Security FundamentalsENEE 426 | Communication Networks | Spring 2008 Lecture 25Application-Driven Design• Relate to application requirements• What security properties does an application require?– Confidentiality– Integrity– AvailabilityENEE 426 | Communication Networks | Spring 2008 Lecture 25Types of Adversaries• Adversary Location– On-Path: able to see all traffic between communicating parties– Off-Path: not able to see traffic• Adversary Capability– Passive: only observe, but not transmit– Active: able to transmit• Off-Path Passive not a threat• On-Path Active most dangerous– Change, inject, delete packetsENEE 426 | Communication Networks | Spring 2008 Lecture 25Confidentiality• Protect sensitive information• Eavesdropper threat– Alice and Bob talking– Eve listening• Need to protect information in transit• Basic solution: encrypt itAlice BobEveENEE 426 | Communication Networks | Spring 2008 Lecture 25Encryption• Two basic approaches– Symmetric Key Cryptography– Public Key Cryptography• Symmetric Key– Single key to encrypt and decrypt, known to A, B• Public Key– Everyone knows public key, B knows private key– A encrypts with public key, only B can decrypt),( PKfC ),(1CKfP),( PKfCpub),(1CKfPprivP = PlaintextC = CiphertextK = KeyENEE 426 | Communication Networks | Spring 2008 Lecture 25Simple Examples• Symmetric Key– Perfect secrecy if len(K) ≥ len(P) and H(K) = len(K)– Keys as long as your message impractical• Imagine creating a unique, random 2000-character password for every packet your computer sends• Need way for receiver to know random password– Want shorter passwords• Use key-stream generator (pseudo-random number generator)• Example: RC4KPPKf ),(KCCKf ),(1)(),,( IVKgPIVPKf )(),,(1IVKgCIVCKf ENEE 426 | Communication Networks | Spring 2008 Lecture 25Simple Examples• Block Ciphers– Pseudorandom function: h(K, msg)• Input: key, plaintext• Output: ciphertext, statistically independent of inputs– Encrypt multiple blocks: Encryption “Modes”– Cipher-Block Chaining (CBC)• Break message into blocks B1, …, BN– Examples: DES, AES),,(||...||),,(||),,(),...,,,(211 NNBIVKgBIVKgBIVKgBBIVKf )...))),(,...(,(,(),,(11IVBKhKhBKhBKhBIVKgiiiENEE 426 | Communication Networks | Spring 2008 Lecture 25Public-Key Cryptography• Based on Abstract Algebra and Number Theory• RSA: most common, easiest to understand– Pick primes p, q, compute n=pq– Compute j(n) = (p-1)(q-1)– Select e, such that 1 < e < j(n) and gcd(e, j(n)) = 1– Compute d, such that de ≡ 1 (mod j(n))• d is e-1modulo j(n)– Public key: n, e; Private key: d– Encryption: c = f(m) = me(mod n)– Decryption: m = f-1(c) = cd(mod n)– Works because cd≡ (me)d≡ med≡ m1≡ m (mod n)– … since x j(n)≡ 1 (mod n)ENEE 426 | Communication Networks | Spring 2008 Lecture 25Public-Key Cryptography• Implications– Alice distributes public key to everyone– Anyone can send a secure message to Alice by encrypting it with her public key– Only Alice knows the private key; only Alice can decrypt it• Security of Public Key crypto– Relies on integer factorization problem– If adversary can factor n into p and q he can determine j(n) and consequently private key d– Integer factorization still exponentially difficult– Quantum computers can factor in polynomial time– If quantum computers are realized, PKC brokenENEE 426 | Communication Networks | Spring 2008 Lecture 25Integrity• Confidentiality allows two people to communicate in secret• How do you know an adversary hasn’t change the message?• Need integrity protection• Cryptographically-secure checksumKPPKfC  ),(PKKPKCKCCKf))(()(')',(1 CC'ENEE 426 | Communication Networks | Spring 2008 Lecture 25Integrity• Need checksum that can be validated with a key• Only those with the key can create it• Symmetric-Key– Sender and receiver share a key– Same key for creating and validating checksum– Example: Hash function with key as additional input• Public-Key– Sender has private key, everyone has public key– Sender “digitally signs” with private key– Everyone can validate with public key– RSA can be adapted – simply encrypt with private keyENEE 426 | Communication Networks | Spring 2008 Lecture 25Integrity: Authentication• Side effect of integrity: Authentication• Know WHO you are talking to• Identity associated with keys used for integrity• Anything protected with that key implies it originated from the person with that key• Separate issue: authorization– Is the authenticated user allowed to send the message that they sent?ENEE 426 | Communication Networks | Spring 2008 Lecture 25Availability• Probability of a system being available when users need to access it• Official definition:• Alternate derivation: – Let X(t) = 1 if system available at time t• Adversary seeks to minimize A to deny service to valid users][][][DowntimeEUptimeEUptimeEA]1)(Pr[)(  tXtAccdttAcA0)(1limENEE 426 | Communication Networks | Spring 2008 Lecture 25Denial of Service Attacks• Interference Attacks– Interfere with link to prevent communications• Physically break link• Add noise to link– Manipulate protocol to prevent communications• TCP-FIN attack• Advertise faulty router information• Resource Exhaustion Attacks– Consume resources of hosts• TCP-SYN attack to prevent new connections to server– Consume resource of network• Flood network with trafficENEE 426 | Communication Networks | Spring 2008 Lecture 25Denial of Service Attacks• Mitigation– Build in protections to specific attacks in protocols and applications– Network-based filtering to block sources of DoSattacks• Bigger Problem– Distributed Denial of Service (DDoS)– Many hosts acting as one to disrupt service– More difficult to mitigateENEE 426 | Communication Networks | Spring 2008 Lecture 25Case Study: PKI• Public Key Infrastructure (PKI)• Everyone generates public/private key pair• Public keys sent to certificate authority (CA) with proof of identity• CA signs public keys with their private key, returns to user, called “certificate”, which contains identity of the user• To send secure message to user, ask for