DOC PREVIEW
CMU 15441 Computer Networking - 1L24_Security

This preview shows page 1-2-17-18-19-35-36 out of 36 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 36 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 36 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 36 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 36 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 36 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 36 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 36 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 36 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

Slide 1Slide 2Slide 3Slide 4Slide 5Slide 6Slide 7Slide 8Slide 9Slide 10Slide 11Slide 12Slide 13Slide 14Slide 16Slide 17Slide 18Slide 19Slide 20Slide 21Slide 22Slide 23Slide 24Slide 25Slide 26Slide 27Slide 28Slide 29Slide 30Slide 31Slide 32Slide 33Slide 34Slide 35Slide 36Slide 37Steenkiste & Eckhardt, SCS, CMU1Lecture 24Security - TechnologyPeter SteenkisteSchool of Computer ScienceCarnegie Mellon University15-441 NetworkingMutilated by Dave Eckhardt, F'04, S'06Steenkiste & Eckhardt, SCS, CMU1OutlineTextbook coverage»Chapter 8»Do not get bogged down in mathematics of DES, RSA»Do understand how to use them to get jobs doneSecurity threats and techniques.Encryption»Private-key, public-keyHashingIP security (IPsec)Steenkiste & Eckhardt, SCS, CMU1Security ThreatsImpersonation.»Pretend to be another user with the intent of getting access to information or servicesSecrecy.»Get access to the contents of packetsMessage integrity.»Change a message unbeknownst to the sender or receiverRepudiation»Denying having sent a messageBreaking into systems.»To steal or destroy contentsDenial of service.»Flooding the system so users with legitimate needs cannot get serviceSteenkiste & Eckhardt, SCS, CMU1Active Versus Passive ThreatsActive ThreatsPassive ThreatsRelease ofMessage ContentsTraffic AnalysisReplayImpersonateModifying ofMessage contentsDenial ofServiceSteenkiste & Eckhardt, SCS, CMU1Three Levels of DefenseUsing firewalls to limit access to the network.»Packets that cannot enter the network cannot cause harm»Packets that do not leave the network cannot leak secretsSecuring the infrastructure at the network layer (IP).»Host to host or at a finer grain»Can be viewed as management tool: can be done without knowledge of applicationsApplication level security.»Communicating peers execute protocols to secure their communication channel»Essential for critical applications: end-to-end security»Requires effort from both application developers and usersSteenkiste & Eckhardt, SCS, CMU1Encryption Ciphertext = E(plaintext, KE) Plaintext = D(ciphertext, KD) Algorithm = E(), D()Algorithm should generally be public»Otherwise when (!!) it is cracked you won't hear about it»Easier to get known-good software implementations»Encourages fast hardware implementationsKeys are generally kept private»Easier to change a key than an algorithmGiven the ciphertext, it must be “very difficult” to calculate the plaintext without KD »Difficult = computationally very expensive»Resistant to known attacksSteenkiste & Eckhardt, SCS, CMU1Special Cases Ciphertext = E(plaintext, KE) Plaintext = D(ciphertext, KD) Algorithm = E(), D()Details»E() and D() may be the same function»KE and KD may be the same key»This is called symmetric encryptionSteenkiste & Eckhardt, SCS, CMU1Perfect Encryption: One-Time