Documentos de Académico
Documentos de Profesional
Documentos de Cultura
Security
A note on the use of these ppt slides:
Were making these slides freely available to all (faculty, students, readers).
Theyre in PowerPoint form so you see the animations; and can add, modify,
and delete slides (including this one) and slide content to suit your needs.
They obviously represent a lot of work on our part. In return for use, we only
ask the following:
If you use these slides (e.g., in a class) that you mention their source
(after all, wed like people to use our book!)
If you post any slides on a www site, that you note that they are adapted
from (or perhaps identical to) our slides, and note our copyright of this
material.
Thanks and enjoy! JFK/KWR
Computer
Networking: A
Top Down
Approach
6th edition
Jim Kurose, Keith Ross
Addison-Wesley
March 2012
security in practice:
firewalls and intrusion detection systems
security in application, transport, network, link layers
Network Security
8-2
Chapter 8 roadmap
8.1 What is network security?
8.2 Principles of cryptography
8.3 Message integrity, authentication
8.4 Securing e-mail
8.5 Securing TCP connections: SSL
8.6 Network layer security: IPsec
8.7 Securing wireless LANs
8.8 Operational security: firewalls and IDS
Network Security
8-3
8-4
Alice
Bob
channel
data
secure
sender
data, control
messages
secure
s
receiver
data
Trudy
Network Security
8-5
Network Security
8-6
8-7
Chapter 8 roadmap
8.1 What is network security?
8.2 Principles of cryptography
8.3 Message integrity, authentication
8.4 Securing e-mail
8.5 Securing TCP connections: SSL
8.6 Network layer security: IPsec
8.7 Securing wireless LANs
8.8 Operational security: firewalls and IDS
Network Security
8-8
encryption
algorithm
Bobs
K decryption
Bkey
ciphertext
decryption plaintext
algorithm
m plaintext message
KA(m) ciphertext, encrypted with key KA
m = KB(KA(m))
Network Security
8-9
Breaking an encryption
scheme
known-plaintext attack:
Trudy has plaintext
corresponding to
ciphertext
e.g., in monoalphabetic
cipher, Trudy
determines pairings for
a,l,i,c,e,b,o,
chosen-plaintext attack:
Trudy can get ciphertext
for chosen plaintext
Network Security
8-10
KS
plaintext
message, m
encryption
algorithm
ciphertext
K
(m)
decryption plaintext
algorithm
m = KS(KS(m))
8-11
plaintext:
abcdefghijklmnopqrstuvwxyz
ciphertext:
mnbvcxzasdfghjklpoiuytrewq
e.g.:
8-12
Network Security
8-13
Network Security
8-14
Symmetric key
crypto: DES
DES operation
initial permutation
16 identical rounds of
function application,
each using different
48 bits of key
final permutation
Network Security
8-15
Network Security
8-16
requires sender,
receiver know shared
secret key
Q: how to agree on key
in first place
(particularly if never
met)?
radically different
approach [DiffieHellman76, RSA78]
sender, receiver do not
share secret key
public encryption key
known to all
private decryption key
known only to receiver
Network Security
8-17
plaintext
message, m
encryption
algorithm
ciphertext
+
B
K (m)
- Bobs private
B key
decryption
algorithm
plaintext
message
+
m = KB (K (m))
B
Network Security
8-18
.
B
need
K
(
)
and
K
(
)
such
that
1
B
-
K (K (m)) = m
2 given public key K +, it should be
B
impossible to compute private
key K
B
8-19
Prerequisite: modular
arithmetic
thus
(a mod n)d mod n = ad mod n
example: x=14, n=10, d=2:
(x mod n)d mod n = 42 mod 10 = 6
xd = 142 = 196 xd mod 10 = 6
Network Security
8-20
example:
Network Security
8-21
KB
KB
Network Security
8-22
Network Security
8-23
RSA example:
Bob chooses p=5, q=7. Then n=35, z=24.
e=5 (so e, z relatively prime).
d=29 (so ed-1 exactly divisible by z).
encrypting 8-bit messages.
encrypt:
decrypt:
bit pattern
me
0000l000
12
24832
c
17
481968572106750915091411825223071697
c = me mod n
17
m = cd mod n
12
Network Security
8-24
thus,
cd mod n = (me mod n)d mod n
= med mod n
= m(ed mod z) mod n
= m1 mod n
=m
Network Security
8-25
+
+ K (K (m)) = m = K (K (m))
B B
B B
result is the
same!
