Basic Network Security

M Maksudur Bhuiyan

Why Security?

Some of the sites which have been compromised

U.S. Department of Commerce NASACIA

Greenpeace Motorola

Samsung UNICEF

Some sites which have been rendered ineffective

Yahoo

Google; Google+

Microsoft Facebook Twitter PayPal

Amazon …

Computer Security Objectives/ Requirements

Possible additional concepts:

CIA Triad and Beyond

6

Services, Mechanisms, Attacks

• 3 aspects of information security:

—security attacks (and threats)

• actions that (may) compromise security

—security services

• services counter to attacks

—security mechanisms

• used by services

• e.g. secrecy is a service, encryption (a.k.a. encipherment) is a mechanism

7

Attacks

• Attacks on computer systems

—break-in to destroy information

—break-in to steal information

—blocking to operate properly

—malicious software

• wide spectrum of problems

• Source of attacks

—Insiders

—Outsiders

8

Attacks

• Network Security

—Active attacks

—Passive attacks

• Passive attacks

—interception of the messages

—What can the attacker do?

• use information internally

– hard to understand

• release the content

– can be understood

• traffic analysis

– hard to avoid

—Hard to detect, try to prevent

9

Attacks

• Active attacks

—Attacker actively manipulates

the communication

—Masquerade

• pretend as someone else

• possibly to get more privileges

—Replay

• passively capture data and send later

—Denial-of-service

• prevention the normal use of servers, end users, or network itself

10

Attacks

• Active attacks (cont’d)

—deny

• repudiate sending/receiving a message later

—modification

• change the content of a message

11

Security Services

• to prevent or detect attacks

• to enhance the security

• replicate functions of physical documents

—e.g.

• have signatures, dates

• need protection from disclosure, tampering, or destruction

• notarize

• record

12

Basic Security Services

• Authentication

—assurance that the communicating entity is the one it claims to be

—peer entity authentication

• mutual confidence in the identities of the parties involved in a connection

—Data-origin authentication

• assurance about the source of the received data

• Access Control

—prevention of the unauthorized use of a resource

—to achieve this, each entity trying to gain access must first be identified and authenticated, so that access rights can be tailored to the individual

13

Basic Security Services

• Data Confidentiality

—protection of data from unauthorized disclosure (against eavesdropping)

—traffic flow confidentiality is one step ahead

• this requires that an attacker not be able to observe the source and destination, frequency, length, or other

characteristics of the traffic on a communications facility

• Data Integrity

—assurance that data received are exactly as sent by an authorized sender

—i.e. no modification, insertion, deletion, or replay

Security Mechanisms

• Cryptographic Techniques

—will see next

• Software and hardware for access limitations

—Firewalls

• Intrusion Detection and Prevention Systems

• Traffic Padding

—against traffic analysis

• Hardware for authentication

—Smartcards, security tokens

• Security Policies

—define who has access to which resources.

• Physical security

—Keep it in a safe place with limited and authorized physical access

14

Some Common Types of Attack

• Eavesdropping

• Modification

• Replay / Preplay

• Man-in-the-Middle

• Reflection

• Denial of Service

• Typing Attack

16

Type Of Attacks/Threats

Information Information

source (a) Normal Flow Destination

(b) Interruption

(c) Modification

(d) Fabrication

I I

I

(e) Interception

I

17

Active and Passive Attacks

Attack/threats

Passive threats Active threats

Interception

Release of message Traffic analysis contents

Interruption Modification Fabrication (Availability) (Integrity) (authentication)

Figure 2: Threats/Attacks

 

Passive Attacks

• Eavesdropping on transmissions

• To obtain information

• Release of message contents

—Outsider learns content of transmission

• Traffic analysis

—By monitoring frequency and length of messages, even encrypted, nature of communication may be guessed

• Difficult to detect

• Can be prevented

Passive Attacks

— Sniffing

• Passwords

• Network Traffic

• Sensitive Information

— Information Gathering

Eavesdropping

• An Eavesdropping attack only passively observe messages.

• Protocols defend against Eavesdropping attacks by using encryption for confidentiality.

• The attacker is a passive outsider.

Modification

• A Modification attack alters or replaces some messages.

• Protocols often define against

Modification attacks by using

encryption for binding.

Replay / Preplay

• The attacker sends a message that it has observed as part of the protocol run.

• Protocols defend against replay attacks by make

the message clear so that it cannot be replayed

out of context.

