Network Security

understand principles of network security:

cryptography and its many uses beyond confidentiality message integrity digital signature authentication

wireless network security

securing wireless LANs thwarting malicious behavior thwarting selfish behavior

Security basics
what is network security?

principles of cryptography
usage of cryptography for network security message integrity digital signature end point authentication key establishment

example application securing e-mail

2

What is network security?

Confidentiality: only sender, intended receiver should understand message contents sender encrypts message receiver decrypts message Authentication: sender, receiver want to confirm identity of each other Message integrity: sender, receiver want to ensure message not altered (in transit, or afterwards) without detection Access and availability: services must be accessible and available to users
3

Friends and enemies: Alice, Bob, Trudy

well-known in network security world Bob, Alice (lovers!) want to communicate securely Trudy (intruder) may intercept, delete, add messages

Alice secure sender

channel

data, control messages

Bob

data

secure receiver
Trudy

data

Who might Bob, Alice be?

well,

web browser/server for electronic

real-life Bobs and Alices!

transactions (e.g., on-line purchases) on-line banking client/server DNS servers routers exchanging routing table updates other examples?

There are bad guys (and girls) out there!

Q: what can a bad guy do? A: a lot!

eavesdrop: intercept messages actively insert messages into connection impersonation: can fake (spoof) source address

in packet (or any field in packet) hijacking: take over ongoing connection by removing sender or receiver, inserting himself in place denial of service: prevent service from being used by others (e.g., by overloading resources)

more on this later

6

Security basics
what is network security?

principles of cryptography

usage of cryptography for network

security

key establishment

message integrity digital signature end point authentication

example application securing e-mail

7

Cryptography
cryptography: a set of mathematical

functions with a set of nice properties. A common mechanism for enforcing policies. encrypt clear text into cipher text, and vice versa properties of good encryption techniques
encryption

scheme depends not on secrecy of algorithm but on parameter of algorithm (i.e.,

extremely

encryption key)

difficult for an intruder to determine the encryption key

8

Cryptography algorithms
symmetric key algorithm: one shared by a

pair of users used for both encryption and decryption

algorithms are based on each user having two keys:
public

asymmetric or public/private key

key in public private key key known only to individual user

9

The language of cryptography

Alices K encryption A key plaintext encryption algorithm ciphertext Bobs K decryption B key decryption plaintext algorithm

symmetric key crypto: sender, receiver keys identical public-key crypto: encryption key public, decryption key secret (private)
10

Symmetric key cryptography

substitution cipher: substituting one thing for another

monoalphabetic cipher: substitute one letter for another

plaintext: ciphertext:
E.g.:

abcdefghijklmnopqrstuvwxyz mnbvcxzasdfghjklpoiuytrewq

Plaintext: bob. i love you. alice ciphertext: nkn. s gktc wky. mgsbc

Q: how hard to break this simple cipher?: brute force (how hard?) other?
11

Symmetric key cryptography

KA-B
plaintext message, m encryption ciphertext algorithm K (m)
A-B

KA-B
decryption plaintext algorithm m = K ( KA-B(m) )
A-B

symmetric key crypto: Bob and Alice share know same (symmetric) key: K A-B e.g., key is knowing substitution pattern in mono alphabetic substitution cipher Q: how do Bob and Alice agree on key value?
12

Symmetric key crypto: DES

DES: Data Encryption Standard
US encryption standard [NIST 1993] 56-bit symmetric key, 64-bit plaintext input

How secure is DES?

DES challenge: 56-bit-key-encrypted phrase (Strong cryptography makes the world a safer place) decrypted (brute force) in 4 months no known backdoor decryption approach making DES more secure: use three keys sequentially (3-DES) on each datum use cipher-block chaining

13

Symmetric key crypto: DES

DES operation initial permutation 16 identical rounds of function application, each using different 48 bits of key final permutation

14

AES: Advanced Encryption Standard

new (Nov. 2001) symmetric-key NIST

standard, replacing DES processes data in 128 bit blocks 128, 192, or 256 bit keys brute force decryption (try each key) taking 1 sec on DES, takes 149 trillion years for AES

