100% found this document useful (1 vote)
396 views492 pages

Crypto8e Merged

The document discusses cryptography and network security concepts. It covers topics such as cybersecurity, information security versus network security, security objectives like confidentiality, integrity and availability. It also discusses challenges in computer security, OSI security architecture, threats and different types of security attacks.

Uploaded by

Dom Dom
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
100% found this document useful (1 vote)
396 views492 pages

Crypto8e Merged

The document discusses cryptography and network security concepts. It covers topics such as cybersecurity, information security versus network security, security objectives like confidentiality, integrity and availability. It also discusses challenges in computer security, OSI security architecture, threats and different types of security attacks.

Uploaded by

Dom Dom
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 492

Cryptography and

Network Security
Eighth Edition
by William Stallings

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved


Chapter 1
Information and Network
Security Concepts

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved


Cybersecurity
Cybersecurity is the collection of tools, policies, security concepts,
security safeguards, guidelines, risk management approaches, actions, training,
best practices, assurance, and technologies that can be used to protect the
cyberspace environment and organization and users’ assets. Organization and
users’ assets include connected computing devices, personnel, infrastructure,
applications, services, telecommunications systems, and the totality of
transmitted and/or stored information in the cyberspace environment.
Cybersecurity strives to ensure the attainment and maintenance of the security
properties of the organization and users’ assets against relevant security risks
in the cyberspace environment. The general security objectives comprise the
following: availability; integrity, which may include data authenticity and
nonrepudiation; and confidentiality

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved


Cybersecurity

Information Security Network Security


• This term refers to • This term refers to protection
preservation of of networks and their service
confidentiality, integrity, and from unauthorized
availability of information. In modification, destruction, or
addition, other properties, disclosure, and provision of
such as authenticity, assurance that the network
accountability, performs its critical functions
nonrepudiation, and correctly and there are no
reliability can also be involved harmful side effects

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved


Security Objectives
• The cybersecurity definition introduces three key
objectives that are at the heart of information and
network security:
• Confidentiality: This term covers two related concepts:
• Data confidentiality: Assures that private or confidential
information is not made available or disclosed to unauthorized
individuals
• Privacy: Assures that individuals control or influence what
information related to them may be collected and stored and
by whom and to whom that information may be disclosed

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved


Security Objectives
• Integrity: This term covers two related concepts:
• Data integrity: Assures that data and programs are changed
only in a specified and authorized manner. This concept also
encompasses data authenticity, which means that a digital
object is indeed what it claims to be or what it is claimed to be,
and nonrepudiation, which is assurance that the sender of
information is provided with proof of delivery and the recipient
is provided with proof of the sender’s identity, so neither can
later deny having processed the information
• System integrity: Assures that a system performs its intended
function in an unimpaired manner, free from deliberate or
inadvertent unauthorized manipulation of the system

• Availability: Assures that systems work promptly and service


is not denied to authorized users
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved
Computer Security Challenges
• Security is not simple • Security mechanisms typically
involve more than a
• Potential attacks on the particular algorithm or
security features need to be protocol
considered
• Security is essentially a battle
• Procedures used to provide of wits between a
particular services are often perpetrator and the designer
counter-intuitive
• Little benefit from security
• It is necessary to decide investment is perceived until
where to use the various a security failure occurs
security mechanisms
• Strong security is often
• Requires constant monitoring viewed as an impediment to
efficient and user-friendly
• Is too often an afterthought operation

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved


OSI Security Architecture

Security
Security attack Security service
mechanism

A processing or
A process (or a device communication Intended to counter
Any action that security attacks, and
incorporating such a service that enhances
compromises the they make use of one
process) that is the security of the
security of or more security
designed to detect, data processing
information owned mechanisms to
prevent, or recover systems and the
by an organization provide the service
from a security attack information transfers
of an organization

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved


Threats and Attacks

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved


© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved
Security Attacks

• A means of classifying security attacks, used both in


X.800 and RFC 4949, is in terms of passive attacks and
active attacks

• A passive attack attempts to learn or make use of


information from the system but does not affect
system resources

• An active attack attempts to alter system resources or


affect their operation

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved


Passive Attacks

• Are in the nature of


eavesdropping on, or
monitoring of, transmissions

• Goal of the opponent is to • Two types of passive


obtain information that is
being transmitted
attacks are:
• The release of message
contents
• Traffic analysis

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved


Active Attacks
• Involve some modification of the
data stream or the creation of a •Takes place when one entity
pretends to be a different entity
false stream Masquerade •Usually includes one of the other
forms of active attack
• Difficult to prevent because of
the wide variety of potential
•Involves the passive capture of a
physical, software, and network data unit and its subsequent
Replay retransmission to produce an
vulnerabilities
unauthorized effect

• Goal is to detect attacks and to


recover from any disruption or •Some portion of a legitimate
Data message is altered, or messages are
delays caused by them
delayed or reordered to produce an
Modification unauthorized effect

Denial of •Prevents or inhibits the normal use


or management of communications
service facilities

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved


© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved
Authentication
• Concerned with assuring that a communication is
authentic
• In the case of a single message, assures the recipient that the
message is from the source that it claims to be from
• In the case of ongoing interaction, assures the two entities are
authentic and that the connection is not interfered with in
such a way that a third party can masquerade as one of the
two legitimate parties

Two specific authentication services are defined in


X.800:
• Peer entity authentication
• Data origin authentication

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved


Authentication
• Peer entity authentication
• Provides for the corroboration of the identity of a peer entity in an
association. Two entities are considered peers if they implement the
same protocol in different systems. Peer entity authentication is
provided for use at the establishment of, or at times during the data
transfer phase of, a connection. It attempts to provide confidence
that an entity is not performing either a masquerade or an
unauthorized replay of a previous connection

• Data origin authentication


• Provides for the corroboration of the source of a data unit. It does
not provide protection against the duplication or modification of data
units. This type of service supports applications like electronic mail,
where there are no ongoing interactions between the
communicating entities
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved
Access Control

• The ability to limit and control the access to


host systems and applications via
communications links

• To achieve this, each entity trying to gain


access must first be indentified, or
authenticated, so that access rights can be
tailored to the individual

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved


Data Confidentiality
• The protection of transmitted data from passive
attacks
• Broadest service protects all user data transmitted
between two users over a period of time
• Narrower forms of service includes the protection of
a single message or even specific fields within a
message

• The protection of traffic flow from analysis


• This requires that an attacker not be able to observe
the source and destination, frequency, length, or
other characteristics of the traffic on a
communications facility
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved
Data Integrity
Can apply to a stream of messages, a single
message, or selected fields within a message

Connection-oriented integrity service, one that


deals with a stream of messages, assures that
messages are received as sent with no duplication,
insertion, modification, reordering, or replays

A connectionless integrity service, one that deals


with individual messages without regard to any
larger context, generally provides protection
against message modification only

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved


Nonrepudiation
• Prevents either sender or receiver from
denying a transmitted message

• When a message is sent, the receiver can


prove that the alleged sender in fact sent the
message

• When a message is received, the sender can


prove that the alleged receiver in fact received
the message

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved


Availability Service

• Protects a system to ensure its availability

• This service addresses the security concerns


raised by denial-of-service attacks

• It depends on proper management and


control of system resources and thus depends
on access control service and other security
services

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved


Security Mechanisms
• Cryptographic algorithms: We can distinguish between reversible cryptographic mechanisms and irreversible
cryptographic mechanisms. A reversible cryptographic mechanism is simply an encryption algorithm that allows
data to be encrypted and subsequently decrypted. Irreversible cryptographic mechanisms include hash
algorithms and message authentication codes, which are used in digital signature and message authentication
applications.

• Data integrity: This category covers a variety of mechanisms used to assure the integrity of a data unit or
stream of data units.

• Digital signature: Data appended to, or a cryptographic transformation of, a data unit that allows a recipient of
the data unit to prove the source and integrity of the data unit and protect against forgery.

• Authentication exchange: A mechanism intended to ensure the identity of an entity by means of information
exchange.

• Traffic padding: The insertion of bits into gaps in a data stream to frustrate traffic analysis attempts.

• Routing control: Enables selection of particular physically or logically secure routes for certain data and allows
routing changes, especially when a breach of security is suspected.

• Notarization: The use of a trusted third party to assure certain properties of a data exchange

• Access control: A variety of mechanisms that enforce access rights to resources.

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved


© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved
Keyless Algorithms
• Deterministic functions that have certain properties
useful for cryptography
• One type of keyless algorithm is the cryptographic hash
function
• A hash function turns a variable amount of text into a small, fixed-
length value called a hash value, hash code, or digest
• A cryptographic hash function is one that has additional properties
that make it useful as part of another cryptographic algorithm,
such as a message authentication code or a digital signature
• A pseudorandom number generator produces a
deterministic sequence of numbers or bits that has the
appearance of being a truly random sequence
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved
Single-Key Algorithms
Encryption
algorithms that use a Symmetric
Single-key encryption takes the
cryptographic single key are
referred to as following forms:
algorithms depend
on the use of a symmetric encryption
secret key algorithms
Block cipher
•A block cipher operates on
With symmetric encryption, an data as a sequence of blocks
encryption algorithm takes as •In most versions of the block
input some data to be protected cipher, known as modes of
and a secret key and produces an operation, the transformation
unintelligible transformation on depends not only on the
that data current data block and the
secret key but also on the
content of preceding blocks
A corresponding decryption
algorithm takes the
transformed data and the
same secret key and recovers Stream cipher
the original data •A stream cipher operates on data
as a sequence of bits
•As with the block cipher, the
transformation depends on a
secret key
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved
Single-Key Algorithms
Another form of single-key cryptographic
algorithm is the message authentication code (MAC)

A MAC is a data element associated with a data block or message

The MAC is generated by a cryptographic transformation


involving a secret key and, typically, a cryptographic hash
function of the message

The MAC is designed so that someone in possession of the secret


key can verify the integrity of the message

The recipient of the message plus the MAC can perform the same
calculation on the message; if the calculated MAC matches the MAC
accompanying the message, this provides assurance that the
message has not been altered

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved


Asymmetric Algorithms
• Encryption algorithms that use a single key are referred to
as asymmetric encryption algorithms

• Digital signature algorithm


• A digital signature is a value computed with a cryptographic
algorithm and associated with a data object in such a way that any
recipient of the data can use the signature to verify the data’s origin
and integrity

• Key exchange
• The process of securely distributing a symmetric key to two or more
parties

• User authentication
• The process of authenticating that a user attempting to access an
application or service is genuine and, similarly, that the application or
service is genuine
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved
Communications Security
• Deals with the protection of communications through
the network, including measures to protect against
both passive and active attacks
• Communications security is primarily implemented
using network protocols
• A network protocol consists of the format and procedures that
governs the transmitting and receiving of data between points in
a network
• A protocol defines the structure of the individual data units and
the control commands that manage the data transfer

• With respect to network security, a security protocol


may be an enhancement that is part of an existing
protocol or a standalone protocol

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved


Device Security
• The other aspect of network security is the protection of network devices, such as routers
and switches, and end systems connected to the network, such as client systems and
servers

• The primary security concerns are intruders that gain access to the system to perform
unauthorized actions, insert malicious software (malware), or overwhelm system resources
to diminish availability

• Three types of device security are:


• Firewall
• A hardware and/or software capability that limits access between a network and device
attached to the network, in accordance with a specific security policy. The firewall acts as a
filter that permits or denies data traffic, both incoming and outgoing, based on a set of
rules based on traffic content and/or traffic pattern
• Intrusion detection
• Hardware or software products that gather and analyze information from various areas
within a computer or a network for the purpose of finding, and providing real-time or near-
real-time warning of, attempts to access system resources in an unauthorized manner
• Intrusion prevention
• Hardware or software products designed to detect intrusive activity and attempt to stop
the activity, ideally before it reaches its target

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved


Trust Model
• One of the most widely accepted and most cited definitions of trust is:
“the willingness of a party to be vulnerable to the actions of
another party based on the expectation that the other will perform
a particular action important to the trustor, irrespective of the ability
to monitor or control that other party”

• Three related concepts are relevant to a trust model:


• Trustworthiness: A characteristic of an entity that reflects the degree to which
that entity is deserving of trust

• Propensity to trust: A tendency to be willing to trust others across a broad


spectrum of situations and trust targets. This suggests that every individual has
some baseline level of trust that will influence the person’s willingness to rely
on the words and actions of others

• Risk: A measure of the extent to which an entity is threatened by a potential


circumstance or event, and typically a function of 1) the adverse impacts that
would arise if the circumstance or event occurs; and 2) the likelihood of
occurrence

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved


© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved
The Trust Model and
Information Security

Trust is confidence that Trust is always restricted


an entity will perform in a to specific functions or
way that will not ways of behavior and is
prejudice the security of meaningful only in the
the user of the system of context of a security
which that entity is a part policy

In this context, the term


Generally, an entity is entity may refer to a
said to trust a second single hardware
entity when the first component or software
entity assumes that the module, a piece of
second entity will behave equipment identified by
exactly as the first entity make and model, a site or
expects location, or an
organization

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved


Trustworthiness of an
Individual
• Organizations need to be concerned about both internal users (employees, on-site
contractors) and external users (customers, suppliers) of their information systems

• With respect to internal users, an organization develops a level of trust in individuals


by policies in the following two areas:

• Human resource security


• Sound security practice dictates that information security requirements be embedded
into each stage of the employment life cycle, specifying security-related actions
required during the induction of each individual, their ongoing management, and
termination of their employment. Human resource security also includes assigning
ownership of information (including responsibility for its protection) to capable
individuals and obtaining confirmation of their understanding and acceptance

• Security awareness and training


• This area refers to disseminating security information to all employees, including IT
staff, IT security staff, and management, as well as IT users and other employees. A
workforce that has a high level of security awareness and appropriate security training
for each individual’s role is as important, if not more important, than any other security
countermeasure or control

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved


Trustworthiness of an
Organization
• Most organizations rely on information system service and information
provided by external organizations, as well as partnerships to accomplish
missions and business functions (examples are cloud service providers
and companies that form part of the supply chain for the organization)

• To manage risk to the organization, it must establish trust relationships


with these external organizations

• NIST SP 800-39 (Managing Information Security Risk, March 2011)


indicates that such trust relationships can be:
• Formally established, for example, by documenting the trust-related
information in contracts, service-level agreements, statements of work,
memoranda of agreement/understanding, or interconnection security
agreements
• Scalable and inter-organizational or intra-organizational in nature
• Represented by simple (bilateral) relationships between two partners or more
complex many-to-many relationships among many diverse partners

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved


Trustworthiness of
Information Systems
• SP 800-39 defines trustworthiness for information
systems as
“the degree to which information systems (including the information
technology products from which the systems are built) can be expected to
preserve the confidentiality, integrity, and availability of the information
being processed, stored, or transmitted by the systems across the full range
of threats”

• Two factors affecting the trustworthiness of


information systems are:
• Security functionality: The security features/functions employed
within the system. These include cryptographic and network
security technologies
• Security assurance: The grounds for confidence that the security
functionality is effective in its application. This area is addressed
by security management techniques, such as auditing and
incorporating security considerations into the system
development life cycle
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved
Establishing Trust
Relationships
Direct historical
Validated trust: Mediated trust: Mandated trust:
trust:
• Trust is based • This type of • Mediated trust • An
on evidence trust is based involves the organization
obtained by on the security- use of a third establishes a
the trusting related track party that is level of trust
organization record mutually with another
about the exhibited by an trusted by two organization
trusted organization in parties, with based on a
organization or the past, the third party specific
entity. The particularly in providing mandate
information interactions assurance or issued by a
may include with the guarantee of a third party in a
information organization given level of position of
security policy, seeking to trust between authority
security establish trust the first two
measures, and parties
level of
oversight

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved


Standards
National Institute of Standards and Technology:
• NIST is a U.S. federal agency that deals with measurement science, standards, and technology related to U.S. government
use and to the promotion of U.S. private-sector innovation. Despite its national scope, NIST Federal Information Processing
Standards (FIPS) and Special Publications (SP) have a worldwide impact

Internet Society:
•ISOC is a professional membership society with worldwide organizational and individual membership. It provides
leadership in addressing issues that confront the future of the Internet and is the organization home for the groups
responsible for Internet infrastructure standards, including the Internet Engineering Task Force (IETF) and the Internet
Architecture Board (IAB). These organizations develop Internet standards and related specifications, all of which are
published as Requests for Comments (RFCs).

ITU-T:
•The International Telecommunication Union (ITU) is an international organization within the United Nations System in
which governments and the private sector coordinate global telecom networks and services. The ITU Telecommunication
Standardization Sector (ITU-T) is one of the three sectors of the ITU. ITU-T’s mission is the development of technical
standards covering all fields of telecommunications. ITU-T standards are referred to as Recommendations

ISO:
•The International Organization for Standardization (ISO) is a worldwide federation of national standards bodies from more
than 140 countries, one from each country. ISO is a nongovernmental organization that promotes the development of
standardization and related activities with a view to facilitating the international exchange of goods and services and to
developing cooperation in the spheres of intellectual, scientific, technological, and economic activity. ISO’s work results in
international agreements that are published as International Standards

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved


Summary
• Describe the key • Provide an overview of
security requirements the main areas of
of confidentiality, network security
integrity, and
availability • Describe a trust model
for information security
• List and briefly describe
key organizations • Discuss the types of
involved in security threats and
cryptography attacks that must be
standards dealt with and give
examples of the types of
• Provide an overview of threats and attacks that
keyless, single-key and apply to different
two-key cryptographic categories of computer
algorithms and network assets

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved


Cryptography and
Network Security
Eighth Edition
by William Stallings

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Chapter 2
Introduction to Number Theory

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Divisibility
• We say that a nonzero b divides a if a = mb for
some m, where a, b, and m are integers

• b divides a if there is no remainder on division

• The notation b | a is commonly used to mean b


divides a

• If b | a we say that b is a divisor of a


The positive divisors of 24 are 1, 2, 3, 4, 6, 8, 12, and 24
13 | 182; - 5 | 30; 17 | 289; - 3 | 33; 17 | 0

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Properties of Divisibility
• If a | 1, then a = ±1
• If a | b and b | a, then a = ±b
• Any b ≠ 0 divides 0
• If a | b and b | c, then a | c

11 | 66 and 66 | 198 = 11 | 198

• If b | g and b | h, then b | (mg + nh) for arbitrary


integers m and n

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Properties of Divisibility
• To see this last point, note that:
• If b | g , then g is of the form g = b * g1 for some integer g1
• If b | h , then h is of the form h = b * h1 for some integer h1
• So:
• mg + nh = mbg1 + nbh1 = b * (mg1 + nh1 )
and therefore b divides mg + nh

b = 7; g = 14; h = 63; m = 3; n = 2
7 | 14 and 7 | 63.
To show 7 (3 * 14 + 2 * 63),
we have (3 * 14 + 2 * 63) = 7(3 * 2 + 2 * 9),
and it is obvious that 7 | (7(3 * 2 + 2 * 9)).