Network Security
8-26
Why
+
+ K (K (m)) = m = K (K (m))
B B
B B
Network Security
8-27
Network Security
8-28
session key, KS
8-29
Chapter 8 roadmap
8.1 What is network security?
8.2 Principles of cryptography
8.3 Message integrity, authentication
8.4 Securing e-mail
8.5 Securing TCP connections: SSL
8.6 Network layer security: IPsec
8.7 Securing wireless LANs
8.8 Operational security: firewalls and IDS
Network Security
8-30
Authentication
Goal: Bob wants Alice to prove her identity to
him
Protocol ap1.0: Alice says I am Alice
I am Alice
Failure scenario??
Network Security
8-31
Authentication
Goal: Bob wants Alice to prove her identity to
him
Protocol ap1.0: Alice says I am Alice
I am Alice
in a network,
Bob can not see Alice,
so Trudy simply declares
herself to be Alice
Network Security
8-32
Alices
IP address I am Alice
Failure scenario??
Network Security
8-33
Alices
IP address I am Alice
Network Security
8-34
Alices Alices
Im Alice
IP addr password
Alices
IP addr
OK
Failure scenario??
Network Security
8-35
Alices Alices
Im Alice
IP addr password
Alices
IP addr
OK
Alices Alices
Im Alice
IP addr password
Network Security
8-36
Alices encrypted
Im Alice
IP addr password
Alices
IP addr
OK
Failure scenario??
Network Security
8-37
Alices encrypted
Im Alice
IP addr password
Alices
IP addr
OK
record
and
playback
still works!
Alices encrypted
Im Alice
IP addr password
Network Security
8-38
I am Alice
R
KA-B(R)
Failures, drawbacks?
8-39
Authentication: ap5.0
ap4.0 requires shared symmetric key
can we authenticate using public key techniques?
ap5.0: use nonce, public key cryptography
I am Alice
R
Bob computes
+ -
K A (R)
send me your public key
KA
K A(K A(R)) = R
and knows only Alice
could have the private
key, that encrypted R
such that
+ K (K (R)) = R
A A
Network Security
8-40
ap5.0: security
hole
I am Alice
R
K (R)
A
K (R)
T
+
K
T
- +
m = K (K (m))
A A
+
K (m)
A
+
A
Trudy gets
- +
m = K (K (m))
T T
sends m to Alice
encrypted with
Alices public key
+
K (m)
T
Network Security
8-41
ap5.0: security
hole
difficult to detect:
Network Security
8-42
Chapter 8 roadmap
8.1 What is network security?
8.2 Principles of cryptography
8.3 Message integrity, authentication
8.4 Securing e-mail
8.5 Securing TCP connections: SSL
8.6 Network layer security: IPsec
8.7 Securing wireless LANs
8.8 Operational security: firewalls and IDS
Network Security
8-43
Digital signatures
cryptographic technique analogous to handwritten signatures:
Network Security
8-44
Digital signatures
simple digital signature for message m:
Bobs message, m
Dear Alice
Oh, how I have missed
you. I think of you all the
time! (blah blah blah)
Bob
- Bobs private
KB
key
Public key
encryption
algorithm
m,K B(m)
Bobs message,
m, signed
(encrypted) with
his private key
Network Security
8-45
Digital signatures
-
8-46
Message digests
computationally expensive
to public-key-encrypt
long messages
to-compute digital
fingerprint
apply hash function H to
m, get fixed size
message digest, H(m).
large
message
m
H: Hash
Function
H(m)
8-47
ASCII format
49 4F 55 31
30 30 2E 39
39 42 D2 42
B2 C1 D2 AC
message
IOU9
00.1
9BOB
different messages
but identical checksums!
