Network security Foundations what is security cryptography authentication

Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application layer: secure e-mail transport layer: Internet commerce, SSL, SET network layer: IP security Network Security 1

Network Security Network Entities: Friends and Enemies Insecure medium well-known in network security world Bob, Alice want to communicate 'securely' Trudy, the intruder may intercept, delete, add messages Routers – exchange tables Email applications – exchange secure emails Client-server – establish secure transport connection Network Security 2

What is network security? DESIRABLE PROPERTIES OF SECURE CONNECTION 1 Secrecy: only sender, intended receiver should understand message contents sender encrypts messages receiver decrypts messages 2 3 Authentication: sender, receiver want to confirm identity of each other Message Integrity: sender, receiver want to be sure message did not get altered (in transit), or get altered without detection Network Security 3

What is network security? DESIRABLE PROPERTIES OF SECURE CONNECTION 4 Availability and Access Control: communication can occur in the first place Prevent Denial-of-Service attacks (Do. S) ensures network entities can gain access to resources if they have access rights and perform accesses in a well-defined manner Firewall – controls access to and from the network by regulating which packet can pass into and out of the network Network Security 4

Network Security CYCLE IN ACHIEVING NETWORK SECURITY 1 2 3 Protect: network communication and network resources Detect: breaches of secure communication & attacks on infrastructure Respond: deployment of additional protection mechanisms Network Security 5

Internet security threats Sniffer – tool for capturing packets sent across wire/air Packet sniffing: broadcast media (remember CSMA/CD protocol) promiscuous NIC reads all packets passing by can read all unencrypted data (e. g. passwords) e. g. : C sniffs B's packets C A src: B dest: A e. g. TCPDump, Snoop, Snort, Ethereal payload B Network Security 6

Ethereal An adapter could be set to listen in promiscuous mode Let’s see a sample capture file from Ethereal Network Security 7

Internet security threats Spoofing: providing false information about your identity in order to gain unauthorized access to systems IP Spoofing: can generate raw IP packets directly from application, putting any value into IP source address field receiver can't tell if source is spoofed e. g. : C pretends to be B C A src: B dest: A payload B Network Security 8

Internet security threats Attack: to reduce ability to service clients by overloading target Denial of service (DOS): flood of maliciously generated packets swamp receiver Distributed DOS (DDOS): multiple coordinated sources swamp receiver e. g. , C and remote host SYN-attack A C A SYN SYN SYN B SYN Network Security 9

Do. S Exploits basic weakness of TCP/IP Protocol Recall • Attacker sends thousands and thousands of SYN packets to the victim • Victim is forced to wait for replies that would never come. • While the host is waiting for so many replies, it cannot accept any legitimate requests, so it becomes unavailable Network Security 10

The language of cryptography plaintext K K A ciphertext B plaintext Figure 7. 3 goes here symmetric key crypto: sender, receiver keys identical public-key crypto: encrypt key public, decrypt key secret Network Security 11

Cryptography From Alice to Bob: (SENDER) Key: KA Encryption Algorithm Plaintext Message: m Ciphertext: KA(m) Bob’s side: (RECEIVER) Encrypted Message: KA key: KB Decryption Algorithm Plaintext: m KB(KA(m)) Symmetric key systems: KA=KB, kept secret Public key systems: 1 key: known to the world 12 Network Security other key: known only by Alice or Bob (but not both)

Monoalphabetic Cipher Substitution of letters without any regular pattern Any letter can be substituted with any other letter, as long as each letter has a unique substitute letter, and viceversa plaintext: abcdefghijklmnopqrstuvwxyz ciphertext: mnbvcxzasdfghjklpoiuytrewq E. g. : Plaintext: bob. i love you. alice ciphertext: nkn. s gktc wky. mgsbc Q: How hard to break this simple cipher? : Better than Ceasar’s cipher (shift cipher) in that there are 26! (on the order of 1026) Possible pairings of letters Network Security 13

Monoalphabetic Cipher Substitution of letters without any regular pattern Any letter can be substituted with any other letter, as long as each letter has a unique substitute letter, and viceversa 9% of letter occurrences 13% of letter occurrences “e” and “t” are the most frequently occurring letters in English Two- and three-letter occurrences of letters appear quite often together (e. g. “in”, “it”, “the”, “ion”, “ing”, etc. ) If intruder has some knowledge about possible contents of the message, code is even 14 Network Security easier to break