15

Public key cryptography

symmetric key crypto
requires sender,

public key cryptography

radically different

receiver know shared secret key Q: how to agree on key in first place (particularly if never met)?

approach [DiffieHellman76, RSA78] sender, receiver do not share secret key public encryption key known to all private decryption key known only to receiver
16

Public key cryptography

K
+ Bobs public B key

- Bobs private B key

plaintext message, m

encryption ciphertext algorithm + K (m)

B

decryption plaintext algorithm message + m = K B(K (m))

B

17

Public key encryption algorithms

Requirements:
+ need K ( ) and K - ( ) such that B B - + K (K (m)) = m B B

+ given public key KB , it should be

impossible to compute private key KB

RSA: Rivest, Shamir, Adleman algorithm

18

RSA: choosing keys

1. choose two large prime numbers p, q. (e.g., 1024 bits each) 2. compute n = pq, z = (p-1)(q-1) 3. choose e (with e<n) that has no common factors with z. (e, z are relatively prime). 4. choose d such that ed-1 is exactly divisible by z. (in other words: ed mod z = 1 ). 5. public key is (n,e). private key is (n,d).
+ KB -

KB
19

RSA: encryption, decryption

0. Given (n,e) and (n,d) as computed above 1. To encrypt bit pattern, m, compute

e e c = m mod n (i.e., remainder when m is divided by n) d m = c d mod n (i.e., remainder when c is divided by n)
Magic m = (m e mod n) d mod n happens! c
20

2. To decrypt received bit pattern, c, compute

RSA example:
Bob chooses p=5, q=7. Then n=35, z=24. e=5 (so e, z relatively prime). d=29 (so ed-1 exactly divisible by z. me 1524832 c = me mod n

encrypt:

letter l

m 12 d c

17 m = cd mod n letter 12 l

decrypt:

c 17

481968572106750915091411825223071697

21

RSA: Why is that

m = (m e mod n) d mod n

Useful number theory result: If p,q prime and n = pq, then: y y mod (p-1)(q-1) x mod n = x mod n

(m mod n) d mod n = medmod n = m ed mod (p-1)(q-1)

(using number theory result above)

mod n

= m mod n
(since we chose ed to be divisible by (p-1)(q-1) with remainder 1 )

= m
22

RSA: another important property

The following property will be very useful later: K (K (m))
B B +

+ = m = K (K (m)) B B

use public key first, followed by private key

use private key first, followed by public key

Result is the same!

23

Security basics
what is network security?

principles of cryptography

usage of cryptography for network

security

key establishment

message integrity digital signature end point authentication

example application securing e-mail

24

Message integrity
Bob receives msg from Alice, wants to ensure:
message originally came from Alice message not changed since sent by Alice

Cryptographic hash:
takes input m, produces fixed length value, H(m) computationally infeasible to find two different

messages, x, y such that H(x) = H(y)

equivalently: given m = H(x), (x unknown), can not determine x.

25

Message Authentication Code

(shared secret) s
H(m+s)

(message)
m
append

H(.) m
H(m+s)

public Internet

m
compare
H(m+s)

H(.) s (shared secret)

H(m+s)

26

MACs in practice
MD5 hash function widely used (RFC 1321)

designed by Rivest, 1992

computes

128-bit MAC in 4-step process. arbitrary 128-bit string x, appears difficult to construct msg m whose MD5 hash is equal to x
recent (2005) attacks on MD5

SHA-1 is also used

US standard [NIST, FIPS PUB 180-1] 160-bit MAC

possible to break it faster than brute-force, 2005

27

Security basics
what is network security?

principles of cryptography

usage of cryptography for network

security

key establishment

message integrity digital signature end point authentication

example application securing e-mail

28

Digital signatures
Cryptographic technique analogous to handwritten signatures.
sender (Bob) digitally signs document,

establishing he is document owner/creator. verifiable, nonforgeable: recipient (Alice) can prove to someone that Bob, and no one else (including Alice), must have signed document

29

Message digests
Computationally expensive to publickey-encrypt long messages Goal: fixed-length, easyto-compute digital fingerprint apply hash function H to m, get fixed size message digest, H(m).