ASCII format
49 4F 55 39
30 30 2E 31
39 42 D2 42
B2 C1 D2 AC
Network Security
8-48
H: Hash
function
Bobs
private
key
KB
encrypted
msg digest
H(m)
digital
signature
(encrypt)
encrypted
msg digest
KB(H(m))
large
message
m
H: Hash
function
KB(H(m))
Bobs
public
key
KB
digital
signature
(decrypt)
H(m)
H(m)
equal
?
Network Security
8-49
Network Security
8-50
I am Alice
R
K (R)
A
K (R)
T
+
K
T
- +
m = K (K (m))
A A
+
K (m)
A
+
A
Trudy gets
- +
m = K (K (m))
T T
sends m to Alice
encrypted with
Alices public key
+
K (m)
T
Network Security
8-51
Public-key certification
8-52
Certification authorities
particular entity, E.
E (person, router) registers its public key with CA.
E provides proof of identity to CA.
CA creates certificate binding E to its public key.
certificate containing Es public key digitally signed by CA
CA says this is Es public key
Bobs
public
key
Bobs
identifying
information
KB
digital
signature
(encrypt)
CA
private
key
CA
KB
certificate for
Bobs public key,
signed by CA
Network Security
8-53
Certification authorities
digital
signature
(decrypt)
CA
public
key
Bobs
public
+
K B key
K+
CA
Network Security
8-54
Chapter 8 roadmap
8.1 What is network security?
8.2 Principles of cryptography
8.3 Message integrity, authentication
8.4 Securing e-mail
8.5 Securing TCP connections: SSL
8.6 Network layer security: IPsec
8.7 Securing wireless LANs
8.8 Operational security: firewalls and IDS
Network Security
8-55
Secure e-mail
Alice
K ( .)
KS( )
+
KS
KS(m )
KS(m )
KB( )
K+
B
KB(KS )
Internet
KS
-
KB( )
KB(KS )
K-B
Alice:
generates random symmetric private key, KS
encrypts message with KS (for efficiency)
also encrypts KS with Bobs public key
sends both KS(m) and KB(KS) to Bob
Network Security
8-56
Secure e-mail
Alice
K ( .)
KS( )
+
KS
KS(m )
KS(m )
KB( )
K+
B
KB(KS )
Internet
KS
-
KB( )
KB(KS )
K-B
Bob:
uses his private key to decrypt and recover
KS
uses KS to decrypt KS(m) to recover m
Network Security
8-57
KA-
H( )
KA( )
+
m
KA(H(m))
KA(H(m))
Internet
KA( )
H(m )
compare
H( )
H(m )
Network Security
8-58
KA
H( )
KA( )
KA(H(m))
KS
KS( )
m
KS
KB( )
K+
B
Internet
KB(KS )
8-59
Chapter 8 roadmap
8.1 What is network security?
8.2 Principles of cryptography
8.3 Message integrity
8.4 Securing e-mail
8.5 Securing TCP connections: SSL
8.6 Network layer security: IPsec
8.7 Securing wireless LANs
8.8 Operational security: firewalls and IDS
Network Security
8-60
deployed security
protocol
supported by almost all
browsers, web servers
https
billions $/year over SSL
mechanisms:
[Woo 1994],
implementation: Netscape
variation -TLS: transport
layer security, RFC 2246
provides
confidentiality
integrity
authentication
original
goals:
Web e-commerce
transactions
encryption (especially
credit-card numbers)
Web-server
authentication
optional client
authentication
minimum hassle in doing
business with new
merchant
available to all TCP
applications
secure socket interface
Network Security 8-61
Application
SSL
TCP
IP
normal application
TCP
IP
application with SSL
8-62
KA
H( )
KA( )
KA(H(m))
KS
KS( )
m
KS
KB( )
Internet
KB(KS )
KB
Network Security
8-63
8-64
Network Security
8-65
four keys:
Kc = encryption key for data sent from client to
server
Mc = MAC key for data sent from client to server
Ks = encryption key for data sent from server to
client
Ms = MAC key for data sent from server to client
keys derived from key derivation function (KDF)
takes master secret and (possibly) some additional random
Network Security
8-66
data
MAC
Network Security
8-67
Network Security
8-68
type
data
MAC
Network Security
8-69
encrypted
bob.com
Network Security
8-70
Network Security
8-71
cipher suite
public-key algorithm
symmetric encryption algorithm
MAC algorithm
RSA
Network Security
8-72
Network Security
8-73
2.
