Network Security roadmap

1. What is network security?

2. Principles of cryptography
3. Authentication
4. Integrity

Network Security 1
What is network security?
Confidentiality: only sender, intended receiver
should “understand” message contents
 sender encrypts message
 receiver decrypts message

Authentication: sender, receiver want to confirm

identity of each other
Message Integrity: sender, receiver want to ensure
message not altered (in transit, or afterwards)
without detection
Access and Availability: services must be accessible
and available to users

Network Security 2
Friends and enemies: Alice, Bob, Trudy
 well-known in network security world
 Bob, Alice (lovers!) want to communicate “securely”
 Trudy (intruder) may intercept, delete, add messages

Alice Bob
data, control
channel
messages

data secure secure data

sender receiver

Trudy
Network Security 3
Who might Bob, Alice be?
 … well, real-life Bobs and Alices!
 Web browser/server for electronic
transactions (e.g., on-line purchases)
 on-line banking client/server
 DNS servers
 routers exchanging routing table updates
 other examples?

Network Security 4
There are bad guys (and girls) out there!
Q: What can a “bad guy” do?
A: a lot!
 eavesdrop: intercept messages
 actively insert messages into connection
 impersonation: can fake (spoof) source address
in packet (or any field in packet)
 hijacking: “take over” ongoing connection by
removing sender or receiver, inserting himself
in place
 denial of service: prevent service from being
used by others (e.g., by overloading resources)
more on this later ……
Network Security 5
Network Security roadmap

1. What is network security?

2. Principles of cryptography
3. Authentication
4. Integrity

Network Security 6
The language of cryptography
Alice’s Bob’s
K encryption K decryption
A
key B key

plaintext encryption ciphertext decryption plaintext

algorithm algorithm

symmetric key crypto: sender, receiver keys identical

public-key crypto: encryption key public, decryption key
secret (private)

Network Security 7
Symmetric key cryptography
substitution cipher: substituting one thing for another
 monoalphabetic cipher: substitute one letter for another

plaintext: abcdefghijklmnopqrstuvwxyz

ciphertext: mnbvcxzasdfghjklpoiuytrewq

E.g.: Plaintext: bob. i love you. alice

ciphertext: nkn. s gktc wky. mgsbc

Q: How hard to break this simple cipher?:

 brute force (how hard?)
 other?

Network Security 8
Symmetric key crypto: DES
DES: Data Encryption Standard
 US encryption standard [NIST 1993]
 56-bit symmetric key, 64-bit plaintext input
 How secure is DES?
DES Challenge: 56-bit-key-encrypted phrase
(“Strong cryptography makes the world a safer
place”) decrypted (brute force) in 4 months
 no known “backdoor” decryption approach
 making DES more secure:
 use three keys sequentially (3-DES) on each datum
 use cipher-block chaining

Network Security 9
AES: Advanced Encryption Standard

 new (Nov. 2001) symmetric-key NIST

standard, replacing DES
 processes data in 128 bit blocks
 128, 192, or 256 bit keys
 brute force decryption (try each key)
taking 1 sec on DES, takes 149 trillion
years for AES

Network Security 10
Public Key Cryptography

symmetric key crypto public key cryptography

 requires sender,  radically different
receiver know shared approach [Diffie-
secret key Hellman76, RSA78]
 Q: how to agree on key  sender, receiver do
in first place not share secret key
(particularly if never  public encryption key
“met”)? known to all
 private decryption
key known only to
receiver

Network Security 11
Network Security roadmap

1. What is network security?

2. Principles of cryptography
3. Authentication
4. Integrity

Network Security 12
Authentication
Goal: Bob wants Alice to “prove” her identity
to him
Protocol ap1.0: Alice says “I am Alice”

in a network,
Bob can not “see”
Alice, so Trudy simply
“I am Alice” declares
herself to be Alice

Network Security 13
Authentication: another try
Protocol ap3.0: Alice says “I am Alice” and sends her
secret password to “prove” it.

Alice’s Alice’s
“I’m Alice”
IP addr password
playback attack: Trudy
Alice’s records Alice’s packet
OK
IP addr and later
plays it back to Bob

Alice’s Alice’s
“I’m Alice”
IP addr password

Network Security 14
Network Security roadmap

1. What is network security?

2. Principles of cryptography
3. Authentication
4. Integrity

Network Security 15
Digital Signatures

Cryptographic technique analogous to hand-

written signatures.
 sender (Bob) digitally signs document,
establishing he is document owner/creator.
 verifiable, nonforgeable: recipient (Alice) can
prove to someone that Bob, and no one else
(including Alice), must have signed document

Network Security 16
Digital Signatures
Simple digital signature for message m:
 Bob signs m by encrypting with his private key
- -
KB, creating “signed” message, KB(m)
-
Bob’s message, m K B Bob’s private -
K B(m)
key
Dear Alice
Bob’s message, m,
Oh, how I have missed Public key signed (encrypted)
you. I think of you all the
time! …(blah blah blah) encryption with his private key
algorithm
Bob

Network Security 17
Message Digests large
H: Hash
message
Function
m
Computationally expensive
to public-key-encrypt
long messages H(m)

Goal: fixed-length, easy- to-

compute digital
“fingerprint”
 apply hash function H to
m, get fixed size message
digest, H(m).
Hash function properties:
 many-to-1
 produces fixed-size msg
digest (fingerprint)
 given message digest x,
computationally
infeasible to find m such
that x = H(m)
Network Security 18
CONCLUSION
 We have conclude that network security
and integrity

Network Security 19