ECE544: Communication Networks-II Spring 2009Today’s LectureIntroduction, Security ServicesIntroduction, Security MechanismsIntroduction, Security AttacksSecurity ThreatsSlide 7Cryptography, Conventional Encryption ModelConventional EncryptionClassical Encryption TechniquesModern Security TaxonomyModern Cryptographic AlgorithmsWhat Cryptography Does?Key sizes and Brute Force AttacksBlock CiphersMode of Operation of Block CiphersSingle Round of DES Algorithm3DES & AESStream CiphersHash AlgorithmsHash Algorithms(one-way functions)Slide 22Other kinds of authenticatorsView of Public Key SchemePublic-Key Cipher for AuthenticationComparison between Public Key and Symmetric Key AlgorithmsKey DistributionPre-distribution of Public KeysCertificate AuthoritiesMessage IntegrityIntegrity & AuthenticationAuthenticationAuthentication ProtocolsPublic-Key Authentication Protocol (2)Symmetric-Key Authentication ProtocolsAuthentication with KERBEROSKerberos Authentication SystemDiffie-Hellman Key AgreementDiffie-Hellman Key Agreement ProtocolSecurity SystemOverview of PGP(Pretty Good Privacy)E-mail Security(PGP)Web-Based Security SSL,TLS and WTLSTLS Handshake ProtocolTLS Record ProtocolIP Layer Security (IPSec)IP Security OverviewIP Security ScenarioIPSec ModesIPSec ServicesIPSec HeadersIPSec Headers in AHTunnel Mode (AH Authentication)End-to-end versus End-to-Intermediate AuthenticationSlide 55Slide 56Slide 57Slide 58Wireless security (802.11i)FirewallsFirewall ConfigurationsFirewall Design PrinciplesViruses and ”Malicious Programs”Taxonomy of Malicious SoftwareVirus, Worm, Anti-malware applicationsSlide 66ReferencesECE544: Communication Networks-II Spring 2009H. LiuLecture 10 (Network Security)Includes teaching materials from D. RaychaudhuriToday’s Lecture•Introduction–Security Services and Mechanisms, Security Attacks –Model for Internet Security • Cryptography –Symmetric Key algorithms: DES, 3DES, RC4, etc. –Asymmetric Key algorithms: Public-keys, Hash Algorithms, Digital signatures •Security Protocols –Authentication, –Mail Security (PGP), TSL(SSL), IP security (IPSec), 802.11i•System Security –viruses, intruders, worms –FirewallsIntroduction, Security Services•Confidentiality–Protection of transmitted data•Integrity–Assuring that received message was not modified, reordered, duplicated, replayed, delayed. Keep data integrity, originality, timelines.•Authentication–Assuring that communication is authentic. Authentication entails integrity.•Access Control–Ability to limit and control access to system•Availability–Loss of or reduction of availability (denial of service)•Non-repudiation and nonforgeability–Disprove a bogus denial (repudiation) of a transaction or disprove claim of a bogus (forged) transactionIntroduction, Security Mechanisms•Encryption–DES, RC4, AES•Hash algorithms–MD5, SHA•Public key algorithms–RSA•Message integrity•Digital signatures & certificates•Public key distribution•Authentication algorithms–KerberosIntroduction, Security Attacks •Interruption–System is destroyed or becomes unavailable or usable, blocking the communication. Link high-jacking•Interception–Unauthorized party gains access to communication, attack on confidentiality, decrypting communication, traffic analysis•Modification–Unauthorized party not only gains access but also tampers with communication. Changing value in data file•Fabrication–Unauthorized party inserts counterfeit information into communication, attack on integrity. Creating artificial messages.Security ThreatsSecurity ThreatsCryptography, Conventional Encryption Model•Cryptography:–Operation used for transforming plaintext to ciphertext •Substitution: elements in plaintext are mapped into another element•Transposition: elements in plaintext are rearranged–Number of key used•Both sender and receiver use the same key, system is symmetric single-key, secret-key or conventional encryption•Sender and receiver each uses a different key, system is asymmetric key –Way in which the plaintext is processed•Block cipher, input data processed block by block•Stream cipher, input data processed continuously•Cryptanalysis–Process (science) to break encryptionConventional EncryptionCiphertext=Plaintext Key Plaintext=Ciphertext Key = (Plaintext Key) Key = Plaintext (Key Key) = PlaintextClassical Encryption Techniques•Cesar Cipher–Plain: meet me after the party–Cipher: PHHW PH DIWHU WKH SDUWBC=E(p)=(p+3) mod(26)P=m+3 (m, 1-n,2-l, 3-o, “P”) •Polyalphabetic Cipher–Key: deceptiondeceptiond–Plain meetmeaftertheparty–Cipher qjhxcyjuhiwwkujjghcC=E(kp), is exclusive-or(XOR)•Rotor Machines: Famous “ENIGMA”These techniques became very weak around and after World War II.Modern Security TaxonomySecurityCryptographyalgorithmsPublickey(e.g., RSA)Secretkey(e.g., DES)Messagedigest(e.g., MD5)SecurityservicesAuthenticationPrivacy MessageintegrityModern Cryptographic AlgorithmsSecret Key (Symmetric)•Symmetric key•Block cipher(DES, AES)•Stream ciphers(RC4)Public Key(Asymmetric)•Asymmetric key•Public-Private keys(RSA) Cryptography AlgorithmsHash algorithms Authentication and integrity checking(MD5, SHA)What Cryptography Does?•Diffusion:–Statistical structure of the plaintext is dissipated into long range, each plaintext digit affects many ciphertext digits.•Confusion:–Seeks to make the relationship between the statistics of ciphertext and the encrypted value as complex as possible.P1 K = C1P2 K = C2 C1 C2=P1 P2Key sizes and Brute Force AttacksBlock CiphersPlaintextEncryptionSecret KeyBlocksOf plaintextBlocksOf ciphertext•Block of fixed-length plaintext (typically 64 bits or 128 bits) is treated as a whole and used to produce a ciphertext block of equal length. •Example: DES(Data Encryption Standard), AES(Advance Encryption Technique)Mode of Operation of Block Ciphers •Electronic codebook (ECB) mode: The message is divided into blocks and each block is encrypted separately. –Disadvantage: identical plaintext blocks are encrypted into identical ciphertext blocks; thus, it does not hide data patterns well.•Cipher block chaining (CBC) Initialization vector (IV)Plaintext block 1Block cipher encryption+Ciphertext block 1KeyPlaintext block 2Block cipher encryption+Ciphertext block 2KeyPlaintext block 3Block cipher encryption+Ciphertext block 3KeySingle Round of DES
View Full Document