Symmetric key crypto: DES: Data Encryption Standard US encryption standard [NBS 1977, NIST 1993] Designed by IBM; adopted by the U. S. Government for non-military and non-classified use 56 -bit symmetric key, 64 -bit plain text input key GOAL: Completely scramble data and key so that every bit of ciphertext depends on every bit of data and every bit of the key. . With a good algorithm, there should be no correlation between the ciphertext and either the original data or key. Network Security 15

Symmetric key crypto: DES operation initial permutation 16 identical 'rounds' of function application, each using different 48 bits of key final permutation • involve multiple rounds • block cipher - plaintext is divided into blocks and use the same key to encrypt and decrypt the blocks Network Security For encrypting longer messages: use cipher-block chaining 16

Symmetric key crypto: DES How secure is DES? DES ’ 97 DES Challenge: 56 -bit-key-encrypted phrase: ('Strong cryptography makes the world a safer place') decrypted (brute force) in 4 months • After testing a quarter of the key space: 18 quadrillion keys no known backdoor decryption approach making DES more secure use three keys sequentially (3 -DES) on each datum Successor to DES: (2001) AES: Advanced Encryption Standard 128 -bit block data processing; keys: 128, 192, 256 bits long A machine that could crack 56 -bit DES in one sec. (i. e. 255 per second) would approx. take 149 trillion years to crack a 17 Network Security 128 -bit AES key

Public Key Cryptography Is it possible to communicate with encryption without having a shared secret key known in advance? symmetric key crypto requires sender, receiver know shared secret key Q: how to agree on key in first place (particularly if never met)? Typical problem in the Internet public key cryptography radically different approach [Diffie. Hellman 76, RSA 78] sender, receiver do not share a secret key encryption key public (known to all) decryption key private (known only to receiver) Network Security 18

Public key cryptography Figure 7. 7 goes here Network Security 19

Public key encryption algorithms Two inter-related requirements: . . 1 need d ( ) and e ( ) such B B that d (e (m)) = m B B 2 need public and private keys for d. B ( ) and e ( ) . B . RSA: Rivest, Shamir, Adleman algorithm Network Security 20

RSA: Choosing keys 1. Choose two large prime numbers p, q. (e. g. , 1024 bits each) 2. Compute n = pq, z = (p-1)(q-1) 3. Choose e (with e < n) that has no common factors with z. (e, z are 'relatively prime'). 4. Choose d such that ed-1 is exactly divisible by z. (in other words: ed mod z = 1 ). 5. Public key is (n, e). Private key is (n, d). In mathematics, a prime number (or a prime) is a natural number that has exactly two (distinct) natural number divisors, which are 1 and the prime number itself. The first 30 prime numbers are 2, 3, Network 17, 19, 23, 29, 31, 21 5, 7, 11, 13, 37, Security 41, 43, 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97, 101, 103, 107, 109, and 113

RSA: Encryption, decryption 0. Given (n, e) and (n, d) as computed above 1. To encrypt bit pattern, m, compute e c = m e mod n (i. e. , remainder when m is divided by n) 2. To decrypt received bit pattern, c, compute m = c d mod n (i. e. , remainder when cd is divided by n) Magic happens! m = (m e mod n) d mod n Network Security 22

RSA example: Bob chooses p=5, q=7. Then n=35, z=24. e=5 (so e, z relatively prime). d=29 (so ed-1 exactly divisible by z. encrypt: decrypt: d c = letter m me l 12 248832 c 17 d c c = me mod n 17 m = cd mod n letter 12 l 48196857210675091411825223072000 - too big !! (int type) Network Security 23

RSA: how strong is it? ? RSA Challenges: Prize offered to anyone who can break an RSA key of a certain size (See www. rsasecurity. com/rsalabs ) US$200, 000. 00 for whoever solves a 2048 bits factorization problem. No one claimed the prize so far. . . Last challenge solved: RSA-576 $10, 000 Factored in 2003 by J. Franke et al. Using a powerful parallel machine and very clever algorithms Currently RSA-1024 is commonly used in practice RSA key's size matters, see next. . . Network Security 24

Authentication Process of proving one’s identity to someone else over a network “live” party (often routers, client-server processes) Cannot rely on biometric information Must be done solely on the basis of messages and data exchanged Must be performed before other protocols: E. g. Routing information exchange protocol Next Reliable data transfer protocol E-mail protocol Let’s see stepwise evolution of a design of an authentication protocol (ap) Network Security 25

