technology innovation centre catc birmingham city university john higgins [email protected]...
TRANSCRIPT
![Page 1: Technology innovation centre CATC Birmingham City University John Higgins john.higgins@tic.ac.uk Richard Smith richard.smith@tic.ac.uk](https://reader036.vdocuments.mx/reader036/viewer/2022062719/56649ec15503460f94bccb79/html5/thumbnails/1.jpg)
www.catcemea.org.uk
technology innovation centre
CATC Birmingham City University
John [email protected]
Richard [email protected]
Global contact [email protected]
Network SecurityIntro and VPNs
![Page 2: Technology innovation centre CATC Birmingham City University John Higgins john.higgins@tic.ac.uk Richard Smith richard.smith@tic.ac.uk](https://reader036.vdocuments.mx/reader036/viewer/2022062719/56649ec15503460f94bccb79/html5/thumbnails/2.jpg)
BasicSecurity
Concepts,Cryptography
andIPsec
![Page 3: Technology innovation centre CATC Birmingham City University John Higgins john.higgins@tic.ac.uk Richard Smith richard.smith@tic.ac.uk](https://reader036.vdocuments.mx/reader036/viewer/2022062719/56649ec15503460f94bccb79/html5/thumbnails/3.jpg)
Security
o What do we require from a data security system?
o Confidentiality Only the intended recipient can read the data
o Integrity No one can change data in transit
o Authentication I am who I say I am
o Non Repudiation Proof of message sent or received
![Page 4: Technology innovation centre CATC Birmingham City University John Higgins john.higgins@tic.ac.uk Richard Smith richard.smith@tic.ac.uk](https://reader036.vdocuments.mx/reader036/viewer/2022062719/56649ec15503460f94bccb79/html5/thumbnails/4.jpg)
Encryption
o Solution Encryption Take the message (plain text) Apply some algorithm to each of the
letters (the cipher) Generate the encrypted message
(cipher text)
![Page 5: Technology innovation centre CATC Birmingham City University John Higgins john.higgins@tic.ac.uk Richard Smith richard.smith@tic.ac.uk](https://reader036.vdocuments.mx/reader036/viewer/2022062719/56649ec15503460f94bccb79/html5/thumbnails/5.jpg)
Simple Encryption
![Page 6: Technology innovation centre CATC Birmingham City University John Higgins john.higgins@tic.ac.uk Richard Smith richard.smith@tic.ac.uk](https://reader036.vdocuments.mx/reader036/viewer/2022062719/56649ec15503460f94bccb79/html5/thumbnails/6.jpg)
Method and Key
o Encryption has two major components
Method• Substitution• Transposition
Key
![Page 7: Technology innovation centre CATC Birmingham City University John Higgins john.higgins@tic.ac.uk Richard Smith richard.smith@tic.ac.uk](https://reader036.vdocuments.mx/reader036/viewer/2022062719/56649ec15503460f94bccb79/html5/thumbnails/7.jpg)
Caesar’s 26 keys
0 A B C D E F G H I J K L M N O P
1 B C D E F G H I J K L M N O P Q
2 C D E F G H I J K L M N O P Q R
3 D E F G H I J K L M N O P Q R S
4 E F G H I J K L M N O P Q R S T
5 F G H I J K L M N O P Q R S T U
6 G H I J K L M N O P Q R S T U V
7 H I J K L M N O P Q R S T U V W