Reflection

• Reflection attacks are a kind of replay attack that use a protocol against

itself.

• The attacker provides the “proof” of authentication by challenging the

challenger.

Active Attacks

• Masquerade

—Pretending to be a different entity

• Replay

• Modification of messages

• Denial of service

• Easy to detect

—Detection may lead to deterrent

• Hard to prevent

Active Attacks

— Denial of Service

— Breaking into a site

• Intelligence Gathering

• Resource Usage

• Deception

26

A General Model for Network

Security

27

Model for Network Access

Security

28

More on Computer System Security

• Based on “Security Policies”

—Set of rules that specify

• How resources are managed to satisfy the security requirements

• Which actions are permitted, which are not

—Ultimate aim

• Prevent security violations such as unauthorized access, data loss, service interruptions, etc.

—Scope

• Organizational or Individual

—Implementation

• Partially automated, but mostly humans are involved

—Assurance and Evaluation

• Assurance: degree of confidence to a system

• Security products and systems must be evaluated using certain criteria in order to decide whether they assure security or not

29

Aspects of Computer Security

• Mostly related to Operating Systems

• Similar to those discussed for Network Security

—Confidentiality

—Integrity

—Availability

—Authenticity

—Accountability

—Dependability

36

1. Cryptographic algorithms 2. Stream ciphers

3. Block ciphers

4. Modes of operation

37

Cryptographic process

• Selection (or design) of an algorithm

• Deciding how an algorithm is to be used

• Implementing an algorithm within a communications system

• Devising a key management scheme

A cryptographic algorithm itself is just one component part of an entire process, which must all come together before we can claim that any particular application is using a “secure cipher system”.

This process includes:

38

A symmetric classification

Most ciphers systems effective scramble one sequence of binary digits into another:

100110110100010111010010 Plaintext

Scrambling operation

1100100111010100100010011

39

A symmetric classification

1 …… 1 …… 0 ……0 ……0 E

1……...1……..1…….0…….1

100110110100010111010010

1100100111010100100010011

E E E E

100110110100010111010010

110010011101010010001001

100110 110100 010111 010010

E E E E

110010 011101 010010 001001

… … … …

Stream cipher Block cipher

40

A public key classification?

Can public key cipher systems also be classified into stream and block ciphers?

41

Model of a block cipher

block of ciphertext Encryptio

n

algorithm encryption key

block of plaintext

42

Modes of operation

Modes of operation of a block cipher are operational rules for a generic block cipher that each result in different properties being achieved.

In theory any block cipher could be used in any mode of operation, and the decision concerning which mode of

operation to use will in practice be influenced by the application and the properties desired.

The three modes of operation that we will study are not the only modes of operation proposed for block ciphers, but they are three of the most commonly used.

43

Electronic Code Book (ECB)

100110110100010111010010

1100100111010100100010011 100110 110100 010111 010010

E E E E

110010 011101 010010 001001

44

Problem with ECB mode

Try to come up with at least three reasons why ECB mode is rarely used and generally regarded as an insecure mode of operation.

Make sure you attempt Exercise 6 for this unit in order to further appreciate these problems with ECB mode.

45

E E K

K

Sende

r Receive

r P

C C P

⊕ ⊕

1

2

3 4

6

7

8 9

5 10

Cipher Feedback Mode (CFB)

46

Cipher Feedback Mode

Paradoxically, when using CFB mode you never actually use the encryption algorithm to decrypt anything!

CFB mode is actually using a block cipher to make a sort of stream cipher. The encryption algorithm is used as a key stream generator to produce key material.

This key material is then added to the plaintext very much in the style of a stream cipher.

The receiver also uses the encryption algorithm to generate the same key stream that is needed to decrypt the cipher text.

47

CFB in practice

Most practical implementations of CFB mode process the plaintext in units of bits that are smaller than the block size.

For example, when using an encryption algorithm with a block size of 64 in 8-bit CFB mode the plaintext is processed 8 bits at a time.

This produces only 8 bits of ciphertext.

When these 8 bits of ciphertext are fed back, they are not sufficient to replace the current register contents, so the existing entries are shifted along, with the 8 furthest bits dropping out.

For what reasons might you want to use 8-bit CFB mode, rather than full block CFB mode?