Authentication Goal: Bob wants Alice to prove her identity to him Protocol ap 1. 0: Alice says ''I am Alice'' Failure scenario? ? Network Security 26

Authentication: using IP Protocol ap 2. 0: Alice says ''I am Alice'' and sends her IP address along to prove it. Failure scenario? ? Create an Operating system kernel that sends an IP datagram using Alice’s IP address Not unless first-hop router of Trudy would prevent it Network Security 27

Authentication: Secret Password Protocol ap 3. 0: Alice says ''I am Alice'' and sends her secret password to prove it. Failure scenario? Passwords are sent as cleartext for some applications (e. g. Telnet). Within the same LAN, it can be sniffed Wire. Shark Network Security 28

Authentication: Encrypted Secret Password Protocol ap 3. 1: Alice says ''I am Alice'' and sends her encrypted secret password to prove it. Assumption: Symmetric key cryptography is employed I am Alice encrypt(password) Shared Secret key Failure scenario? Playback attack: record encrypted password, playback encrypted password version to Bob to pretend that she is Alice *Password is not learned by Trudy Pitfall: same password is used over and over again. Network Security 29

Playback Attack How to solve it? Failure Scenario: Bob cannot distinguish between the original authentication and its playback version Countermeasures: Use a different password each time • use a sequence of passwords or password generator (could be a number) number • apply encryption algorithm to each password Bob knows: Alice is indeed sending the datagram, because she knows the secret encryption key, and she is sending it “live” because she is using key Network Security 30 the number recently generated by Bob.

Authentication: Sequence of Encrypted Secret Passwords Nonce + Symmetric key Cryptography (Shared Secret Key) Goal: avoid playback attack Nonce: number (R) used only once in a lifetime ap 4. 0: to prove Alice is live, Bob sends Alice nonce, R. Alice must return R, encrypted with shared secret key Figure 7. 11 goes here Failures, drawbacks? We have a solution! Bob knows: Alice is indeed sending the datagram, because she knows the secret 31 Network Security encryption key, and she is sending it “live”

Authentication: ap 5. 0 Ap 5. 0: Nonce + Public key cryptography ap 4. 0 requires shared symmetric key – problem: how do Bob, Alice agree on key – can we authenticate using public key techniques? Problem: Trudy may be able to impersonate Alice Figure 7. 12 goes here *Note: e. A(d. A(R)) = d. A(e. A(R)) = R Trudy Network Security 32 Eventually, Alice & Bob may find together that someone else was interacting with Bob.

ap 5. 0: security hole Man (woman)-in-the-middle attack: Trudy poses as Alice (to Bob) and as Bob (to Alice) Alice is happy to receive encrypted message using her own public key Figure 7. 14 goes here Bob is happy to send encrypted data Need 'certified' public keys (more later …) Alice & Bob may never know that Trudy was there all along. Network Security 33

Digital Signatures Cryptographic technique analogous to handwritten signatures. Simple digital signature for message m: Sender (Bob) digitally signs private key d. B, creating signed message, d. B(m). (m) Bob sends m and d. B(m) to Alice. document, establishing he is document owner/creator. Verifiable, non-forgeable, non-repudiable: recipient (Alice) can verify that Bob, and no one else, signed document. Bob encrypts m with his Network Security 34

Digital Signatures (more) Suppose Alice receives Alice thus verifies that: msg m, and digital Bob signed m. signature d. B(m) No one else signed m. Bob signed m and not Alice verifies m signed by m’. Bob by applying Bob’s public key e. B to d. B(m) then Non-repudiation: Alice can take m, and checks e. B(d. B(m) ) = m. signature d. B(m) to court and prove that Bob If e. B(d. B(m) ) = m, whoever signed m must have used Bob's private key. Network Security 35

Message Digests Hash function properties: It is computationally expensive to public-key- Many-to-1 encrypt long messages. Produces fixed-size msg digest (fingerprint) Goal: fixed-length, easy to NON-FORGEABILITY REQUIREMENT compute digital Given message digest x, signature, 'fingerprint' fingerprint computationally infeasible to find m apply hash function H to such that x = H(m) m, get fixed size computationally infeasible to find any two messages m and m' such that message digest, H(m) = H(m'). Network Security 36