![Page 8: Technology innovation centre CATC Birmingham City University John Higgins john.higgins@tic.ac.uk Richard Smith richard.smith@tic.ac.uk](https://reader036.vdocuments.mx/reader036/viewer/2022062719/56649ec15503460f94bccb79/html5/thumbnails/8.jpg)
Simple Encryption
o Substitution Caesar Cipher Replace each letter by a shift of the alphabet
o Encryption method Substitution
o Encryption key +3
A B C D E Z
D E F G H C
I C A M E I S A W I C O N Q U E R E DL F D P H L V D Z L F R Q T X H U H G
Veni, vidi, vici
![Page 9: Technology innovation centre CATC Birmingham City University John Higgins john.higgins@tic.ac.uk Richard Smith richard.smith@tic.ac.uk](https://reader036.vdocuments.mx/reader036/viewer/2022062719/56649ec15503460f94bccb79/html5/thumbnails/9.jpg)
Simple Encryption Problems
o Simple encryption systems can be broken by statistical analysis
The letter ‘e’ occurs 13% in English texts Distribution statistics exist for all the letters in
an alphabet With the power of computing, easy to try
several alternatives
![Page 10: Technology innovation centre CATC Birmingham City University John Higgins john.higgins@tic.ac.uk Richard Smith richard.smith@tic.ac.uk](https://reader036.vdocuments.mx/reader036/viewer/2022062719/56649ec15503460f94bccb79/html5/thumbnails/10.jpg)
Making it harder to crack
o Polyalphabetic substitution ciphers Rotate the key in use Means each time a specific letter occurs it
may be substituted by a different letter Hence it is more complex to analysis
![Page 11: Technology innovation centre CATC Birmingham City University John Higgins john.higgins@tic.ac.uk Richard Smith richard.smith@tic.ac.uk](https://reader036.vdocuments.mx/reader036/viewer/2022062719/56649ec15503460f94bccb79/html5/thumbnails/11.jpg)
Polyalphabetic substitution
0 A B C D E F G H I J K L M N O P
1 B C D E F G H I J K L M N O P Q
2 C D E F G H I J K L M N O P Q R
3 D E F G H I J K L M N O P Q R S
4 E F G H I J K L M N O P Q R S T
5 F G H I J K L M N O P Q R S T U
6 G H I J K L M N O P Q R S T U V
7 H I J K L M N O P Q R S T U V W
Keyword BED Use 1,4,3,1,4,3……
![Page 12: Technology innovation centre CATC Birmingham City University John Higgins john.higgins@tic.ac.uk Richard Smith richard.smith@tic.ac.uk](https://reader036.vdocuments.mx/reader036/viewer/2022062719/56649ec15503460f94bccb79/html5/thumbnails/12.jpg)
Polyalphabetic substitution
1 4 3 1 4 3 1 4 3 1 4 3 1 4 3 1 4 3 1
I C A M E I S A W I C O N Q U E R E D
J G D N I L T E Z J G R O U X F V H E
o Keyword is BED
o Encryption method Substitution
o Encryption key +1, +4 , +3 and then
repeat
0 A B C D E F G H I J K L M N O P
1 B C D E F G H I J K L M N O P Q
2 C D E F G H I J K L M N O P Q R
3 D E F G H I J K L M N O P Q R S
4 E F G H I J K L M N O P Q R S T
5 F G H I J K L M N O P Q R S T U
6 G H I J K L M N O P Q R S T U V
7 H I J K L M N O P Q R S T U V W
![Page 13: Technology innovation centre CATC Birmingham City University John Higgins john.higgins@tic.ac.uk Richard Smith richard.smith@tic.ac.uk](https://reader036.vdocuments.mx/reader036/viewer/2022062719/56649ec15503460f94bccb79/html5/thumbnails/13.jpg)
Polyalphabetic substitution
o How to crack this?