48

Effect of error in CFB mode

E K

⊕

E K

⊕

E K

⊕

C_i C_i+1 C_i+2

P_i P_i+1 P_i+2

1 2 3

4

Introduction to Cryptography and Security Mechanisms

2005 49

Properties of CFB mode

• Message dependence

• Limited error propagation

• No block synchronisation required

• Efficiency

To what extent do these properties also hold for 8-bit CFB mode?

Symmetric Encryption (Simplified)

Ingredients

• Plain text

• Encryption algorithm

• Secret key

• Cipher text

• Decryption algorithm

Requirements for Security

• Strong encryption algorithm

—Even if known, should not be able to decrypt or work out key

—Even if a number of cipher texts are available together with plain texts of them

• Sender and receiver must obtain secret key securely

• Once key is known, all communication using this

key is readable

Attacking Encryption

• Crypt analysis

—Relay on nature of algorithm plus some knowledge of general characteristics of plain text

—Attempt to deduce plain text or key

• Brute force

—Try every possible key until plain text is achieved

Algorithms

• Block cipher

—Process plain text in fixed block sizes producing block of cipher text of equal size

—Data encryption standard (DES)

—Triple DES (TDES)

—Advanced Encryption Standard

Data Encryption Standard

• US standard

• 64 bit plain text blocks

• 56 bit key

• Broken in 1998 by Electronic Frontier Foundation

—Special purpose machine

—Less than three days

—DES now worthless

Triple DEA

• ANSI X9.17 (1985)

• Incorporated in DEA standard 1999

• Uses 3 keys and 3 executions of DEA algorithm

• Effective key length 112 or 168 bit

• Slow

• Block size (64 bit) too small

Advanced Encryption Standard

• National Institute of Standards and Technology (NIST) in 1997 issued call for Advanced Encryption Standard (AES)

— Security strength equal to or better than 3DES

— Improved efficiency

— Symmetric block cipher

— Block length 128 bits

— Key lengths 128, 192, and 256 bits

— Evaluation include security, computational efficiency, memory requirements, hardware and software suitability, and flexibility

— 2001, AES issued as federal information processing standard (FIPS 197)

AES Description

• Assume key length 128 bits

• Input is single 128-bit block

— Depicted as square matrix of bytes

— Block copied into State array

• Modified at each stage

— After final stage, State copied to output matrix

• 128-bit key depicted as square matrix of bytes

— Expanded into array of key schedule words

— Each four bytes

— Total key schedule 44 words for 128-bit key

• Byte ordering by column

— First four bytes of 128-bit plaintext input occupy first column of in matrix

— First four bytes of expanded key occupy first column of w matrix

AES

Encryption and

Decryption

AES Comments (1)

• Key expanded into array of forty-four 32-bit words, w[i]

— Four distinct words (128 bits) serve as round key for each round

• Four different stages

— One permutation and three substitution

• Substitute bytes uses S-box table to perform byte-by-byte substitution of block

• Shift rows is permutation that performed row by row

• Mix columns is substitution that alters each byte in column as function of all of bytes in column

• Add round key is bitwise XOR of current block with portion of expanded key

• Simple structure

— For both encryption and decryption, cipher begins with Add Round Key stage

— Followed by nine rounds,

• Each includes all four stages

— Followed by tenth round of three stages

AES Encryption Round

AES Comments (2)

• Only Add Round Key stage uses key

— Begin and ends with Add Round Key stage

— Any other stage at beginning or end, reversible without key

• Adds no security

• Add Round Key stage by itself not formidable

— Other three stages scramble bits

— By themselves provide no security because no key

• Each stage easily reversible

• Decryption uses expanded key in reverse order

— Not identical to encryption algorithm

• Easy to verify that decryption does recover plaintext

• Final round of encryption and decryption consists of only three stages

— To make the cipher reversible

Location of Encryption Devices

Link Encryption

• Each communication link equipped at both ends

• All traffic secure

• High level of security

• Requires lots of encryption devices

• Message must be decrypted at each switch to read address (virtual circuit number)

• Security vulnerable at switches

—Particularly on public switched network

End to End Encryption

• Encryption done at ends of system

• Data in encrypted form crosses network unaltered

• Destination shares key with source to decrypt

• Host can only encrypt user data

—Otherwise switching nodes could not read header or route packet

• Traffic pattern not secure

• Use both link and end to end

Key Distribution

• Key selected by A and delivered to B

• Third party selects key and delivers to A and B

• Use old key to encrypt and transmit new key from A to B

• Use old key to transmit new key from third party

to A and B

Automatic Key Distribution (diag)