Digital signature = Signed message digest Bob sends digitally signed message: Alice verifies signature and integrity of digitally signed message: Network Security 37

Internet checksum: poor crypto hash function Internet checksum has some properties of hash function: produces fixed-length digest (16 -bit sum) of message is many-to-one But given message with given hash value, it is easy to find another message with same hash value: message I O U 1 0 0. 9 9 B O B ASCII format 49 4 F 55 31 30 30 2 E 39 39 42 4 F 42 B 2 C 1 D 2 AC message I O U 9 0 0. 1 9 B O B ASCII format 49 4 F 55 39 30 30 2 E 31 39 42 4 F 42 B 2 C 1 D 2 AC different messages but identical checksums! Network Security 38

Hash Function Algorithms Internet checksum MD 5 hash function widely used (RFC 1321 with code). would make a poor message digest. Computes 128 -bit message digest in 4 -step Too easy to find two process. messages with same checksum. For any arbitrary 128 -bit message digest x, it Even using a 128 -bit appears difficult to CRC it would be easy construct msg m whose to find a second MD 5 hash is equal to x. message to fit to the CRC SHA-1 is also used. US federal standard 160 -bit message digest Network Security 39

Hash Function Algorithms MD 5 Try the freeware Win. MD 5 Free. exe MD 5 is a very reliable way to fingerprint a file From rfc 1321 (with code): . . . ”The MD 5 algorithm] takes as input a message of arbitrary length and produces as output a 128 -bit "fingerprint" or "message digest" of the input. It is conjectured that it is computationally infeasible to produce two messages having the same message digest, or to produce any message having a given pre-specified target message digest. Difficulty of coming up with any two messages with same message digests: order of 264 operations. Given a message digest, the difficulty of coming up with any message with the same Network Security 40 message digest is in the order of 2128 operations.

Trusted Intermediaries Problem: How do two entities establish shared secret key over network? Solution: trusted key distribution centre (KDC) acting as intermediary between entities Problem: When Alice obtains Bob's public key (from web site, e-mail, diskette), how does she know it is Bob's public key, not key Trudy's? Solution: trusted certification authority (CA) Network Security 41

Kerberos • Authentication service developed at MIT (RFC 1510) • Uses symmetric key encryption & key distribution center • Variations & extensions to KDC Authentication Server (AS) Plays the role of the KDC Repository of secret keys of all users Repository of users’ access privileges indicating which service the user has access to, and on which network servers Network Security 42

Key Distribution Center (KDC) How can Alice & Bob get a shared symmetric key in a secured way? Alice, Bob need shared symmetric key. KDC: server shares different secret key with each registered user. Alice, Bob know their own symmetric keys, KA -KDC KB-KDC , for communicating with KDC. + R 1 -encrypted timestamp (nonce) Bob : a Server to which Alice: a user + expiration time Alice communicates with KDC, gets session key R 1, and KBKDC(A, R 1) Alice sends Bob KB-KDC(A, R 1), Bob extracts R 1 Alice, Bob now share the symmetric key R 1. Network Security KDC uses the appropriate private user secret key to communicate with them. 43

Certification Authorities Certification authority (CA) binds public key to particular entity. Entity (person, router, etc. ) can register its public key with CA. Entity provides proof of identity to CA. CA creates certificate binding entity to public key. Certificate digitally signed by CA. When Alice wants Bob's public key: gets Bob's certificate (from Bob or elsewhere). Apply CA's public key to Bob's certificate, get Bob's public key Network Security 45

Certificate Sample Network Security 46

END OF SESSION Network Security 48

Firewall Uses a combination of hardware and software components isolates organization's internal net from larger Internet, allowing some packets to pass, blocking others. gateway-to-remote host telnet session X application gateway router and filter Network Security 49

Firewall Two firewall types: packet filter (network layer) application gateways (application layer) To prevent denial of service attacks: SYN flooding: attacker establishes many bogus TCP connections. Consequence of Attacks: host allocates TCP buffers for bogus connections, none left for real connections. To prevent illegal modification of internal data. e. g. , attacker replaces CIA's homepage with something else To prevent intruders from obtaining secret info. Network Security 50

PACKET FILTERING Operates at the Network Layer The Internet access relies on a particular Router Coarse-grain filtering on IP and TCP/UDP headers The router can filter packets based on: IP addresses Domain names Port numbers Protocol types TCP SYN and ACK bits on a TCP packet Operates by sequentially checking filtering rules against the datagram being inspected; the first rule matching the datagram determines the action taken Network Security 51