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Division Algorithm

• Given any positive integer n and any


nonnegative integer a, if we divide a by n we
get an integer quotient q and an integer
remainder r that obey the following
relationship:

a = qn + r 0 ≤ r < n; q = [a/n]

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


n

n 2n 3n qn a (q + 1)n

(a) General relationship r

15

0 15 30 45 60 70 75
= 2 15 = 3 15 = 4 15 = 5 15

(b) Example: 70 = (4 15) + 10 10

Figure 2.1 The Relationship a = qn + r; 0 ≤ r < n

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


• One of the basic
techniques of number
Euclidean theory

Algorithm • Procedure for


determining the greatest
common divisor of two
positive integers

• Two integers are


relatively prime if their
only common positive
integer factor is 1

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Greatest Common Divisor
(GCD)
• The greatest common divisor of a and b is the largest
integer that divides both a and b
• We can use the notation gcd(a,b) to mean the
greatest common divisor of a and b
• We also define gcd(0,0) = 0
• Positive integer c is said to be the gcd of a and b if:
• c is a divisor of a and b
• Any divisor of a and b is a divisor of c

• An equivalent definition is:


gcd(a,b) = max[k, such that k | a and k | b]
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
GCD
• Because we require that the greatest common divisor be positive,
gcd(a,b) = gcd(a,-b) = gcd(-a,b) = gcd(-a,-b)

• In general, gcd(a,b) = gcd(| a |, | b |)


gcd(60, 24) = gcd(60, - 24) = 12

• Also, because all nonzero integers divide 0, we have gcd(a,0) = | a |


• We stated that two integers a and b are relatively prime if their
only common positive integer factor is 1; this is equivalent to
saying that a and b are relatively prime if gcd(a,b) = 1
8 and 15 are relatively prime because the positive divisors of 8 are 1, 2, 4, and
8, and the positive divisors of 15 are 1, 3, 5, and 15. So 1 is the only integer on
both lists.
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Table 2.1
Euclidean Algorithm Example

(This table can be found on page 30 in the textbook)


© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Modular Arithmetic
• The modulus
• If a is an integer and n is a positive integer, we
define a mod n to be the remainder when a is
divided by n; the integer n is called the modulus
• Thus, for any integer a:
a = qn + r 0 ≤ r < n; q = [a/ n]
a = [a/ n] * n + ( a mod n)

11 mod 7 = 4; - 11 mod 7 = 3

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Modular Arithmetic

• Congruent modulo n
• Two integers a and b are said to be congruent
modulo n if (a mod n) = (b mod n)
• This is written as a = b(mod n)2
• Note that if a = 0(mod n), then n | a

73 = 4 (mod 23); 21 = - 9 (mod 10)

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Properties of Congruences
• Congruences have the following properties:

1. a = b (mod n) if n (a – b)

2. a = b (mod n) implies b = a (mod n)

3. a = b (mod n) and b = c (mod n) imply a = c (mod n)

• To demonstrate the first point, if n (a - b), then (a - b) = kn for


some k
• So we can write a = b + kn
• Therefore, (a mod n) = (remainder when b + kn is divided by n) =
(remainder when b is divided by n) = (b mod n)

23 = 8 (mod 5) because 23 - 8 = 15 = 5 * 3
- 11 = 5 (mod 8) because - 11 - 5 = - 16 = 8 * (- 2)
81 = 0 (mod 27) because 81 - 0 = 81 = 27 * 3
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Modular Arithmetic
• Modular arithmetic exhibits the following properties:
1. [(a mod n) + (b mod n)] mod n = (a + b) mod n

2. [(a mod n) - (b mod n)] mod n = (a - b) mod n

3. [(a mod n) * (b mod n)] mod n = (a * b) mod n


• We demonstrate the first property:
• Define (a mod n) = ra and (b mod n) = rb. Then we can write a = ra +
jn for some integer j and b = rb + kn for some integer k
• Then:
(a + b) mod n = (ra + jn + rb + kn) mod n
= (ra + rb + (k + j)n) mod n
= (ra + rb) mod n
= [(a mod n) + (b mod n)] mod n

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Remaining Properties:
• Examples of the three remaining properties:

11 mod 8 = 3; 15 mod 8 = 7
[(11 mod 8) + (15 mod 8)] mod 8 = 10 mod 8 = 2
(11 + 15) mod 8 = 26 mod 8 = 2
[(11 mod 8) - (15 mod 8)] mod 8 = - 4 mod 8 = 4
(11 - 15) mod 8 = - 4 mod 8 = 4
[(11 mod 8) * (15 mod 8)] mod 8 = 21 mod 8 = 5
(11 * 15) mod 8 = 165 mod 8 = 5

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Table 2.2(a)
Arithmetic Modulo 8

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


(This table can be found on page 33 in the textbook)
Table 2.2(b)
Multiplication Modulo 8

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


(This table can be found on page 33 in the textbook)
Table 2.2(c)

Additive
and
Multiplicative
Inverse
Modulo 8
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
(This table can be found on page 33 in the textbook)
Table 2.3
Properties of Modular Arithmetic for Integers in Zn

(This table can be found on page 34 in the textbook)


© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Table 2.4
Extended Euclidean Algorithm Example

Result: d = 1; x = –111; y = 355

(This table can be found on page 39 in the textbook)


© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Prime Numbers
• Prime numbers only have divisors of 1 and itself
• They cannot be written as a product of other numbers

• Prime numbers are central to number theory

• Any integer a > 1 can be factored in a unique way as

a = p1 a1 * p2 a2 * . . . * pp1 a1

where p1 < p2 < . . . < pt are prime numbers and where


each ai is a positive integer

• This is known as the fundamental theorem of


arithmetic
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Table 2.5
Primes Under 2000

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved. (This table can be found on page 40 in the textbook)
Fermat's Theorem
• States the following:
• If p is prime and a is a positive integer not
divisible by p then

ap-1 = 1 (mod p)

• An alternate form is:


• If p is prime and a is a positive integer then

ap = a (mod p)

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Table 2.6
Some Values of Euler’s Totient Function ø(n)

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved. (This table can be found on page 44 in the textbook)
Euler's Theorem

• States that for every a and n that are relatively


prime:

aø(n) = 1(mod n)

• An alternative form is:

aø(n)+1 = a(mod n)

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Miller-Rabin Algorithm
• Typically used to test a large number for primality
• Algorithm is:
TEST (n)

1. • Find integers k, q, with k > 0, q odd, so that (n – 1)=2kq ;

2. • Select a random integer a, 1 < a < n – 1 ;

3. • if aq mod n = 1 then return (“inconclusive") ;

4. • for j = 0 to k – 1 do

5. • if (a2jq mod n = n – 1) then return (“inconclusive") ;

6. • return (“composite") ;

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Deterministic Primality Algorithm
• Prior to 2002 there was no known method of
efficiently proving the primality of very large
numbers
• All of the algorithms in use produced a
probabilistic result
• In 2002 Agrawal, Kayal, and Saxena developed an
algorithm that efficiently determines whether a
given large number is prime
• Known as the AKS algorithm
• Does not appear to be as efficient as
the Miller-Rabin algorithm

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Chinese Remainder Theorem (CRT)
• Believed to have been discovered by the Chinese mathematician
Sun-Tsu in around 100 A.D.

• One of the most useful results of number theory

• Says it is possible to reconstruct integers in a certain range from


their residues modulo a set of pairwise relatively prime moduli

• Can be stated in several ways

Provides a way to manipulate (potentially very large)


numbers mod M in terms of tuples of smaller numbers
•This can be useful when M is 150 digits or more
•However, it is necessary to know beforehand the
factorization of M

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Table 2.7
Powers of Integers, Modulo 19

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved. (This table can be found on page 53 in the textbook)
Table 2.8
Tables of Discrete Logarithms, Modulo 19

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved. (This table can be found on page 56 in the textbook)
Summary
• Understand the concept of
divisibility and the division • Understand Fermat’s theorem
algorithm
• Understand Euler’s theorem
• Understand how to use the
Euclidean algorithm to find the • Define Euler’s totient function
greatest common divisor
• Make a presentation on the
• Present an overview of the topic of testing for primality
concepts of modular arithmetic
• Explain the Chinese remainder
• Explain the operation of the theorem
extended Euclidean algorithm
• Define discrete logarithms
• Discuss key concepts relating to
prime numbers
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Cryptography and
Network Security
Eighth Edition
by William Stallings

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Chapter 3
Classical Encryption
Techniques
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Definitions
Plaintext Ciphertext Enciphering/encryption
•The process of converting
•An original message •The coded message from plaintext to ciphertext

Deciphering/decryption Cryptography Cryptographic


•Restoring the plaintext from the system/cipher
•The area of study of the
ciphertext many schemes used for •A scheme
encryption

Cryptanalysis Cryptology
•Techniques used for •The areas of cryptography
deciphering a message and cryptanalysis
without any knowledge of
the enciphering details

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Symmetric Cipher Model
• There are two requirements for secure use of
conventional encryption:
• A strong encryption algorithm

• Sender and receiver must have obtained copies


of the secret key in a secure fashion and must
keep the key secure

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


^
X
Cryptanalyst
^
K

Message X Encryption Decryption X


Destination
Source Algorithm Y = E(K, X) Algorithm

Secure Channel
Key
Source

Figure 3.2 Model of Symmetric Cryptosystem

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Cryptographic Systems
• Characterized along three independent dimensions:

The type of operations


The number of keys The way in which the
used for transforming
used plaintext is processed
plaintext to ciphertext

Symmetric,
single-key, secret-
Substitution Block cipher
key, conventional
encryption

Asymmetric, two-
Transposition key, or public-key Stream cipher
encryption

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Cryptanalysis and
Brute-Force Attack

Cryptanalysis Brute-force attack


• Attack relies on the nature of the • Attacker tries every possible key on
algorithm plus some knowledge of the a piece of ciphertext until an
general characteristics of the plaintext intelligible translation into plaintext
• Attack exploits the characteristics of is obtained
the algorithm to attempt to deduce a • On average, half of all possible keys
specific plaintext or to deduce the key must be tried to achieve success
being used

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


(Table is on page 68
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved. in the textbook)
Encryption Scheme Security
• Unconditionally secure
• No matter how much time an opponent has, it
is impossible for him or her to decrypt the
ciphertext simply because the required
information is not there

• Computationally secure
• The cost of breaking the cipher exceeds the
value of the encrypted information
• The time required to break the cipher
exceeds the useful lifetime of the
information
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Brute-Force Attack

Involves trying every possible key until an intelligible


translation of the ciphertext into plaintext is obtained

On average, half of all possible keys must be tried to


achieve success

To supplement the brute-force approach, some


degree of knowledge about the expected plaintext
is needed, and some means of automatically
distinguishing plaintext from garble is also needed
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Strong Encryption
• The term strong encryption refers to encryption
schemes that make it impractically difficult for
unauthorized persons or systems to gain access to
plaintext that has been encrypted

• Properties that make an encryption algorithm


strong are:
• Appropriate choice of cryptographic algorithm
• Use of sufficiently long key lengths
• Appropriate choice of protocols
• A well-engineered implementation
• Absence of deliberately introduced hidden flaws

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Substitution Technique

• Is one in which the letters of plaintext are


replaced by other letters or by numbers or
symbols

• If the plaintext is viewed as a sequence of bits,


then substitution involves replacing plaintext
bit patterns with ciphertext bit patterns

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Caesar Cipher
• Simplest and earliest known use of a substitution cipher

• Used by Julius Caesar

• Involves replacing each letter of the alphabet with the


letter standing three places further down the alphabet

• Alphabet is wrapped around so that the letter following Z


is A

plain: meet me after the toga party

cipher: PHHW PH DIWHU WKH WRJD SDUWB

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Caesar Cipher Algorithm
• Can define transformation as:
a b c d e f g h i j k l m n o p q r s t u v w x y z
D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

• Mathematically give each letter a number


a b c d e f g h i j k l m n o p q r s t u v w x y z
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

• Algorithm can be expressed as:


c = E(3, p) = (p + 3) mod (26)

• A shift may be of any amount, so that the general Caesar algorithm is:

C = E(k , p ) = (p + k ) mod 26

• Where k takes on a value in the range 1 to 25; the decryption algorithm is


simply:

p = D(k , C ) = (C - k ) mod 26
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
PHHW PH DIWHU WKH WR JD SDUWB
KEY
1 oggv og chvgt vjg vqic rctva
2 nffu nf bgufs uif uphb qbsuz

Figure 3.3 3
4
meet
ldds
me
ld
after
zesdq
the
sgd
toga
snfz
party
ozqsx
5 kccr kc ydrcp rfc rmey nyprw
6 jbbq jb xcqbo qeb qldx mxoqv

Brute-Force 7
8
iaap
hzzo
ia
hz
wbpan
vaozm
pda
ocz
pkcw
ojbv
lwnp u
kvmot
9 gyyn gy uznyl nby niau julns
Cryptanalysis 10 fxxm fx tymxk max mhzt itkmr
11 ewwl ew sxlwj lzw lgys hsjlq
of 12 dvvk dv rwkvi kyv kfxr grikp
13 cuuj cu qvjuh jxu jewq fqhjo
Caesar Cipher 14
15
btti
assh
bt
as
puitg
othsf
iwt
hvs
idvp
hcu o
epgin
dofhm
16 zrrg zr nsgre gur gbtn cnegl
17 yqqf yq mrfqd ftq fasm bmdfk
(This chart can be found on page 71 in the
textbook) 18 xppe xp lqepc esp ezrl alcej
19 wood wo kpdob dro dyqk zkbdi
20 vnnc vn jocna cqn cxpj yjach
21 ummb um inbmz bpm bwoi xizbg
22 tlla tl hmaly aol avnh whyaf
23 skkz sk glzkx znk zumg vgxze
24 rjjy rj fkyjw ymj ytlf ufwyd
25 qiix qi ejxiv xli xske tevxc

Figure 3.3 Brute-Force Cryptanalysis of Caesar Cipher


© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Sample of Compressed Text

Figure 3.4 Sample of Compressed Text

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Monoalphabetic Cipher
• Permutation
• Of a finite set of elements S is an ordered sequence of all
the elements of S , with each element appearing exactly
once

• If the “cipher” line can be any permutation of the


26 alphabetic characters, then there are 26! or
greater than 4 x 1026 possible keys
• This is 10 orders of magnitude greater than the key space
for DES
• Approach is referred to as a monoalphabetic substitution
cipher because a single cipher alphabet is used per
message

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Monoalphabetic Ciphers
• Easy to break because they reflect the frequency
data of the original alphabet
• Countermeasure is to provide multiple substitutes
(homophones) for a single letter
• Digram
• Two-letter combination
• Most common is th

• Trigram
• Three-letter combination
• Most frequent is the

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Playfair Cipher
• Best-known multiple-letter encryption cipher
• Treats digrams in the plaintext as single units and
translates these units into ciphertext digrams
• Based on the use of a 5 x 5 matrix of letters
constructed using a keyword
• Invented by British scientist Sir Charles
Wheatstone in 1854
• Used as the standard field system by the British
Army in World War I and the U.S. Army and other
Allied forces during World War II
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Playfair Key Matrix
• Fill in letters of keyword (minus duplicates) from
left to right and from top to bottom, then fill in
the remainder of the matrix with the remaining
letters in alphabetic order

• Using the keyword MONARCHY:


M O N A R
C H Y B D
E F G I/J K
L P Q S T
U V W X Z

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Hill Cipher
• Developed by the mathematician Lester Hill in
1929
• Strength is that it completely hides single-
letter frequencies
• The use of a larger matrix hides more frequency
information
• A 3 x 3 Hill cipher hides not only single-letter but
also two-letter frequency information

• Strong against a ciphertext-only attack but


easily broken with a known plaintext attack
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Polyalphabetic Ciphers
• Polyalphabetic substitution cipher
• Improves on the simple monoalphabetic technique
by using different monoalphabetic substitutions as
one proceeds through the plaintext message

All these techniques have the following


features in common:
• A set of related monoalphabetic substitution
rules is used
• A key determines which particular rule is
chosen for a given transformation

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Vigenère Cipher
• Best known and one of the simplest
polyalphabetic substitution ciphers

• In this scheme the set of related


monoalphabetic substitution rules consists of
the 26 Caesar ciphers with shifts of 0 through
25

• Each cipher is denoted by a key letter which is


the ciphertext letter that substitutes for the
plaintext letter a
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Example of Vigenère Cipher
• To encrypt a message, a key is needed that is as
long as the message
• Usually, the key is a repeating keyword
• For example, if the keyword is deceptive, the
message “we are discovered save yourself” is
encrypted as:
key: deceptivedeceptivedeceptive
plaintext: wearediscoveredsaveyourself
ciphertext: ZICVTWQNGRZGVTWAVZHCQYGLMGJ

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Vigenère Autokey System
• A keyword is concatenated with the plaintext
itself to provide a running key

• Example:
key: deceptivewearediscoveredsav
plaintext: wearediscoveredsaveyourself
ciphertext: ZICVTWQNGKZEIIGASXSTSLVVWLA
• Even this scheme is vulnerable to cryptanalysis
• Because the key and the plaintext share the same
frequency distribution of letters, a statistical
technique can be applied
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Vernam Cipher

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


One-Time Pad
• Improvement to Vernam cipher proposed by an Army Signal Corp
officer, Joseph Mauborgne

• Use a random key that is as long as the message so that the key need
not be repeated

• Key is used to encrypt and decrypt a single message and then is


discarded

• Each new message requires a new key of the same length as the new
message

• Scheme is unbreakable
• Produces random output that bears no statistical relationship to the
plaintext
• Because the ciphertext contains no information whatsoever about the
plaintext, there is simply no way to break the code

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Difficulties
• The one-time pad offers complete security but, in practice, has
two fundamental difficulties:
• There is the practical problem of making large quantities of
random keys
• Any heavily used system might require millions of random
characters on a regular basis
• Mammoth key distribution problem
• For every message to be sent, a key of equal length is needed by
both sender and receiver

• Because of these difficulties, the one-time pad is of limited


utility
• Useful primarily for low-bandwidth channels requiring very high
security

• The one-time pad is the only cryptosystem that exhibits perfect


secrecy (see Appendix F)
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Rail Fence Cipher
• Simplest transposition cipher

• Plaintext is written down as a sequence of


diagonals and then read off as a sequence of rows
• To encipher the message “meet me after the toga
party” with a rail fence of depth 2, we would
write:
mematrhtgpry
etefeteoaat
Encrypted message is:
MEMATRHTGPRYETEFETEOAAT

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Row Transposition Cipher
• Is a more complex transposition

• Write the message in a rectangle, row by row, and read


the message off, column by column, but permute the
order of the columns
• The order of the columns then becomes the key to the
algorithm
Key: 4312 5 67
Plaintext: atta c kp
ostpone
dunt i l t
w o a mx y z
Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Summary
• Present an overview of
the main concepts of
symmetric • Understand the
cryptography operation of a
polyalphabetic cipher
• Explain the difference
between cryptanalysis • Present an overview of
and brute-force attack the Hill cipher

• Understand the
operation of a
monoalphabetic
substitution cipher
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Cryptography and
Network Security
Eighth Edition
by William Stallings

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Chapter 16
User Authentication

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


User-Authentication
• The process of determining whether some user or some
application or process acting on behalf of a user is, in fact, who or
what it declares itself to be

• Authentication technology provides access control for systems


by checking to see if a user’s credentials match the credentials
in a database of authorized users or in a data authentication
server

• Authentication enables organizations to keep their networks


secure by permitting only authenticated users (or processes)
to access its protected resources

• User authentication is distinct from message authentication


• Message authentication is a procedure that allows communicating
parties to verify that the contents of a received message have not
been altered and that the source is authentic

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Authentication Principles
• Digital identity:
• The unique representation of a subject engaged in an online transaction
• The representation consists of an attribute or set of attributes that uniquely
describe a subject within a given context of a digital service, but does not
necessarily uniquely identify the subject in all contexts

• Identity proofing:
• Establishes that a subject is who they claim to be to a stated level of certitude
• This process involves collecting, validating, and verifying information about a
person

