ECE 544 Spring 2011 Lecture 10: Network SecurityToday’s LectureIntroduction, Security ServicesIntroduction, Security MechanismsIntroduction, Security AttacksSecurity ThreatsSlide 7Cryptography, Conventional Encryption ModelConventional EncryptionClassical Encryption TechniquesModern Security TaxonomyModern Cryptographic AlgorithmsWhat Cryptography Does?Key sizes and Brute Force AttacksBlock CiphersGeneral DES Encryption AlgorithmSingle Round of DES Algorithm3DESStream CiphersHash Algorithms (requirements)Hash Algorithms(one-way functions)Slide 22Using Hash Algorithm-2View of Public Key SchemePublic Key Ciphers Diffie-Hellman Key ExchangeDiffie-HellmanDiffie-Hellman(example)Public Key Ciphers - RSARSA (example)Authentication with Public KeysSecurity Protocols: (1) AuthenticationAuthentication ProtocolsAuthentication Protocols: KerberosSlide 34Authentication with KERBEROSMessage IntegrityKey DistributionKey Distribution: CertificatesOverview of PGP(Pretty Good Privacy)E-mail Security(PGP)IP Layer Security (IPSec)IP Security OverviewIP Security ScenarioIPSec ModesIP Security (IPSec Services)IPSec HeadersIPSec Headers in AHTunnel Mode (AH Authentication)End-to-end versus End-to-Intermediate AuthenticationWeb-Based Security SSL,TLS and WTLSWeb-Based Security (SSL Protocol)Web-Based Security (SSL Handshake Protocol)Web-Based Security (SSL Record Protocol)Web-Based Security SSL-TLS ProtocolFirewallsFirewall ConfigurationsSlide 57Slide 58Firewall Design PrinciplesViruses and ”Malicious Programs”Taxanomy of Malicious ProgramsDefinitionsPowerPoint PresentationSlide 64Slide 65Slide 66Slide 67Slide 68ReferencesECE 544 Spring 2011Lecture 10: Network SecurityD. RaychaudhuriToday’s Lecture•Introduction–Security Services and Mechanisms, Security Attacks –Model for Internet Security • Cryptography –Symmetric Key algorithms: DES, 3DES, RC4, etc. –Asymmetric Key algorithms: Public-keys, Hash Algorithms, Digital signatures •Security Protocols –Authentication, –IP security (IPSec),SSL(TSL), Mail Security(PGP) •System Security –viruses, intruders, worms –FirewallsIntroduction, Security Services•Confidentiality–Protection of transmitted data•Authentication–Assuring that communication is authentic•Integrity–Assuring that received message was not duplicated, modified, reordered, and replayed •Non-repudiation–Proving that message was in fact sent by the alleged sender. •Access Control–Ability to limit and control access to system•Availability–Loss of or reduction of availability(denial of service)Introduction, Security Mechanisms•Encryption–DES, RC4, AES•Hash algorithms–MD5, SHA•Public key algorithms–RSA, Diffie-Hellman•Message integrity•Digital signatures & certificates•Public key distribution•Authentication algorithms–KerberosIntroduction, Security Attacks •Interruption–System is destroyed or becomes unavailable or usable, blocking the communication. Link high-jacking•Interception–Unauthorized party gains access to communication, attack on confidentiality, decrypting communication, traffic analysis•Modification–Unauthorized party not only gains access but also tampers with communication. Changing value in data file•Fabrication–Unauthorized party inserts counterfeit information into communication, attack on integrity. Creating artificial messages.Security ThreatsSecurity ThreatsCryptography, Conventional Encryption Model•Cryptography:–Operation used for transforming plaintext to ciphertext •Substitution: elements in plaintext are mapped into another element•Transposition: elements in plaintext are rearranged–Number of key used•Both sender and receiver use the same key, system is symmetric single-key, secret-key or conventional encryption•Sender and receiver each uses a different key, system is asymmetric key –Way in which the plaintext is processed•Block cipher, input data processed block by block•Stream cipher, input data processed continuously•Cryptanalysis–Process (science) to break encryptionConventional EncryptionCiphertext=Plaintext  Key Plaintext=Ciphertext  Key = (Plaintext Key) Key = Plaintext (Key  Key) = PlaintextClassical Encryption Techniques•Cesar Cipher–Plain: meet me after the party–Cipher: PHHW PH DIWHU WKH SDUWBC=E(p)=(p+3) mod(26)P=m+3 (m, 1-n,2-l, 3-o, “P”) •Polyalphabetic Cipher–Key: deceptiondeceptiond–Plain meetmeaftertheparty–Cipher qjhxcyjuhiwwkujjghcC=E(kp),  is exclusive-or(XOR)•Rotor Machines: Famous “ENIGMA”These techniques became very weak around and after World War II.Modern Security TaxonomySecurityCryptographyalgorithmsPublickey(e.g., RSA)Secretkey(e.g., DES)Messagedigest(e.g., MD5)SecurityservicesAuthenticationPrivacy MessageintegrityModern Cryptographic AlgorithmsSecret Key (Symmetric)•Symmetric key•Block cipher(DES, AES)•Stream ciphers(RC4)Public Key(Asymmetric)•Asymmetric key•Public-Private keys(Diffie-Hellman, RSA) Cryptography AlgorithmsHash algorithms Authentication and integrity checking(MD5, SHA)What Cryptography Does?•Diffusion:–Statistical structure of the plaintext is dissipated into long range, each plaintext digit affects many ciphertext digits.•Confusion:–Seeks to make the relationship between the statistics of ciphertext and the encrypted value as complex as possible.P1  K = C1P2  K = C2 C1  C2=P1  P2Key sizes and Brute Force AttacksBlock Ciphers•Block of plaintext is treated as a whole and used to produce a ciphertext block of equal length. •Example: DES(Data Encryption Standard), AES(Advance Encryption Technique) PlaintextEncryptionSecret KeyBlocksOf plaintextBlocksOf ciphertextGeneral DES Encryption AlgorithmInitial permutationPermuted choice1Permuted choice2 Left circular shiftRound 1Permuted choice2 Left circular shiftRound 2K1K2Permuted choice2 Left circular shiftRound 16K1632-bit swapReverse Initial Perm.64 bit ciphertext64 bit plaintext56 bit keySingle Round of DES AlgorithmL(i-1) R(i-1)ExpansionChoice/Perm32 bits32 bitsC(i-1) D(i-1)28 bits28 bitsL(i)FLeft shift (s)Left shift (s)PermutationConstructionR(i)K(i)48 bitsC(i) D(i)L(i)=R(i-1), R(i)=L(i-1)  F(R(i-1),K(i)3DES•DES key is 56 bit, not good enough, but widely available in HW and SW, so use three times with different keys.PlaintextDES DESCiphertextShared Secret Key1Shared Secret Key2InputOutputDESShared Secret Key3Stream Ciphers•Encrypt a digital data stream one bit or one byte at a