css432: network security1 css432 network security textbook ch8 professor: munehiro fukuda
TRANSCRIPT
CSS432: Network Security 1
CSS432 Network SecurityTextbook Ch8
Professor: Munehiro Fukuda
CSS432: Network Security 2
Overview Cryptography functions
Secret key (e.g., DES): sharing a common single secret key Public key (e.g., RSA): owning a private key, while publishing the
corresponding public key Message digest (e.g., MD5): generating a cryptographic checksum
Security services Privacy: preventing unauthorized release of information Authentication: verifying identity of the remote participant Integrity: making sure message has not been altered
Security
Cryptographyalgorithms
Publickey
(e.g., RSA)
Secretkey
(e.g., DES)
Messagedigest
(e.g., MD5)
Securityservices
AuthenticationPrivacy Messageintegrity
CSS432: Network Security 3
Secret Key (DES)
Plaintext
Encrypt withsecret key
Ciphertext
Plaintext
Decrypt withsecret key
CSS432: Network Security 4
64-bit key (56-bits + 8-bit parity) 16 rounds
Initial permutation
Round 1
Round 2
Round 16
56-bitkey
Final permutation
…
+
F
Li – 1 Ri – 1
Ri
Ki
Li
• Each RoundLeft half Right half
Ex-OR
Combiner function
CSS432: Network Security 5
Repeat for larger messages
Block1
IV
DES
Cipher1
Block2
DES
Block3
DES
Block4
DES
+
Cipher2 Cipher3 Cipher4
+++Initialization vector(Random number)
64bits 64bits 64bits 64bits
CSS432: Network Security 6
Public Key (RSA)
Encryption: c = memod n where <e, n> is a public key Decryption: m = cdmod n where <d, n> is a private key The main goal is to find a pair of e and d
Plaintext
Encrypt withpublic key
Ciphertext
Plaintext
Decrypt withprivate key
CSS432: Network Security 7
RSA (cont) Choose two large prime numbers p and q (each
256 bits) n = p x q Choose the encryption key e, such that e and (p -
1) x (q - 1) are relatively prime. Two numbers are relatively prime if they have no
common factor greater than one Compute decryption key d such that
d = e-1mod ((p - 1) x (q - 1)) Construct public key as (e, n) Construct private key as (d, n) Discard (do not disclose) original primes p and q Encryption: c = memod n Decryption: m = cdmod n
Algorithm Example p = 3, q = 5
n = 3 x 5 = 15 (3-1) x (5 – 1) = 8 e = 7 7d = 1 mod 8 d = 15 7 x 15 = 105
= 1 mod 8
m = 2 c = 27 mod 15 = 8 m = 815 mod 15 = 2
CSS432: Network Security 8
Message Digest
message
checksum
message
checksum checksum
message
checksum checksum
message
checksum checksum
message
checksum
message
checksum
Sender
ReceiverErrors
Wrong
Errors detected
altered
altered
No alternation detected
Adversary knowsthe checksum computation
No errors
CSS432: Network Security 9
Message Digest
message
message
MD
MD MDNo errors nor alternations
message
MD
message
MD
Errors
Wrong
Errors detectedMD
message
MD
message
MD MD
altered
altered
Alternation detected
Adversary doesn’t knowthe key used in MD
CSS432: Network Security 10
Message DigestMessage (padded)
128-bit Initial digest(constant) 512 bits 512 bits512 bits
Bitwise transformBitwise transform
Bitwise transformBitwise transform
Bitwise transformBitwise transform
Message digest
CSS432: Network Security 11
Authentication ProtocolsThree-Way Handshake
E(msg, key): msg was encrypted with key
CHK: client handshake key SHK: server handshake key Both client and server must know CHK
and SHK.
1. Client sends x encrypted with CHK.
2. Server decrypts x with CHK.
3. Server sends x + 1 and y encrypted with SHK.
4. Client decrypts x + 1 and y with SHK and knows Server has CHK.
5. Client sends y + 1 encrypted with CHK.
6. Server decrypts y + 1 with CHK and knows Client has SHK.
Client Server
ClientId, E(x, CHK)
E(y + 1, CHK)
E(SK, SHK)
E(x + 1, SHK), E(y, SHK)
What if client and server know nothing about each other?
CSS432: Network Security 12
The authentication server S assumes that A and B each share a secret key with S.