Pad“Pad” = large nonrepeating set of truly random key lettersAlgorithm often simple»KE == KD, E() == D() == XOR()Perfect if and only if »Key bits are truly random»Key bits are never re-usedTBFRGFARFM......................ONETIMEPADplaintextone-time padIPKLPSFHGQciphertextSteenkiste & Eckhardt, SCS, CMU1Simple ApplicationsMaintain secrecy of messageProve identity by knowing a key»two parties must have a shared secretA: m = “secret msg”m’ = E(m, KE)AB: m’B: m = D(m’, KD)A: m = “I am A”m’ = E(m, KE)AB: m, m’B: verify m = D(m’, KD)Steenkiste & Eckhardt, SCS, CMU1Public Key versus Private KeyCryptographyPrivate key (symmetric, e.g., DES)»Two parties share (keep private) a key k»Encrypt plaintext using k»Also decrypt ciphertext using k -- symmetricPublic key (asymmetric, e.g., RSA)»Keys come in pairs, Kprivate and Kpublic»Kprivate is kept private by its owner»Kpublic is published»Sender encrypts with recipient’s public key C=E(M, Kpublic)»Recipient uses private key to decrypt M=D(C, Kprivate)»Must be “impossible” to derive private key from publicSteenkiste & Eckhardt, SCS, CMU1Authentication RevisitedParties must share a secret before they can communicate.Need a separate channel to establish the shared key.Distribution of keys is easier: public directory of public keysStill need a way to reliably distribute public keys.A: m = “I am A”m’ = {m}ksharedAB: m, m’B: verify m’ = {m}ksharedA: m = “I am A”m’ = {m}kprivateAB: m, m’B: verify m = {m’}kpublicPrivate keyPublic keySteenkiste & Eckhardt, SCS, CMU1Data Encryption StandardDESExample of symmetric-key cryptography.Basically permutes the bits based on a 56-bit key.»Substitution: reduce the relationship between plaintext and ciphertext»Diffusion: move the bits aroundHow secure is DES?»It is becoming less secure as computers get faster»DES has recently been “cracked” by teams of volunteers using both lots of idle workstations, and special-purpose hardwareSecurity can be improved by running the algorithm several times, e.g. Triple-DES»Odd fact: 2DES is less safe than DES!Steenkiste & Eckhardt, SCS, CMU1DES AlgorithmUse a 64-bit key to encrypt data in 64-bit blocks»Actually 56-bit key: every 8th bit is parity16 “rounds”»The 56-bit key K is used to generate 16 48-bit keys K1…K16, one for each roundIn each round:»Substitution (S-boxes)»Permutation (P-boxes)MCK1K2K16KSteenkiste & Eckhardt, SCS, CMU1RSA AlgorithmExample of a public key system.»Name based on the names of its foundersKey pair based on a pair of large prime numbers.»Different key sizes can be used»Larger key sizes are harder to crack but also result in more expensive encryption and decryptionEncryption and decryption is based on exponentiation and remainder calculation.The security of RSA is based on the fact that there is no known algorithm for quickly factoring large numbersSteenkiste & Eckhardt, SCS, CMU1Public vs. Private Key SystemsScale of key management.»If N users want to communicate securely, private key systems require Nx(N-1)/2 keys while public key systems require only N key pairsComputational cost.»Public key cryptography is much more expensive than private key cryptographyCompromise: use public key system to agree on temporary private keysOr: use an authentication server to reduce the key management complexity of private key systems.»Authentication server versus public key serverSteenkiste & Eckhardt, SCS, CMU1Cryptanalysis: Types of AttackGoal:


View Full Document

CMU 15441 Computer Networking - 1L24_Security

Documents in this Course
Lecture

Lecture

14 pages

Lecture

Lecture

19 pages

Lecture

Lecture

14 pages

Lecture

Lecture

78 pages

Lecture

Lecture

35 pages

Lecture

Lecture

4 pages

Lecture

Lecture

4 pages

Lecture

Lecture

29 pages

Lecture

Lecture

52 pages

Lecture

Lecture

40 pages

Lecture

Lecture

44 pages

Lecture

Lecture

41 pages

Lecture

Lecture

38 pages

Lecture

Lecture

40 pages

Lecture

Lecture

13 pages

Lecture

Lecture

47 pages

Lecture

Lecture

49 pages

Lecture

Lecture

7 pages

Lecture

Lecture

18 pages

Lecture

Lecture

15 pages

Lecture

Lecture

74 pages

Lecture

Lecture

35 pages

Lecture

Lecture

17 pages

lecture

lecture

13 pages

Lecture

Lecture

21 pages

Lecture

Lecture

14 pages

Lecture

Lecture

53 pages

Lecture

Lecture

52 pages

Lecture

Lecture

40 pages

Lecture

Lecture

11 pages

Lecture

Lecture

20 pages

Lecture

Lecture

39 pages

Lecture

Lecture

10 pages

Lecture

Lecture

40 pages

Lecture

Lecture

25 pages

lecture

lecture

11 pages

lecture

lecture

7 pages

Lecture

Lecture

10 pages

lecture

lecture

46 pages

lecture

lecture

7 pages

Lecture

Lecture

8 pages

lecture

lecture

55 pages

lecture

lecture

45 pages

lecture

lecture

47 pages

lecture

lecture

39 pages

lecture

lecture

33 pages

lecture

lecture

38 pages

lecture

lecture

9 pages

midterm

midterm

16 pages

Lecture

Lecture

39 pages

Lecture

Lecture

14 pages

Lecture

Lecture

46 pages

Lecture

Lecture

8 pages

Lecture

Lecture

40 pages

Lecture

Lecture

11 pages

Lecture

Lecture

41 pages

Lecture

Lecture

38 pages

Lecture

Lecture

9 pages

Lab

Lab

3 pages

Lecture

Lecture

53 pages

Lecture

Lecture

51 pages

Lecture

Lecture

38 pages

Lecture

Lecture

42 pages

Lecture

Lecture

49 pages

Lecture

Lecture

63 pages

Lecture

Lecture

7 pages

Lecture

Lecture

51 pages

Lecture

Lecture

35 pages

Lecture

Lecture

29 pages

Lecture

Lecture

65 pages

Lecture

Lecture

47 pages

Lecture

Lecture

41 pages

Lecture

Lecture

41 pages

Lecture

Lecture

32 pages

Lecture

Lecture

35 pages

Lecture

Lecture

15 pages

Lecture

Lecture

52 pages

Lecture

Lecture

16 pages

Lecture

Lecture

4 pages

lecture

lecture

27 pages

lecture04

lecture04

46 pages

Lecture

Lecture

46 pages

Lecture

Lecture

13 pages

lecture

lecture

41 pages

lecture

lecture

38 pages

Lecture

Lecture

40 pages

Lecture

Lecture

25 pages

Lecture

Lecture

38 pages

lecture

lecture

11 pages

Lecture

Lecture

42 pages

Lecture

Lecture

12 pages

Lecture

Lecture

36 pages

Lecture

Lecture

46 pages

Lecture

Lecture

35 pages

Lecture

Lecture

34 pages

Lecture

Lecture

9 pages

lecture

lecture

49 pages

class03

class03

39 pages

Lecture

Lecture

8 pages

Lecture 8

Lecture 8

42 pages

Lecture

Lecture

20 pages

lecture

lecture

29 pages

Lecture

Lecture

9 pages

lecture

lecture

46 pages

Lecture

Lecture

12 pages

Lecture

Lecture

24 pages

Lecture

Lecture

41 pages

Lecture

Lecture

37 pages

lecture

lecture

59 pages

Lecture

Lecture

47 pages

Lecture

Lecture

34 pages

Lecture

Lecture

38 pages

Lecture

Lecture

28 pages

Exam

Exam

17 pages

Lecture

Lecture

21 pages

Lecture

Lecture

15 pages

Lecture

Lecture

9 pages

Project

Project

20 pages

Lecture

Lecture

40 pages

L13b_Exam

L13b_Exam

17 pages

Lecture

Lecture

48 pages

Lecture

Lecture

10 pages

Lecture

Lecture

52 pages

21-p2p

21-p2p

16 pages

lecture

lecture

77 pages

Lecture

Lecture

18 pages

Lecture

Lecture

62 pages

Lecture

Lecture

25 pages

Lecture

Lecture

24 pages

Project

Project

20 pages

Lecture

Lecture

47 pages

Lecture

Lecture

38 pages

Lecture

Lecture

35 pages

Roundup

Roundup

45 pages

Lecture

Lecture

47 pages

Lecture

Lecture

39 pages

Lecture

Lecture

13 pages

Midterm

Midterm

22 pages

Project

Project

26 pages

Lecture

Lecture

11 pages

Project

Project

27 pages

Lecture

Lecture

10 pages

Lecture

Lecture

50 pages

Lab

Lab

9 pages

Lecture

Lecture

30 pages

Lecture

Lecture

6 pages

r05-ruby

r05-ruby

27 pages

Lecture

Lecture

8 pages

Lecture

Lecture

28 pages

Lecture

Lecture

30 pages

Project

Project

13 pages

Lecture

Lecture

11 pages

Lecture

Lecture

12 pages

Lecture

Lecture

48 pages

Lecture

Lecture

55 pages

Lecture

Lecture

36 pages

Lecture

Lecture

17 pages

Load more
Download 1L24_Security
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view 1L24_Security and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view 1L24_Security 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?