• Digital authentication:
• The process of determining the validity of one or more authenticators used to
claim a digital identity
• Authentication establishes that a subject attempting to access a digital service
is in control of the technologies used to authenticate
• Successful authentication provides reasonable risk-based assurances that the
subject accessing the service today is the same as the subject that previously
accessed the service

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Means of User Authentication
There are three general means,
or authentication factors, of
authenticating a user’s identity,
which can be used alone or in
combination:

Possession factor
Knowledge factor
(something the individual Inherence factor
(something the individual knows): possesses):
(something the individual is or does):
Requires the user to demonstrate Physical entity possessed by the
knowledge of secret information. Routinely authorized user to connect to the Refers to characteristics, called biometrics, that are
used in single-layer authentication client computer or portal. This type unique or almost unique to the individual. These
processes, knowledge factors can come in of authenticator used to be include static biometrics, such as fingerprint, retina,
the form of passwords, passphrases, referred to as a token, but that and face; and dynamic biometrics, such as voice,
personal identification numbers (PINs), or term is now deprecated. The term handwriting, and typing rhythm
answers to secret questions hardware token is a preferable
alternative. Possession factors fall
into two categories:

Connected hardware tokens are items that connect Disconnected hardware tokens are items that do not
directly connect to the client computer, instead requiring input
to a computer logically (e.g., via wireless) or physically in
from the individual attempting to sign in. Typically, a
order to authenticate identity. Items such as smart cards,
disconnected hardware token device will use a built-in screen to
wireless tags, and USB tokens are common connected
display authentication data that are then utilized by the user to
tokens used to serve as a possession factor
sign in when prompted

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


(Table is on page 484 in the textbook)

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Mutual Authentication
• Protocols which enable communicating parties to
satisfy themselves mutually about each other’s
identity and to exchange session keys
Central to the
problem of
authenticated
key exchange
are two issues:
Timeliness
•Important because of the
threat of message replays Confidentiality
•Such replays could allow an •Essential identification
opponent to: and session-key
•compromise a session key information must be
•successfully impersonate communicated in
another party encrypted form
•disrupt operations by •This requires the prior
presenting parties with existence of secret or
messages that appear public keys that can be
genuine but are not used for this purpose

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Replay Attacks
1. The simplest replay attack is one in which the opponent
simply copies a message and replays it later

2. An opponent can replay a timestamped message within the


valid time window

3. An opponent can replay a timestamped message within the


valid time window, but in addition, the opponent
suppresses the original message; thus, the repetition
cannot be detected

4. Another attack involves a backward replay without


modification and is possible if symmetric encryption is used
and the sender cannot easily recognize the difference
between messages sent and messages received on the
basis of content
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Approaches to Coping
With Replay Attacks
• Attach a sequence number to each message used in an
authentication exchange
• A new message is accepted only if its sequence number is in the proper
order
• Difficulty with this approach is that it requires each party to keep track
of the last sequence number for each claimant it has dealt with
• Generally not used for authentication and key exchange because of
overhead

• Timestamps
• Requires that clocks among the various participants be synchronized
• Party A accepts a message as fresh only if the message contains a
timestamp that, in A’s judgment, is close enough to A’s knowledge of
current time

• Challenge/response
• Party A, expecting a fresh message from B, first sends B a nonce
(challenge) and requires that the subsequent message (response)
received from B contain the correct nonce value
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Remote User-Authentication
Using Symmetric Encryption
A two-level hierarchy of symmetric keys can be used
to provide confidentiality for communication in a
distributed environment
•Strategy involves the use of a trusted key
distribution center (KDC)
•Each party shares a secret key, known as a master
key, with the KDC
•KDC is responsible for generating keys to be used
for a short time over a connection between two
parties and for distributing those keys using the
master keys to protect the distribution
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Suppress-Replay Attacks
• The Denning protocol requires reliance on clocks that
are synchronized throughout the network

• A risk involved is based on the fact that the distributed


clocks can become unsynchronized as a result of
sabotage on or faults in the clocks or the
synchronization mechanism

• The problem occurs when a sender’s clock is ahead of


the intended recipient’s clock
• An opponent can intercept a message from the sender
and replay it later when the timestamp in the message
becomes current at the recipient’s site
• Such attacks are referred to as suppress-replay attacks
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Kerberos
• Authentication service developed as part of Project Athena at
MIT

• A workstation cannot be trusted to identify its users correctly to


network services
• A user may gain access to a particular workstation and pretend to be
another user operating from that workstation
• A user may alter the network address of a workstation so that the
requests sent from the altered workstation appear to come from the
impersonated workstation
• A user may eavesdrop on exchanges and use a replay attack to gain
entrance to a server or to disrupt operations

• Kerberos provides a centralized authentication server whose


function is to authenticate users to servers and servers to users
• Relies exclusively on symmetric encryption, making no use of public-
key encryption

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Kerberos Requirements
• The first published report on Kerberos listed the
following requirements:
•A network eavesdropper •Should be highly
should not be able to reliable and should
obtain the necessary employ a distributed
information to server architecture
impersonate a user with one system able
to back up another
Secure Reliable

Scalable Transparent

•The system should be •Ideally, the user should not be


capable of supporting aware that authentication is
large numbers of clients taking place beyond the
and servers requirement to enter a password
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Kerberos Version 4
• Makes use of DES to provide the authentication service

• Authentication server (AS)


• Knows the passwords of all users and stores these in a centralized database
• Shares a unique secret key with each server

• Ticket
• Created once the AS accepts the user as authentic; contains the user’s ID and
network address and the server’s ID
• Encrypted using the secret key shared by the AS and the server

• Ticket-granting server (TGS)


• Issues tickets to users who have been authenticated to AS
• Each time the user requires access to a new service the client applies to the
TGS using the ticket to authenticate itself
• The TGS then grants a ticket for the particular service
• The client saves each service-granting ticket and uses it to authenticate its
user to a server each time a particular service is requested

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


The Version 4
Authentication Dialogue
The lifetime associated with the
ticket-granting ticket creates a
problem: A network service (the TGS or an
application service) must be able to
•If the lifetime is very short (e.g., minutes), the
user will be repeatedly asked for a password prove that the person using a ticket
•If the lifetime is long (e.g., hours), then an is the same person to whom that
opponent has a greater opportunity for replay ticket was issued

Servers need to authenticate


themselves to users

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved. (Table is on page 496 in the textbook)
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Kerberos Realms
and Multiple Kerberi
• A full-service Kerberos environment consisting
of a Kerberos server, a number of clients, and
a number of application servers requires that:
• The Kerberos server must have the user ID and hashed
passwords of all participating users in its database; all
users are registered with the Kerberos server
• The Kerberos server must share a secret key with each
server; all servers are registered with the Kerberos
server
• The Kerberos server in each interoperating realm shares
a secret key with the server in the other realm; the two
Kerberos servers are registered with each other

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Kerberos Realm
• A set of managed nodes that share the same Kerberos
database
• The database resides on the Kerberos master
computer system, which should be kept in a physically
secure room
• A read-only copy of the Kerberos database might also
reside on other Kerberos computer systems
• All changes to the database must be made on the
master computer system
• Changing or accessing the contents of a Kerberos
database requires the Kerberos master password
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Kerberos Principal

• A service or user that is A service


known to the Kerberos An or user
name
system instance
name

• Identified by its A realm


principal name name

Three parts of a principal


name

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Differences Between
Versions 4 and 5
Version 5 is intended to
address the limitations of
version 4 in two areas:
Environmental shortcomings Technical deficiencies
•Encryption system dependence •Double encryption
•Internet protocol dependence •PCBC encryption
•Message byte ordering •Session keys
•Ticket lifetime •Password attacks
•Authentication forwarding
•Interrealm authentication
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Table 16.3 (page 502 in textbook)
Summary of Kerberos Version 5 Message Exchanges

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Mutual Authentication

Public-key encryption
Denning protocol Woo and Lam makes
for session key
using timestamps use of nonces
distribution
•Assumes each of the •Uses an •Care needed to
two parties is in authentication ensure no protocol
possession of the server (AS) to flaws
current public key of provide public-key
the other certificates
•May not be practical •Requires the
to require this synchronization of
assumption clocks

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


One-Way Authentication
• Involves a single transfer of information from one user (A)
intended for another (B)

• In its simplest form, it would establish the identity of A, the


identity of B, and establish that some sort of authentication
token actually was generated by A and actually was intended to
be sent to B
• An email message is an example of an application that lends itself to
one-way authentication

• For confidentiality encrypt message with a one-time secret key;


A also encrypts this one-time key with B’s public-key
• Only B will be able to use the corresponding private key to recover
the one-time key and then use that key to decrypt the message
• This scheme is more efficient than simply encrypting the entire
message with B’s public key
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
One-Way Authentication
• If authentication is the primary concern, a digital signature may suffice
• This method guarantees that A cannot later deny having sent the message
• To counter fraud both the message and signature can be encrypted with the
recipient’s public key

• In addition to the message, A sends B the signature encrypted with A’s private
key and A’s certificate encrypted with the private key of the authentication
server

• The recipient of the message first uses the certificate to obtain the sender’s
public key and verify that it is authentic and then uses the public key to verify
the message itself

• If confidentiality is required, then the entire message can be encrypted with


B’s public key

• Alternatively, the entire message can be encrypted with a one-time secret key;
the secret key is also transmitted, encrypted with B’s public key

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Federated Identity
Management
• Relatively new concept dealing with the use of a
common identity management scheme across multiple
enterprise and numerous applications and supporting
many users
• Services provided include:
• Point of contact
• SSO protocol services
• Trust services
• Key services
• Identity services
• Authorization
• Provisioning
• Management
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Identity Management
The focus of identity
A centralized, automated management is defining an
approach to provide identity for each user (human
enterprise-wide access to or process), associating
resources by employees and attributes with the identity,
other authorized individuals and enforcing a means by
which a user can verify identity

The central concept of an SSO enables a user to access all


identity management system is network resources after a
the use of single sign-on (SSO) single authentication

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Summary
• Present an overview of • Describe the use of
techniques for remote Kerberos in multiple
user authentication realms
using symmetric
encryption • Present an overview of
techniques for remote
• Give a presentation user authentication
on Kerberos using asymmetric
encryption
• Explain the differences
between versions 4 and • Understand the need
5 of Kerberos for a federated identity
management system

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Cryptography and
Network Security
Eighth Edition
by William Stallings

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Chapter 17
Transport-Level Security

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Web Security Considerations
• The World Wide Web is fundamentally a client/server
application running over the Internet and TCP/IP intranets
• The following characteristics of Web usage suggest the
need for tailored security tools:
• Web servers are relatively easy to configure and manage
• Web content is increasingly easy to develop
• The underlying software is extraordinarily complex
• May hide many potential security flaws
• A Web server can be exploited as a launching pad into
the corporation’s or agency’s entire computer complex
• Casual and untrained (in security matters)
users are common clients for Web-based
services
• Such users are not necessarily aware of the security
risks that exist and do not have the tools or
knowledge to take effective countermeasures
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved. (Table is on page 515 in the textbook)
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Transport Layer Security
(TLS)
Most browsers come
equipped with TLS, and
Can be embedded in
One of the most widely most Web servers have
specific packages
used security services implemented the
protocol

Could be provided as
part of the underlying
protocol suite and
Defined in RFC 5246 therefore be
transparent to
applications

Is an Internet standard
Is a general purpose
that evolved from a
service implemented as
commercial protocol
a set of protocols that
known as Secure
rely on TCP
Sockets Layer (SSL)

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
TLS Architecture
• Two important TLS concepts are:

•A transport that provides a suitable type of service

TLS •For TLS such connections are peer-to-peer relationships


•Connections are transient

connection
•Every connection is associated with one session

•An association between a client and a server


•Created by the Handshake Protocol

TLS session •Define a set of cryptographic security parameters


which can be shared among multiple connections
•Are used to avoid the expensive negotiation of new
security parameters for each connection

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


A session state is defined by the following parameters:

Session Peer Compression Cipher Master Is


identifier certificate method spec secret resumable

Specifies the
bulk data
An arbitrary encryption
byte algorithm and A flag
An X509.v3
sequence The algorithm a hash 48-byte indicating
certificate of
chosen by the used to algorithm secret shared whether the
the peer; this
server to compress used for MAC between the session can
element of
identify an data prior to calculation; client and the be used to
the state may
active or encryption also defines server initiate new
be null
resumable cryptographic connections
session state attributes
such as the
hash_size

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


A connection state is defined by the following parameters:

Server and •Byte sequences that are chosen


client by the server and client for each
connection •When a block cipher in CBC mode is
random used, an initialization vector (IV) is
maintained for each key
Initialization •This field is first initialized by the
Server write •The secret key used in MAC
operations on data sent by the
vectors TLS Handshake Protocol
•The final ciphertext block from each
MAC secret server record is preserved for use as the IV
with the following record

Client write •The secret key used in MAC


operations on data sent by the
MAC secret client

•Each party maintains separate


•The secret encryption key for sequence numbers for transmitted
Server write data encrypted by the server and received messages for each
key and decrypted by the client
connection
Sequence •When a party sends or receives a
numbers change cipher spec message, the
appropriate sequence number is set
•The symmetric encryption key to zero
Client write for data encrypted by the client •Sequence numbers may not exceed
key and decrypted by the server 264 - 1

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


TLS Record Protocol
The TLS Record
Protocol provides
two services for TLS
connections

Confidentiality Message Integrity

The Handshake Protocol The Handshake Protocol


defines a shared secret key also defines a shared secret
that is used for key that is used to form a
conventional encryption of message authentication
TLS payloads code (MAC)

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Figure 17.5 TLS Record Protocol Payload

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


(Table is on page 522 in the textbook)

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Cryptographic Computations
• Two further items are of interest:
• The creation of a shared master secret by means of the
key exchange
• The shared master secret is a one-time 48-byte value generated
for this session by means of secure key exchange
• The creation is in two stages
• First, a pre_master_secret is exchanged
• Second, the master_secret is calculated by both parties
• The generation of cryptographic parameters from the
master secret

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Generation of Cryptographic
Parameters
• CipherSpecs require:
• A client write MAC secret
• A server write MAC secret
• A client write key
• A server write key
• A client write IV
• A server write IV

------Which are generated from the master secret in that order

• These parameters are generated from the master secret by


hashing the master secret into a sequence of secure bytes
of sufficient length for all needed parameters

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
SSL/TLS Attacks
• The attacks can be grouped into four general
categories:
• Attacks on the handshake protocol
• Attacks on the record and application data
protocols
• Attacks on the PKI
• Other attacks

• The constant back-and-forth between threats


and countermeasures determines the
evolution of Internet-based protocols

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


TLSv1.3
• Primary aim is to improve the security of TLS
• Significant changes from version 1.2 are:
• TLSv1.3 removes support for a number of options and functions
• Deleted items include:
• Compression
• Ciphers that do not offer authenticated encryption
• Static RSA and DH key exchange
• 32-bit timestamp as part of the Random parameter in the client_hello
message
• Renegotiation
• Change Cipher Spec Protocol
• RC4
• Use of MD5 and SHA-224 hashes with signatures
• TLSv1.3 uses Diffie-Hellman or Elleptic Curve Diffie-Hellman for key
exchange and does not permit RSA
• TLSv1.3 allows for a “1 round trip time” handshake by changing
the order of message sent with establishing a secure connection
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Hyper Text Transfer
Protocol Secure (HTTPS)
• The secure version of HTTP

• HTTPS encrypts all communications between


the browser and the website

• Data sent using HTTPS provides three


important areas of protection:
• Encryption
• Data integrity
• Authentication

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Connection Initiation
For HTTPS, the agent There are three levels of
acting as the HTTP client awareness of a
also acts as the TLS client connection in HTTPS:
At the HTTP level, an HTTP client requests a
The client initiates a connection to the server connection to an HTTP server by sending a
on the appropriate port and then sends the TLS connection request to the next lowest layer
ClientHello to begin the TLS handshake •Typically the next lowest layer is TCP, but is may also be
TLS/SSL

At the level of TLS, a session is established


between a TLS client and a TLS server
When the TLS handshake has finished, the
•This session can support one or more connections at any
client may then initiate the first HTTP request time

A TLS request to establish a connection begins


All HTTP data is to be sent as TLS application with the establishment of a TCP connection
data between the TCP entity on the client side and
the TCP entity on the server side

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Connection Closure
• An HTTP client or server can indicate the closing of a
connection by including the line Connection: close in
an HTTP record

• The closure of an HTTPS connection requires that TLS close


the connection with the peer TLS entity on the remote side,
which will involve closing the underlying TCP connection

• TLS implementations must initiate an exchange of closure


alerts before closing a connection
• A TLS implementation may, after sending a closure alert, close
the connection without waiting for the peer to send its
closure alert, generating an “incomplete close”

• An unannounced TCP closure could be evidence of some


sort of attack so the HTTPS client should issue some sort of
security warning when this occurs
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Secure Shell (SSH)
A protocol for secure
network communications
designed to be relatively
simple and inexpensive to
SSH client and server implement
applications are widely
available for most
operating systems The initial version, SSH1
•Has become the method was focused on
of choice for remote login providing a secure
and X tunneling remote logon facility to
•Is rapidly becoming one replace TELNET and
of the most pervasive other remote logon
applications for schemes that provided
encryption technology
outside of embedded
no security
systems

SSH2 fixes a number of SSH also provides a more


security flaws in the original general client/server
scheme and is documented as capability and can be used
a proposed standard in IETF
RFCs 4250 through 4256 for such network functions
as file transfer and e-mail

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Transport Layer Protocol
• Server authentication occurs at the transport layer,
based on the server possessing a public/private key pair
• A server may have multiple host keys using multiple
different asymmetric encryption algorithms
• Multiple hosts may share the same host key
• The server host key is used during key exchange to
authenticate the identity of the host
• RFC 4251 dictates two alternative trust models:
• The client has a local database that associates each host
name with the corresponding public host key
• The host name-to-key association is certified by a trusted
certification authority (CA); the client only knows the CA
root key and can verify the validity of all host keys certified
by accepted CAs
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
(Table is on page 537 in the textbook)

© 2020 Pearson Education, Inc.,


Hoboken, NJ. All rights reserved.
Key Generation

• The keys used for encryption and MAC (and


any needed IVs) are generated from the
shared secret key K, the hash value from the
key exchange H, and the session identifier,
which is equal to H unless there has been a
subsequent key exchange after the initial key
exchange

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


User Authentication
Protocol
• The User Authentication Protocol provides the
means by which the client is authenticated to the
server

• Three types of messages are always used in the


User Authentication Protocol

• User name is the authorization identity the client


is claiming, service name is the facility to which the
client is requesting access, and method name is
the authentication method being used in this
request

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Message Exchange
• The message exchange involves the following steps.
• The client sends a SSH_MSG_USERAUTH_REQUEST with a requested method
of none
• The server checks to determine if the user name is valid. If not, the server
returns SSH_MSG_USERAUTH_FAILURE with the partial success value of false.
If the user name is valid, the server proceeds to step 3
• The server returns SSH_MSG_USERAUTH_FAILURE with a list of one or more
authentication methods to be used
• The client selects one of the acceptable authentication methods and sends a
SSH_MSG_USERAUTH_REQUEST with that method name and the required
method-specific fields. At this point, there may be a sequence of exchanges to
perform the method
• If the authentication succeeds and more authentication methods are required,
the server proceeds to step 3, using a partial success value of true. If the
authentication fails, the server proceeds to step 3, using a partial success value
of false
• When all required authentication methods succeed, the server sends a
SSH_MSG_USERAUTH_SUCCESS message, and the Authentication Protocol is
over