Automatic Key Distribution

• Session Key

— Used for duration of one logical connection

— Destroyed at end of session

— Used for user data

• Permanent key

— Used for distribution of keys

• Key distribution center

— Determines which systems may communicate

— Provides one session key for that connection

• Security service module (SSM)

— Performs end to end encryption

— Obtains keys for host

Traffic Padding

• Produce cipher text continuously

• If no plain text to encode, send random data

• Make traffic analysis impossible

Message Authentication

• Protection against active attacks

—Falsification of data

—Eavesdropping

• Message is authentic if it is genuine and comes from the alleged source

• Authentication allows receiver to verify that message is authentic

—Message has not altered

—Message is from authentic source

—Message timeline

Authentication Using Encryption

• Assumes sender and receiver are only entities that know key

• Message includes:

—error detection code

—sequence number

—time stamp

Authentication Without Encryption

• Authentication tag generated and appended to each message

• Message not encrypted

• Useful for:

—Messages broadcast to multiple destinations

• Have one destination responsible for authentication

—One side heavily loaded

• Encryption adds to workload

• Can authenticate random messages

—Programs authenticated without encryption can be executed without decoding

Message Authentication Code

• Generate authentication code based on shared key and message

• Common key shared between A and B

• If only sender and receiver know key and code matches:

—Receiver assured message has not altered

—Receiver assured message is from alleged sender

—If message has sequence number, receiver assured of proper sequence

Message Authentication Using

Message Authentication Code

One Way Hash Function

• Accepts variable size message and produces fixed size tag (message digest)

• Advantages of authentication without encryption

—Encryption is slow

—Encryption hardware expensive

—Encryption hardware optimized to large data

—Algorithms covered by patents

—Algorithms subject to export controls (from USA)

Using

One

Way

Hash

Secure Hash Functions

• Hash function must have following properties:

—Can be applied to any size data block

—Produce fixed length output

—Easy to compute

—Not feasible to reverse

—Not feasible to find two message that give the same hash

SHA-1

• Secure Hash Algorithm 1

• Input message less than 2

⁶⁴

bits

—Processed in 512 bit blocks

• Output 160 bit digest

Message Digest Generation

Using SHA-1

Public Key Encryption

• Based on mathematical algorithms

• Asymmetric

—Use two separate keys

• Ingredients

—Plain text

—Encryption algorithm

—Public and private key

—Cipher text

—Decryption algorithm

Public Key Encryption -

Encryption

Public Key Encryption –

Authentication

Public Key Encryption - Operation

• One key made public

—Used for encryption

• Other kept private

—Used for decryption

• Infeasible to determine decryption key given encryption key and algorithm

• Either key can be used for encryption, the other

for decryption

Steps

• User generates pair of keys

• User places one key in public domain

• To send a message to user, encrypt using public key

• User decrypts using private key

Digital Signature

• Sender encrypts message with their private key

• Receiver can decrypt using sneders public key

• This authenticates sender, who is only person who has the matching key

• Does not give privacy of data

—Decrypt key is public

RSA Algorithm

RSA Example

Public Key Certificate Use

Secure Sockets Layer

Transport Layer Security

• Security services

• Transport Layer Security defined in RFC 2246

• SSL general-purpose service

—Set of protocols that rely on TCP

• Two implementation options

—Part of underlying protocol suite

• Transparent to applications

—Embedded in specific packages

• E.g. Netscape and Microsoft Explorer and most Web servers

• Minor differences between SSLv3 and TLS

SSL Architecture

• SSL uses TCP to provide reliable end-to-end secure service

• SSL two layers of protocols

• Record Protocol provides basic security services to various higher-layer protocols

—In particular, HTTP can operate on top of SSL

• Three higher-layer protocols

—Handshake Protocol

—Change Cipher Spec Protocol

—Alert Protocol

—Used in management of SSL exchanges (see later)

SSL Protocol Stack

SSL Connection and Session

• Connection

— Transport that provides suitable type of service

— Peer-to-peer

— Transient

— Every connection associated with one session

• Session

— Association between client and server

— Created by Handshake Protocol

— Define set of cryptographic security parameters

— Used to avoid negotiation of new security parameters for each connection

• Maybe multiple secure connections between parties

• May be multiple simultaneous sessions between parties

— Not used in practice

SSL Record Protocol

• Confidentiality

— Handshake Protocol defines shared secret key

— Used for symmetric encryption

• Message Integrity

— Handshake Protocol defines shared secret key

— Used to form message authentication code (MAC)