PACKET FILTERING Alice administers a company network 222. 0. 0/16 and, in general, wants to disallow access to her network from the public internet (R 3). However, R 3 Alice collaborates with Bob and his colleagues who are at network 111. 11/16. Alice wants to let users from Bob’s network access a specific 111. 11/16 subnet, 222. 22/24 within her company’s network (R 1). The problem is that Trudy belongs to Bob’s network, with subnet 111. 11/24. Therefore, 111. 11/24 Alice doesn’t want any traffic from 11. 11/24 entering anywhere into her network (R 2). R 2 Packet filtering rules (ordering of evaluation is important!) SOURCE DEST Comments IP Desired Action IP R 1 111. 11/16 222. 22/24 Permit Let datagram from Bob’s university into a restricted subnet. R 2 111. 11/24 222. 22/16 Deny Don’t let traffic from Trudy’s subnet into anywhere within Alice’s network R 3 0. 0/0 Deny Don’t let traffic into Alice’s Network Security 52 network

PACKET FILTERING Specifying filtering rules SOURCE DEST Comments IP Desired Action IP R 1 111. 11/16 222. 22/24 Permit Let datagram from Bob’s university into a restricted subnet. R 2 111. 11/24 222. 22/16 Deny Don’t let traffic from Trudy’s subnet into anywhere within Alice’s network R 3 0. 0/0 Deny Don’t let traffic into Alice’s network SOURCE DEST IP IP Desired Action P 1 111. 11. 1 222. 6. 6 Deny P 2 111. 11. 1 222. 22. 2 Deny P 3 111. 6. 6 222. 22. 2 Permit P 4 111. 6. 6 222. 6. 6 Deny R 2, R 1, R 3 R 1, R 2, R 3 Network Security 53

PACKET FILTERING Operates at the Network Layer SOURCE IP DEST IP Desired R 2, R 1, R 3 R 1, R 2, R 3 Action P 1 111. 11. 1 222. 6. 6 Deny(R 2) P 2 111. 11. 1 222. 22. 2 Deny(R 2) Permit(R 1) P 3 111. 6. 6 222. 22. 2 Permit(R 1) P 4 111. 6. 6 222. 6. 6 Deny(R 3) Applying more specific rules first does not always avoid unanticipated or unwanted behaviour arising from ordering issues Network Security 54

PACKET FILTERING Example 1: block incoming and outgoing datagrams with IP protocol field = 17 and with either source or dest port = 23. • All incoming and outgoing UDP flows and telnet connections are blocked. Example 2: Block inbound TCP segments with ACK=0. • Prevents external clients from making TCP connections with internal clients, but allows internal clients to connect to outside. Example 3: block 'ping' In order to avoid external users to find suitable IP addresses to attack. Example 4: Block domain names that are known to be dangerous to users or inadequate for the scope of the institution. Network Security 55

APPLICATION GATEWAYS gateway-to-remote host telnet session Application specific server through which all application data must pass Packet Filter + Application Gateway e. g. host-to-gateway telnet session application gateway router and filter Force all outbound Telnet connections to pass through the application gateway Make policy decisions based on application data Each Gateway = separate server with own processes Multiple application gateways on the same host e. g. Telnet, HTTP, FTP, mail server, Web Cache Network Security 56

APPLICATION GATEWAYS Filters packets on application data as well as on IP/TCP/UDP fields. gateway-to-remote host telnet session host-to-gateway telnet session application gateway router and filter Example: Allow only selected internal users to telnet outside. 1. Require all telnet users to telnet through gateway. 2. For authorized users, gateway sets up telnet connection to dest host. Gateway relays data between 2 connections 3. Router filter blocks all telnet connections not originating from gateway. Network Security 57

Limitations of firewalls and gateways IP spoofing: router can't know if data really comes from claimed source Multiple applications need special treatment; each with its own gateway. Client software must know how to contact gateway. e. g. , must set IP address of proxy in Web browser Filters often use all or nothing policy for UDP. Trade off: degree of communication with outside world, level of security Many highly protected sites still suffer from attacks. Does not protect against the enemy from within. Network Security 58