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Authentication Methods
• Publickey
• The client sends a message to the server that contains the client’s public
key, with the message signed by the client’s private key
• When the server receives this message, it checks whether the supplied
key is acceptable for authentication and, if so, it checks whether the
signature is correct

• Password
• The client sends a message containing a plaintext password, which is
protected by encryption by the Transport Layer Protocol

• Hostbased
• Authentication is performed on the client’s host rather than the client
itself
• This method works by having the client send a signature created with the
private key of the client host
• Rather than directly verifying the user’s identity, the SSH server verifies
the identity of the client host
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Connection Protocol
• The SSH Connection Protocol runs on top of the SSH Transport
Layer Protocol and assumes that a secure authentication
connection is in use
• The secure authentication connection, referred to as a tunnel, is used
by the Connection Protocol to multiplex a number of logical channels

• Channel mechanism
• All types of communication using SSH are supported using separate
channels
• Either side may open a channel
• For each channel, each side associates a unique channel number
• Channels are flow controlled using a window mechanism
• No data may be sent to a channel until a message is received to
indicate that window space is available
• The life of a channel progresses through three stages: opening a
channel, data transfer, and closing a channel

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Channel Types
Four channel types are recognized in the SSH Connection Protocol specification
Session
•The remote execution of a program
•The program may be a shell, an application such as file transfer or e-mail, a system
command, or some built-in subsystem
•Once a session channel is opened, subsequent requests are used to start the remote
program

X11
•Refers to the X Window System, a computer software system and network protocol that
provides a graphical user interface (GUI) for networked computers
•X allows applications to run on a network server but to be displayed on a desktop
machine

Forwarded-tcpip
•Remote port forwarding

Direct-tcpip
•Local port forwarding
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Port Forwarding
• One of the most useful features of SSH

• Provides the ability to convert any insecure TCP


connection into a secure SSH connection (also
referred to as SSH tunneling)

• Incoming TCP traffic is delivered to the


appropriate application on the basis of the port
number (a port is an identifier of a user of TCP)

• An application may employ multiple port numbers

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Summary
• Summarize Web • Compare the
security threats and pseudorandom
Web traffic security function used in
approaches Transport Layer
Security with those
• Present an overview discussed earlier in the
of Transport Layer book
Security (TLS)
• Present an overview of
• Understand the HTTPS (HTTP over SSL)
differences between
Secure Sockets Layer • Present an overview of
and Transport Layer Secure Shell (SSH)
Security
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Cryptography and
Network Security
Eighth Edition
by William Stallings

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Chapter 18
Wireless Network Security

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Wireless Security
• Some of the key factors contributing to the higher security risk of wireless
networks compared to wired networks include:

Channel Mobility Resources Accessibility


Wireless networking
typically involves
Some wireless
broadcast
Wireless devices Some wireless devices, such as
communications,
are far more devices, such as sensors and robots,
which is far more
portable and smartphones and may be left
susceptible to
mobile than wired tablets, have unattended in
eavesdropping and
devices sophisticated remote and/or
jamming than wired
operating systems hostile locations
networks
but limited memory
and processing
Wireless networks are resources with
also more vulnerable which to counter This greatly
to active attacks that This mobility results threats, including increases their
exploit vulnerabilities in a number of risks denial of service vulnerability to
in communications and malware physical attacks
protocols

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Wireless Network
Threats
• Accidental association • Ad hoc networks
• Company wireless LANs in close • These are peer-to-peer
proximity may create overlapping networks between wireless
transmission ranges computers with no access
• A user intending to connect to point between them
one LAN may unintentionally lock • Such networks can pose a
on to a wireless access point from security threat due to a lack of
a neighboring network a central point of control

• Malicious association • Nontraditional networks


• In this situation, a wireless device • Personal network Bluetooth
is configured to appear to be a devices, barcode readers, and
legitimate access point, enabling handheld PDAs pose a security
the operator to steal passwords risk in terms of both
from legitimate users and then eavesdropping and spoofing
penetrate a wired network
through a legitimate wireless
access point

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Wireless Network
Threats
• Denial of service (DoS)
• This attack occurs when an
• Identity theft (MAC spoofing) attacker continually bombards
• This occurs when an attacker is a wireless access point or some
able to eavesdrop on network other accessible wireless port
traffic and identify the MAC with various protocol
address of a computer with messages designed to
network privileges consume system resources
• The wireless environment
• Man-in-the-middle attacks lends itself to this type of
attack because it is so easy for
• This attack involves persuading a the attacker to direct multiple
user and an access point to wireless messages at the
believe that they are talking to target
each other when in fact the
communication is going through
an intermediate attacking device • Network injection
• Wireless networks are particularly • This attack targets wireless
vulnerable to such attacks access points that are exposed
to nonfiltered network traffic,
such as routing protocol
messages or network
management messages
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Securing Wireless
Transmissions
• The principal threats to wireless transmission are
eavesdropping, altering or inserting messages, and
disruption

• To deal with eavesdropping, two types of countermeasures


are appropriate:
• Signal-hiding techniques
• Turn off SSID broadcasting by wireless access points
• Assign cryptic names to SSIDs
• Reduce signal strength to the lowest level that still provides
requisite coverage
• Locate wireless access points in the interior of the building,
away from windows and exterior walls
• Encryption
• Is effective against eavesdropping to the extent that the
encryption keys are secured
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Securing Wireless Access
Points

The main threat


involving wireless
access points is
unauthorized access to
the network

The principal approach •The use of 802.1X can


for preventing such prevent rogue access
access is the IEEE points and other
802.1x standard for unauthorized devices
port-based network from becoming
access control insecure backdoors

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Securing Wireless
Networks
Use encryption

Use antivirus, antispyware software and a firewall

Turn off identifier broadcasting

Change the identifier on your router from the default

Change your router’s pre-set password for administration

Allow only specific computers to access your wireless


network
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Mobile Device Security
• Mobile devices have become an essential element for
organizations as part of the overall network
infrastructure
• Prior to the widespread use of smartphones, network
security was based upon clearly defined perimeters
that separated trusted internal networks from the
untrusted Internet
• Due to massive changes, an organization’s networks
must now accommodate:
• Growing use of new devices
• Cloud-based applications
• De-perimeterization
• External business requirements
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Security Threats
• Major security concerns for mobile devices:
Use of untrusted
•The security policy for Use of untrusted content
mobile devices must be mobile devices •The security policy must
based on the be based on the •Mobile
assumption that any •The organization assumption that the devices may
mobile device may be must assume networks between the access and
stolen or at least that not all mobile device and the use content
accessed by a malicious devices are organization are not that other
party trustworthy trustworthy Use of untrusted computing
Lack of physical devices do
security controls networks not encounter

Interaction with
other systems
•It is easy to find and •An attacker can use
install third-party •Unless an organization has location information to
applications on mobile control of all the devices determine where the
devices and this poses involved in synchronization, device and user are
the risk of installing there is considerable risk of the located, which may be
malicious software organization’s data being of use to the attacker
stored in an unsecured
Use of applications location, plus the risk of the
Use of location
created by unknown introduction of malware
services
parties

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
IEEE 802.11
Wireless LAN Overview
• IEEE 802 is a committee that has developed
standards for a wide range of local area
networks (LANs)
• In 1990 the IEEE 802 Committee formed a new
working group, IEEE 802.11, with a charter to
develop a protocol and transmission
specifications for wireless LANs (WLANs)
• Since that time, the demand for WLANs at
different frequencies and data rates has
exploded
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
(Table can be found on page 555 in the textbook)
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Wi-Fi Alliance
• The first 802.11 standard to gain broad industry acceptance was 802.11b

• Wireless Ethernet Compatibility Alliance (WECA)


• An industry consortium formed in 1999
• Subsequently renamed the Wi-Fi (Wireless Fidelity) Alliance
• Created a test suite to certify interoperability for 802.11 products

• Wi-Fi
• The term used for certified 802.11b products
• Has been extended to 802.11g products

• Wi-Fi5
• A certification process for 802.11a products that was developed by the Wi-Fi
Alliance

• Recently the Wi-Fi Alliance has developed certification procedures for


IEEE 802.11 security standards
• Referred to as Wi-Fi Protected Access (WPA)
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
(Table is on page 559 in the textbook)

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Distribution of Messages
Within a DS
• The two services involved with the distribution of
messages within a DS are:

Integration Distribution
•Enables transfer •The primary
of data between service used by
a station on an stations to
IEEE 802.11 LAN exchange
and a station on MPDUs when the
an integrated MPDUs must
IEEE 802.x LAN traverse the DS
•Takes care of any to get from a
address station in one
translation and BSS to a station
media in another BSS
conversion logic
required for the
exchange of data

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Association-Related Services
• Transition types based on mobility:
• A station of this type is either stationary or

No transition moves only within the direct communication


range of the communicating stations of a single
BSS

•This is defined as a station movement from one BSS to

BSS transition
another BSS within the same ESS
•In this case, delivery of data to the station requires that
the addressing capability be able to recognize the new
location of the station

•This is defined as a station movement from a BSS in one

ESS transition
ESS to a BSS within another ESS
•Maintenance of upper-layer connections supported by
802.11 cannot be guaranteed
•Disruption of service is likely to occur

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Association-Related Services
• To deliver a message within a DS, the distribution service
needs to know the identity of the AP to which the message
should be delivered in order for that message to reach the
destination station

• Three services relate to a station maintaining an association


with the AP within its current BSS:
• Association
• Establishes an initial association between a station and an AP
• Reassociation
• Enables an established association to be transferred from one
AP to another, allowing a mobile station to move from one
BSS to another
• Disassociation
• A notification from either a station or an AP that an existing
association is terminated

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


IEEE 802.11i Wireless LAN
Security
• There is an increased need for robust security
services and mechanisms for wireless LANs
Wired Robust
Wi-Fi Protected
Equivalent Security
Access (WPA)
Privacy (WEP) Network (RSN)
A set of security
The privacy portion mechanisms that
Final form of the
of the 802.11 eliminates most
802.11i standard
standard 802.11 security
issues

Based on the
Contained major
current state of the Complex
weaknesses
802.11i standard

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
IEEE 802.1X
Access Control Approach
• Port-Based Network Access Control
• The authentication protocol that is used, the
Extensible Authentication Protocol (EAP), is defined in
the IEEE 802.1X standard
• 802.1X uses:
• Controlled ports
• Allows the exchange of PDUs between a supplicant and
other systems on the LAN only if the current state of the
supplicant authorizes such an exchange
• Uncontrolled ports
• Allows the exchange of PDUs between the supplicant and
the other AS, regardless of the authentication state of the
supplicant
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved. (Table can be found on page 569 in the textbook)
Pairwise Keys
• Used for communication between a pair of devices, typically between a STA and an AP
• These keys form a hierarchy beginning with a master key from which other keys are derived
dynamically and used for a limited period of time

• Pre-shared key (PSK)


• A secret key shared by the AP and a STA and installed in some fashion outside the scope of
IEEE 802.11i

• Master session key (MSK)


• Also known as the AAAK, and is generated using the IEEE 802.1X protocol during the
authentication phase

• Pairwise master key (PMK)


• Derived from the master key
• If a PSK is used, then the PSK is used as the PMK; if a MSK is used, then the PMK is derived
from the MSK by truncation

• Pairwise transient key (PTK)


• Consists of three keys to be used for communication between a STA and AP after they have
been mutually authenticated
• Using the STA and AP addresses in the generation of the PTK provides protection against
session hijacking and impersonation; using nonces provides additional random keying
material

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


PTK Parts
• The three parts
of the PTK are:
EAP Over LAN (EAPOL) Key Confirmation Key (EAPOL-KCK)
•Supports the integrity and data origin authenticity of STA-
to-AP control frames during operational setup of an RSN
•It also performs an access control function: proof-of-
possession of the PMK
•An entity that possesses the PMK is authorized to use the
link
EAPOL Key Encryption Key (EAPOL-KEK)
•Protects the confidentiality of keys and other
data during some RSN association procedures

Temporal Key (TK)


•Provides the actual protection for user
traffic

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Group Keys
• Group keys are used for multicast communication
in which one STA sends MPDUs to multiple STAs
• Group master key (GMK)
• Key-generating key used with other inputs to derive
the GTK
• Group temporal key (GTK)
• Generated by the AP and transmitted to its associated
STAs
• IEEE 802.11i requires that its value is computationally
indistinguishable from random
• Distributed securely using the pairwise keys that are
already established
• Is changed every time a device leaves the network
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Protected Data Transfer Phase
• IEEE 802.11i defines two schemes for protecting
data transmitted in 802.11 MPDUs:
• Temporal Key Integrity Protocol (TKIP)
• Designed to require only software changes to devices
that are implemented with WEP
• Provides two services:
• Message integrity
• Data confidentiality
• Counter Mode-CBC MAC Protocol (CCMP)
• Intended for newer IEEE 802.11 devices that are
equipped with the hardware to support this scheme
• Provides two services:
• Message integrity
• Data confidentiality
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
IEEE 802.11i
Pseudorandom Function (PRF)
• Used at a number of places in the IEEE 802.11i
scheme (to generate nonces, to expand
pairwise keys, to generate the GTK)
• Best security practice dictates that different
pseudorandom number streams be used for
these different purposes

• Built on the use of HMAC-SHA-1 to generate a


pseudorandom bit stream

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Summary
• Describe the principal
• Present an overview of elements in a mobile
security threats and device security strategy
countermeasures for
wireless networks • Understand the
essential elements of
• Understand the unique the IEEE 802.11 wireless
security threats posed LAN standard
by the use of mobile
devices with enterprise • Summarize the various
networks components of the IEEE
802.11i wireless LAN
security architecture

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Cryptography and
Network Security
Eighth Edition
by William Stallings

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Chapter 19
Electronic Mail Security

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Email Protocols

Two types of protocols are


used for transferring email:
Used to move messages Used to transfer messages
through the Internet from between mail servers
source to destination •IMAP and POP are the most
•Simple Mail Transfer Protocol commonly used
(SMTP)

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


SMTP
Encapsulates an email
message in an envelope
Simple Mail Transfer and is used to relay the
Protocol encapsulated messages
from source to destination
through multiple MTAs

Is a text-based client-server
protocol

The term Extended SMTP


Was originally specified in (ESMTP) is often used to
1982 as RFC 821 refer to later versions of
SMTP

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Mail Access Protocols

POP3 IMAP
• Post Office Protocol • Internet Mail Access Protocol

• Allows an email client to • Enables an email client to


download an email from an access mail on an email server
email server (MTA)
• Also uses TCP, with server TCP
• POP3 user agents connect port 143
via TCP to the server
• Is more complex than POP3
• After authorization, the UA
can issue POP3 commands • Provides stronger
to retrieve and delete mail authentication and provides
other functions not
supported by POP3
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
RFC 5322
• Defines a format for text messages that are sent
using electronic mail
• Messages are viewed as having an envelope and
contents
• The envelope contains whatever information is
needed to accomplish transmission and delivery
• The contents compose the object to be delivered to
the recipient
• RFC 5322 standard applies only to the contents

• The content standard includes a set of header


fields that may be used by the mail system to
create the envelope
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Example Message
Date: October 8, 2009 2:15:49 PM EDT
From: “William Stallings” <[email protected]>
Subject: The Syntax in RFC 5322
To: [email protected]
Cc: [email protected]

Hello. This section begins the actual


message body, which is delimited from the
message heading by a blank line.

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Multipurpose Internet
Mail Extensions (MIME)
MIME specification includes the following elements:
• An extension to the RFC 5322
framework that is intended
to address some of the
problems and limitations of Transfer encodings Five new message
the use of Simple Mail are defined that header fields are
Transfer Protocol (SMTP) enable the defined, which may
conversion of any be included in an
• Is intended to resolve RFC 5322 header;
content format into
these problems in a a form that is these fields provide
manner that is compatible protected from information about
with existing RFC 5322 alteration by the the body of the
implementations mail system message
• The specification is
provided in RFCs 2045
through 2049 A number of content
formats are defined, thus
standardizing
representations that
support multimedia
electronic mail
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Limitations of the SMTP/5322
Scheme
• SMTP cannot transmit executable files or other binary
objects

• SMTP cannot transmit text data that includes national


language characters

• SMTP servers may reject mail message over a certain size

• SMTP gateways that translate between ASCII and the


character code EBCDIC do not use a consistent set of
mappings, resulting in translation problems

• SMTP gateways to X.400 electronic mail networks cannot


handle nontextual data included in X.400 messages

• Some SMTP implementations do not adhere completely to


the SMTP standards defined in RFC 821
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
MIME Specifications
• The MIME specification includes the following
elements:
• Five new message header fields are defined,
which may be included in an RFC 5322 header
• A number of content formats are defined, thus
standardizing representations that support
multimedia electronic mail
• Transfer encodings are defined that enable the
conversion of any content format into a form
that is protected from alteration by the mail
system
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
The Five Header Fields
Defined in MIME
MIME-Version

•Must have the parameter value 1.0


•This field indicates that the message conforms to RFCs 2045 and 2046

Content-Type

•Describes the data contained in the body with sufficient detail that the receiving user
agent can pick an appropriate agent or mechanism to represent the data to the user or
otherwise deal with the data in an appropriate manner

Content-Transfer-Encoding

•Indicates the type of transformation that has been used to represent the body of the
message in a way that is acceptable for mail transport

Content-ID

•Used to identify MIME entities uniquely in multiple contexts

Content-Description

•A text description of the object with the body; this is useful when the object is not
readable
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved. (Table is on page 584 in the textbook)
(Table is on page 586 in the textbook)
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Formats

• The body to be transmitted is • The entire body, including out-of-


created in the system’s native band information such as record
format lengths and possibly file attribute
information, is converted to a
• The native character set is used universal canonical form
and, where appropriate, local
end-of-line conventions are used • The specific media type of the
as well body as well as its associated
• The body may be any format that attributes dictates the nature of
corresponds to the local model the canonical form that is used
for the representation of some
form of information • Conversion to the proper
canonical form may involve
• Examples include a UNIX-style character set conversion,
text file, or a Sun raster image, or transformation of audio data,
a VMS indexed file, and audio
data in a system-dependent compression, or various other
format stored only in memory operations specific to the various
media types
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Email Security Threats
• Authenticity-related threats
• Could result in unauthorized access to an enterprise’s email
system

• Integrity-related threats
• Could result in unauthorized modification of email content

• Confidentiality-related threats
• Could result in unauthorized disclosure of sensitive
information

• Availability-related threats
• Could prevent end users from being able to send or receive
mail

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Threat Impact on Purported Sender Impact on Receiver Mitigation

Loss of reputation, valid Deployment of domain-


Email sent by unauthorized UBE and/or email containing
email from enterprise may based authentication
MTA in enterprise (e.g. malicious links may be
be blocked as possible techniques. Use of digital
malware botnet) delivered into user inboxes
spam/phishing attack. signatures over email.
The picture can't be displayed.

Loss of reputation, valid


UBE and/or email containing Deployment of domain-
Email message sent using email from enterprise may
malicious links may be based authentication
spoofed or unregistered be blocked as possible
delivered into user inboxes techniques. Use of digital
sending domain spam/phishing attack.
signatures over email.

UBE and/or email containing


Email message sent using Loss of reputation, valid Deployment of domain-
malicious links may be
forged sending address or email from enterprise may based authentication
delivered. Users may
email address (i.e. phishing, be blocked as possible techniques. Use of digital
inadvertently divulge
spear phishing) spam/phishing attack. signatures over email.
sensitive information or PII.

