Secure Communication with an Insecure Internet InfrastructureWhat is “Internet Security” ?Internet Design Decisions: (ie: how did we get here? )Slide 4Our “Narrow” FocusSecure Communication with an Untrusted InfrastructureSlide 7Slide 8What do we need for a secure communication channel?What is cryptography?What is cryptography?Cryptography As a ToolThe Great DivideSymmetric Key: ConfidentialitySlide 15Slide 16Slide 17Symmetric Key: IntegritySlide 19Symmetric Key: AuthenticationSlide 21Slide 22Slide 23Symmetric Key Crypto ReviewAsymmetric Key Crypto:Slide 26Asymmetric Key: ConfidentialityAsymmetric Key: Sign & VerifyAsymmetric Key: Integrity & AuthenticationAsymmetric Key Review:One last “little detail”…Symmetric Key DistributionKey Distribution Center (KDC)Slide 34How Useful is a KDC?The Dreaded PKICertification AuthoritiesSlide 38Certificate ContentsTransport Layer Security (TLS) aka Secure Socket Layer (SSL)Setup Channel with TLS “Handshake”How TLS Handles DataWhat to take home?ResourcesSecure Communication with an Insecure Internet Infrastructure15-441 LectureNov. 21st 2006Dan WendlandtWhat is “Internet Security” ? Worms & VirusesDenial-of-ServiceDNS PoisoningPhishingTrojan HorseTraffic Eavesdropping Route Hijacks Password Cracking IP Spoofing SpamSpywareTraffic modificationEnd-host impersonationInternet Design Decisions:(ie: how did we get here? )Origin as a small and cooperative network (=> largely trusted infrastructure)Global Addressing (=> every sociopath is your next-door neighbor*) Connection-less datagram service (=> can’t verify source, hard to protect bandwidth)* Dan GeerInternet Design Decisions:(ie: how did we get here? )Anyone can connect (=> ANYONE can connect)Millions of hosts run nearly identical software (=> single exploit can create epidemic)Most Internet users know about as much as Senator Stevens aka “the tubes guy” (=> God help us all…)Our “Narrow” FocusYes:1) Creating a “secure channel” for communication (today)2) Protecting network resources and limiting connectivity (next Tuesday)No:1) Preventing software vulnerabilities & malware, or “social engineering”.Secure Communication with an Untrusted InfrastructureISP AISP AISP DISP DISP CISP CISP BISP BAliceBobSecure Communication with an Untrusted InfrastructureISP AISP AISP DISP DISP CISP CISP BISP BAliceBobMallorySecure Communication with an Untrusted InfrastructureISP AISP AISP DISP DISP CISP CISP BISP BAliceHello, I’m“Bob”What do we need for a secure communication channel? Authentication (Who am I talking to?)Confidentiality (Is my data hidden?)Integrity (Has my data been modified?)Availability (Can I reach the destination?)What is cryptography?"cryptography is about communication in the presence of adversaries." - Ron Rivest“cryptography is using math and other crazy tricks to approximate magic”- Unknown 441 TAWhat is cryptography? Tools to help us build secure communication channels that provide:1) Authentication2) Integrity3) ConfidentialityCryptography As a ToolUsing cryptography securely is not simpleDesigning cryptographic schemes correctly is near impossible. Today we want to give you an idea of what can be done with cryptography.Take a security course if you think you may use it in the future (e.g. 18-487)The Great DivideSymmetric Crypto: (Private key)Example: AESAsymmetric Crypto: (Public key)Example: RSARequires a pre-shared secret between communicating parties?YesOverall speed of cryptographic operationsSlowNoFastSymmetric Key: ConfidentialityMotivating Example: You and a friend share a key K of L random bits, and a message M also L bits long.Scheme: You send her the xor(M,K) and then they “decrypt” using xor(M,K) again. 1) Do you get the right message to your friend? 2) Can an adversary recover the message M?Symmetric Key: ConfidentialityOne-time Pad (OTP) is secure but usually impacticalKey is as long at the messageKeys cannot be reused (why?)Stream Ciphers:Ex: RC4, A5Block Ciphers:Ex: DES, AES, BlowfishIn practice, two types of ciphers are used that require only constant key length:Symmetric Key: ConfidentialityStream Ciphers (ex: RC4)PRNGPseudo-Random stream of L bitsMessage of Length L bitsXOR=Encrypted CiphertextK A-BBob uses KA-B as PRNG seed, and XORs encrypted text to get the message back (just like OTP). Alice:Symmetric Key: ConfidentialityBlock 4Block 3Block 2Block 1Round #1 Round #2 Round #nBlock 1Block Ciphers (ex: AES)K A-BAlice:Bob breaks the ciphertext into blocks, feeds it through decryption engine using KA-B to recover the message.Block 2 Block 3 Block 4(fixed block size, e.g. 128 bits)Symmetric Key: IntegrityBackground: Hash Function PropertiesConsistent hash(X) always yields same resultOne-way given X, can’t find Y s.t. hash(Y) = X Collision resistant given hash(W) = Z, can’t find X such that hash(X) = Z Hash FnMessage of arbitrary lengthFixed Size HashSymmetric Key: IntegrityHash Message Authentication Code (HMAC) Hash FnMessageMAC MessageAlice Transmits Message & MACWhy is this secure? How do properties of a hash function help us? MACStep #1:Alice creates MACStep #2 Step #3Bob computes MAC with message and KA-B to verify.K A-BSymmetric Key: AuthenticationYou already know how to do this!(hint: think about how we showed integrity)Hash FnI am BobA43FF234Alice receives the hash, computes a hash with KA-B , and she knows the sender is BobWrong!K A-BSymmetric Key: AuthenticationWhat is Mallory overhears the hash sent by Bob, and then “replays” it later? ISP AISP AISP DISP DISP CISP CISP BISP BHello, I’mBob. Here’s the hash to “prove” itA43FF234Symmetric Key: AuthenticationA “Nonce”A random bitstring used only once. Alice sends nonce to Bob as a “challenge”. Bob Replies with “fresh” MAC result. Hash NonceB4FE64BobK A-BNonceB4FE64AlicePerforms same hash with KA-B and compares resultsSymmetric Key: AuthenticationA “Nonce”A random bitstring used only once. Alice sends nonce to Bob as a “challenge”. Bob Replies with “fresh” MAC result. NonceAlice?!?!If Alice sends Mallory a nonce, she cannot compute the corresponding MAC without K A-BMallorySymmetric Key Crypto ReviewConfidentiality: Stream & Block CiphersIntegrity: HMACAuthentication: HMAC and NonceQuestions??Are we done? Not Really:1) Number of keys scales as O(n2) 2) How to securely share keys in the first place?Asymmetric Key
View Full Document