310 likes | 561 Views
CSS432 Network Security Textbook Ch8. Professor: Munehiro Fukuda. Security. Cryptography. Security. algorithms. services. Secret. Public. Message. Privacy. Authentication. Message. key. key. digest. integrity. (e.g., DES). (e.g., RSA). (e.g., MD5). Overview.
E N D
CSS432 Network SecurityTextbook Ch8 Professor: Munehiro Fukuda CSS432: Network Security
Security Cryptography Security algorithms services Secret Public Message Privacy Authentication Message key key digest integrity (e.g., DES) (e.g., RSA) (e.g., MD5) Overview • Cryptography functions • Secret key (e.g., DES): sharing a common single secret key • Public key (e.g., RSA): owning a private key, while publishing the corresponding public key • Message digest (e.g., MD5): generating a cryptographic checksum • Security services • Privacy: preventing unauthorized release of information • Authentication: verifying identity of the remote participant • Integrity: making sure message has not been altered CSS432: Network Security
Plaintext Plaintext Encrypt with Decrypt with secret key secret key Ciphertext Secret Key (DES) CSS432: Network Security
Initial permutation Round 1 L R i – 1 i – 1 Round 2 K F 56-bit i key … + Round 16 L R i i Final permutation • 64-bit key (56-bits + 8-bit parity) • 16 rounds • Each Round Left half Right half Combiner function Ex-OR CSS432: Network Security
Block Block Block Block 2 3 4 1 + + + + IV DES DES DES DES Cipher Cipher Cipher Cipher 1 2 4 3 64bits 64bits 64bits 64bits • Repeat for larger messages Initialization vector (Random number) CSS432: Network Security
Plaintext Plaintext Encrypt with Decrypt with public key private key Ciphertext Public Key (RSA) • Encryption: c = memod n where <e, n> is a public key • Decryption: m = cdmod n where <d, n> is a private key • The main goal is to find a pair of e and d CSS432: Network Security
RSA (cont) Algorithm Example • p = 3, q = 5 • n = 3 x 5 = 15 • (3-1) x (5 – 1) = 8 • e = 7 • 7d = 1 mod 8 • d = 15 • 7 x 15 = 105 = 1 mod 8 • m = 2 • c = 27 mod 15 = 8 • m = 815 mod 15 = 2 • Choose two large prime numbers p and q (each 256 bits) • n = p x q • Choose the encryption key e, such that e and (p - 1) x (q - 1) are relatively prime. • Two numbers are relatively prime if they have no common factor greater than one • Compute decryption key d such that d = e-1mod ((p - 1) x (q - 1)) • Construct public key as (e, n) • Construct private key as (d, n) • Discard (do not disclose) original primes p and q • Encryption: c = memod n • Decryption: m = cdmod n CSS432: Network Security
Message Digest Sender message message message checksum checksum checksum Adversary knows the checksum computation Receiver Errors altered message message message Wrong altered checksum checksum checksum checksum checksum checksum Errors detected No alternation detected No errors CSS432: Network Security
Message Digest message message message MD MD MD Adversary doesn’t know the key used in MD Errors altered message message message Wrong altered MD MD MD MD MD MD No errors nor alternations Errors detected Alternation detected CSS432: Network Security
512 bits 512 bits 512 bits Message Digest Message (padded) 128-bit Initial digest (constant) Bitwise transform Bitwise transform Bitwise transform Message digest CSS432: Network Security
Authentication ProtocolsThree-Way Handshake • E(msg, key): msg was encrypted with key • CHK: client handshake key • SHK: server handshake key • Both client and server must know CHK and SHK. • Client sends x encrypted with CHK. • Server decrypts x with CHK. • Server sends x + 1 and y encrypted with SHK. • Client decrypts x + 1 and y with SHK and knows Server has CHK. • Client sends y + 1 encrypted with CHK. • Server decrypts y + 1 with CHK and knows Client has SHK. What if client and server know nothing about each other? CSS432: Network Security