Table 19.3
Email Threats and Mitigations
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved. (Table can be found on page 587 in the textbook)
Threat Impact on Purported Sender Impact on Receiver Mitigation

Use of TLS to encrypt email


Leak of sensitive information,
Leak of sensitive information transfer between server. Use
Email modified in transit altered message may contain
or PII. of end-to-end email
malicious information
encryption.
The picture can't be displayed.

Disclosure of sensitive Use of TLS to encrypt email


Leak of sensitive information,
information (e.g. PII) via Leak of sensitive information transfer between server. Use
altered message may contain
monitoring and capturing of or PII. of end-to-end email
malicious information
email traffic encryption.

UBE and/or email containing


Unsolicited Bulk Email (i.e. None, unless purported
malicious links may be Techniques to address UBE.
spam) sender is spoofed.
delivered into user inboxes

DoS/DDoS attack against an Multiple mail servers, use of


Inability to send email. Inability to receive email.
enterprises’ email servers cloud-based email providers.

Table 19.3
Email Threats and Mitigations
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved. (Table can be found on page 587 in the textbook)
Counter Threat Protocols
• SP800-177 recommends use of a variety of standardized
protocols as a means for countering threats:
• STARTTLS
• An SMPT security extension that provides authentication,
integrity, non-repudiation and confidentiality for the entire SMTP
message by running SMTP over TLS
• S/MIME
• Provides authentication, integrity, non-repudiation and
confidentiality of the message body carried in SMTP messages
• DNS Security Extensions (DNSSEC)
• Provides authentication and integrity protection of DNS data, and
is an underlying tool used by various email security protocols
• DNS-based Authentication of Named Entities (DANE)
• Is designed to overcome problems in the certificate authority (CA)
system by providing an alternative channel for authenticating
public keys based on DNSSEC, with the result that the same trust
relationships used to certify IP addresses are used to certify
servers operating on those addresses
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Secure/Multipurpose Internet Mail
Extension (S/MIME)
• A security enhancement to the MIME Internet e-mail
format standard based on technology from RSA Data
Security

• The most important documents relevant to S/MIME


include:
• RFC 5750, S/MIME Version 3.2 Certificate Handling
• RFC 5751, S/MIME Version 3.2 Message Specification
• RFC 4134, Examples of S/MIME Messages
• RFC 2634, Enhanced Security Services for S/MIME
• RFC 5652, Cryptographic Message Syntax (CMS)
• RFC 3370, CMS Algorithms
• RFC 5752, Multiple Signatures in CMS
• RFC 1847, Security Multiparts for MIME –
Multipart/Signed and Multipart/Encrypted
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
(Table is on page 590 in the textbook)
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Authentication
• Provided by means of a digital signature
• The sender creates a message
• SHA-256 is used to generate a 256-bit message digest of the
message
• The message digest is encrypted with RSA using the sender’s
private key, and the result is appended to the message. Also
appended is identifying information for the signer, which will
enable the receiver to retrieve the signer’s public key
• The receiver uses RSA with the sender’s public key to decrypt
and recover the message digest
• The receiver generates a new message digest for the message
and compares it with the decrypted hash code. If the two
match, the message is accepted as authentic

• Detached signatures are supported


• A detached signature may be stored and
transmitted separately from the message it signs
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Confidentiality
• S/MIME provides confidentiality by encrypting messages
• Most commonly AES with a 128-bit key is used, with the cipher
block chaining (CBC) mode
• The key itself is also encrypted, typically with RSA
• Each symmetric key, referred to as a content-encryption
key, is used only once
• A new key is generated as a random number for each message
• Because it is to be used only once, the content-encryption key is
bound to the message and transmitted with it
• To protect the key, it is encrypted with the receiver’s public key
• To reduce encryption time, the combination of symmetric and
public-key encryption is used
• Only the recipient is able to recover the session key that is bound
to the message
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
E-mail Compatibility
• Many electronic mail systems only permit the use of
blocks consisting of ASCII text
• To accommodate this restriction, S/MIME provides the service
of converting the raw 8-bit binary stream to a stream of
printable ASCII characters
• The scheme used for this purpose is Base-64 conversion
• Each group of three octets of binary data is mapped into four ASCII
characters
• The Base64 algorithm blindly converts the input stream to Base64
format regardless of content, even if the input happens to be ASCII
text

• RFC 5751 recommends that even if outer 7-bit encoding is


not used, the original MIME content should be 7-bit
encoded
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Compression
• S/MIME offers the ability to compress a message

• This has the benefit of saving space both for email


transmission and for file storage

• Compression can be applied in any order with respect to


the signing and message encryption operations

• RFC 5751 provides these guidelines:


• Compression of binary encoded encrypted data is
discouraged, since it will not yield significant compression;
Base64 encrypted data could very well benefit, however
• If a lossy compression algorithm is used with signing, you
will need to compress first, then sign

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


S/MIME Message
Content Types
• Defined in RFC 5652, Cryptographic Message Syntax
• Data
• Refers to the inner MIME-encoded message content, which may then be encapsulated in a
SignedData, EnvelopedData, or CompressedData content type
• SignedData
• Used to apply a digital signature to a message
• EnvelopedData
• This consists of encrypted content of any type and encrypted content encryption keys for
one or more recipients
• CompressedData
• Used to apply data compression to a message
• Clear signing
• A digital signature is calculated for a MIME-encoded message and the two
parts, the message and signature, form a multipart MIME message
• Can be read and their signatures verified by email entities that do not
implement S/MIME

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Securing a MIME Entity
• S/MIME secures a MIME entity with a signature,
encryption, or both
• The MIME entity is prepared according to the
normal rules for MIME message preparation
• The MIME entity plus some security-related data,
such as algorithm identifiers and certificates, are
processed by S/MIME to produce what is known as
a PKCS object
• A PKCS object is then treated as message content
and wrapped in MIME

• In all cases the message to be sent is converted to


canonical form
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
EnvelopedData
• The steps for preparing an envelopedData MIME are:

Generate a pseudorandom session key for a particular


symmetric encryption algorithm

For each recipient, encrypt the session key with the recipient’s
public RSA key

For each recipient, prepare a block known as RecipientInfo


that contains an identifier of the recipient’s public-key
certificate, an identifier of the algorithm used to encrypt the
session key, and the encrypted session key

Encrypt the message content with the session key

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


SignedData
• The steps for preparing a
signedData MIME are:

Prepare a block
known as
Encrypt the SignerInfo
message digest that contains the
with the signer’s signer’s public-key
private key certificate, an
Compute the identifier of the
message digest message digest
(hash function) of algorithm, an
the content to be identifier of the
signed algorithm used to
Select a message encrypt the
digest algorithm message digest,
(SHA or MD5) and the encrypted
message digest

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Clear Signing
• Achieved using the multipart content type
with a signed subtype

• This signing process does not involve


transforming the message to be signed

• Recipients with MIME capability but not


S/MIME capability are able to read the
incoming message

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


S/MIME Certificate Processing
• S/MIME uses public-key certificates that conform
to version 3 of X.509

• S/MIME managers and/or users must configure


each client with a list of trusted keys and with
certificate revocation lists
• The responsibility is local for maintaining the
certificates needed to verify incoming signatures
and to encrypt outgoing messages

• The certificates are signed by certification


authorities

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


User Agent Role
• An S/MIME user has several key-management functions to
perform:
Certificate storage and
Key generation Registration
retrieval

The user of some related A user’s public key must be A user requires access to a
administrative utility must be registered with a certification local list of certificates in
capable of generating separate authority in order to receive an order to verify incoming
Diffie-Hellman and DSS key pairs X.509 public-key certificate signatures and to encrypt
and should be capable of outgoing messages
generating RSA key pairs

A user agent should generate


RSA key pairs with a length in
the range of 768 to 1024 bits
and must not generate a
length of less than 512 bits
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Enhanced Security Services
• RFC 2634 defines four enhanced security services for
S/MIME:
• Signed receipt
• Returning a signed receipt provides proof of delivery to the
originator of a message and allows the originator to
demonstrate to a third party that the recipient received the
message
• Security labels
• A set of security information regarding the sensitivity of the
content that is protected by S/MIME encapsulation
• Secure mailing lists
• An S/MIME Mail List Agent (MLA) can take a single incoming
message, perform the recipient-specific encryption for each
recipient, and forward the message
• Signing certificates
• This service is used to securely bind a sender’s certificate to
their signature through a signing certificate attribute
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Domain Name System
(DNS)
• A directory lookup service that provides a mapping
between the name of a host on the Internet and its
numeric IP address
• Is essential to the functioning of the Internet
• Is used by MUAs and MTAs to find the address of the
next hop server for mail delivery
• Is comprised of four elements:
• Domain name space
• DNS database
• Name servers
• Resolvers

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


DNS Database
• DNS is based on a hierarchical database containing
resource records (RRs) that include the name, IP
address, and other information about hosts

• The key features of the database are:


• Variable-depth hierarchy for names
• Distributed database
• Distribution controlled by the database
• Using this database, DNS servers provide a name-to-
address directory service for network applications
that need to locate specific servers
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Table 19.5 Resource Record Types

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved. (Table is on page 600 in the textbook)
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
DNSSEC
• DNS Security Extensions

• Provides end-to-end protection through the use of digital


signatures that are created by responding zone administrators
and verified by a recipient’s resolver software

• Avoids the need to trust intermediate name servers and resolvers


that cache or route the DNS records originating from the
responding zone administrator before they reach the source of
the query

• Consists of a set of new resource record types and modifications


to the existing DNS protocol

• Defined in these documents:


• RFC 4033, DNS Security Introduction and Requirements
• RFC 4034, Resource Records for the DNS Security Extensions
• RFC 4035, Protocol Modifications for the DNS Security Extensions
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
DNSSEC Operation
• In essence, DNSSEC is designed to protect DNS clients from
accepting forged or altered DNS resource records

• It does this by using digital signatures to provide:


• Data origin authentication
• Ensures that data has originated from the correct source
• Data integrity verification
• Ensures that the content of a RR has not been modified

• Trust in the public key of the source is established by


starting from a trusted zone and establishing the chain of
trust down to the current source of response through
successive verifications of signature of the public key of a
child by its parent
• The public key of the trusted zone is called the trust anchor

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Resource Records for
DNSSEC
• RFC 4034 defines four new DNS resource records:
• DNSKEY
• Contains a public key
• RRSIG
• A resource record digital signature
• NSEC
• Authenticated denial of existence record
• DS
• Delegation signer
• DNSSEC depends on establishing the authenticity of the DNS hierarchy leading to the domain
name in question, and thus its operation depends on beginning the use of cryptographic digital
signatures in the root zone
• The DS resource record facilitates key signing and authentication between DNS zones to
create an authentication chain from the root of the DNS tree down to a specific domain name
• To secure all DNS lookups DNSSEC uses the NSEC resource record to authenticate negative
responses to queries
• NSEC is used to identify the range of DNS names or resource record types that do not exist
among the sequence of domain names in a zone

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


DANE
Is a protocol to allow X.509
certificates, commonly
DNS-Based Authentication used for Transport Layer
of Named Entities Security (TLS) to be bound
to DNS names using
DNSSEC

The purpose of DANE is to


It is proposed in RFC 6698
replace reliance on the
as a way to authenticate
security of the CA system
TLS client and server
with reliance on the
entities without a
security provided by
certificate authority (CA)
DNSSEC
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Sender Policy Framework
(SPF)
• SPF is the standardized way for a sending domain
to identify and assert the mail senders for a given
domain
• RFC 7208 defines the SPF
• It provides a protocol by which ADMDs can
authorize hosts to use their domain names in the
“MAIL FROM” or “HELLO” identities

• SPF works by checking a sender’s IP address


against the policy encoded in any SPF record
found at the sending domain
• This means that SPF checks can be applied before
the message content is received from the sender
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Tag (Name) Description
v= (Version)
Version field that must be present as the first element. By default the value is always DMARC1.

Mandatory policy field. May take values none or quarantine or reject. This allows for a gradually tightening policy where the
p= (Policy) sender domain recommends no specific action on mail that fails DMARC checks (p=none), through treating failed mail as
suspicious (p=quarantine), to rejecting all failed mail (p=reject), preferably at the SMTP transaction stage.

Values are r (default) for relaxed and s for strict SPF domain enforcement. Strict alignment requires an exact match between
the From address domain and the (passing) SPF check must exactly match the MailFrom address (HELO address). Relaxed
aspf= (SPF Policy)
requires that only the From and MailFrom address domains be in alignment. For example, the MailFrom address domain
smtp.example.org and the From address [email protected] are in alignment, but not a strict match.

Table 19.7
Optional. Values are r (default) for relaxed and s for strict DKIM domain enforcement. Strict alignment requires an exact
adkim = (DKIM
match between the From domain in the message header and the DKIM domain presented in the d= DKIM tag. Relaxed
Policy)
requires only that the domain part is in alignment (as in aspf). DMARC Tag and
Value Descriptions
Optional. Ignore if a ruf argument is not also present. Value 0 indicates the receiver should generate a DMARC failure report if
all underlying mechanisms fail to produce an aligned pass result. Value 1 means generate a DMARC failure report if any
fo= (Failure
underlying mechanism produces something other than an aligned pass result. Other possible values are d (generate a DKIM
reporting options)
failure report if a signature failed evaluation), and s (generate an SPF failure report if the message failed SPF evaluation).
These values are not exclusive and may be combined.

ruf= Optional, but requires the fo argument to be present. Lists a series of URIs (currently just mailto:<emailaddress>) that list
where to send forensic feedback reports. This is for reports on message specific failures.

Optional list of URIs (like in ruf=, using the mailto: URI) listing where to send aggregate feedback back to the sender. These
rua=
reports are sent based on the interval requested using the ri= option, with a default of 86400 seconds if not listed.

ri= (Reporting
Optional with the default value of 86400 seconds. The value listed is the reporting interval desired by the sender.
interval)

Optional with the default value of 100. Expresses the percentage of a sender’s mail that should be subject to the given DMARC
pct= (Percent) policy. This allows senders to ramp up their policy enforcement gradually and prevent having to commit to a rigorous policy
before getting feedback on their existing policy.

sp= (Receiver Optional with a default value of none. Other values include the same range of values as the p= argument. This is the policy to
policy) be applied to mail from all identified subdomains of the given DMARC RR.

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved. (Table is on page 607 in the textbook)
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
DomainKeys Identified Mail (DKIM)
• A specification for cryptographically signing e-mail
messages, permitting a signing domain to claim
responsibility for a message in the mail stream

• Message recipients can verify the signature by


querying the signer’s domain directly to retrieve the
appropriate public key and can thereby confirm that
the message was attested to by a party in possession
of the private key for the signing domain

• Proposed Internet Standard RFC 6376

• Has been widely adopted by a range of e-mail


providers and Internet Service Providers (ISPs)
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
E-mail Threats
• RFC 4686 (Analysis of • Characterized on three levels
Threats Motivating of threat:
DomainKeys Identified
Mail) The most sophisticated and financially
motivated senders of messages are
• Describes the threats those who stand to receive substantial
financial benefit, such as from an e-mail
being addressed by based fraud scheme

DKIM in terms of the


characteristics, The next level are professional senders
of bulk spam mail and often operate as
capabilities, and commercial enterprises and send
messages on behalf of third parties
location of potential
attackers
At the low end are attackers who
simply want to send e-mail that a
recipient does not want to receive

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
DMARC
• Domain-Based Message Authentication,
Reporting, and Conformance

• Allows email senders to specify policy on how


their mail should be handled, the types of
reports that receivers can send back, and the
frequency those reports should be sent

• It is defined in RFC 7489 (Domain-based


Message Authentication, Reporting, and
Conformance, March 2015)
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Tag (Name) Description
v= (Version)
Version field that must be present as the first element. By default the value is always DMARC1.

Mandatory policy field. May take values none or quarantine or reject. This allows for a gradually tightening policy
where the sender domain recommends no specific action on mail that fails DMARC checks (p=none), through
p= (Policy)
treating failed mail as suspicious (p=quarantine), to rejecting all failed mail (p=reject), preferably at the SMTP
transaction stage.
The picture can't be displayed.

Values are r (default) for relaxed and s for strict SPF domain enforcement. Strict alignment requires an exact
match between the From address domain and the (passing) SPF check must exactly match the MailFrom address
aspf= (SPF
(HELO address). Relaxed requires that only the From and MailFrom address domains be in alignment. For
Policy)
example, the MailFrom address domain smtp.example.org and the From address [email protected] are in
alignment, but not a strict match.

Optional. Values are r (default) for relaxed and s for strict DKIM domain enforcement. Strict alignment requires
adkim = (DKIM
an exact match between the From domain in the message header and the DKIM domain presented in the d=
Policy)
DKIM tag. Relaxed requires only that the domain part is in alignment (as in aspf).

Optional. Ignore if a ruf argument is not also present. Value 0 indicates the receiver should generate a DMARC
fo= (Failure failure report if all underlying mechanisms fail to produce an aligned pass result. Value 1 means generate a
reporting DMARC failure report if any underlying mechanism produces something other than an aligned pass result. Other
options) possible values are d (generate a DKIM failure report if a signature failed evaluation), and s (generate an SPF
failure report if the message failed SPF evaluation). These values are not exclusive and may be combined.

Table 19.7
DMARC Tag and Value Descriptions
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved. (Table is on page 615 in the textbook)
Tag (Name) Description
Optional, but requires the fo argument to be present. Lists a series of URIs (currently just
ruf=
mailto:<emailaddress>) that list where to send forensic feedback reports. This is for reports on
message specific failures.
Optional list of URIs (like in ruf=, using the mailto: URI) listing where to send aggregate feedback
rua= back to the sender. These reports are sent based on the interval requested using the ri= option,
The picture can't be displayed.

with a default of 86400 seconds if not listed.

ri= (Reporting Optional with the default value of 86400 seconds. The value listed is the reporting interval
interval) desired by the sender.

Optional with the default value of 100. Expresses the percentage of a sender’s mail that should
be subject to the given DMARC policy. This allows senders to ramp up their policy enforcement
pct= (Percent)
gradually and prevent having to commit to a rigorous policy before getting feedback on their
existing policy.

Optional with a default value of none. Other values include the same range of values as the p=
sp= (Receiver
argument. This is the policy to be applied to mail from all identified subdomains of the given
policy)
DMARC RR.