o Statistical analysis Guess the codeword length ..say 4 Analyse every 4th letter for a distribution If no pattern emerges try 3…. Etc With the power of computing, easy to try
several alternatives Again with modern computing we can analyse
the cipher text and crack the code
![Page 14: Technology innovation centre CATC Birmingham City University John Higgins john.higgins@tic.ac.uk Richard Smith richard.smith@tic.ac.uk](https://reader036.vdocuments.mx/reader036/viewer/2022062719/56649ec15503460f94bccb79/html5/thumbnails/14.jpg)
Other Encryption Systems
o Polyalphabetic substitution ciphers Rotate the key in use
o Transposition ciphers Re-order the letters in the message Use a key to specify the re-ordering sequence
o This is generally known as diffusion and confusion
![Page 15: Technology innovation centre CATC Birmingham City University John Higgins john.higgins@tic.ac.uk Richard Smith richard.smith@tic.ac.uk](https://reader036.vdocuments.mx/reader036/viewer/2022062719/56649ec15503460f94bccb79/html5/thumbnails/15.jpg)
Transposition ciphers
1 2 3 4 5
I C A M E
I S A W I
C O N Q U
E R E D Z
Message :-I CAME I SAW I CONQUERED
Write the message into the box ignoring the spaces.Insert random characters at the end of message to fill grid
Chose the KEY 3, 2, 4, 1, 5Read out the letters in column order
AANE CSOR MWQD IICE EIUZ
![Page 16: Technology innovation centre CATC Birmingham City University John Higgins john.higgins@tic.ac.uk Richard Smith richard.smith@tic.ac.uk](https://reader036.vdocuments.mx/reader036/viewer/2022062719/56649ec15503460f94bccb79/html5/thumbnails/16.jpg)
Cipher Machines
o Down the ages cipher machines were developed such as the famous German Enigma machine
![Page 17: Technology innovation centre CATC Birmingham City University John Higgins john.higgins@tic.ac.uk Richard Smith richard.smith@tic.ac.uk](https://reader036.vdocuments.mx/reader036/viewer/2022062719/56649ec15503460f94bccb79/html5/thumbnails/17.jpg)
Security
o Data Encryption Standard (DES) Uses substitution and transposition Initial proposal used 128 bit key US NSA requested key to be reduced to 56 bits With enough computing power this can now be broken
in 3.5 hours by brute force attack
o Now replaced with Triple DES Uses cascaded DES encryption
• 3 * 56 bit key = 168 bit key
2 key version 1013 times stronger then DES
![Page 18: Technology innovation centre CATC Birmingham City University John Higgins john.higgins@tic.ac.uk Richard Smith richard.smith@tic.ac.uk](https://reader036.vdocuments.mx/reader036/viewer/2022062719/56649ec15503460f94bccb79/html5/thumbnails/18.jpg)
Symmetric encryption
o In a shared key encryption, a single key is used for both encryption and decryption of the data
o Only the trusted parties must know the shared/secret key
o DES, 3DES, IDEA, and Blowfish are examples of shared key encryption
![Page 19: Technology innovation centre CATC Birmingham City University John Higgins john.higgins@tic.ac.uk Richard Smith richard.smith@tic.ac.uk](https://reader036.vdocuments.mx/reader036/viewer/2022062719/56649ec15503460f94bccb79/html5/thumbnails/19.jpg)
Does this encryption system solve all our requirements?
o Confidentiality Yes
o Integrity No
• Message may be incorrect • We can use a hash algorithm
o Authentication Yes
• Assuming no one has stolen the key
o Non repudiation No
![Page 20: Technology innovation centre CATC Birmingham City University John Higgins john.higgins@tic.ac.uk Richard Smith richard.smith@tic.ac.uk](https://reader036.vdocuments.mx/reader036/viewer/2022062719/56649ec15503460f94bccb79/html5/thumbnails/20.jpg)
Problems with symmetric encryption
o Two big problems exist: Scalability Key distribution
![Page 21: Technology innovation centre CATC Birmingham City University John Higgins john.higgins@tic.ac.uk Richard Smith richard.smith@tic.ac.uk](https://reader036.vdocuments.mx/reader036/viewer/2022062719/56649ec15503460f94bccb79/html5/thumbnails/21.jpg)
New Solutions
o Public-Private Keyso Diffie-Hellman Key Exchange
o Developed by Mathematicians who focussed on modular arithmetic and one way functions
![Page 22: Technology innovation centre CATC Birmingham City University John Higgins john.higgins@tic.ac.uk Richard Smith richard.smith@tic.ac.uk](https://reader036.vdocuments.mx/reader036/viewer/2022062719/56649ec15503460f94bccb79/html5/thumbnails/22.jpg)
Public Key Encryption
o Ron Rivest, Adi Shamir and Lenard Adleman produced a popular encryption method called RSA, using modular mathematics they generated two inter-related keys: Public key Private key
![Page 23: Technology innovation centre CATC Birmingham City University John Higgins john.higgins@tic.ac.uk Richard Smith richard.smith@tic.ac.uk](https://reader036.vdocuments.mx/reader036/viewer/2022062719/56649ec15503460f94bccb79/html5/thumbnails/23.jpg)
Pay to Terry Smith $100.00
One Hundred and xx/100 Dollars
A priA pub
BobAlice
EncryptPay to Terry Smith $100.00
One Hundred and xx/100 Dollars
Public Key Encryption
Decrypt
A pub
KJklzeAidJfdlwiej47DlItfd578MNSbXoE
![Page 24: Technology innovation centre CATC Birmingham City University John Higgins john.higgins@tic.ac.uk Richard Smith richard.smith@tic.ac.uk](https://reader036.vdocuments.mx/reader036/viewer/2022062719/56649ec15503460f94bccb79/html5/thumbnails/24.jpg)
RSA Operation
o To work with RSA generate a key pair Keep your private key private Publicise your public key
o When sending a message to Bob Get Bob’s public key Encrypt the message with Bob’s public key
and send it Only Bob can decrypt it with his private key
![Page 25: Technology innovation centre CATC Birmingham City University John Higgins john.higgins@tic.ac.uk Richard Smith richard.smith@tic.ac.uk](https://reader036.vdocuments.mx/reader036/viewer/2022062719/56649ec15503460f94bccb79/html5/thumbnails/25.jpg)
Does this encryption system solve all our requirements?
