Network Security

Bijendra Jain
(bnj@cse.iitd.ernet.in)

3/15/2012

Tutorial on Network Security: Sep 2003

Lecture 1: Introduction

3/15/2012

Tutorial on Network Security: Sep 2003

Top-level issues

Safety, security and privacy Security policy

threats, both external and internal economic gains cost of securing resources cryptographic methods vs. physical security nature of resources (HW, SW, information) during storage, access and communication limited to a single computer vs. network security various layers (physical through application layers)

Information security:

3/15/2012

Tutorial on Network Security: Sep 2003

Security threats

Intentional vs. accidental Various forms of violations:

Non-destructive Destructive Repudiation Denial of service crypt-analysis snooping masquerading replay attacks virus, worms etc.
Tutorial on Network Security: Sep 2003 4

Threat techniques:

3/15/2012

Security services

Services (or functions) vs. mechanisms Security functions:

confidentiality authentication integrity non-repudiation access control availability

3/15/2012

Tutorial on Network Security: Sep 2003

Security mechanisms

Physical controls Audit trails Fraud detection (data mining) Steganography Encryption:
private-key vs. public-key encryption key generation, exchange, and management certification

Firewalls etc.

3/15/2012

Tutorial on Network Security: Sep 2003

Lecture 2: Symmetric-key encryption

3/15/2012

Tutorial on Network Security: Sep 2003

Cryptographic systems

Symmetric vs. asymmetric encryption Number of keys used Key lengths

Key size 32 56 128 26 character permutation

Possible no. of keys 109 1016 1038 1026

Time to crack (1 encryption/microsec) 36 min 1100 years 5 x 1024 years 6 x 1012 years

Time to crack (106 encryptions/microsec) 2. msec 10 hrs 5 x 1018 years 6 x 106 years

Block vs. stream cipher Crypt-analysis (assume algorithm is known)

ciphertext (only) plaintext + ciphertext chosen plaintext + ciphertext chosen ciphertext + plaintext
Tutorial on Network Security: Sep 2003 8

3/15/2012

Symmetric cryptographic system

Symmetric encryption

Plaintext, X Ciphertext, Y Secret keys for encryption, decryption, K Cryptanalysis Encrypt Insecure channel Decrypt DK(X)

EK(X)

K
Secure channel

Secret key, K
3/15/2012 Tutorial on Network Security: Sep 2003 9

Asymmetric cryptographic system

Asymmetric encryption

Plaintext, X Ciphertext, Y Two keys K1, and K2. One is secret, other is public One of them (secret or public) is used to encrypt, the other for decryption Helps with confidentiality, digital signatures Cryptanalysis Encrypt Insecure channel Decrypt DK(X)

EK(X)

X K2

K1

Key generation, management

3/15/2012 Tutorial on Network Security: Sep 2003 10

Symmetric encryption

Substitution cipher Transposition cipher DES Triple DES Blowfish, RC5, RC4, etc.

3/15/2012

Tutorial on Network Security: Sep 2003

11

Substitution cipher

Ceasar cipher

encrypt C (p+k) mod n decrypt p (C-k) mod n assumes set of n characters easily breakable in n-1 steps encrypt Ci lookup_encrypt(pi) decrypt pj lookup_decrypt(Cj) 26! Different keys may be broken using known relative frequency of each character To counter:

Substitute using n x n table

use multiple symbols to substitute substitute multiple symbols at a time

e.g. two letter strings at a time

3/15/2012

Tutorial on Network Security: Sep 2003

12

Transposition cipher

Transposition example:
Key Plaintext 4 a o d w 3 t s u o 1 t t n a 2 a p t m 5 c o I x 6 k n l y 7 p e t z

Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ

To make it more secure:

transposition it multiple times combine it with substitution ciphers

3/15/2012

Tutorial on Network Security: Sep 2003

13

DES

Combination of several substitution and transposition ops

Applied to each block of size 64 bits Key is 56 bits Uses portions of key at different steps Uses techniques referred to by diffusion and confusion

Developed by IBM 1971-73, accepted by NBS (USA) as a standard in 1977 C1 P1 Primarily a block cipher
K
K

Encypt EK(X)

Decrypt DK(X)

C1
3/15/2012 Tutorial on Network Security: Sep 2003

P1

14

DES encryption algorithm

64-bit plaintext
Initial permutation
K1

56-bit key

Permuted key Permuted key

K2

Round 1 Round 2

Left circular shift Left circular shift

Permuted key

K16

Round 16 32-bit swap Inverse permute

Permuted key

Left circular shift

64-bit ciphertext
3/15/2012 Tutorial on Network Security: Sep 2003 15

Cipher Block Chaining

Primarily

a block cipher

May be used in block chaining mode

P1 IV

P2

C1

C2

+
IV

Decrypt DK(X)

Decrypt DK(X)

Encrypt

Encrypt

EK(X)

EK(X)

C1

C2

P1

P2

3/15/2012

Tutorial on Network Security: Sep 2003

16

Strength of DES

Key size of 56 bits appears to be too small

In 1993 Weiner developed HW device for $100K with 5760 search

engines to break it in 35 hours In 1997, 70,000 systems on Internet discovered the key in less than 96 days (part of plaintext is given) Automating the process is difficult, unless plaintext is known