Table 19.7
DMARC Tag and Value Descriptions

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved. (Table is on page 615 in the textbook)
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Summary
• Understand the basic
• Summarize the key functional mechanisms of STARTTLS
components of the Internet and its role in email security
mail architecture
• Understand the basic
• Explain the basic functionality mechanisms of DANE and its
of SMTP, POP3, and IMAP role in email security

• Explain the need for MIME as • Understand the basic


an enhancement to ordinary mechanisms of SPF and its
email role in email security

• Describe the key elements of • Understand the basic


MIME mechanisms of DKIM and its
role in email security
• Understand the functionality
of S/MIME and these security • Understand the basic
threats it addresses mechanisms of DMARC and
its role in email security
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Cryptography and
Network Security
Eighth Edition
by William Stallings

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Chapter 22
Cloud Security

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Cloud Computing
• NIST defines cloud computing, in NIST SP-800-145 (The
NIST Definition of Cloud Computing), as follows:

Cloud computing: A model for enabling ubiquitous,


convenient, on-demand network access to a shared
pool of configurable computing resources
(e.g., networks, servers, storage, applications, and
services) that can be rapidly provisioned and released
with minimal management effort or service provider
interaction. This cloud model promotes availability
and is composed of five essential characteristics,
three service models, and four deployment models

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Characteristics
Broad Rapid Measured On-Demand

Essential
Network Access Elasticity Service Self-Service

Resource Pooling

Software as a Service (SaaS)


Platform as a Service (PaaS)
Service
Models

Infrastructure as a Service (IaaS)


Deployment
Models

Public Private Hybrid Community

Figure 22.1 Cloud Computing Elements


© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Cloud Service Models
NIST defines three service
models, which can be viewed
as nested service alternatives:

Infrastructure
Software as a Platform as a as a service
service (SaaS) service (PaaS) (IaaS)

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Software as a Service
(SaaS)
• SaaS provides service to customers in the form of soft-
ware, specifically application software, running on and
accessible in the cloud

• SaaS enables the customer to use the cloud provider’s


applications running on the provider’s cloud infrastructure

• The applications are accessible from various client devices


through a simple interface such as a Web browser

• Instead of obtaining desktop and server licenses for


software products it uses, an enterprise obtains the same
functions from the cloud service

• The use of SaaS avoids the complexity of software


installation, maintenance, upgrades, and patches
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Platform as a Service
(PaaS)
• A PaaS cloud provides service to customers in the form of a
platform on which the customer’s applications can run

• PaaS enables the customer to deploy onto the cloud infrastructure


customer-created or acquired applications

• A PaaS cloud provides useful software building blocks, plus a


number of development tools, such as programming language
tools, run-time environments, and other tools that assist in
deploying new applications

• In effect, PaaS is an operating system in the cloud

• PaaS is useful for an organization that wants to develop new or


tailored applications while paying for the needed computing
resources only as needed and only for as long as needed

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Infrastructure as a Service
(IaaS)
• With IaaS, the customer has access to the resources of the underlying cloud infrastructure

• The cloud service user does not manage or control the resources of the underlying cloud
infrastructure but has control over operating systems, deployed applications, and
possibly limited control of select networking components

• IaaS provides virtual machines (VMs) and other virtualized hardware and operating
systems

• IaaS offers the customer processing, storage, networks, and other fundamental
computing resources so that the customer is able to deploy and run arbitrary software,
which can include operating systems and applications

• IaaS enables customers to combine basic computing services, such as number crunching
and data storage, to build highly adaptable computer systems

• Typically, customers are able to self-provision this infrastructure, using a Web- based
graphical user interface that serves as an IT operations management console for the
overall environment

• API access to the infrastructure may also be offered as an option

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Public Cloud

A public cloud infrastructure A public cloud may be


The cloud provider is
is made available to the owned, managed, and
responsible both for the
general public or a large operated by a business,
cloud infrastructure and for
industry group and is owned academic, or government
the control of data and
by an organization selling organization, or some
operations within the cloud
cloud services combination of them

Applications and storage are In a public cloud model, all


made available over the major components are
It exists on the premises of
Internet via secured IP, and outside the enterprise
the cloud service provider
can be free or offered at a firewall, located in a
pay-per-usage fee multitenant infrastructure

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Public Cloud
While public clouds are inexpensive
and scale to meet needs, they The public IaaS clouds do not
typically provide no or lower service necessarily provide for restrictions
level agreements (SLAs) and may not and compliance with privacy laws,
offer the guarantees against data loss which remain the responsibility of the
or corruption found with private or subscriber or corporate end user
hybrid cloud offerings

The principal concern is The major advantage of the


security public cloud is cost

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Private Cloud
• A private cloud is implemented within the internal IT environment
of the organization
• The organization may choose to manage the cloud in house or
contract the management function to a third party
• Additionally, the cloud servers and storage devices may exist on
premise or off premise
• Private clouds can deliver IaaS internally to employees or business
units through an intranet or the Internet via a virtual private
network (VPN), as well as software (applications) or storage as
services to its branch offices
• A key motivation for opting for a private cloud is security
• Other benefits include easy resource sharing and rapid
deployment to organizational entities
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Community Cloud
• A community cloud shares characteristics of private and public
clouds
• Like a private cloud, a community cloud has restricted access
• Like a public cloud, the cloud resources are shared among a
number of independent organizations
• The organizations that share the community cloud have similar
requirements and, typically, a need to exchange data with each
other
• A community cloud can be implemented to comply with
government privacy and other regulations
• The cloud infrastructure may be managed by the participating
organizations or a third party and may exist on premise or off
premise

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Hybrid Cloud

The hybrid cloud infrastructure is a


With a hybrid cloud solution,
composition of two or more clouds
sensitive information can be placed
(private, community, or public) that
in a private area of the cloud, and
remain unique entities but are
less sensitive data can take
bound together by standardized or
advantage of the benefits of the
proprietary technology that enables
public cloud
data and application portability

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Table 22.1 Comparison of Cloud Deployment Models

Private Community Public Hybrid


Scalability Limited Limited Very high Very high
Security Most secure Very secure Moderately secure Very secure
option
Performance Very good Very good Low to medium Good
Reliability Very high Very high Medium Medium to high
Cost High Medium Low Medium

(Table is on page 688 in the textbook)

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Cloud Computing
Reference Architecture
• A cloud computing reference architecture depicts a
generic high-level conceptual model for discussing
the requirements, structures, and operations of
cloud computing
• NIST SP 500-292 (NIST Cloud Computing Reference
Architecture) establishes a reference architecture,
described as follows:
• The NIST cloud computing reference architecture focuses
on the requirements of “what” cloud services provide, not
a “how to” design solution and implementation
• The reference architecture is intended to facilitate the
understanding of the operational intricacies in cloud
computing

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Cloud Provider
Cloud Service Orchestration Cloud Cloud
Consumer Service Layer Service Broker
Management
SaaS
Service
PaaS Intermediation
Cloud Business
Auditor Support

Security

Privacy
IaaS Service
Security Aggregation
Resource Abstraction Provisioning/
Audit
and Control Layer Configuration Service
Privacy Physical Resource Layer Arbitrage
Impact Audit
Hardware Portability/
Performance Interoperability
Facility
Audit

Cloud Carrier

Figure 22.5 NIST Cloud Computing Reference Architecture

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Governance
Extend organizational practices pertaining to the policies, procedures, and standards used for
application development and service provisioning in the cloud, as well as the design, implementation,
testing, use, and monitoring of deployed or engaged services.
Put in place audit mechanisms and tools to ensure organizational practices are followed throughout
the system lifecycle.

Compliance
Understand the various types of laws and regulations that impose security and privacy obligations
Table 22.2
on the organization and potentially impact cloud computing initiatives, particularly those involving data
location, privacy and security controls, records management, and electronic discovery requirements.
Review and assess the cloud provider’s offerings with respect to the organizational requirements to
be met and ensure that the contract terms adequately meet the requirements.
NIST Guidelines
Ensure that the cloud provider’s electronic discovery capabilities and processes do not compromise the
privacy or security of data and applications.
on Cloud Security
and Privacy
Trust
Ensure that service arrangements have sufficient means to allow visibility into the security and Issues and
privacy controls and processes employed by the cloud provider, and their performance over time.
Establish clear, exclusive ownership rights over data. Recommendations
Institute a risk management program that is flexible enough to adapt to the constantly evolving and
shifting risk landscape for the lifecycle of the system.
Continuously monitor the security state of the information system to support ongoing risk
management decisions.

Architecture
Understand the underlying technologies that the cloud provider uses to provision services, including
the implications that the technical controls involved have on the security and privacy of the system, over
the full system lifecycle and across all system components.

Identity and access management


Ensure that adequate safeguards are in place to secure authentication, authorization, and other
identity and access management functions, and are suitable for the organization.

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved. (Table is on pages 692-693 in the textbook)
Software isolation
Understand virtualization and other logical isolation techniques that the cloud provider employs in
its multi-tenant software architecture, and assess the risks involved for the organization.
Data protection
Evaluate the suitability of the cloud provider’s data management solutions for the organizational
data concerned and the ability to control access to data, to secure data while at rest, in transit, and in use,
and to sanitize data.
Take into consideration the risk of collating organizational data with those of other organizations
whose threat profiles are high or whose data collectively represent significant concentrated value.
Fully understand and weigh the risks involved in cryptographic key management with the facilities
available in the cloud environment and the processes established by the cloud provider.
Availability
Understand the contract provisions and procedures for availability, data backup and recovery, and
disaster recovery, and ensure that they meet the organization’s continuity and contingency planning
requirements.
Ensure that during an intermediate or prolonged disruption or a serious disaster, critical operations
can be immediately resumed, and that all operations can be eventually reinstituted in a timely and
organized manner.

Incident response
Understand the contract provisions and procedures for incident response and ensure that they meet
the requirements of the organization.
Ensure that the cloud provider has a transparent response process in place and sufficient
mechanisms to share information during and after an incident.
Ensure that the organization can respond to incidents in a coordinated fashion with the cloud
provider in accordance with their respective roles and responsibilities for the computing environment.

Table 22.2
NIST Guidelines on Cloud Security and Privacy Issues and Recommendations

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved. (Table is on pages 692-693 in the textbook)
1. Data Breaches

2. Weak Identity, Credential and Access


Management

3. Insecure APIs
The Cloud Security
4. System and Application Vulnerabilities
Alliance lists 12 top
5. Account Hijacking
cloud-specific
security threats, in 6. Malicious Insiders

decreasing order 7. Advanced Persistent Threats (APTs)

of severity: 8. Data Loss

9. Insufficient Due Diligence

10. Abuse and Nefarious Use of Cloud


Services

11. Denial-of-Service

12. Shared Technology Vulnerabilities


© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
STRIDE Threat Model
• STRIDE is a threat classification system developed by Microsoft
that is a useful way of categorizing attacks that arise from
deliberate actions
• Spoofing identity: An example of identity spoofing is illegally
accessing and then using another user’s authentication information,
such as username and password
• Security controls to counter such threats are in the area of authentication

• Tampering with data: Data tampering involves the malicious


modification of data. Examples include unauthorized changes made
to persistent data, such as that held in a database, and the alteration
of data as it flows between two computers over an open network,
such as the Internet
• Relevant security controls are in the area of integrity

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


STRIDE Threat Model
• Repudiation: Repudiation threats are associated with users who deny
performing an action without other parties having any way to prove
otherwise
• Relevant security controls are in the area of non-repudiation, which refers
to the ability of a system to counter repudiation threats. For example, a
user who purchases an item might have to sign for the item upon receipt.
The vendor can then use the signed receipt as evidence that the user did
receive the package

• Information disclosure: Information disclosure threats involve the


exposure of information to individuals who are not supposed to have
access to it—for example, the ability of users to read a file that they
were not granted access to, or the ability of an intruder to read data
in transit between two computers
• Relevant security controls are in the area of confidentiality

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


STRIDE Threat Model

• Denial-of-Service: Denial-of-Service (DoS) attacks deny service to


valid users—for example, by making a Web server temporarily
unavailable or unusable
• Relevant security controls are in the area of availability

• Elevation of privilege: In this type of threat, an unprivileged user


gains privileged access and thereby has sufficient access to
compromise or destroy the entire system. Elevation of privilege
threats include those situations in which an attacker has effectively
penetrated all system defenses and become part of the trusted
system itself
• Relevant security controls are in the area of authorization

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Table 22.3 Mapping Between Clout Threats and the STRIDE Model
S T R I D E
Data Breaches P
Weak Identity, Credential and Access P P P P P P
Management
Insecure APIs P P P P
System Vulnerabilities P P P P P P
Account Hijacking P P P P P P
Malicious Insiders P P P
Advanced Persistent Threats (APTs) P P
Data Loss P P
Insufficient Due Diligence P P P P P P
Abuse and Nefarious Use of Cloud Services P
Denial of Service P
Shared Technology Vulnerabilities P P

S = Spoofing identity I = Information disclosure


T = Tampering with data D = Denial of service
R = Repudiation E = Elevation of privilege.

(Table is on page 695 in the textbook)

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Data Breaches
• A data breach is an incident in which sensitive,
protected, or confidential information is
released, viewed, stolen, or used by an
individual who is not authorized
• The threat of data compromise increases in
the cloud
• This is due to the number of, and interactions
between, risks and challenges that are either
unique to the cloud or more dangerous because
of the architectural or operational characteristics
of the cloud environment
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Data Breaches
• Database environments used in cloud computing
can vary significantly
• Multi-instance model
• Provides a unique DBMS running on a VM instance for
each cloud subscriber
• This gives the subscriber complete control over role
definition, user authorization, and other administrative
tasks related to security
• Multitenant model
• Provides a predefined environment for the cloud
subscriber that is shared with other tenants typically
through tagging data with a subscriber identifier
• Tagging gives the appearance of exclusive use of the
instance, but relies on the cloud provider to establish
and maintain a sound secure database environment
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Data Breaches
• Data must be secured while at rest, in transit, and in
use, and access to the data must be controlled
• The client can employ encryption to protect data in transit,
though this involves key management responsibilities for the
CSP
• The client can enforce access control techniques but the CSP
is involved to some extent depending on the service model
used
• For data at rest, the ideal security measure is for the client to
encrypt the database and only store encrypted data in the
cloud, with the CSP having no access to the encryption key
• So long as the key remains secure, the CSP has no ability to
decipher the data, although corruption and other DoS attacks
remain a risk

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Identity and Access
Management (IAM)
• Includes people, processes, and systems that are used to manage
access to enterprise resources by assuring that the identity of an
entity is verified, and then granting the correct level of access
based on this assured identity
• Identity provisioning
• Providing access to identified users and subsequently denying access to
users when the client enterprise designates such users as no longer having
access to enterprise resources in the cloud
• Another aspect of identity management is for the cloud to participate
in the identity management scheme used by the client enterprise
• The cloud service provider must be able to exchange identity attributes
with the enterprise’s chosen identity provider

• The access management portion of IAM involves authentication and


access control services
• The access control requirements in SPI environments include establishing
trusted user profile and policy information, using it to control access within
the cloud service, and doing this in an auditable way

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Insecure APIs
• CSPs expose a set of software interfaces or APIs that
customers use to manage and interact with cloud services

• The security and availability of general cloud services are


dependent upon the security of these basic APIs

• From authentication and access control to encryption and


activity monitoring, these interfaces must be designed to
protect against both accidental and malicious attempts to
circumvent policy

• Countermeasures include:
(1) Analyzing the security model of CSP interfaces
(2) Ensuring that strong authentication and access controls are
implemented in concert with encrypted transmission
(3) Understanding the dependency chain associated with the API

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


System Vulnerabilities
The term system vulnerabilities
refers to exploitable bugs or
weakness in the operating
system and other system
software on platforms that
constitute the cloud
infrastructure

Countering system
vulnerabilities is an
ongoing technical and System vulnerabilities can
management process that be exploited by hackers
involves and malicious software
•Risk analysis and management across a shared cloud
•Regular vulnerability detection environment
•Patch management
•IT staff training

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Account Hijacking
• Account or service hijacking remains a top threat

• With stolen credentials, attackers can often access critical areas of


deployed cloud computing services, allowing them to compromise the
confidentiality, integrity, and availability of those services

• The concern is heightened in the context of cloud computing because:


• There is additional attack surface exposure due to increased complexity and
dynamic infrastructure allocation
• New APIs/interfaces are emerging that are untested
• The consumer’s account, if hijacked, may be used to steal information,
manipulate data, and defraud others, or to attack other tenants as an insider in
the multi-tenancy environment

• Countermeasures include the following


(1) Prohibit the sharing of account credentials between users and services
(2) Leverage strong two-factor authentication techniques where possible
(3) Employ proactive monitoring to detect unauthorized activity
(4) Understand CSP security policies and SLAs
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Malicious Insiders
• Under the cloud computing paradigm, an organization
relinquishes direct control over many aspects of security and, in
doing so, confers an unprecedented level of trust onto the CSP
• One grave concern is the risk of malicious insider activity
• Cloud architectures necessitate certain roles that are extremely high
risk
• Examples include CSP system administrators and managed security
service providers

• Countermeasures include the following:


(1) Enforce strict supply chain management and conduct a comprehensive
supplier assessment
(2) Specify human resource requirements as part of legal contract
(3) Require transparency into overall information security and
management practices, as well as compliance reporting
(4) Determine security breach notification processes

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Advanced Persistent Threats
(APT)

APT attacks
A network attack APTs differ from
target
in which an other types of
The intention of organizations in
unauthorized attack by their
an APT attack is sectors with
person gains careful target
to steal data high-value
access to a selection, and
rather than to information,
network and persistent, often
cause damage to such as national
stays there stealthy,
the network or defense,
undetected for a intrusion efforts
organization manufacturing,
long period of over extended
and the financial
time periods
industry

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Advanced Persistent Threats
(APT)
Threat intelligence is helping
organizations understand the risks
of the most common and severe
external threats, such as advanced
persistent threats (APTs), exploits,
and zero-day threats
The principle countermeasure for
such threats is the effective use of
threat intelligence
Threat intelligence includes in-depth
information about specific threats
to help an organization protect
itself from the types of attacks that
could do them the most damage

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Data Loss

This may be
supplemented by a
cloud-to-premise
To counter this threat, backup so that a recent
the CSC should be copy is available at the
assured that the CSP has customer site
Data loss refers to the a thorough redundancy
permanent loss of CSC scheme with regular
data that are stored in backups, including
the cloud through geographic redundancy
accidental or malicious
deletion of data and
backup copies from
cloud storage

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Categories of Due Diligence

Verify the CSP’s due


Verify infrastructure Verify certification Verify data protection
diligence
•The CSPs infrastructure •At minimum, the CSP •The CSP must •The CSP should be able
consists of facilities, should demonstrate document and, as to document a
hardware, system and that it is in compliance appropriate, comprehensive and
application software, with all relevant demonstrate that it is integrated set of
core connectivity, and security and privacy doing its own due security controls to
external network laws and regulations diligence to ensure that ensure against data
interfaces •In addition, the CSP its equipment, breaches and data loss
•The CSP should rely on should follow industry networks, and
standardized, best practices as protocols actually work
enterprise class documented in through a broad
equipment, and numerous NIST spectrum of scenarios,
software with documents, both ordinary and
documented specifications from the catastrophic
integration schemes Cloud Security Alliance,
and various industry
and standards
organization
specifications

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Abuse and Nefarious Use
of Cloud Services
• For many CSPs, it is relatively easy for a CSC to register and begin
using cloud services, some even offering free limited trial periods;
this enables attackers to get inside the cloud to conduct various
attacks, such as spamming, malicious code attacks, and DoS
• PaaS providers have traditionally suffered most from this kind of
attack; however, recent evidence shows that hackers have begun
to target IaaS vendors as well
• The burden is on the CSP to protect against such attacks, but
CSCs must monitor activity with respect to their data and
resources to detect any malicious behavior
• Countermeasures include:
(1) Stricter initial registration and validation processes
(2) Enhanced credit card fraud monitoring and coordination
(3) Comprehensive introspection of customer network traffic
(4) Monitoring public blacklists for one’s own network blocks

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Denial-of-Service
• By the nature of the service it provides, a public CSP
has to be exposed to the Internet and other public
networks, its presence advertised, and its interfaces
well-defined
• These factors make CSPs a logical target for DoS
attacks
• Such attacks can prevent, for a time, a CSC from
accessing their data or their applications
• The countermeasure for such attacks is for the CSP
(1) To perform ongoing threat intelligence to be aware of the
nature of potential attacks and the potential vulnerabilities in
their cloud
(2) To deploy automated tools to spot and defend the core cloud
services from such attacks
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Shared Technology
Vulnerabilities
• IaaS vendors deliver their services in a scalable way by
sharing infrastructure
• Often, the underlying components that make up this
infrastructure (CPU caches, GPUs, etc.) were not designed to
offer strong isolation properties for a multi-tenant architecture

