Key Exchange Trusted certification authority (CA) Certificate for public key 22

Attack Key Distribution Alice s IP addr Secret info I m Alice Alice s IP addr OK Alice s IP addr Secret info I m Alice Record and playback Still account for large part of secret holes Needs proper use of timestamp and nonce Nonce: 不重数 23

Attack Key Distribution Key Exchange Msg Exchange Key Exchange Msg Exchange Middle attack (Man-in-the-middle attack) Trudy poses as Alice (to Bob) and as Bob (to Alice) Hard to detect Bob receives everything that Alice sends, and vice versa But Trudy receives all messages as well! 24

Diffie-Hellman Key Exchange (1) Preliminary Large prime P known to the world Generator g of Z p* known to the world A and B do not share any secret value 25

Diffie-Hellman Key Exchange (2) The D-H Protocol A picks at random a number X {1, 2,, P 1} and sends to B the value g X (mod P) B picks at random a number Y {1, 2,, P 1} and sends to A the value g Y (mod P) A computes (g Y ) X (mod P) = g XY (mod P) B computes (g X ) Y (mod P) = g XY (mod P) A and B now share the secret value g XY (mod P) Note: Z P* = {1 a P 1: gcd(a,p)=1} Each [a] denote a set [a] = {a+k P: k Z} For a prime P, Z P* = {1, 2,, P 1} Generator g of Z P* : g Z P * a Z P*, k Z, a = g k (mod P) 26

27

Trusted Certification Authority 28

Key Distribution via CA Session Key Used for duration of one logical connection Destroyed at end of session Permanent key Used for distribution of keys Key distribution center (CA) Determines validity of sender and receiver Provides one session key for that connection Security service module (SSM) Performs end to end encryption Obtains keys for host 29

The Needham-Schroder Protocol AS ticket 1: C, S, N c 2: K c-as ( N c, S, K cs, K s-as (K cs, C) ) C 3: K s-as (K cs, C) 4: K cs (N s ) 5: K cs (N s -1) S AS: Authentication server (KDC) C: client S: server K x-as : key shared between X and AS, where X is C, or S K cs : session key between client C and server S N x : Nonce generated by X 30

One-Time Session Key Public key not suitable for large blocks of message Bob communications with Alice by following steps Prepares a message Encrypts the message using symmetric crypto with a onetime session key Encrypts the session key using Alice s public key Attaches the encrypted session key to the message and sends it to Alice Alice gets the session key using her private key, and decrypts the message 31

Public Key Certificate Question How to ensure the published public key does be Alice s public key, not from someone else Solution: Public key certificate A public key plus User ID of the key owner Above block signed by a trusted CA with a timestamp Others cannot substitute Alice s public key with his own Cannot forge the signature of the trusted CA 32

Public Key Certificate K B + 33

Public Key Certificate Serial number (unique to this certificate) Info about certificate owner, including algorithms and key value Info about certificate issuer Including valid dates, digital signature by issuer (thumbprint / fingerprint) 34

An Example: Secure Email Alice wants to provide secrecy, sender authentication, and message integrity Internet e-mail encryption scheme, de-facto standard Alice uses three keys: her private key, Bob s public key, newly created symmetric key 35

Firewalls Isolate organization s intranet from larger Internet Allowing some packets to pass, blocking others Ensure intranet/system security from hackers/malwares outside administered network public Internet firewall 36

Functions of Firewalls Prevent denial of service attacks SYN flooding, by preventing attackers from establishing bogus TCP connections / trying pings Allow only authorized access to inside network Set of authenticated users/hosts Prevent illegal access/modification of internal data Prevent access of specified servers/applications 3 types Stateless packet filters Stateful packet filters Application gateways 37

Packet Filtering Router firewall Check if arriving packet be allowed in, departing packet let out Router firewall filters packet-by-packet, decision to forward/drop packet based on: Source IP address, destination IP address TCP/UDP source and destination port numbers ICMP message type TCP SYN and ACK bits 38

Filtering Example Block incoming/outgoing datagrams with IP protocol field = 17 All incoming, outgoing UDP flows are blocked Block incoming/outgoing datagrams with either source or dest port = 23 All telnet connections (bbs) are blocked Block incoming TCP segments with ACK=0 Prevents external clients from making TCP connections to internal hosts (i.e. DOS attacks) 39

More Examples Policy No outside Web access. No incoming TCP connections, except those for institution s public Web server only. Prevent Web-radios from eating up the available bandwidth. Prevent your network from being used for a smurf DoS attack. Prevent your network from being tracerouted Firewall Setting Drop all outgoing packets to any IP address, port 80 Drop all incoming TCP SYN packets to any IP except 130.207.244.203, port 80 Drop all incoming UDP packets - except DNS and router advertisements. Drop all ICMP packets going to a broadcast address (eg 130.207.255.255). Drop all outgoing ICMP TTL expired traffic 40

ACL: Access Control List action source address dest address protocol source port dest port flag bit allow 222.22/16 outside of 222.22/16 TCP > 1023 80 any allow outside of 222.22/16 222.22/16 TCP 80 > 1023 ACK allow 222.22/16 outside of 222.22/16 UDP > 1023 53 --- allow outside of 222.22/16 222.22/16 UDP 53 > 1023 ---- deny all all all all all all 41

A Stateful ACL Keeps in mind states of TCP connections or UDP timeouts A stateful ACL action source address dest address proto source port dest port flag bit is closed allow 222.22/16 outside of 222.22/16 TCP > 1023 80 any allow outside of 222.22/16 222.22/16 TCP 80 > 1023 ACK x allow 222.22/16 outside of 222.22/16 UDP > 1023 53 --- allow outside of 222.22/16 222.22/16 UDP 53 > 1023 ---- x deny all all all all all all 42

More Advanced: Application Gateways Filters packets on application data as well as on IP/TCP/UDP fields e.g. allow select internal users to telnet outside IDS: intrusion detection system TCP connections must be relayed by gateway Router filter blocks all TCP connections not originating from gateway host-to-gateway telnet session gateway-to-remote host telnet session application gateway router and filter 43

Firewall: In Conclusion 3 types Stateless packet filters Stateful packet filters Application gateways Many things to do Gateway is the most powerful, but not transparent (by proxy setting) Limited functions for UDP communications Setting rules is always a step later 44

Summary MAC CBC-MAC MD5 SHA-1 Digital Signature: MAC+Encription Key Distribution Diffie-Hellman Key Exchange Trusted certification authority (CA) Certificate for public key Firewalls Stateless packet filters Stateful packet filters Application gateways 45

Homework 第八章 :R1, R9, R15, P3, P7, P8, P9 46

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback