Network SecuritySecurity basicsWhat is network security?Friends and enemies: Alice, Bob, TrudyWho might Bob, Alice be?There are bad guys (and girls) out there!Slide 7CryptographyCryptography algorithmsThe language of cryptographySymmetric key cryptographySlide 12Symmetric key crypto: DESSymmetric key crypto: DESAES: Advanced Encryption StandardPublic key cryptographySlide 17Public key encryption algorithmsRSA: choosing keysRSA: encryption, decryptionRSA example:RSA: Why is thatRSA: another important propertySlide 24Message integrityMessage Authentication CodeMACs in practiceSlide 28Digital signaturesMessage digestsSlide 31Slide 32Authentication: A Naïve ApproachSlide 34Authentication: Symmetric KeyAuthentication: Public/Private KeyMan (Woman) In The MiddleSlide 38Slide 39Key EstablishmentDeffie-Hellman Key ExchangeDeffie-Hellman Key Exchange: ExampleKey Distribution Center (KDC)Slide 44Deffie-Hellman v.s. KDCCertification authoritiesSlide 47A certificate contains:Slide 49Securing e-mailSecure e-mail : confidentiality, senderSecure e-mail: confidentiality, receiverSecure e-mail: sender authentication & message integritySlide 54Secure e-mail: everything togetherPretty good privacy (PGP)Security basics summary1Network Securityunderstand principles of network security: cryptography and its many uses beyond “confidentiality”message integrity digital signatureauthenticationwireless network securitysecuring wireless LANsthwarting malicious behaviorthwarting selfish behavior2Security basicswhat is network security?principles of cryptographyusage of cryptography for network securitymessage integritydigital signatureend point authenticationkey establishment example applicationsecuring e-mail3What is network security?Confidentiality: only sender, intended receiver should “understand” message contentssender encrypts messagereceiver decrypts messageAuthentication: sender, receiver want to confirm identity of each other Message integrity: sender, receiver want to ensure message not altered (in transit, or afterwards) without detectionAccess and availability: services must be accessible and available to users4Friends and enemies: Alice, Bob, Trudywell-known in network security worldBob, Alice (lovers!) want to communicate “securely”Trudy (intruder) may intercept, delete, add messagessecuresendersecurereceiverchanneldata, control messagesdatadataAliceBobTrudy5Who might Bob, Alice be?… well, real-life Bobs and Alices!web browser/server for electronic transactions (e.g., on-line purchases)on-line banking client/serverDNS serversrouters exchanging routing table updatesother examples?6There are bad guys (and girls) out there!Q: what can a “bad guy” do?A: a lot!eavesdrop: intercept messagesactively insert messages into connectionimpersonation: can fake (spoof) source address in packet (or any field in packet)hijacking: “take over” ongoing connection by removing sender or receiver, inserting himself in placedenial of service: prevent service from being used by others (e.g., by overloading resources)more on this later ……7Security basicswhat is network security?principles of cryptographyusage of cryptography for network securitymessage integritydigital signatureend point authenticationkey establishment example applicationsecuring e-mail8Cryptographycryptography: a set of mathematical functions with a set of nice properties. A common mechanism for enforcing policies.encrypt clear text into cipher text, and vice versaproperties of good encryption techniquesencryption scheme depends not on secrecy of algorithm but on parameter of algorithm (i.e., encryption key)extremely difficult for an intruder to determine the encryption key9Cryptography algorithmssymmetric key algorithm: one shared by a pair of users used for both encryption and decryptionasymmetric or public/private key algorithms are based on each user having two keys:public key – in publicprivate key – key known only to individual user10The language of cryptographysymmetric key crypto: sender, receiver keys identicalpublic-key crypto: encryption key public, decryption key secret (private)plaintextplaintextciphertextKAencryptionalgorithmdecryption algorithmAlice’s encryptionkeyBob’s decryptionkeyKB11Symmetric key cryptographysubstitution cipher: substituting one thing for anothermonoalphabetic cipher: substitute one letter for anotherplaintext: abcdefghijklmnopqrstuvwxyzciphertext: mnbvcxzasdfghjklpoiuytrewqPlaintext: bob. i love you. aliceciphertext: nkn. s gktc wky. mgsbcE.g.:Q: how hard to break this simple cipher?: brute force (how hard?) other?12Symmetric key cryptographysymmetric key crypto: Bob and Alice share know same (symmetric) key: Ke.g., key is knowing substitution pattern in mono alphabetic substitution cipherQ: how do Bob and Alice agree on key value?plaintextciphertextKA-Bencryptionalgorithmdecryption algorithmA-BKA-Bplaintextmessage, mK (m)A-BK (m)A-Bm = K ( ) A-B13Symmetric key crypto: DESDES: Data Encryption StandardUS encryption standard [NIST 1993]56-bit symmetric key, 64-bit plaintext inputHow secure is DES?DES challenge: 56-bit-key-encrypted phrase (“Strong cryptography makes the world a safer place”) decrypted (brute force) in 4 monthsno known “backdoor” decryption approachmaking DES more secure:use three keys sequentially (3-DES) on each datumuse cipher-block chaining14Symmetric key crypto: DESinitial permutation 16 identical “rounds” of function application, each using different 48 bits of keyfinal permutationDES operation15AES: Advanced Encryption Standardnew (Nov. 2001) symmetric-key NIST standard, replacing DESprocesses data in 128 bit blocks128, 192, or 256 bit keysbrute force decryption (try each key) taking 1 sec on DES, takes 149 trillion years for AES16Public key cryptographysymmetric key cryptorequires sender, receiver know shared secret keyQ: how to agree on key in first place (particularly if never “met”)?public key cryptographyradically different approach [Diffie-Hellman76, RSA78]sender, receiver do not share secret keypublic encryption key known to allprivate decryption key known only to receiver17Public key cryptographyplaintextmessage, mciphertextencryptionalgorithmdecryption algorithmBob’s public key
View Full Document