• Countermeasures include the following:


(1) Implement security best practices for installation/configuration
(2) Monitor environment for unauthorized changes/ activity
(3) Promote strong authentication and access control for
administrative access and operations
(4) Enforce SLAs for patching and vulnerability remediation
(5) Conduct vulnerability scanning and configuration audits
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Encryption

E-mail security

Data loss Security assessments


prevention Security information and
event management
Business continuity and
disaster recovery

Web security
Intrusion
management

Identity and access management


Network security

Cloud service clients and adversaries

Figure 22.8 Elements of Cloud Security as a Service

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


OpenStack
• OpenStack is an open source software project of the OpenStack Foundation that aims
to produce an open source cloud operating system

• The principal objective is the enable creating and managing huge groups of virtual
private servers in a cloud computing environment

• OpenStack is embedded, to one degree or another, into data center infrastructure and
cloud computing products offered by Cisco, IBM, Hewlett-Packard, and other vendors

• It provides multi-tenant IaaS, and aims to meet the needs of public and private clouds
regardless of size

• The OpenStack OS consists of a number of independent modules, each of which has a


project name and a functional name

• Typically the components are configured together to provide a comprehensive IaaS


capability

• The modular design is such that the components are generally capable of being used
independently

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


OpenStack
• The security module for OpenStack is Keystone

• Keystone provides the shared security services


essential for a functioning cloud computing
infrastructure

• It provides the following main services:


• Identity
• Token
• Service catalog
• Policies

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Summary
• Present an overview of
• Understand the
cloud computing
unique security
concepts
issues related to
cloud computing
• List and define the
principal cloud services
• Describe Cloud
Security as a Service
• List and define the
cloud deployment
• Understand the
models
OpenStack security
module for cloud
• Explain the NIST cloud
security
computing reference
architecture

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Cryptography and
Network Security
Eighth Edition
by William Stallings

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Chapter 23
Internet of Things (IoT) Security

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


The Internet of Things
• The Internet of Things (IoT) is a term that refers to the
expanding interconnection of smart devices

• A dominant theme is the embedding of short-range mobile


transceivers into a wide array of gadgets and everyday
items, enabling new forms of communication between
people and things, and between things themselves

• The Internet now supports the interconnection of billions


of industrial and personal objects, usually through cloud
systems

• The objects deliver sensor information, act on their


environment, and in some cases modify themselves, to
create overall management of a larger system

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


IoT
• The IoT is primarily driven by deeply embedded
devices
• These devices are low-bandwidth, low-repetition data
capture and low-bandwidth data-usage appliances
that communicate with each other and provide data
via user interfaces
• Embedded appliances, such as high-resolution video
security cameras, video VoIP phones, and a handful of
others, require high-bandwidth streaming capabilities
• Countless products simply require packets of data to
be intermittently delivered

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Evolution
• The Internet has gone through roughly four generations of deployment
culminating in the IoT:
1. Information technology (IT): PCs, servers, routers, firewalls, and so on,
bought as IT devices by enterprise IT people, primarily using wired
connectivity
2. Operational technology (OT): Machines/appliances with embedded IT built by
non-IT companies, such as medical machinery, SCADA (supervisory control
and data acquisition), process control, and kiosks, bought as appliances by
enterprise OT people and primarily using wired connectivity
3. Personal technology: Smartphones, tablets, and eBook readers bought as IT
devices by consumers (employees) exclusively using wireless connectivity
and often multiple forms of wireless connectivity
4. Sensor/actuator technology: Single-purpose devices bought by consumers,
IT, and OT people exclusively using wireless connectivity, generally of a single
form, as part of larger systems

• It is the fourth generation that is usually thought of as the IoT, and which
is marked by the use of billions of embedded devices

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
IoT and RFID
• Radio-Frequency Identification (RFID)

• RFID technology, which uses radio waves to identify


items, is increasingly becoming an enabling
technology for IoT

• The main elements of an RFID system are tags and


readers
• RFID tags are small programmable devices used for object,
animal, and human tracking
• They come in a variety of shapes, sizes, functionalities, and
costs
• RFID readers acquire and sometimes rewrite information
stored on RFID tags that come within operating range
• Readers are usually connected to a computer system that
records and formats the acquired information for further uses
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Edge
• At the edge of a typical enterprise network is a
network of IoT-enabled devices, consisting of
sensors and perhaps actuators
• These devices may communicate with one another

• A gateway interconnects the IoT-enabled devices


with the higher-level communication networks
• It performs the necessary translation between the
protocols used in the communication networks and
those used by devices
• It may also perform a basic data aggregation function

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Fog
Rather than store all of that data
permanently (or at least for a
In many IoT deployments,
long period) in central storage
massive amounts of data may be
accessible to IoT applications, it is
generated by a distributed
often desirable to do as much
network of sensors
data processing close to the
sensors as possible

The purpose of what is


Processing elements at these
sometimes referred to as the
level may deal with high volumes
edge computing level is to
of data and perform data
convert network data flows into
transformation operations,
information that is suitable for
resulting in the storage of much
storage and higher level
lower volumes of data
processing
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Fog
• The following are examples of fog computing operations:

• Evaluation: Evaluating data for criteria as to whether it should be


processed at a higher level

• Formatting: Reformatting data for consistent higher-level


processing

• Expanding/decoding: Handling cryptic data with additional


context (such as the origin)

• Distillation/reduction: Reducing and/or summarizing data to


minimize the impact of data and traffic on the network and
higher-level processing systems

• Assessment: Determining whether data represents a threshold or


alert; this could include redirecting data to additional destinations
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Core
• The core network, also referred to as a backbone network,
connects geographically dispersed fog networks as well as
provides access to other networks that are not part of the
enterprise network

• Typically, the core network will use very high performance


routers, high-capacity transmission lines, and multiple
interconnected routers for increased redundancy and
capacity

• The core network may also connect to high-performance,


high-capacity servers, such as large database servers and
private cloud facilities

• Some of the core routers may be purely internal, providing


redundancy and additional capacity without serving as edge
routers
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Cloud
The cloud network provides storage
and processing capabilities for the
massive amounts of aggregated data
that originate in IoT-enabled devices
at the edge

Cloud servers also host the


applications that interact with and
manage the IoT devices and that
analyze the IoT-generated data

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Table 23.1 Comparison of Cloud and Fog Features

Cloud Fog
Location of Center Edge
processing/storage resources
Latency High Low
Access Fixed or wireless Mainly wireless
Support for mobility Not applicable Yes
Control Centralized/hierarchical (full Distributed/hierarchical
control) (partial control)
Service access Through core At the edge/on handheld
device
Availability 99.99% Highly volatile/highly
redundant
Number of users/devices Tens/hundreds of millions Tens of billions
Main content generator Human Devices/sensors
Content generation Central location Anywhere
Content consumption End device Anywhere
Software virtual Central enterprise servers User devices
infrastructure

(Table is on page 712 in the textbook)


© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Development Issues
• Very large attack surfaces • Safety aspects
• Limited device resources • Low cost
• Complex ecosystem • Lack of expertise
• Fragmentation of • Security updates
standards and
regulations • Insecure programming
• Widespread deployment • Unclear liabilities
• Security integration

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


IoT Security Objectives
• Restricting logical access to the IoT network
• This may include: using unidirectional gateways, using firewalls to
prevent network traffic from passing directly between the corporate
and IoT networks, and having separate authentication mechanisms
and credentials for users of the corporate and IoT networks
• An IoT system should also use a network topology that has multiple
layers, with the most critical communications occurring in the most
secure and reliable layer

• Restricting physical access to IoT network and components


• A combination of physical access controls should be used, such as
locks, card readers, and/or guards

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


IoT Security Objectives
• Protecting individual IoT components from exploitation
• This includes deploying security patches in as expeditious a manner
as possible, after testing them under field conditions; disabling all
unused ports and services and assuring that they remain disabled;
restricting IoT user privileges to only those that are required for each
person’s role; tracking and monitoring audit trails; and using security
controls such as antivirus software and file integrity checking
software where technically feasible

• Preventing unauthorized modification of data.


• This includes data that are in transit (at least across the network
boundaries) and at rest

• Detecting security events and incidents


• The object is to detect security events early enough to break the
attack chain before attackers attain their objectives. This includes the
capability to detect failed IoT components, unavailable services, and
exhausted resources that are important to provide proper and safe
functioning of an IoT system

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


IoT Security Objectives
• Maintaining functionality during adverse conditions
• This involves designing IoT systems so that each critical component
has a redundant counterpart
• If a component fails, it should fail in a manner that does not generate
unnecessary traffic on IoT or other networks, or does not cause
another problem elsewhere
• IoT system should also allow for graceful degradation such as moving
from normal operation with full automation to emergency operation
with operators more involved and less automation to manual
operation with no automation

• Restoring the system after an incident


• Incidents are inevitable and an incident response plan is essential
• A major characteristic of a good security program is how quickly the
IoT system can be recovered after an incident has occurred

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Tamper Resistance and
Detection
Tampering

•An unauthorized modification that alters the intended


functioning of a system or device in a way that degrades the
security it provides

Tamper resistant

•A characteristic of a system component that provides


passive protection against an attack

Tamper detection

•Techniques to ensure that the overall system is made aware


of unwanted physical access

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Tamper Resistance
• The common approach to tamper resistance is to
use specialized physical construction materials to
make tampering with a fog node difficult
• Examples include hardened steel enclosures, locks,
and security screws

• A second category of tamper resistance is the


deterrence of tampering by ensuring that
tampering leaves visible evidence behind
• Examples include special seals and tapes that make it
obvious when there has been physical tampering

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Tamper Detection
• Mechanisms for tamper detection include:
• Switches
• A variety of switches, such as mercury switches, magnetic
switches, and pressure contacts can detect the opening of a
device, the breach of a physical security boundary, or the
movement of a device

• Sensors
• Temperature and radiation sensors can detect environmental
changes. Voltage and power sensors can detect electrical attacks

• Circuitry
• It is possible to wrap components with flexible circuitry,
resistance wire, or fiber optics so as to detect a puncture or break

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Security Requirements
Communication security:
•Secure, trusted, and privacy-protected
communication capability is required so
that unauthorized access to the
content of data can be prohibited,
integrity of data can be guaranteed,
and privacy-related content of data can
be protected during data transmission
or transfer in IoT Data management security:
Security audit: •Secure, trusted, and privacy-
protected data management
•Security audit is required to be capability is required so that
supported in IoT. Any data access or unauthorized access to the content
attempt to access IoT applications of data can be prohibited, integrity of
are required to be fully transparent, data can be guaranteed, and privacy-
traceable, and reproducible related content of data can be
according to appropriate regulation protected when storing or processing
and laws data in IoT

Mutual authentication and Service provision security:


authorization: •Secure, trusted, and privacy-
•Before a device can access the IoT, protected service provision capability
mutual authentication and is required, so that unauthorized
authorization between the device access to service and fraudulent
and IoT is required to be performed service provision can be prohibited
according to predefined security and privacy information related to IoT
policies users can be protected

Integration of security policies


and techniques:
•The ability to integrate different
security policies and techniques is
required to ensure a consistent security
control over the variety of devices and
user networks in IoT

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
MINISec
• An open-source security module that is part of the TinyOS
operating system
• TinyOS is designed for small embedded systems with tight
requirements on memory, processing time, real-time response, and
power consumption

• MiniSec is designed to be a link-level module that offers a


high level of security, while simultaneously keeping energy
consumption low and using very little memory

• MiniSec provides confidentiality, authentication, and replay


protection

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


MINISec
• MiniSec has two operating modes:
• One tailored for single-source communication
• One tailored for multi-source broadcast communication

• MiniSec is designed to meet the following


requirements:
• Data authentication
• Confidentiality
• Replay protection
• Freshness
• Low energy overhead
• Resilient to lost messages
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Skipjack
• Encryption algorithm used by MiniSec

• Was developed in the 1990s by the U.S. National


Security Agency (NSA)
• Is one of the simplest and fastest block cipher
algorithms, which is critical to embedded systems
• Makes use of an 80-bit key

• With its efficient computation and low memory


footprint, Skipjack is an attractive choice for IoT
devices
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Operating Modes
• MiniSec has two operating modes: unicast (MiniSec-U) and broadcast (MiniSec-B)

• Both schemes use OCB with a counter that is input along with the plaintext into the
encryption algorithm

• The least significant bits of the counter are also sent as plaintext to enable
synchronization

• For both modes, data are transmitted in packets

• Each packet includes the encrypted data block, the OCB authentication tag, and the
MiniSec counter

• MiniSec-U employs synchronized counters, which require the receiver to keep a local
counter for each sender

• Once a receiver observes a counter value, it rejects packets with an equal or smaller
counter value; therefore, an attacker cannot replay any packet that the receiver has
previously received
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Operating Modes
• MiniSec-U cannot be directly used to secure broadcast communication
• It would be too expensive to run the counter resynchronization protocol
among many receivers
• If a node were to simultaneously receive packets from a large group of sending
nodes, it would need to maintain a counter for each sender, resulting in high
memory overhead

• Instead, it uses two mechanisms, a timing-based approach and a bloom-


filter approach, that defend against replay attacks

• The timing approach is augmented with a bloom-filter approach in order


to prevent replay attacks inside the current epoch

• Every time that a node receives a message, it checks if it belongs to its


bloom filter

• If the message is not replayed, it is stored in the bloom filter; else, the
node drops it

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
algorithm OCB-EncryptK(N, M) algorithm OCB-DecryptK(N, M)
Partition M into M[1]…M[m] Partition M into M[1]…M[m]
L ¬ L(0) ¬ EK(0n) L ¬ L(0) ¬ EK(0n)
R ¬ EK(N Å L) R ¬ EK(N Å L)
for i ¬ 1 to m do L(i) ¬ 2 × L(i – 1) for i ¬ 1 to m do L(i) ¬ 2 × L(i – 1)
L(–1) = L × 2–1 L(–1) = L × 2–1
Z[1] ¬ L Å R Z[1] ¬ L Å R
for i ¬ 2 to m do Z[i] ¬ Z[i – 1] Å L(ntz(i)) for i ¬ 2 to m do Z[i] ¬ Z[i – 1] Å L(ntz(i))
for i ¬ 1 to m – 1 do for i ¬ 1 to m – 1 do
C[i] ¬ EK(M[i] Å Z[i]) Å Z[i] M[i] ¬ DK(C[i] Å Z[i]) Å Z[i]
X[m] ¬ len(M[m]) Å L(–1) Å Z[m] X[m] ¬ len(M[m]) Å L(–1) Å Z[m]
Y[m] ¬ EK(X[m]) Y[m] ¬ EK(X[m])
C[m] ¬ M[m] Å (first len(M[m]) bits of Y[m]) M[m] ¬ (first len(C[m]) bits of Y[m]) Å C[m]
Checksum ¬ Checksum ¬
M[1] Å … Å M[m – 1] Å C[m]0* Å Y[m] M[1] Å … Å M[m – 1] Å C[m]0* Å Y[m]
Tag ¬ EK(Checksum Å Z[m]) [first t bits] Tag' ¬ EK(Checksum Å Z[m]) [first t bits]

Figure 23.7 OCB Algorithms

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Summary
• Explain the scope of • Define the patching
the Internet of Things vulnerability
• List and discuss the • Explain the IoT
five principal Security Framework
components of
IoT-enabled things • Understand the
MiniSec security
• Understand the feature for wireless
relationship between sensor networks
cloud computing and
IoT

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


User Authentication
October 20, 2022 12:44 PM

https://pgptool.org/

Session 5 Page 1
Session 5 Page 2
https://www.computerhistory.org/timeline/1946/
1946, 1957, 1977

Session 5 Page 3
Session 5 Page 4
Session 5 Page 5
https://cybermap.kaspersky.com/

https://www.bloorresearch.com/technology/encryptio
n/

Session 5 Page 6
Session 5 Page 7
Session 5 Page 8
Session 5 Page 9
Session 5 Page 10
Session 5 Page 11
Session 5 Page 12
Session 5 Page 13
Session 5 Page 14
Session 5 Page 15
http://www.formaestudio.com/rijnd
aelinspector/

Session 5 Page 16
Session 5 Page 17
Session 5 Page 18
Session 5 Page 19
Session 5 Page 20
https://csrc.nist.gov/projects/hash-
functions
Session 5 Page 21
functions

Session 5 Page 22
Session 5 Page 23
https://www.passwordsgenerators.net/sha256-hash-generator/

Session 5 Page 24
Session 5 Page 25
Session 5 Page 26
Complexity Length
3 1

Session 5 Page 27
Source: https://www.linkedin.com/learning/learning-cryptography-and-network-security-2/providing-
security-services?autoplay=true&resume=false&u=2218586

Session 5 Page 28
Week 9
November 17, 2022 11:28 AM

Session 5 Page 1
Session 5 Page 2
Session 5 Page 3
Session 5 Page 4
Session 5 Page 5
Session 5 Page 6
http://www.digitalattackmap.com

Session 5 Page 7
Session 5 Page 8
Session 5 Page 9
Session 5 Page 10
Session 5 Page 11
Session 5 Page 12
This is how hackers hack you using simple social engineering

Session 5 Page 13
Session 5 Page 14
Session 5 Page 15
Session 5 Page 16
Session 5 Page 17
Session 5 Page 18
Session 5 Page 19
Session 5 Page 20
Session 5 Page 21
Session 5 Page 22
Session 5 Page 23
Session 5 Page 24
Session 5 Page 25
https://informationisbeautiful.
net/visualizations/worlds-
biggest-data-breaches-hacks/

Session 5 Page 26
Session 5 Page 27
Session 5 Page 28
Session 5 Page 29
Session 5 Page 30
Session 5 Page 31
Session 5 Page 32
Session 5 Page 33
https://www.nytimes.com/interactive/2017/05/12/world/europe/wannacry -ransomware-map.html

Session 5 Page 34
https://support.google.com/chrome/answer/95617?hl=en

Session 5 Page 35
Session 5 Page 36
Session 5 Page 37
Session 5 Page 38
about:preferences#privacy

Session 5 Page 39
Session 5 Page 40
Session 5 Page 41
Session 5 Page 42
Session 5 Page 43
Session 5 Page 44
Session 5 Page 45
Session 5 Page 46
Session 5 Page 47
Session 5 Page 48
Cryptography and
Network Security
Eighth Edition
by William Stallings

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Chapter 17
Transport-Level Security

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Objectives

© 2020 Pearson Education, Inc.,


Hoboken, NJ. All rights reserved.
Web Security Considerations
• The World Wide Web is fundamentally a client/server
application running over the Internet and TCP/IP intranets
• The following characteristics of Web usage suggest the
need for tailored security tools:
• Web servers are relatively easy to configure and manage
• Web content is increasingly easy to develop
• The underlying software is extraordinarily complex
• May hide many potential security flaws
• A Web server can be exploited as a launching pad into
the corporation’s or agency’s entire computer complex
• Casual and untrained (in security matters)
users are common clients for Web-based
services
• Such users are not necessarily aware of the security
risks that exist and do not have the tools or
knowledge to take effective countermeasures
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Table 17.1 A Comparison of Threats on the Web

Threats Consequences Countermeasures


Integrity •Modification of user data •Loss of information Cryptographic
•Trojan horse browser •Compromise of checksums
•Modification of memory machine
•Modification of message •Vulnerabilty to all
traffic in transit other threats
Confidentiality •Eavesdropping on the net •Loss of information Encryption, Web
•Theft of info from server •Loss of privacy proxies
•Theft of data from client
•Info about network
configuration
•Info about which client
talks to server
Denial of •Killing of user threads •Disruptive Difficult to prevent
Service •Flooding machine with •Annoying
bogus requests •Prevent user from
•Filling up disk or memory getting work done
•Isolating machine by DNS
attacks
Authentication •Impersonation of legitimate •Misrepresentation of Cryptographic
users
•Data forgery user techniques
•Belief that false
information is valid

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved. (Table is on page 515 in the textbook)
What is TCP/IP?