o Confidentiality Yes
o Integrity No
• Message may be incorrect• Unless we use a hash algorithm
o Authentication No
• Our public key is publicly available
o Non repudiation Maybe
![Page 26: Technology innovation centre CATC Birmingham City University John Higgins john.higgins@tic.ac.uk Richard Smith richard.smith@tic.ac.uk](https://reader036.vdocuments.mx/reader036/viewer/2022062719/56649ec15503460f94bccb79/html5/thumbnails/26.jpg)
How to make Authentication with Public and Private Keys
o Use your own private key to encrypt your ‘signature’ Digital signature You’re the only one with your private key
• Hence the message can be authenticated
The recipient can check your signature by ‘decrypting’ it with your public key
![Page 27: Technology innovation centre CATC Birmingham City University John Higgins john.higgins@tic.ac.uk Richard Smith richard.smith@tic.ac.uk](https://reader036.vdocuments.mx/reader036/viewer/2022062719/56649ec15503460f94bccb79/html5/thumbnails/27.jpg)
Fhlkdhfakjs asjfa1KJklzeAidJfdlwiej47DlItfd578MNSbXoE
‘signature’From Bob (12)
B pri
A pub
Bob
Encrypt
Pay to Terry Smith £100.00( 12 )
Public Key Encryption with Signatures
A pub
Encrypt
B pub
+
![Page 28: Technology innovation centre CATC Birmingham City University John Higgins john.higgins@tic.ac.uk Richard Smith richard.smith@tic.ac.uk](https://reader036.vdocuments.mx/reader036/viewer/2022062719/56649ec15503460f94bccb79/html5/thumbnails/28.jpg)
Fhlkdhfakjs asjfa1
KJklzeAidJfdlwiej47DlItfd578MNSbXoE
‘signature’From Bob (12)
A pri
A pub
Alice
Decrypt
Pay to Terry Smith £100.00( 12 )
Public Key Decryption with Signatures
Decrypt
B pub
+
B pub
![Page 29: Technology innovation centre CATC Birmingham City University John Higgins john.higgins@tic.ac.uk Richard Smith richard.smith@tic.ac.uk](https://reader036.vdocuments.mx/reader036/viewer/2022062719/56649ec15503460f94bccb79/html5/thumbnails/29.jpg)
Message in transit to Alice
Fhlkdhfakjs asjfa1KJklzeAidJfdlwiej47DlItfd578MNSbXoE
A pub
B pri
MESSAGE SIGNATURE
B pubA pri
Message encrypted with Signature encrypted (signed) with
Message decrypted with ApriOnly Alice can do this
Signature decrypted with BpubAnyone with Bpub can do this
![Page 30: Technology innovation centre CATC Birmingham City University John Higgins john.higgins@tic.ac.uk Richard Smith richard.smith@tic.ac.uk](https://reader036.vdocuments.mx/reader036/viewer/2022062719/56649ec15503460f94bccb79/html5/thumbnails/30.jpg)
Is this secure ?