Authentication ProtocolsTrusted Third Party (Kerberos) S A B • The authentication server S assumes that A and B each share a secret key with S. • T: timestamp • L: Lifetime • K: Session key • KA: Secret key shared between A and S • KB: Secret key shared between B and S B , A E (( T , L , K A knows T, L, and K A checks if B has received K , B E ), (( T K , L ), , A K , A ), K ) B E (( A , T E ), (( K T , ), L , K , A ), K ) B knows T, L, and K B responds T+1 to A B ) K + 1, T ( E A session has been established CSS432: Network Security
Public key authentication A authenticated B CSS432: Network Security
Message Integrity Protocols • Digital signature using RSA • Original cryptography: • Encryption with a public key : c = memod n • Decryption with a private key: m = cdmod n • Compute signature with private key and verify with public key • Encryption with a private key : m = cdmod n • Decryption with a public key: c = memod n • Large computational complexity • Keyed MD5 • sender: m + MD5(m + k) • receiver • Sender and receiver share the key k • Computes MD5(m + k) and compare it with the received MD5(m + k) • MD5 with RSA signature • sender: m + E(MD5(m), private) • receiver • decrypts MD5(m) with sender’s public key • compares result with MD5 checksum sent with message CSS432: Network Security
Key Distribution • Certificate • Special type of digitally signed document: “I certify that the public key in this document belongs to the entity named in this document, signed X.” • The name of the entity being certified • The public key of the entity • The name of the certified authority • A digital signature • Certified Authority (CA) • Administrative entity that issues certificates • Useful only to someone that already holds the CA’s public key. • PGP Example: • CA imports a public key from a person who wants it to certify his/her public key. • CA retrieves the finger print from this public key. • CA verify it with the key’s owner over a phone or through any other means. CSS432: Network Security
Key Distribution (cont) • Chain of Trust • X certifies that a certain public key belongs to Y: X.cert( Y, publicKeyY ) • Y certifies that another public key belongs to Z: Y.cert( Z, publicKeyZ ) • Someone, say A wants to verify Z’s public key has to know X’s public key: A.knows( X, publicKeyX ) • Certificate Revocation List • A digitally signed list of revoked certificates • Periodically updated and made available in public • A revoked certificate will be listed for a certain time period • A certificate has an expiration date. • PGP Example: • A person who wants to revoke his/her public key generates a revocation certificate. (This should be done before his/her public key becomes useless.) • He/she prints out the revocation certificate and sends it to CA. CSS432: Network Security
Example Systems • Pretty Good Privacy (PGP) • Encryption and authentication for email • Secure Shell (SSH) • Secured version of Unix R commands (rlogin, rsh, and rcp) • Transport Layer Security (TLS, SSL, HTTPS) • Additional handshake to encrypt and authenticate TCP communication, in particular HTTP connections • IP Security (IPSEC) • Framework to make IP packets secured CSS432: Network Security
PGP • A popular approach to providing encryption ad authentication capabilities for email. • A user decides the level of establishing trust • You know A well, and thus trust A’s public key. • You have received B’s certificate from A. • You trust it if B is A’s colleague but not a politician. • You have received B’s certificate from C and D and then trust B’s certificate. • A user collects a set of certificates with varying trust level in a key ring (~/.gnupg/trustdb.gpg) • Systems available at: • MIT distribution site for PGP: http://web.mit.edu/network/pgp.html • The International PGP Home Page: http://www.pgpi.org/ • The Gnu Privacy Guard: http://www.gnupg.org/ CSS432: Network Security