Snort® is an open source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire. Combining the benefits of signature, protocol, and anomaly-based inspection, Snort is the most widely deployed IDS/IPS technology worldwide. With millions of downloads and nearly 400, 000 registered users, Snort has become the de facto standard for IPS. Network Security 59

Secure e-mail Desirable Security Features Confidentiality Sender authentication “I don’t love you anymore. I never want to see you again. Formerly yours, Alice” Message Integrity Receiver Authentication Tools: symmetric key & public key cryptography Authentication Key Distribution Message Integrity Digital Signatures Next Network Let’s see stepwise evolution of a design of a Secure E-mail Security 60

Secure e-mail Confidentiality SE v 1 • Alice wants to send secret e-mail message, m, to Bob. • generates random symmetric private key, KS. • encrypts message with KS • also encrypts KS with Bob's public key. • sends both KS(m) and e. B(KS) to Bob. Network Tools: Symmetric Session key + Public key cryptography Security 61

Secure e-mail (continued) X Confidentiality + Authentication + Message Integrity SE v 2 • Alice wants to provide sender authentication message integrity. • Alice digitally signs message. • sends both message (in the clear) and digital signature. Tools: Hash Function + Digital Signature Network Security 62

Secure e-mail (continued) Confidentiality + Authentication + Message Integrity SE v 3 • Alice wants to provide secrecy, sender authentication, message integrity. Authentication + Message Integrity Confidentiality measures Note: Alice uses both her private key, Bob's public key. Network Security 63

Pretty good privacy (PGP) Internet e-mail encryption scheme, a de-facto standard. Uses symmetric key cryptography, public key cryptography, hash function, and digital signature as described. Provides secrecy, sender authentication, integrity. Inventor, Phil Zimmerman, was target of 3 -year federal investigation. d. A(H(m)) A PGP signed message: ---BEGIN PGP SIGNED MESSAGE-Hash: SHA 1 Bob: (secret message) ---BEGIN PGP SIGNATURE--Version: PGP 5. 0 Charset: noconv yh. HJRHh. GJGhgg/12 Ep. J+lo 8 g. E 4 v. B 3 mq. Jh. FEv. ZP 9 t 6 n 7 G 6 m 5 Gw 2 ---END PGP SIGNATURE--- Cryptography programs are considered munitions under US federal law and are Network Security not allowed to be exported 64

PGP TOOLS Design Similar to SEv 3 diagram discussed Creation of Message Digest MD 5, SHA Symmetric Key Encyption CAST, triple-DES, IDEA Public Key Encyption RSA Compression Network Security 65

Pretty good privacy (PGP) Freely available on http: //web. mit. edu/network/pgp. html Look also www. pgp. com Zimmermann has received technical awards 2001: he was inducted into the CRN Industry Hall of Fame 2000: Info. World named him one of the Top 10 Innovators in E-Business 1999: Louis Brandeis Award from Privacy International 1998: Lifetime Achievement Award from Secure Computing Magazine 1996: the Norbert Wiener Award from Computer Professionals for promoting the responsible use of technology. Network Security 66

Internet Commerce Scenario Purchasing a product from a website Use SSL protocol to combat these problems Alice Incorporated Site Information Product, Quantity Address Payment card number password submit Intercept order, obtain Bob’s card information, then make purchases using Bob’s card; or Trudy could be masquerading as Alice Incorporated Network Security 67

Secure sockets layer (SSL) sits between Application Layer and TCP Originally developed by Netscape SSL security services: server authentication data encryption client authentication (optional) SSL works at transport layer. Provides security layer to any TCP-based app using SSL services. SSL: used between WWW browsers, servers for Internetcommerce (https). https Server authentication: SSL-enabled browser includes public keys for trusted CAs. Browser requests server certificate, issued by trusted CA. Browser uses CA's public key to extract server's public key from certificate. Visit your browser's security menu to see its trusted CAs. Network Security 68

Secure Sockets Layer (SSL) Originally developed by Netscape Data encryption Authentication bet. Web client & Web server SSL-enabled Web Server Can be viewed as a layer bet. App. Layer & Transport Layer Web Client (browser) 1. Handshake Phase negotiates encryption algorithm Authenticates server to client (or, vice-versa) 2. Data Transmission Phase Encryption of data using Session keys generated during handshake phase Network Security 69

Secure Sockets Layer (SSL) HIGH-LEVEL VIEW OF HANDSHAKE PHASE OF SSL Bob browses Alice’s secure page Alice sends Bob her certificate Bob extracts Alice’s public key Bob generates a random symmetric key and encrypts it using Alice’s public key Alice extracts the symmetric key Network Security 70