3.
4.
5.
Network Security
8-74
Network Security
8-75
8-76
data
fragment
record
header
data
fragment
MAC
encrypted
data and MAC
record
header
MAC
encrypted
data and MAC
8-77
2 bytes
3 bytes
SSL version
length
data
MAC
8-78
Real SSL
connection
everything
henceforth
is encrypted
8-79
Key derivation
8-80
Chapter 8 roadmap
8.1 What is network security?
8.2 Principles of cryptography
8.3 Message integrity
8.4 Securing e-mail
8.5 Securing TCP connections: SSL
8.6 Network layer security: IPsec
8.7 Securing wireless LANs
8.8 Operational security: firewalls and IDS
Network Security
8-81
blanket coverage
Network Security
8-82
Network Security
8-83
public
Internet
salesperson
in hotel
router w/
IPv4 and IPsec
router w/
IPv4 and IPsec
branch office
headquarters
Network Security
8-84
IPsec services
data integrity
origin authentication
replay attack prevention
confidentiality
two protocols providing different service
models:
AH
ESP
Network Security
8-85
IPsec
IPsec
Network Security
8-86
IPsec
IPsec
IPsec
IPsec
hosts IPsec-aware
Network Security
8-87
Network Security
8-88
Host mode
with ESP
Tunnel mode
with AH
Tunnel mode
with ESP
8-89
8-90
Example SA from R1 to R2
Internet
headquarters
200.168.1.100
R1
172.16.1/24
branch office
193.68.2.23
security association
R2
172.16.2/24
8-91
Network Security
8-92
IPsec datagram
focus for now on tunnel mode with ESP
enchilada authenticated
encrypted
new IP
header
ESP
hdr
SPI
original
IP hdr
Seq
#
Original IP
datagram payload
padding
ESP
trl
ESP
auth
pad
next
length header
Network Security
8-93
What happens?
Internet
headquarters
200.168.1.100
R1
branch office
193.68.2.23
security association
R2
172.16.1/24
172.16.2/24
enchilada authenticated
encrypted
new IP
header
ESP
hdr
SPI
original
IP hdr
Seq
#
Original IP
datagram payload
padding
ESP
trl
ESP
auth
pad
next
length header
Network Security
8-94
Network Security
8-95
encrypted
new IP
header
ESP
hdr
SPI
original
IP hdr
Seq
#
Original IP
datagram payload
padding
ESP
trl
ESP
auth
pad
next
length header
8-96
goal:
prevent attacker from sniffing and replaying a
packet
receipt of duplicate, authenticated IP packets may
disrupt service
method:
destination checks for duplicates
Network Security
doesnt keep track of all received packets; instead
8-97
Network Security
8-98
Network Security
8-99
IKE phases
IPsec summary
Chapter 8 roadmap
8.1 What is network security?
8.2 Principles of cryptography
8.3 Message integrity
8.4 Securing e-mail
8.5 Securing TCP connections: SSL
8.6 Network layer security: IPsec
8.7 Securing wireless LANs
8.8 Operational security: firewalls and IDS
Network Security 8-104
keystream
generator
keystream
Key+IVpacket
keystream
generator
keystreampacket
IV
Key
ID
data
ICV
MAC payload
Network Security 8-108
d2
d3
dN
CRC1 CRC4
c1
c2
c3
cN
cN+1 cN+4
802.11
IV
header
&
WEP-encrypted data
plus ICV
IV
Key
ID
data
ICV
MAC payload
receiver extracts IV
inputs IV, shared secret key into pseudo random
generator, gets keystream
XORs keystream with encrypted data to decrypt data
+ ICV
verifies integrity of data with ICV
note: message integrity approach used here is
different from MAC (message authentication code)
and signatures (using PKI).
