Network SecuritySecurity basicsWhat is network security?Friends and enemies: Alice, Bob, TrudyWho might Bob, Alice be?There are bad guys (and girls) out there!Slide 7CryptographyCryptography algorithmsThe language of cryptographySymmetric key cryptographySlide 12Symmetric key crypto: DESSymmetric key crypto: DESAES: Advanced Encryption StandardPublic key cryptographySlide 17Public key encryption algorithmsRSA: choosing keysRSA: encryption, decryptionRSA example:RSA: Why is thatRSA: another important propertySlide 24Message integrityMessage Authentication CodeMACs in practiceSlide 28Digital signaturesMessage digestsSlide 31Slide 32Authentication: A Naïve ApproachSlide 34Authentication: Symmetric KeyAuthentication: Public/Private KeyMan (Woman) In The MiddleSlide 38Slide 39Key EstablishmentDeffie-Hellman Key ExchangeDeffie-Hellman Key Exchange: ExampleKey Distribution Center (KDC)Slide 44Deffie-Hellman v.s. KDCCertification authoritiesSlide 47A certificate contains:Slide 49Securing e-mailSecure e-mail : confidentiality, senderSecure e-mail: confidentiality, receiverSecure e-mail: sender authentication & message integritySlide 54Secure e-mail: everything togetherPretty good privacy (PGP)Security basics summary1Network Securityunderstand principles of network security: cryptography and its many uses beyond “confidentiality”message integrity digital signatureauthenticationwireless network securitysecuring wireless LANsthwarting malicious behaviorthwarting selfish behavior2Security basicswhat is network security?principles of cryptographyusage of cryptography for network securitymessage integritydigital signatureend point authenticationkey establishment example applicationsecuring e-mail3What is network security?Confidentiality: only sender, intended receiver should “understand” message contentssender encrypts messagereceiver decrypts messageAuthentication: sender, receiver want to confirm identity of each other Message integrity: sender, receiver want to ensure message not altered (in transit, or afterwards) without detectionAccess and availability: services must be accessible and available to users4Friends and enemies: Alice, Bob, Trudywell-known in network security worldBob, Alice (lovers!) want to communicate “securely”Trudy (intruder) may intercept, delete, add messagessecuresendersecurereceiverchanneldata, control messagesdatadataAliceBobTrudy5Who might Bob, Alice be?… well, real-life Bobs and Alices!web browser/server for electronic transactions (e.g., on-line purchases)on-line banking client/serverDNS serversrouters exchanging routing table updatesother examples?6There are bad guys (and girls) out there!Q: what can a “bad guy” do?A: a lot!eavesdrop: intercept messagesactively insert messages into connectionimpersonation: can fake (spoof) source address in packet (or any field in packet)hijacking: “take over” ongoing connection by removing sender or receiver, inserting himself in placedenial of service: prevent service from being used by others (e.g., by overloading resources)more on this later ……7Security basicswhat is network security?principles of cryptographyusage of cryptography for network securitymessage integritydigital signatureend point authenticationkey establishment example applicationsecuring e-mail8Cryptographycryptography: a set of mathematical functions with a set of nice properties. A common mechanism for enforcing policies.encrypt clear text into cipher text, and vice versaproperties of good encryption techniquesencryption scheme depends not on secrecy of algorithm but on parameter of algorithm (i.e., encryption key)extremely difficult for an intruder to determine the encryption key9Cryptography algorithmssymmetric key algorithm: one shared by a pair of users used for both encryption and decryptionasymmetric or public/private key algorithms are based on each user having two keys:public key – in publicprivate key – key known only to individual user10The language of cryptographysymmetric key crypto: sender, receiver keys identicalpublic-key crypto: encryption key public, decryption key secret (private)plaintextplaintextciphertextKAencryptionalgorithmdecryption algorithmAlice’s encryptionkeyBob’s decryptionkeyKB11Symmetric key cryptographysubstitution cipher: substituting one thing for anothermonoalphabetic cipher: substitute one letter for anotherplaintext: abcdefghijklmnopqrstuvwxyzciphertext: mnbvcxzasdfghjklpoiuytrewqPlaintext: bob. i love you. aliceciphertext: nkn. s gktc wky. mgsbcE.g.:Q: how hard to break this simple cipher?: brute force (how hard?) other?12Symmetric key cryptographysymmetric key crypto: Bob and Alice share know same (symmetric) key: Ke.g., key is knowing substitution pattern in mono alphabetic substitution cipherQ: how do Bob and Alice agree on key value?plaintextciphertextKA-Bencryptionalgorithmdecryption algorithmA-BKA-Bplaintextmessage, mK (m)A-BK (m)A-Bm = K ( ) A-B13Symmetric key crypto: DESDES: Data Encryption StandardUS encryption standard [NIST 1993]56-bit symmetric key, 64-bit plaintext inputHow secure is DES?DES challenge: 56-bit-key-encrypted phrase (“Strong cryptography makes the world a safer place”) decrypted (brute force) in 4 monthsno known “backdoor” decryption approachmaking DES more secure:use three keys sequentially (3-DES) on each datumuse cipher-block chaining14Symmetric key crypto: DESinitial permutation 16 identical “rounds” of function application, each using different 48 bits of keyfinal permutationDES operation15AES: Advanced Encryption Standardnew (Nov. 2001) symmetric-key NIST standard, replacing DESprocesses data in 128 bit blocks128, 192, or 256 bit keysbrute force decryption (try each key) taking 1 sec on DES, takes 149 trillion years for AES16Public key cryptographysymmetric key cryptorequires sender, receiver know shared secret keyQ: how to agree on key in first place (particularly if never “met”)?public key cryptographyradically different approach [Diffie-Hellman76, RSA78]sender, receiver do not share secret keypublic encryption key known to allprivate decryption key known only to receiver17Public key cryptographyplaintextmessage, mciphertextencryptionalgorithmdecryption algorithmBob’s public key