T: timestamp L: Lifetime K: Session key KA: Secret key shared
between A and S KB: Secret key shared
between B and S
AS B
E((T, L, K, B), KA),
E((A, T), K),
E((T, L, K, A), KB)
A, B
E(T + 1, K)
E((T, L, K, A), KB)
Authentication ProtocolsTrusted Third Party (Kerberos)
A knows T, L, and KA checks if B has received K
B knows T, L, and KB responds T+1 to A
A session has been established
CSS432: Network Security 13
Public key authentication
A B
E(x, PublicB)
x
A authenticated B
CSS432: Network Security 14
Message Integrity Protocols Digital signature using RSA
Original cryptography: Encryption with a public key : c = memod n Decryption with a private key: m = cdmod n
Compute signature with private key and verify with public key Encryption with a private key : m = cdmod n Decryption with a public key: c = memod n
Large computational complexity Keyed MD5
sender: m + MD5(m + k) receiver
Sender and receiver share the key k Computes MD5(m + k) and compare it with the received
MD5(m + k) MD5 with RSA signature
sender: m + E(MD5(m), private) receiver
decrypts MD5(m) with sender’s public key compares result with MD5 checksum sent with message
CSS432: Network Security 15
Key Distribution Certificate
Special type of digitally signed document: “I certify that the public key in this document belongs to the entity
named in this document, signed X.” The name of the entity being certified The public key of the entity The name of the certified authority A digital signature
Certified Authority (CA) Administrative entity that issues certificates Useful only to someone that already holds the CA’s public key. PGP Example:
CA imports a public key from a person who wants it to certify his/her public key.
CA retrieves the finger print from this public key. CA verify it with the key’s owner over a phone or through any other
means.
CSS432: Network Security 16
Key Distribution (cont)
Chain of Trust X certifies that a certain public key belongs to Y:
X.cert( Y, publicKeyY ) Y certifies that another public key belongs to Z:
Y.cert( Z, publicKeyZ ) Someone, say A wants to verify Z’s public key has to know X’s public
key:A.knows( X, publicKeyX )
Certificate Revocation List A digitally signed list of revoked certificates Periodically updated and made available in public A revoked certificate will be listed for a certain time period
A certificate has an expiration date. PGP Example:
A person who wants to revoke his/her public key generates a revocation certificate. (This should be done before his/her public key becomes useless.)
He/she prints out the revocation certificate and sends it to CA.
CSS432: Network Security 17
Example Systems
Pretty Good Privacy (PGP) Encryption and authentication for email
Secure Shell (SSH) Secured version of Unix R commands (rlogin, rsh,
and rcp) Transport Layer Security (TLS, SSL, HTTPS)
Additional handshake to encrypt and authenticate TCP communication, in particular HTTP connections
IP Security (IPSEC) Framework to make IP packets secured
CSS432: Network Security 18
PGP A popular approach to providing encryption ad
authentication capabilities for email. A user decides the level of establishing trust
You know A well, and thus trust A’s public key. You have received B’s certificate from A.