Secure Sockets Layer (SSL) FEATURES SSL SERVER AUTHENTICATION Allows the browser to authenticate the server before the user submits important information List of trusted CAs + Public keys Client obtains certificate from server, then checks certificate with client’s list of trusted CAs. If found on list, client validates certificate’s integrity and extracts server’s public key SSL CLIENT AUTHENTICATION (Optional) ENCRYPTED SSL SESSION encryption/decryption of all information between browser & server information tampering detection Network Security 71

SSL (continued) ENCRYPTED SSL SESSION Browser generates symmetric session key, encrypts it with server’s public key, sends encrypted key to server. Using its private key, server decrypts session key. Browser, server agree that future msgs will be encrypted. All data sent into TCP socket (by client or server) encrypted with session key. SSL: basis of IETF Transport Layer Security (TLS). SSL can be used for non. Web applications, e. g. , IMAP. Client authentication can be done with client certificates. Network Security 72

Secure Sockets Layer (SSL) LIMITATIONS Provides a popular platform (for servers and browsers) for card payment transactions Generic secure communication bet. server & client signed certificate – guarantees bona fide company certificate does not indicate if company is authorized to accept card payments nor if its a reliable merchant Company has no assurance if card is not stolen Network Security 73

Network Security 74

Network Security 75

Network Security 76

Secure electronic transactions (SET) designed for payment-card transactions over Internet. provides security services among 3 players: customer merchant Merchant's bank All must have certificates. SET specifies legal meanings of certificates. apportionment of liabilities for transactions Customer's card number passed to merchant's bank without merchant ever seeing number in plain text. Prevents merchants from stealing, leaking payment card numbers. Three software components: Browser wallet Merchant server Acquisition gateway Network Security 77

SSH (Secure Shell): an example of secure connection Telnet or rsh are not secure They transmit login/passwords over the network SSH is safer because it encrypts the login/password Authenticates the hosts Keeps keys on the user's local directory Example of known_hosts file: hostname 1, 130. 113. 118. 147 ssh-rsa AAAAB 3 Nza. C 1 yc 2 EAAAABIw. AAAIEAsmnfyx. DMN 7 o 1 Ur. Xuvj ch. DDFGRVdw. RLVC+/p. Vo. Xvr. Vl 5 Byxp/GQSd. WJe. Yz. My. Ey. Ka. N Q+Ig. Fpi. BGqnsgfk 8 u. QJCzy. Jn. B 3 nk. YSAh. Vlz 2 emju. C 6 ku. J 8 y. Fgo. Ix. ON 4 v 9 NVEe. Sg. SEIua 6 a. VBi 4 a 4 tfy 2 s. Sj 15 a. Yz. WPSO m. Jo. G+hnt 6 l. Ea. DY 0 Network Security 78

END OF SESSION Network Security 79

Ipsec: Network Layer Security Blanket coverage for all Internet traffic (RFC 2401, 2411) Advantages Network-layer secrecy: sending host encrypts the data in IP datagram TCP and UDP segments; ICMP and SNMP messages. Network-layer authentication destination host can authenticate source IP address Two principal protocols: authentication header (AH) protocol encapsulation security payload (ESP) protocol Necessary Precursor For both AH and ESP, source, destination handshake: create network-layer logical channel called security association (SA) Each SA unidirectional. Uniquely determined by: security protocol (AH or ESP) source IP address 32 -bit connection ID Network Security 80

Authentication Header (AH) Protocol Provides source host authentication, data integrity, but not secrecy. AH header inserted between IP header and IP data field. Protocol field = 51. Intermediate routers process datagrams as usual. AH header includes: connection identifier authentication data: signed message digest, calculated over original IP datagram, providing source authentication, data integrity. Next header field: specifies type of data (TCP, UDP, ICMP, etc. ) Network Security 81

Encapsulation Security Payload (ESP) Protocol Provides secrecy, host ESP authentication, data field is similar to AH integrity. authentication field. Data, ESP trailer Protocol = 50. encrypted. Next header field is in ESP trailer. Network Security 82

Network Security (summary) Basic techniques…. . . cryptography (symmetric and public) authentication message integrity …. used in many different security scenarios secure email secure transport (SSL) IP sec Network Security 83