large message m

H: Hash Function

H(m)

Hash function properties: many-to-1 produces fixed-size msg digest (fingerprint) given message digest x, computationally infeasible to find m such that x = H(m)
30

Digital Signature = Signed Message Digest

Bob sends digitally signed message: large message m
H: Hash function

Alice verifies signature and integrity of digitally signed message: H(m)

encrypted msg digest

Bobs private key

KB

digital signature (encrypt) encrypted msg digest

large message m
H: Hash function

KB(H(m))
Bobs public key

KB

digital signature (decrypt)

KB(H(m))

H(m)

H(m)

equal ?

31

Security basics
what is network security?

principles of cryptography

usage of cryptography for network

security

key establishment

message integrity digital signature end point authentication

example application securing e-mail

32

Authentication: A Nave Approach

Goal: Guarantee that a party is who it claims he/she is. Protocol: Alice says I am Alice and sends her secret password to prove it.
Alices Alices Im Alice IP addr password
Alices IP addr

OK

Failure scenario??

33

Authentication: A Nave Approach

Protocol: Alice says I am Alice and sends her secret password to prove it.
Alices Alices Im Alice IP addr password Alices IP addr

playback attack: Trudy

records Alices packet and later plays it back to Bob

OK

Alices Alices Im Alice IP addr password

34

Authentication: Symmetric Key

Goal: avoid playback attack

Nonce: number (R) used only once in-a-lifetime Protocol: to prove Alice live, Bob sends Alice nonce, R. Alice must return R, encrypted with shared secret key

I am Alice R
KA-B (R) Failures, drawbacks?
Alice is live, and only Alice knows key to encrypt nonce, so it must be Alice!
35

Authentication: Public/Private Key

I am Alice
R K A (R) KA Failures, drawbacks?
+ -

send me your public key

and knows only Alice could have the private key, that encrypted R such that + K (K (R)) = R A A

KA (KA (R)) = R

Bob computes + -

36

Man (Woman) In The Middle

I am Alice R R K (R) A K I am Alice K (R) T K + K (m) T

Send me your public key

Send me your public+key

A Trudy gets - + m = K (K (m)) T T sends m to Alice

- + m = K (K (m)) A A

+ K (m) A

encrypted with Alices public key

37

Man (Woman) In The Middle

Difficult to detect: Bob receives everything that Alice sends, and vice versa. (e.g., so Bob, Alice can meet one week later and recall conversation) problem is that Trudy receives all messages as well!

38

Security basics
what is network security?

principles of cryptography

usage of cryptography for network

security

key establishment

message integrity digital signature end point authentication

example application securing e-mail

39

Key Establishment
Symmetric key problem:
How do two entities

Public key problem:

When Bob obtains Alices

establish shared secret key in the first place?

Solutions:
Deffie-Hellman trusted key distribution

public key (from web site, e-mail, diskette), how does he know it is Alices public key, not Trudys?

Solution:
trusted certification

center (KDC) acting as intermediary between entities

authority (CA)

40

Deffie-Hellman Key Exchange

secret integer prime number p, base g ga mod p

secret integer

gb mod p (gb mod p)a mod p

(ga mod p)b mod p

Key: (gb mod p)a mod p= (ga mod p)b mod p

41

Deffie-Hellman Key Exchange: Example

Prime number p=23, base g=5.

Alice: a=6 Send Bob: g^a mod 23 = 8.

Bob: b=15
Send

Alice: g^b mod 23 = 19.

Alice compute: 19^6 mod 23 = 2 Bob computer: 8^15 mod 23 = 2

42

Key Distribution Center (KDC)

KDC: server shares different secret key with

registered user (many users) Alice shares a key with KDC: KA-KDC Bob shares a key with KDC: KB-KDC

each

KDC
KA-KDC KP-KDC

KP-KDC

KB-KDC

KX-KDC

KY-KDC KB-KDC KZ-KDC

KA-KDC

43

Key Distribution Center (KDC)

Q: How does KDC allow Bob, Alice to determine shared
symmetric secret key to communicate with each other?