Perhaps breakable by studying and exploiting weakness

Differential cryptanalysis Linear cryptanalysis

Trapdoor
US Govt changed the original design

Continues to enjoy wide acceptibility

Particularly with triple-DES (used in PGP)

3/15/2012

Tutorial on Network Security: Sep 2003

17

Double-DES

Two stages of encryption, using two different keys

K1 X P
Encypt EK1(X) Decrypt

K2

EK2(X)

3/15/2012

Tutorial on Network Security: Sep 2003

18

Double-DES

two stages cannot be reduced to one stage:

for given K1, K2, there is no K s.t. EK2(EK1(P)) = EK(P)

Meet-in-the-middle attack
Let C = EK2(EK1(P)), and X = EK1(P) = DK2(C) Let known P and C Search for K1 and K2 such that X = EK1(P) = DK2(C) Complexity is O(256 + 256), not O(2128)

3/15/2012

Tutorial on Network Security: Sep 2003

19

Triple-DES

Three stages of encryption, using two different keys

K1 X1 K2 X2
Decrypt Decrypt EK3(X)

K3

Encypt EK1(X)

EK2(X)

3/15/2012

Tutorial on Network Security: Sep 2003

20

IDEA

International data encryption algorithm (IDEA) developed in 1991, gaining ground block cipher better understood US government has had no role in its design design principle:
block size 64 bits key length 128 bits more emphasis on diffusion and confusion uses three operations:
exclusive-OR, addition, multiplication

some effort to make HW implementation easier

3/15/2012 Tutorial on Network Security: Sep 2003 21

RC5

developed by Rivest, in 1994 suitable for HW or SW implementation on microprocessors

simple different word length low memory

high level of security

simpler determination of strength variable no. of rounds, key length

3/15/2012

Tutorial on Network Security: Sep 2003

22

Blowfish

Developed in 1993 block cipher up to 448 bit keys no known attacks simple, fast and compact
cycles/"round" 9 12 18 50 18 No. of rounds cycles/byte encrypted 16 18 16 23 16 45 8 50 48 108

algorithm Blowfish RC5 DES IDEA Triple-DES

3/15/2012

Tutorial on Network Security: Sep 2003

23

Summary: symmetric key encryption

Since the same key is used to encrypt and decrypt, the system is also know as private-key encryption Symmetric key encryption
uses shared secret keys also known as private-key encryption

Primarily used for purpose of confidentiality

but may be used to authenticate as well, but may be

repudiated

Key sharing or management is an issue

particularly when the no. of clients sharing the key is large

3/15/2012

Tutorial on Network Security: Sep 2003

24

Application to confidentiality

Private-key encryption may be used to provide confidentiality of messages during transfer over LANs and/or WANs At issue:
what information: User data vs. headers Identity of correspondents vs. node/route identity in what layer, and between what points Link-layer vs. end-to-end vs. application level

Assumption: data over physical network is accessible

Wireless links Employee of the network service provider Your own colleagues

3/15/2012

Tutorial on Network Security: Sep 2003

25

Link-level vs. end-to-end confidentiality

R
Host A Host B

R R
Link-level enrypt/ decrypt End-to-end enrypt/ decrypt

3/15/2012

Tutorial on Network Security: Sep 2003

26

Link-level vs. end-to-end confidentiality

Link-level encryption End-to-end encryption Security within nodes, hosts

Exposed in intermediate nodes Exposed in end hosts

Encrypted in intermediate nodes Encrypted/Decrypted by end hosts

Role of end devices, intermediate nodes

Intermediate nodes require encryption One key for each link Done in hardware

Only end hosts need encryption One key per session/connection Perhaps done in software

3/15/2012

Tutorial on Network Security: Sep 2003

27

Traffic confidentiality

Issues:
Identity of communicating entities Identity of hosts, routers Traffic volumes, patterns

Link-level encryption offers better confidentiality Padding may be used to hide patterns and volumes

3/15/2012

Tutorial on Network Security: Sep 2003

28

Key distribution

Secret key must be distributed between the communicating entities, say A and B Link level encryption requires L number of keys to be distributed, one for each device at the end of a link Host-to-host encryption requires N*(N-1)/2 keys to be distributed Two techniques:
Physical delivery (works only in a very limited environs) A delivers it to B A trusted third party C delivers the key to A and to B Electronic delivery using an established secure connection or

session

A delivers it to B after suitably encrypting it A trusted third party C delivers the key to A and to B using secure channels to A and to B.

3/15/2012

Tutorial on Network Security: Sep 2003

29

Key distribution

Electronic distribution by B to A, though process initiated by A

Above:

N1 and N2 are nonce, MKm is the master key used by A and B KS is the new session key F is a well-known function, such as ADD 1
Tutorial on Network Security: Sep 2003

3/15/2012

30

Key distribution

Electronic distribution by trusted third party C to A and to B

3/15/2012

Tutorial on Network Security: Sep 2003

31

Key distribution

Above:
KA and KB are keys used by A and B, respectively, to communicate

with C IDA identifies entity A

3/15/2012

Tutorial on Network Security: Sep 2003

32

Key distribution

Secure operation of these schemes, against:

Masquerade replay attacks

Other issues:
Hierarchy of keys Lifetime of a session key Generation of Nonce or Random numbers

3/15/2012

Tutorial on Network Security: Sep 2003

33

Thanks

3/15/2012

Tutorial on Network Security: Sep 2003

34