• Each upper-layer message fragmented

— 2¹⁴ bytes (16384 bytes) or less

• Compression optionally applied

• Compute message authentication code

• Compressed message plus MAC encrypted using symmetric encryption

• Prepend header

SSL Record Protocol Operation

Record Protocol Header

• Content Type (8 bits)

— change_cipher_spec, alert, handshake, and application_data

— No distinction between applications (e.g., HTTP)

• Content of application data opaque to SSL

• Major Version (8 bits) – SSL v3 is 3

• Minor Version (8 bits) - SSLv3 value is 0

• Compressed Length (16 bits)

— Maximum 2¹⁴ + 2048

• Record Protocol then transmits unit in TCP segment

• Received data are decrypted, verified, decompressed, and reassembled and then delivered

Change Cipher Spec Protocol

• Uses Record Protocol

• Single message

—Single byte value 1

• Cause pending state to be copied into current state

—Updates cipher suite to be used on this connection

Alert Protocol

• Convey SSL-related alerts to peer entity

• Alert messages compressed and encrypted

• Two bytes

—First byte warning(1) or fatal(2)

• If fatal, SSL immediately terminates connection

• Other connections on session may continue

• No new connections on session

—Second byte indicates specific alert

—E.g. fatal alert is an incorrect MAC

—E.g. nonfatal alert is close_notify message

Handshake Protocol

• Authenticate

• Negotiate encryption and MAC algorithm and cryptographic keys

• Used before any application data sent

Handshake Protocol –

Phase 1 Initiate Connection

• Version

— Highest SSL version understood by client

• Random

— Client-generated random structure

— 32-bit timestamp and 28 bytes from secure random number generator

— Used during key exchange to prevent replay attacks

• Session ID

— Variable-length

— Nonzero indicates client wishes to update existing connection or create new connection on session

— Zero indicates client wishes to establish new connection on new session

• CipherSuite

— List of cryptographic algorithms supported by client

— Each element defines key exchange algorithm and CipherSpec

• Compression Method

— Compression methods client supports

Handshake Protocol – Phase 2, 3

• Client waits for server_hello message

— Same parameters as client_hello

• Phase 2 depends on underlying encryption scheme

• Final message in Phase 2 is server_done

— Required

• Phase 3

— Upon receipt of server_done, client verifies certificate if required and check server_hello parameters

— Client sends messages to server, depending on underlying public-key scheme

Handshake Protocol – Phase 4

• Completes setting up

• Client sends change_cipher_spec

• Copies pending CipherSpec into current CipherSpec

— Not considered part of Handshake Protocol

— Sent using Change Cipher Spec Protocol

• Client sends finished message under new algorithms, keys, and secrets

• Finished message verifies key exchange and authentication successful

• Server sends own change_cipher_spec message

• Transfers pending to current CipherSpec

• Sends its finished message

• Handshake complete

Handshake Protocol

Action

IPv4 and IPv6 Security

• IPSec

• Secure branch office connectivity over Internet

• Secure remote access over Internet

• Extranet and intranet connectivity

• Enhanced electronic commerce security

IPSec Scope

• Authentication header

• Encapsulated security payload

• Key exchange

• RFC 2401,2402,2406,2408

Security Association

• One way relationship between sender and receiver

• For two way, two associations are required

• Three SA identification parameters

—Security parameter index

—IP destination address

—Security protocol identifier

SA Parameters

• Sequence number counter

• Sequence counter overflow

• Anti-reply windows

• AH information

• ESP information

• Lifetime of this association

• IPSec protocol mode

—Tunnel, transport or wildcard

• Path MTU

Authentication Header

Encapsulating Security Payload

• ESP

• Confidentiality services

ESP Packet

110

Summary

• Stream ciphers and block ciphers are different types of symmetric encryption algorithm. They offer slightly

different properties and are therefore suitable for different applications.

— Simple stream ciphers are fast and do not propagate errors, making them suitable for poor quality channels and for

applications where errors are intolerable.

— Block ciphers do propagate errors (to a limited extent), but are quite flexible and can be used in different ways in order to provide different security properties (in some cases to achieve some of the benefits of stream ciphers).

• The properties of cryptographic algorithms are not only affected by algorithm design, but also by the ways in which the algorithms are used. Different modes of operation can significantly change the properties of a block cipher.