Network Security 8-110
End-point authentication w/
nonce
Nonce: number (R) used only once in-a-lifetime
How to prove Alice live: Bob sends Alice nonce, R.
Alice
must return R, encrypted with shared secret key
I am Alice
R
KA-B (R)
WEP authentication
authentication request
nonce (128 bytes)
nonce encrypted shared key
Notes:
8-112
attack:
Trudy causes Alice to encrypt known plaintext d1 d2 d3
d4
Trudy sees: ci = di XOR kiIV
Trudy knows ci di, so can compute kiIV
Trudy knows encrypting key sequence k1IV k2IV k3IV
Next time IV is used, Trudy can decrypt!
Network Security 8-113
AS:
wired
network
Authentication
server
1 Discovery of
security capabilities
2 STA and AS mutually authenticate, together
generate Master Key (MK). AP serves as pass through
3 STA derives
Pairwise Master
Key (PMK)
4 STA, AP use PMK to derive
Temporal Key (TK) used for message
encryption, integrity
3 AS derives
same PMK,
sends to AP
EAP TLS
EAP
EAP over LAN (EAPoL)
IEEE 802.11
RADIUS
UDP/IP
Network Security 8-116
Chapter 8 roadmap
8.1 What is network security?
8.2 Principles of cryptography
8.3 Message integrity
8.4 Securing e-mail
8.5 Securing TCP connections: SSL
8.6 Network layer security: IPsec
8.7 Securing wireless LANs
8.8 Operational security: firewalls and IDS
Network Security 8-117
Firewalls
firewall
isolates organizations internal net from larger
Internet, allowing some packets to pass, blocking
others
administered
network
public
Internet
Firewalls: why
prevent denial of service attacks:
SYN flooding: attacker establishes many bogus TCP
connections, no resources left for real connections
prevent illegal modification/access of internal data
e.g., attacker replaces CIAs homepage with
something else
allow only authorized access to inside network
set of authenticated users/hosts
three types of firewalls:
stateless packet filters
stateful packet filters
application gateways
Network Security 8-119
Firewall Setting
Drop all incoming UDP packets except DNS and router broadcasts.
source
address
dest
address
allow
222.22/16
outside of
222.22/16
allow
outside of
222.22/16
222.22/16
outside of
222.22/16
allow
222.22/16
allow
outside of
222.22/16
222.22/16
deny
all
all
protocol
source
port
dest
port
flag
bit
TCP
> 1023
80
TCP
80
> 1023
ACK
UDP
> 1023
53
---
UDP
53
> 1023
----
all
all
all
all
any
source
address
dest
address
outside of
222.22/16
222.22/16
protocol
source
port
dest
port
flag
bit
TCP
80
> 1023
ACK
source
address
dest
address
proto
source
port
dest
port
allow
222.22/16
outside of
222.22/16
TCP
> 1023
80
allow
outside of
222.22/16
TCP
80
> 1023
ACK
allow
222.22/16
UDP
> 1023
53
---
allow
outside of
222.22/16
222.22/16
UDP
53
> 1023
----
deny
all
all
all
all
all
all
222.22/16
outside of
222.22/16
flag
bit
check
conxion
any
Application gateways
gateway-to-remote
host telnet session
host-to-gateway
telnet session
filters packets on
application data as well as
on IP/TCP/UDP fields.
example: allow select
internal users to telnet
outside.
application
gateway
Application gateways
filter packets on
application data as well
as on IP/TCP/UDP
fields.
example: allow select
internal users to telnet
outside
host-to-gateway
telnet session
application
gateway
router and filter
gateway-to-remote
host telnet session
Limitations of firewalls,
gateways
packet filtering:
operates on TCP/IP headers only
no correlation check among sessions
internal
network
IDS
sensors
Internet
Web
DNS
server FTP server
server
demilitarized
zone
Network Security 8-130
secure email
secure transport (SSL)
IP sec
802.11