o Relies on knowing you have Bpub and it really is Bob’s public Key
o Need to be sure so get Bob’s public key from a trusted source
o Key must be signed by someone you already trust
o You must have signers public key to check the signature A trusted key authority
o This is called a digital certificate
![Page 31: Technology innovation centre CATC Birmingham City University John Higgins john.higgins@tic.ac.uk Richard Smith richard.smith@tic.ac.uk](https://reader036.vdocuments.mx/reader036/viewer/2022062719/56649ec15503460f94bccb79/html5/thumbnails/31.jpg)
Digital Certificate
![Page 32: Technology innovation centre CATC Birmingham City University John Higgins john.higgins@tic.ac.uk Richard Smith richard.smith@tic.ac.uk](https://reader036.vdocuments.mx/reader036/viewer/2022062719/56649ec15503460f94bccb79/html5/thumbnails/32.jpg)
Diffie-Hellman key Exchange
o The Diffie-Hellman algorithm provides a way for two users, Bob and Alice, to establish a shared secret key that only they know They then use the key for symmetrical
encryption (e.g. 3DES) The shared secret key can be established
even though Bob and Alice are communicating over an insecure channel
![Page 33: Technology innovation centre CATC Birmingham City University John Higgins john.higgins@tic.ac.uk Richard Smith richard.smith@tic.ac.uk](https://reader036.vdocuments.mx/reader036/viewer/2022062719/56649ec15503460f94bccb79/html5/thumbnails/33.jpg)
Problem
o How can Bob be sure that he is exchanging keys with Alice?
o Some sort of authentication is required Pre-share keys
• Not scalable
Digital certificates• Scalable
![Page 34: Technology innovation centre CATC Birmingham City University John Higgins john.higgins@tic.ac.uk Richard Smith richard.smith@tic.ac.uk](https://reader036.vdocuments.mx/reader036/viewer/2022062719/56649ec15503460f94bccb79/html5/thumbnails/34.jpg)
VPN’s
![Page 35: Technology innovation centre CATC Birmingham City University John Higgins john.higgins@tic.ac.uk Richard Smith richard.smith@tic.ac.uk](https://reader036.vdocuments.mx/reader036/viewer/2022062719/56649ec15503460f94bccb79/html5/thumbnails/35.jpg)
IPSEC - VPN
o IPSEC – VPN Encrypt the whole IP datagram (possibly
header and all) Build a tunnel (wrap the packet in a new
IP header) Send over insure network to other end of
tunnel
![Page 36: Technology innovation centre CATC Birmingham City University John Higgins john.higgins@tic.ac.uk Richard Smith richard.smith@tic.ac.uk](https://reader036.vdocuments.mx/reader036/viewer/2022062719/56649ec15503460f94bccb79/html5/thumbnails/36.jpg)
IPSEC Virtual Private Networks
o Use authentication to establish who is at the other end
o Use Diffie-Hellman to generate shared secret keys
o Use symmetrical system (DES) to encrypt data
![Page 37: Technology innovation centre CATC Birmingham City University John Higgins john.higgins@tic.ac.uk Richard Smith richard.smith@tic.ac.uk](https://reader036.vdocuments.mx/reader036/viewer/2022062719/56649ec15503460f94bccb79/html5/thumbnails/37.jpg)
VPN usage scenarios
![Page 38: Technology innovation centre CATC Birmingham City University John Higgins john.higgins@tic.ac.uk Richard Smith richard.smith@tic.ac.uk](https://reader036.vdocuments.mx/reader036/viewer/2022062719/56649ec15503460f94bccb79/html5/thumbnails/38.jpg)
IPSEC VPN
o ISAKMP POLICY Authenticate Agree encryption Generate keys
o IPSEC transform set Bulk encryption method
![Page 39: Technology innovation centre CATC Birmingham City University John Higgins john.higgins@tic.ac.uk Richard Smith richard.smith@tic.ac.uk](https://reader036.vdocuments.mx/reader036/viewer/2022062719/56649ec15503460f94bccb79/html5/thumbnails/39.jpg)
IPSEC VPN
o Interesting Traffic for VPN Access list
o Crypto map Pulls it all together Applied on an interface.