PGP (Message Encryption) • Generating a key: gpg --gen-key • Required to type your real name, comments, and email address( mfukuda@u.washington.edu) • Exporting a public key: gpg --output mfukuda.pub --armor --export mfukuda • Importing a public key: gpg --import --armor mfukuda.pub • Validating a public key: gpg --edit-key mfukuda@u.washington.edu • Command > fpr // check his finger print • Command > sign // sign this public key at a favorite trust level • Encrypting a document: gpg –output doc.enc –encrypt –recipient balke@cyb.org doc • Decrypting a document: gpg –output doc –descript doc.enc Create a random secret key k Encrypt message using DES with secret key k Decrypt message using DES with secret key k Encrypt k using RSA with recipient’s public key Decrypt E(k) using RSA with my private key -> k Encode message + E(k) in ASCII for transmission Convert ASCII message CSS432: Network Security
PGP (Message Integrity and Authentication) • Making a signature: gpg --output doc.asc --sign doc • Making a signature in email format: gpg --clearsign doc // doc.asc is automatically created • Verifying a signature: gpg --output doc --decrypt doc.asc Sender identity and message integrity confirmed if checksums match Calculate MD5 checksum on received message and compare against received value Calculate MD5 checksum over message contents Sign checksum using RSA with sender’s private key Decrypt signed checksum with sender’s public key CSS432: Network Security
SSH • Secured version of Unix R commands (rlogin, rsh, and rcp) • SSH-TRANS: • a transport layer protocol on top a TCP connection • SSH-AUTH: • An authentication protocl using RSA • SSH-CONN: • a connection protocol enabling SSH tunnelling CSS432: Network Security
host1 mfukuda@local1 server session server host1 host1 server host1 server host1 /etc/ssh/ssh_host_rsa_key host2 host3 /etc/ssh/ssh_known_hosts ~/.ssh/known_hosts /etc/ssh/ssh_host_rsa_key.pub E( , ) mfukuda@local1 mfukuda@local2 mfukuda@local2 mfukuda@local1 session session ~/.ssh/id_rsa (~/.ssh/identity) ~/.ssh/authorized_keys SSH (Protocol Exchange) (1) Contact to port 22 (2) SSH version (3) (4) Server Authentication (5) Secure connection established (6) Client Authentication E( random 256-bit string, ) MD5(random 256-bit string, ) (7) All authentications completed local1 server1 CSS432: Network Security
SSH (Key Generation Example) Munehiro Fukuda@fukuda-thinkpad ~$ ssh-keygent –t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/Munehiro Fukuda/.ssh/id_rsa): Enter passphrase (empty for no passphrase): ******** Enter same passphrase again: ******** Your identification has been saved in /home/Munehiro Fukuda/.ssh/id_rsa. Your public key has been saved in /home/Munehiro Fukuda/.ssh/id_rsa.pub. The key finger print is: 3b:4c:e7:db:68:25:13:7e:77:a2:c8:b8:43:af:44:82 Munehiro Fukuda@fukuda-thinkpad Munehiro Fukuda@fukuda-thinkpad ~$ cd .ssh Munehiro Fukuda@fukuda-thinkpad ~$ ls Id_rsa id_rsa.pub known_hosts known_hosts~ Munehiro Fukuda@fukuda-thinkpad ~$ sftp perseus.bothell.washington.edu Connecting to perseus.bothell.washington.edu… mfukuda@perseus.bothell.washington.edu’s password: ******** sftp> put id_rsa.pub sftp> quit Munehiro Fukuda@fukuda-thinkpad ~$ ssh –l mfukuda perseus.bothell.washington.edu mfukuda@perseus.bothell.washington.edu’s passowrd: ******** [mfukuda@perseus mfukuda]$ mv id_rsa.pub .ssh/id_rsa.fukuda-thinkpad.pub [mfukuda@perseus mfukuda]$ cd .ssh [mfukuda@perseus mfukuda]$ cat id_rsa.fukuda-thinkpad.pub >> authorized_keys [mfukuda@perseus mfukuda]$ chmod 644 authorized_keys [mfukuda@perseus mfukuda]$ exit Munehiro Fukuda@fukuda-thinkpad ~$ ssh –l mfukuda perseus bothell.washington.edu Enter passphrase for key ‘/honme/Munehiro Fukuda/.ssh/id_rsa’: ******** [mfukuda@perseus mfukuda]$ CSS432: Network Security