You trust it if B is A’s colleague but not a politician. You have received B’s certificate from C and D and then trust B’s
certificate. A user collects a set of certificates with varying trust level in a key
ring (~/.gnupg/trustdb.gpg) Systems available at:
MIT distribution site for PGP: http://web.mit.edu/network/pgp.html The International PGP Home Page: http://www.pgpi.org/ The Gnu Privacy Guard: http://www.gnupg.org/
CSS432: Network Security 19
PGP (Message Encryption) Generating a key: gpg --gen-key
Required to type your real name, comments, and email address( [email protected]) Exporting a public key: gpg --output mfukuda.pub --armor --export mfukuda Importing a public key: gpg --import --armor mfukuda.pub Validating a public key: gpg --edit-key [email protected]
Command > fpr // check his finger print Command > sign // sign this public key at a favorite trust level
Encrypting a document: gpg –output doc.enc –encrypt –recipient [email protected] doc Decrypting a document: gpg –output doc –descript doc.enc
Create a random secret key k
Encrypt message usingDES with secret key k
Encrypt k using RSA withrecipient’s public key
Encode message + E(k)in ASCII for transmission Convert ASCII message
Decrypt E(k) using RSA withmy private key -> k
Decrypt message usingDES with secret key k
CSS432: Network Security 20
PGP (Message Integrity and Authentication)
Making a signature: gpg --output doc.asc --sign doc Making a signature in email format: gpg --clearsign doc // doc.asc is automatically created Verifying a signature: gpg --output doc --decrypt doc.asc
Calculate MD5 checksumover message contents
Sign checksum using RSAwith sender’s private key
Calculate MD5 checksum onreceived message and compare
against received value
Sender identity and messageintegrity confirmed
if checksums match
Decrypt signed checksumwith sender’s public key
CSS432: Network Security 21
SSH
Secured version of Unix R commands (rlogin, rsh, and rcp)
SSH-TRANS: a transport layer protocol on top a TCP connection
SSH-AUTH: An authentication protocl using RSA
SSH-CONN: a connection protocol enabling SSH tunnelling
CSS432: Network Security 22
SSH (Protocol Exchange)
~/.ssh/id_rsa(~/.ssh/identity)
mfukuda@local1
/etc/ssh/ssh_known_hosts~/.ssh/known_hosts
host1
host2
host3
local1
/etc/ssh/ssh_host_rsa_key
host1
~/.ssh/authorized_keys
mfukuda@local1
mfukuda@local2
mfukuda@local2
server1
(1) Contact to port 22
(2) SSH version
/etc/ssh/ssh_host_rsa_key.pub
host1
server
server
host1
server
(3)
session
(4) Server AuthenticationsessionE( , )
(5) Secure connection established
(6) Client Authentication
E( random 256-bit string, )
serverhost1
mfukuda@local1
MD5(random 256-bit string, ) session
(7) All authentications completed
CSS432: Network Security 23
SSH (Key Generation Example)Munehiro Fukuda@fukuda-thinkpad ~$ ssh-keygent –t rsaGenerating public/private rsa key pair.Enter file in which to save the key (/home/Munehiro Fukuda/.ssh/id_rsa):Enter passphrase (empty for no passphrase): ********Enter same passphrase again: ********Your identification has been saved in /home/Munehiro Fukuda/.ssh/id_rsa.Your public key has been saved in /home/Munehiro Fukuda/.ssh/id_rsa.pub.The key finger print is:3b:4c:e7:db:68:25:13:7e:77:a2:c8:b8:43:af:44:82 Munehiro Fukuda@fukuda-thinkpadMunehiro Fukuda@fukuda-thinkpad ~$ cd .sshMunehiro Fukuda@fukuda-thinkpad ~$ lsId_rsa id_rsa.pub known_hosts known_hosts~Munehiro Fukuda@fukuda-thinkpad ~$ sftp perseus.bothell.washington.eduConnecting to perseus.bothell.washington.edu…[email protected]’s password: ********sftp> put id_rsa.pubsftp> quitMunehiro Fukuda@fukuda-thinkpad ~$ ssh –l mfukuda perseus.bothell.washington.edumfukuda@perseus.bothell.washington.edu’s passowrd: ********[mfukuda@perseus mfukuda]$ mv id_rsa.pub .ssh/id_rsa.fukuda-thinkpad.pub[mfukuda@perseus mfukuda]$ cd .ssh[mfukuda@perseus mfukuda]$ cat id_rsa.fukuda-thinkpad.pub >> authorized_keys[mfukuda@perseus mfukuda]$ chmod 644 authorized_keys[mfukuda@perseus mfukuda]$ exitMunehiro Fukuda@fukuda-thinkpad ~$ ssh –l mfukuda perseus bothell.washington.eduEnter passphrase for key ‘/honme/Munehiro Fukuda/.ssh/id_rsa’: ********[mfukuda@perseus mfukuda]$
