22 – Integrity, FirewallsSlide 2Digital SignaturesSlide 4Digital Signatures (more)Message DigestsInternet checksum: poor crypto hash functionSlide 8Hash Function AlgorithmsTrusted IntermediariesKey Distribution Center (KDC)Slide 12ap5.0: security holeCertification AuthoritiesSlide 15A certificate contains:Secure e-mailSlide 18Secure e-mail (continued)Pretty good privacy (PGP)FirewallsFirewalls: WhyPacket FilteringSlide 24Application gatewaysLimitations of firewalls and gateways8: Network Security8-122 – Integrity, Firewalls8: Network Security8-2Chapter 8Network SecurityA note on the use of these ppt slides:We’re making these slides freely available to all (faculty, students, readers). They’re in PowerPoint form so you can add, modify, and delete slides (including this one) and slide content to suit your needs. They obviously represent a lot of work on our part. In return for use, we only ask the following: If you use these slides (e.g., in a class) in substantially unaltered form, that you mention their source (after all, we’d like people to use our book!) If you post any slides in substantially unaltered form on a www site, that you note that they are adapted from (or perhaps identical to) our slides, and note our copyright of this material.Thanks and enjoy! JFK/KWRAll material copyright 1996-2004J.F Kurose and K.W. Ross, All Rights ReservedComputer Networking: A Top Down Approach Featuring the Internet, 3rd edition. Jim Kurose, Keith RossAddison-Wesley, July 2004.8: Network Security8-3Digital Signatures Cryptographic technique analogous to hand-written signatures.sender (Bob) digitally signs document, establishing he is document owner/creator. verifiable: recipient (Alice) can prove to someone that Bob, and no one else (including Alice), must have signed document8: Network Security8-4Digital Signatures Simple digital signature for message m:Bob signs m by encrypting with his private key KB, creating “signed” message, KB(m)--Dear AlicePlease find attached my part of the final project. We really should have used SVN! BobBob’s message, mPublic keyencryptionalgorithmBob’s privatekey K B-Bob’s message, m, signed (encrypted) with his private keyK B-(m)8: Network Security8-5Digital Signatures (more)Suppose Alice receives msg m, signed version KB(m)Alice verifies m signed by Bob by applying Bob’s public key KB to KB(m) then checks KB(KB(m) ) = m.If KB(KB(m) ) = m, whoever signed m must have used Bob’s private key.++--- -+Alice thus verifies that:Bob signed m.No one else signed m.Bob signed m and not m’.Non-repudiation:Alice can take m, and signature KB(m) to court and prove that Bob signed m. -8: Network Security8-6Message DigestsComputationally expensive to public-key-encrypt long messages Goal: fixed-length, easy- to-compute digital “fingerprint”apply hash function H to m, get fixed size message digest, H(m).Hash function properties:produces fixed-size msg digest (fingerprint)given message digest x, computationally infeasible to find m such that x = H(m)large messagemH: HashFunctionH(m)8: Network Security8-7Internet checksum: poor crypto hash functionInternet checksum has some properties of hash function:produces fixed length digest (16-bit sum) of messageis many-to-oneBut given message with given hash value, it is easy to find another message with same hash value: I O U 10 0 . 99 B O B49 4F 55 3130 30 2E 3939 42 D2 42messageASCII formatB2 C1 D2 ACI O U 90 0 . 19 B O B49 4F 55 3930 30 2E 3139 42 D2 42messageASCII formatB2 C1 D2 ACdifferent messagesbut identical checksums!8: Network Security8-8large messagemH: HashfunctionH(m)digitalsignature(encrypt)Bob’s privatekey K B-+Bob sends digitally signed message:Alice verifies signature and integrity of digitally signed message: How?KB(H(m))-encrypted msg digestDigital signature = signed message digest8: Network Security8-9Hash Function AlgorithmsMD5 hash function widely used (RFC 1321) computes 128-bit message digest in 4-step process. given an arbitrary 128-bit string x, appears difficult to construct msg m whose MD5 hash is equal to x.SHA-1 (Secure Hash Algorithm) is also used.US standard [NIST, FIPS PUB 180-1]160-bit message digest8: Network Security8-10Trusted IntermediariesSymmetric key problem:How do two entities establish shared secret key over network?Solution:trusted key distribution center (KDC) acting as intermediary between entitiesPublic key problem:When Alice obtains Bob’s public key (from web site, e-mail, diskette), how does she know it is Bob’s public key, not Trudy’s?Solution:trusted certification authority (CA)8: Network Security8-11Key Distribution Center (KDC)Alice, Bob need shared symmetric key.KDC: server shares different secret key with each registered user (many users)Alice, Bob know own symmetric keys, KA-KDC KB-KDC , for communicating with KDC. KB-KDCKX-KDCKY-KDCKZ-KDCKP-KDCKB-KDCKA-KDCKA-KDCKP-KDCKDC8: Network Security8-12Key Distribution Center (KDC)Alice and Bob communicate: using R1 as session key for shared symmetric encryption Q: How does KDC allow Bob, Alice to determine shared symmetric secret key to communicate with each other? KDC generates R1Bob knows to use R1 to communicate with AliceKB-KDC(A,R1) KA-KDC(A,B)Aliceknows R1KA-KDC(R1, KB-KDC(A,R1) )8: Network Security8-13ap5.0: security holeMan (woman) in the middle attack: Trudy poses as Alice (to Bob) and as Bob (to Alice)I am AliceI am AliceRTK (R)-Send me your public keyTK +AK (R)-Send me your public keyAK +TK (m)+Tm = K (K (m))+T-Trudy getssends m to Alice encrypted with Alice’s public keyAK (m)+Am = K (K (m))+A-R8: Network Security8-14Certification AuthoritiesCertification authority (CA): binds public key to particular entity, E.E (person, router) registers its public key with CA.E provides “proof of identity” to CA. CA creates certificate binding E to its public key.certificate containing E’s public key digitally signed by CA – CA says “this is E’s public key”Bob’s publickey K B+Bob’s identifying information digitalsignature(encrypt)CA privatekey K CA-K B+certificate for Bob’s public key, signed by CA8: Network Security8-15Certification AuthoritiesWhen Alice wants Bob’s public key:gets Bob’s certificate (Bob or elsewhere).apply CA’s public key to Bob’s certificate, get Bob’s public keyBob’s publickey K B+digitalsignature(decrypt)CA