mfukuda@local1 mfukuda@local ~/.ssh/id_rsa (~/.ssh/identity) SSH (SSH Agent) $ ssh-add ssh-agent SSH protocol exchange server local Munehiro Fukuda@fukuda-thinkpad ~$ eval `ssh-agent` Agent pid 228 Munehiro Fukuda@fukuda-thinkpad ~$ ssh-add Enter passphrase for /home/Munehiro Fukuda/.ssh/id_rsa: ******** Identity added: /home/Munehiro Fukuda/.ssh/id_rsa (home/Munehiro Fukuda/..ssh/id_rsa) Munehiro Fukuda@fukuda-thinkpad ~$ ssh –l mfukuda perseus.bothell.washington.edu [mfukuda@perseus mfukuda]$ exit Munehiro Fukuda@fukuda-thinkpad ~$ ssh –l mfukuda perseus.bothell.washington.edu [mfukuda@perseus mfukuda]$ exit Munehiro Fukuda@fukuda-thinkpad ~$ eval `ssh-agent –k` Agent pid 228 killd Munehiro Fukuda@fukuda-thinkpad ~$ ssh –l mfukuda perseus bothell.washington.edu Enter passphrase for key ‘/honme/Munehiro Fukuda/.ssh/id_rsa’: ******** [mfukuda@perseus mfukuda]$ CSS432: Network Security
mfukuda@local mfukuda@local ~/.ssh/id_rsa SSH (Agent Forwarding) SSH protocol exchange sshd proxy agent SSH protocol exchange $ ssh-add ssh-agent sshd authentication authentication forwarded authentication scp scp scp local Server X Server X #Enable agent forwarding ssh –A …. sftp userId@serverX:file1 userId@serverY:file2 CSS432: Network Security
=localhost =localhost SSH (Port Forwarding) • Local forwarding • ssh -L x:appserver:y username@sshdserver • Ex: ssh –L 80:localhost:8080 mfukuda@perseus • Localhost = perseus in this example • Remote forwarding • ssh -R x:appclient:y username@sshdserver • Ex: ssh –R 80:localhost: mfukuda@perseus • Localhost = my local computer (fukuda-thinkpad) x y 22 appclient sshclient sshdserver appserver 22 y x appclient sshdserver appserver sshclient CSS432: Network Security
Rest of the Internet Firewall Local site Firewalls • Filter-Based Solution • Example ( 192.12.13.14, 1234, 128.7.6.5, 80 ) filter all packets from port 1234 on host 192.12.13.14 addressed to port 80 on host 128.7.6.5 (*,*, 128.7.6.5, 80 ) filter all packets address to port 80 on 128.7.6.5 • Default: forward or not forward? • All ports initialized to forward packets • All ports initialized to filter packets • How dynamic? • Filter initialized upon a boot • Filter reinitialized at run time CSS432: Network Security
CISCO Example 172.16.2.0 Internet X Local Network router1 172.16.1.1 192.168.1.1 hostname router1 ! Link to the Internet interface ethernet 0 ip address 172.16.1.1 255.255.255.0 ip access-group 1 in ! Link to the local network interface ethernet 1 ip address 192.168.1.1 255.255.255.0 ! Access-list 1 deny 172.16.2.0 0.0.0.255 Access-list 1 permit 0.0.0.0 255.255.255.255 CSS432: Network Security
Remote company user Firewall External Local client server W eb Proxy Internet Firewall Company net server Random External HTTP/TCP connection Internal HTTP/TCP connection external user Proxy-Based Firewalls • Problem: complex policy • Example: web server • Solution: proxy • Question: • What if we need to run different applications (HTTP, FTP, IMAP, etc)? Filter port 80 or not Some web pages should be visible, While the other should not. CSS432: Network Security
DMZ and Bastion Servers 1. Forward packets from 192.168.1.0/4 Filter the others 172.16.1.1 Internet Local Network Border Router Firewall System 2. What if someone spoofs 192.168.1.X ? 192.168.1.1 192.168.1.0/24 De-Militarized Zone (DMZ) HTTP FTP IMAP Bastion Hosts 3. Solution: hostname router1 ! Link to the Internet interface ethernet 0 ip address 172.16.1.1 255.255.255.0 ip access-group 1 in ! Link to the local network interface ethernet 1 ip address 192.168.1.1 255.255.255.0 ! Access-list 1 deny 192.168.1.0 0.0.0.255 Access-list 1 permit 0.0.0.0 255.255.255.255 4. Limitations: Attacks from within local network CSS432: Network Security
Reviews • Cryptography algorithms: DES, RSA, and MD5 • Authentication: three way handshake and Kerberos • Message integrity: RSA, keyed MD5, and MD5 with RSA signature • Examples: PGP and SSH • Firewall: filter-based, proxy-based, and DMZ CSS432: Network Security