KA-KDC(A,B)
Alice knows R1

KDC generates R1 Bob knows to use R1 to communicate with Alice

KA-KDC(R1, KB-KDC(A,R1) ) KB-KDC(A,R1)

Alice and Bob communicate: using R1 as session key for shared symmetric encryption
44

Deffie-Hellman v.s. KDC

Deffie-Hellman
+:

no infrastructure support -: computation load on users

KDC
-:

need infrastructure support -: single bottleneck, single point of failure +: computation load centered at KDC
Q: are these two approaches suitable for

sensor networks?

45

Certification authorities
Certification authority (CA): binds public key to particular

entity, E. E registers its public key with CA.

E provides proof of identity to CA. CA creates certificate binding E to its public key. certificate containing Es public key digitally signed by CA CA says this is Es public key
digital signature (encrypt)
CA K -

Bobs public key Bobs identifying information

KB

KB certificate for Bobs public key, signed by CA

46

private key

CA

Certification authorities
When Alice wants Bobs public key:

gets Bobs certificate (Bob or elsewhere). apply CAs public key to Bobs certificate, get Bobs public key

+ KB

digital signature (decrypt)

CA public key

Bobs public + key KB

+ K CA

47

A certificate contains:
Serial number (unique to issuer) info about certificate owner, including algorithm and key

value itself (not shown)

info about

certificate issuer valid dates digital signature by issuer

48

Security basics
what is network security?

principles of cryptography
usage of cryptography for network

security

message

integrity digital signature end point authentication

key establishment
example: securing e-mail
49

Securing e-mail
Alice wants to send an email to Bob

requirements message confidential message integrity sender authentication

50

Secure e-mail : confidentiality, sender

Alice wants to send confidential e-mail, m, to Bob.

KS
K (. )
S

KS(m )

KS(m ) Internet

KS( )

+
KS
K B( ) KB

KB(KS )

KS
K B( ) KB

KB(KS )

Alice:

generates random symmetric private key, KS. encrypts message with KS (for efficiency) also encrypts KS with Bobs public key. sends both KS(m) and KB(KS) to Bob.
51

Secure e-mail: confidentiality, receiver

Alice wants to send confidential e-mail, m, to Bob.

KS
K (. )
S

KS(m )

KS(m ) Internet

KS( )

+
KS
K B( ) KB

KB(KS )

KS
K B( ) KB

KB(KS )

Bob:

uses his private key to decrypt and recover KS uses KS to decrypt KS(m) to recover m

52

 Alice wants to provide sender authentication

Secure e-mail: sender authentication & message integrity

message integrity.

53

 Alice wants to provide sender authentication

Secure e-mail: sender authentication & message integrity

-

message integrity.
KA

H(.)

K A( )

KA(H(m))

KA(H(m))
Internet

KA KA( )

H(m )

+
m

compare H( )

H(m )

Alice digitally signs message.

sends both message (in the clear) and digital signature.

54

Secure e-mail: everything together

Alice wants to provide secrecy, sender authentication,

message integrity.
KA

H( )

KA( )

KA(H(m))

KS

+
m KS

KS( )

+
K B( ) KB

Internet

KB(KS )

Alice uses three keys: her private key, Bobs public key, newly created symmetric key
55

Pretty good privacy (PGP)

Internet e-mail encryption

scheme, de-facto standard. uses symmetric key cryptography, public key cryptography, hash function, and digital signature as described. provides secrecy, sender authentication, integrity. inventor, Phil Zimmerman, was target of 3-year federal investigation.

A PGP signed message:

---BEGIN PGP SIGNED MESSAGE--Hash: SHA1 Bob:My husband is out of town tonight.Passionately yours, Alice ---BEGIN PGP SIGNATURE--Version: PGP 5.0 Charset: noconv yhHJRHhGJGhgg/12EpJ+lo8gE4vB3mqJ hFEvZP9t6n7G6m5Gw2 ---END PGP SIGNATURE---

56

Security basics summary

Basic techniques...
cryptography (symmetric and public) message integrity digital signature end-point authentication key establishment

57