CSS432: Network Security 24
SSH (SSH Agent)
local server
~/.ssh/id_rsa(~/.ssh/identity)
mfukuda@local1
ssh-agent
$ ssh-add
mfukuda@local
SSH protocol exchange
Munehiro Fukuda@fukuda-thinkpad ~$ eval `ssh-agent`Agent pid 228Munehiro Fukuda@fukuda-thinkpad ~$ ssh-addEnter passphrase for /home/Munehiro Fukuda/.ssh/id_rsa: ********Identity added: /home/Munehiro Fukuda/.ssh/id_rsa (home/Munehiro Fukuda/..ssh/id_rsa)Munehiro Fukuda@fukuda-thinkpad ~$ ssh –l mfukuda perseus.bothell.washington.edu[mfukuda@perseus mfukuda]$ exitMunehiro Fukuda@fukuda-thinkpad ~$ ssh –l mfukuda perseus.bothell.washington.edu[mfukuda@perseus mfukuda]$ exitMunehiro Fukuda@fukuda-thinkpad ~$ eval `ssh-agent –k`Agent pid 228 killdMunehiro Fukuda@fukuda-thinkpad ~$ ssh –l mfukuda perseus bothell.washington.eduEnter passphrase for key ‘/honme/Munehiro Fukuda/.ssh/id_rsa’: ********[mfukuda@perseus mfukuda]$
CSS432: Network Security 25
SSH (Agent Forwarding)
local Server X
ssh-agent$ ssh-addmfukuda@local
SSH protocolexchange
~/.ssh/id_rsa
mfukuda@local
Server X
sshd
proxyagent
sshd
SSH protocolexchange
scp scp scp
authentication authentication
forwardedauthentication
#Enable agent forwardingssh –A ….sftp userId@serverX:file1 userId@serverY:file2
CSS432: Network Security 26=localhost
=localhost
SSH (Port Forwarding) Local forwarding
ssh -L x:appserver:y username@sshdserver Ex: ssh –L 80:localhost:8080 mfukuda@perseus
Localhost = perseus in this example
Remote forwarding ssh -R x:appclient:y username@sshdserver Ex: ssh –R 80:localhost: mfukuda@perseus
Localhost = my local computer (fukuda-thinkpad)
sshclient
sshclient
sshdserver
sshdserver
appserver
appserver
appclient
appclient
y22
22 x
x
y
CSS432: Network Security 27
Firewalls
Filter-Based Solution Example
( 192.12.13.14, 1234, 128.7.6.5, 80 )filter all packets from port 1234 on host 192.12.13.14 addressed to port 80 on host 128.7.6.5(*,*, 128.7.6.5, 80 )filter all packets address to port 80 on 128.7.6.5
Default: forward or not forward? All ports initialized to forward packets All ports initialized to filter packets
How dynamic? Filter initialized upon a boot Filter reinitialized at run time
Rest of the Internet Local siteFirewall
CSS432: Network Security 28
CISCO Example
hostname router1! Link to the Internetinterface ethernet 0 ip address 172.16.1.1 255.255.255.0 ip access-group 1 in! Link to the local networkinterface ethernet 1 ip address 192.168.1.1 255.255.255.0!Access-list 1 deny 172.16.2.0 0.0.0.255Access-list 1 permit 0.0.0.0 255.255.255.255
router1InternetX
172.16.2.0
Local Network192.168.1.1172.16.1.1
CSS432: Network Security 29
Proxy-Based Firewalls Problem: complex policy Example: web server
Solution: proxy
Question: What if we need to run different applications (HTTP,
FTP, IMAP, etc)?
Company netFirewall Webserver
Randomexternaluser
Remotecompanyuser
Internet
Externalclient
External HTTP/TCP connection
Proxy
Firewall
Internal HTTP/TCP connection
Localserver
Some web pages should be visible,While the other should not.
Filter port 80 or not
CSS432: Network Security 30
DMZ and Bastion Servers
BorderRouter
Internet FirewallSystem
Local Network
De-Militarized Zone (DMZ)
HTTP FTP IMAPBastion Hosts
192.168.1.1
192.168.1.0/24
172.16.1.1
1. Forward packets from 192.168.1.0/4 Filter the others
2. What if someone spoofs 192.168.1.X ?
3. Solution:hostname router1! Link to the Internetinterface ethernet 0 ip address 172.16.1.1 255.255.255.0 ip access-group 1 in! Link to the local networkinterface ethernet 1 ip address 192.168.1.1 255.255.255.0!Access-list 1 deny 192.168.1.0 0.0.0.255Access-list 1 permit 0.0.0.0 255.255.255.255
4. Limitations:Attacks from within local network
CSS432: Network Security 31
ReviewsCryptography algorithms: DES, RSA, and MD5Authentication: three way handshake and
KerberosMessage integrity: RSA, keyed MD5, and MD5
with RSA signature Examples: PGP and SSHFirewall: filter-based, proxy-based, and DMZ