- stands for Transmission Control Protocol/Internet


Protocol and is a suite of communication protocols used
to interconnect network devices on the internet.

- used as a communications protocol in a private


computer network (an intranet or extranet)

- functions as an abstraction layer between internet


applications and the routing and switching fabric

- IP defines how to address and route each packet to


make sure it reaches the right destination. Each gateway
computer on the network checks this IP address to
determine where to forward the message
© 2020 Pearson Education, Inc.,
Hoboken, NJ. All rights reserved.
Common TCP/IP protocols include the following:

•Hypertext Transfer Protocol (HTTP) handles the


communication between a web server and a web browser.

•HTTP Secure handles secure communication between a


web server and a web browser.

•File Transfer Protocol handles transmission of files


between computers.

© 2020 Pearson Education, Inc.,


Hoboken, NJ. All rights reserved.
How does TCP/IP work?

- TCP/IP uses the client-server model of communication in


which a user or machine (a client) is provided a service, like
sending a webpage, by another computer (a server) in the
network.

- Collectively, the TCP/IP suite of protocols is classified


as stateless, which means each client request is considered
new because it is unrelated to previous requests. Being
stateless frees up network paths so they can be used
continuously.

- The transport layer itself, however, is stateful. It transmits a


single message, and its connection remains in place until all
the packets in a message have been received and
reassembled at the destination.
© 2020 Pearson Education, Inc.,
Hoboken, NJ. All rights reserved.
The 4 layers of the TCP/IP model

1.The application layer provides applications with standardized data exchange. Its
protocols include HTTP, FTP, Post Office Protocol 3, Simple Mail Transfer
Protocol and Simple Network Management Protocol. At the application layer, the
payload is the actual application data.

2.The transport layer is responsible for maintaining end-to-end communications


across the network. TCP handles communications between hosts and provides flow
control, multiplexing and reliability. The transport protocols include TCP and User
Datagram Protocol, which is sometimes used instead of TCP for special purposes.

3.The network layer, also called the internet layer, deals with packets and connects
independent networks to transport the packets across network boundaries. The
network layer protocols are IP and Internet Control Message Protocol, which is used
for error reporting.

4.The physical layer, also known as the network interface layer or data link layer,
consists of protocols that operate only on a link -- the network component that
interconnects nodes or hosts in the network. The protocols in this lowest layer
include Ethernet for local area networks and Address Resolution Protocol.

© 2020 Pearson Education, Inc.,


Hoboken, NJ. All rights reserved.
TCP TCP UDP TCP
HTTP FTP SMTP S/MIME
IP/IPSec IP IP
HTTP FTP SMTP SSL or TLS Kerberos SMTP HTTP

(a) Network
TCP Level (b) Transport
TCP Level UDP (c) Application Level
TCP

IP/IPSec IP IP

(a) Network Level (b) Transport Level (c) Application Level

Figure 17.1 Relative Location of Security


Facilities in the TCP/IP Protocol Stack
Ways to provide Web Security
Figure 17.1 Relative Location of Security
IPsecSSL (or TLS)Facilities in the TCP/IP
could be provided as part ofProtocol Stackprotocol suite and
the underlying
therefore be transparent to applications includes a filtering capability so that only selected
traffic need incur the overhead of IPsec processing

SSL (or TLS) could be provided as part of the underlying protocol suite and
therefore be transparent to applications

Application-specific security services (S/MIME, Kerberos, etc are embedded within the
particular application. Figure 17.1c shows examples of this architecture. The advantage of
this approach is that the service can be tailored to the specific needs of a given
application.
What is IPsec?

- "IP" stands for "Internet Protocol" and "sec" for "secure." The
Internet Protocol is the main routing protocol used on the
Internet

- it designates where data will go using IP addresses. IPsec is secure


because it adds encryption* and authentication to this process.

- a group of protocols that are used together to set


up encrypted connections between devices.

- It helps keep data sent over public networks securely.

- used to set up VPNs, and it works by encrypting IP packets, along


with authenticating the source where the packets come from.
© 2020 Pearson Education, Inc.,
Hoboken, NJ. All rights reserved.
How does IPsec work?

IPsec connections include the following steps:

Key exchange: Keys are necessary for encryption; a key is a string of random
characters that can be used to "lock" (encrypt) and "unlock" (decrypt) messages.
IPsec sets up keys with a key exchange between the connected devices, so that
each device can decrypt the other device's messages.

Packet headers and trailers: All data that is sent over a network is broken down
into smaller pieces called packets. Packets contain both a payload, or the actual
data being sent, and headers, or information about that data so that computers
receiving the packets know what to do with them. IPsec adds several headers to
data packets containing authentication and encryption information. IPsec also
adds trailers, which go after each packet's payload instead of before.

Authentication: IPsec provides authentication for each packet, like a stamp of


authenticity on a collectible item. This ensures that packets are from a trusted
source and not an attacker.

© 2020 Pearson Education, Inc.,


Hoboken, NJ. All rights reserved.
How does IPsec work?

IPsec connections include the following steps:

Key exchange - Packet headers and trailers – Authentication

Encryption: IPsec encrypts the payloads within each packet and each packet's IP
header (unless transport mode is used instead of tunnel mode — see below). This
keeps data sent over IPsec secure and private.

Transmission: Encrypted IPsec packets travel across one or more networks to their
destination using a transport protocol. At this stage, IPsec traffic differs from
regular IP traffic in that it most often uses UDP as its transport protocol, rather
than TCP. TCP, the Transmission Control Protocol, sets up dedicated connections
between devices and ensures that all packets arrive. UDP, the User Datagram
Protocol, does not set up these dedicated connections. IPsec uses UDP because
this allows IPsec packets to get through firewalls.

Decryption: At the other end of the communication, the packets are decrypted,
and applications (e.g. a browser) can now use the delivered data.
© 2020 Pearson Education, Inc.,
Hoboken, NJ. All rights reserved.
What is TLS?
- is a cryptographic protocol that provides end-to-end security of data sent
between applications over the Internet.

- TLS evolved from Secure Socket Layers (SSL) which was originally
developed by Netscape Communications Corporation in 1994 to secure
web sessions. SSL 1.0 was never publicly released, whilst SSL 2.0 was
quickly replaced by SSL 3.0 on which TLS is based.

- It should be noted that TLS does not secure data on end systems. It simply
ensures the secure delivery of data over the Internet, avoiding possible
eavesdropping and/or alteration of the content.

- TLS is normally implemented on top of TCP in order to encrypt Application


Layer protocols such as HTTP, FTP, SMTP and IMAP, although it can also be
implemented on UDP, DCCP and SCTP as well (e.g. for VPN and SIP-based
application uses).
How does TLS work?

- TLS uses a combination of symmetric and asymmetric cryptography, as this


provides a good compromise between performance and security when transmitting
data securely.

- symmetric cryptography, data is encrypted and decrypted with a secret key known
to both sender and recipient; typically 128 but preferably 256 bits in length
(anything less than 80 bits is now considered insecure). Symmetric cryptography is
efficient in terms of computation, but having a common secret key means it needs
to be shared in a secure manner.

- Asymmetric cryptography uses key pairs – a public key, and a private key. The
public key is mathematically related to the private key, but given sufficient key
length, it is computationally impractical to derive the private key from the public
key. This allows the public key of the recipient to be used by the sender to encrypt
the data they wish to send to them, but that data can only be decrypted with the
private key of the recipient.

© 2020 Pearson Education, Inc.,


Hoboken, NJ. All rights reserved.
How does TLS work?

- The advantage of asymmetric cryptography is that the process of sharing


encryption keys does not have to be secure, but the mathematical relationship
between public and private keys means that much larger key sizes are required. The
recommended minimum key length is 1024 bits, with 2048 bits preferred, but this is
up to a thousand times more computationally intensive than symmetric keys of
equivalent strength (e.g. a 2048-bit asymmetric key is approximately equivalent to a
112-bit symmetric key) and makes asymmetric encryption too slow for many
purposes.

- For this reason, TLS uses asymmetric cryptography for securely generating and
exchanging a session key. The session key is then used for encrypting the data
transmitted by one party, and for decrypting the data received at the other end.
Once the session is over, the session key is discarded.

© 2020 Pearson Education, Inc.,


Hoboken, NJ. All rights reserved.
What is S/MIME and How does it work?

- Secure/Multipurpose Internet Mail Extensions, is a technology that allows


you to encrypt your emails

- S/MIME is based on asymmetric cryptography to protect your emails from


unwanted access. It also allows you to digitally sign your emails to verify
you as the legitimate sender of the message, making it an effective weapon
against many phishing attacks out there.

- S/MIME is based on asymmetric cryptography that uses a pair of


mathematically related keys to operate – a public key and a private key. It is
computationally infeasible to figure out the private key based on the public
key. Emails are encrypted with the recipient’s public key. The email can only
be decrypted with the corresponding private key, which is supposed to be
in sole possession of the recipient. Unless the private key is compromised,
you can be confident that only your intended recipient will be able to
access the sensitive data in your emails.

© 2020 Pearson Education, Inc.,


Hoboken, NJ. All rights reserved.
What is Kerberos? How Does Kerberos Work?

- Kerberos is a computer network security protocol that authenticates service


requests between two or more trusted hosts across an untrusted network, like
the internet.
- It uses secret-key cryptography and a trusted third party for authenticating
client-server applications and verifying users' identities.
- derives its name from the legendary three-headed dog Kerberos (also known as
Cerberus) from Greek myths, the canine guardian to the entrance to the
underworld. Kerberos had a snake tail and a particularly bad temper and,
despite one notable exception, was a very useful guardian.
- in the protocol's case, the three heads of Kerberos represent the client, the
server, and the Key Distribution Center (KDC). The latter functions as the trusted
third-party authentication service.
- Users, machines, and services that use Kerberos depend on the KDC alone,
which works as a single process that provides two functions: authentication
and ticket-granting. KDC "tickets" offer authentication to all parties, allowing
nodes to verify their identity securely. The Kerberos authentication process
employs a conventional shared secret cryptography that prevents packets
traveling across the network from being read or altered, as well as protecting
messages from eavesdropping and replay (or playback) attacks.

© 2020 Pearson Education, Inc.,


Hoboken, NJ. All rights reserved.
Transport Layer Security
(TLS)
Most browsers come
equipped with TLS, and
Can be embedded in
One of the most widely most Web servers have
specific packages
used security services implemented the
protocol

Could be provided as
part of the underlying
protocol suite and
Defined in RFC 5246 therefore be
TLS version 1.2 transparent to
applications

Is an Internet standard
Is a general purpose
that evolved from a
service implemented as
commercial protocol
a set of protocols that
known as Secure
rely on TCP
Sockets Layer (SSL)

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Change
Handshake Alert Heartbeat
Cipher Spec HTTP
Protocol Protocol Protocol
Protocol

Record Protocol

TCP

IP

Figure 17.2 SSL/TLS Protocol Stack

The SSL protocol consists of two layers of protocols: the SSL record
protocol at the lower layer and the SSL handshake protocol, the change
cipher spec protocol, and the alert protocol at the upper layer.

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


•SSL record protocol—Fragments data to be transmitted, computes
and adds MAC to the data, and encrypts the data before transmitting it
to the peer end.
•SSL handshake protocol—Negotiates the cipher suite to be used for
secure communication (including the symmetric encryption algorithm,
key exchange algorithm, and MAC algorithm), securely exchanges the
key between the server and client, and implements identity
authentication of the server and client. Through the SSL handshake
protocol, a session is established between a client and the server. A
session consists of a set of parameters, including the session ID, peer
certificate, cipher suite, and master secret.
•SSL change cipher spec protocol—Used for notification between
the client and the server that the subsequent packets are to be
protected and transmitted based on the newly negotiated cipher suite
and key.
•SSL alert protocol—Enables the SSL client and server to send alert
messages to each other. An alert message contains the alert severity
level and a description.
Source: https://www.youtube.com/watch?v=LJDsdSh1CYM
TLS Architecture
• Two important TLS concepts are:

•A transport that provides a suitable type of service

TLS •For TLS such connections are peer-to-peer relationships


•Connections are transient
•Every connection is associated with one session
connection
•An association between a client and a server
•Created by the Handshake Protocol

TLS session •Define a set of cryptographic security parameters


which can be shared among multiple connections
•Are used to avoid the expensive negotiation of new
security parameters for each connection

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


A session state is defined by the following parameters:

Session Peer Compression Cipher Master Is


identifier certificate method spec secret resumable

Specifies the
bulk data
An arbitrary encryption
byte algorithm and A flag
An X509.v3
sequence The algorithm a hash 48-byte indicating
certificate of
chosen by the used to algorithm secret shared whether the
the peer; this
server to compress used for MAC between the session can
element of
identify an data prior to calculation; client and the be used to
the state may
active or encryption also defines server initiate new
be null
resumable cryptographic connections
session state attributes
such as the
hash_size

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


A connection state is defined by the following parameters:

Server and •Byte sequences that are chosen


client by the server and client for each
connection •When a block cipher in CBC mode is
random used, an initialization vector (IV) is
maintained for each key
Initialization •This field is first initialized by the
Server write •The secret key used in MAC TLS Handshake Protocol
operations on data sent by the
vectors
•The final ciphertext block from each
MAC secret server record is preserved for use as the IV
with the following record

Client write •The secret key used in MAC


operations on data sent by the
MAC secret client

•Each party maintains separate


•The secret encryption key for sequence numbers for transmitted
Server write data encrypted by the server and received messages for each
key connection
and decrypted by the client Sequence •When a party sends or receives a
numbers change cipher spec message, the
appropriate sequence number is set
•The symmetric encryption key to zero
Client write for data encrypted by the client •Sequence numbers may not exceed
key and decrypted by the server 264 - 1

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


TLS Record Protocol
The TLS Record
Protocol provides
two services for TLS
connections

Confidentiality Message Integrity

The Handshake Protocol The Handshake Protocol


defines a shared secret key also defines a shared secret
that is used for key that is used to form a
conventional encryption of message authentication
TLS payloads code (MAC)

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Application Data

Fragment

Compress

Add MAC

Encrypt

Append TLS
Record Header

Figure 17.3 TLS Record Protocol Operation

The Record Protocol takes an application message to be transmitted, fragments the data
into manageable blocks, optionally compresses the data, applies a MAC, encrypts,
adds a header, and transmits the resulting unit in a TCP segment. Received data
are decrypted, verified, decompressed, and reassembled before being delivered to
higher-level users.
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Application Data

Fragment

Compress

Add MAC The first step is fragmentation. Each upper-


layer message is fragmented into
Encrypt blocks of 214 bytes (16,384 bytes) or less.
Next, compression is optionally applied.
Append TLS
Record Header
Compression must be lossless and may not
increase the content length by more than 1024
Figure 17.3 TLS Record Protocol Operation
bytes.1 In TLSv2, no compression algorithm
is specified, so the default compression
algorithm is null.

The next step in processing is to compute a message authentication code over


the compressed data. TLS makes use of the HMAC algorithm defined in RFC 2104.

© 2020 Pearson Education, Inc.,


Hoboken, NJ. All rights reserved.
The final step of TLS Record Protocol
processing is to prepend a header consisting
of the following fields:
■■ Content Type (8 bits): The higher-layer
protocol used to process the enclosed
fragment.
■■ Major Version (8 bits): Indicates major
version of TLS in use. For TLSv2, the
Content Major Minor Compressed
value is 3. Type Version Version Length

■■ Minor Version (8 bits): Indicates minor


version in use. For TLSv2, the value is 1. Plaintext

encrypted
■■ Compressed Length (16 bits): The (optionally
compressed)

length in bytes of the plaintext fragment


(or compressed fragment if compression is MAC (0, 16, or 20 bytes)
used).
Figure 17.4 SSL Record Format

© 2020 Pearson Education, Inc.,


Hoboken, NJ. All rights reserved.
Content Major Minor Compressed
Type Version Version Length

Plaintext
encrypted

(optionally
compressed)

MAC (0, 16, or 20 bytes)

Figure 17.4 SSL Record Format


© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Change
Handshake Alert Heartbeat
Cipher Spec HTTP
Protocol Protocol Protocol
Protocol

Record Protocol

TCP

IP

Figure 17.2 SSL/TLS Protocol Stack

The SSL protocol consists of two layers of protocols: the SSL record
protocol at the lower layer and the SSL handshake protocol, the change
cipher spec protocol, and the alert protocol at the upper layer.

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Table 17.2 SSL Handshake Protocol Message Types

Message Type Parameters


hello_request null
client_hello version, random, session id, cipher suite, compression method
server_hello version, random, session id, cipher suite, compression method
certificate chain of X.509v3 certificates
server_key_exchange parameters, signature
certificate_request type, authorities
server_done null
certificate_verify signature
client_key_exchange parameters, signature
finished hash value

(Table is on page 522 in the textbook)

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Client Server
client_h
ello Phase 1
Establish security capabilities, including
protocol version, session ID, cipher suite,
hello
server_ compression method, and initial random
numbers.

ate
certific
ge
key _exchan
server_ Phase 2
Server may send certificate, key exchange,
te_req uest
certifica
and request certificate. Server signals end
of hello message phase.
e
he llo_don
server_
Time

certifica
te
client_k Phase 3
e y_ e xc h
an ge Client sends certificate if requested. Client
sends key exchange. Client may send
certifica
te_verif certificate verification.
y

change_
cipher_
spec
finished
Phase 4
Change cipher suite and finish
spec
cipher_ handshake protocol.
change_

finished

Note: Shaded transfers are


optional or situation-dependent
messages that are not always sent.

Figure 17.6 Handshake Protocol Action


© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Cryptographic Computations
• Two further items are of interest:
• The creation of a shared master secret by means of the
key exchange
• The shared master secret is a one-time 48-byte value generated
for this session by means of secure key exchange
• The creation is in two stages
• First, a pre_master_secret is exchanged
• Second, the master_secret is calculated by both parties
• The generation of cryptographic parameters from the
master secret

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Generation of Cryptographic
Parameters
• CipherSpecs require:
• A client write MAC secret
• A server write MAC secret
• A client write key
• A server write key
• A client write IV
• A server write IV

------Which are generated from the master secret in that order

• These parameters are generated from the master secret by


hashing the master secret into a sequence of secure bytes
of sufficient length for all needed parameters

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


SSL/TLS Attacks
• The attacks can be grouped into four general
categories:
• Attacks on the handshake protocol
• Attacks on the record and application data
protocols
• Attacks on the PKI
• Other attacks

• The constant back-and-forth between threats


and countermeasures determines the
evolution of Internet-based protocols

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


TLSv1.3
• Primary aim is to improve the security of TLS
• Significant changes from version 1.2 are:
• TLSv1.3 removes support for a number of options and functions
• Deleted items include:
• Compression
• Ciphers that do not offer authenticated encryption
• Static RSA and DH key exchange
• 32-bit timestamp as part of the Random parameter in the client_hello
message
• Renegotiation
• Change Cipher Spec Protocol
• RC4
• Use of MD5 and SHA-224 hashes with signatures
• TLSv1.3 uses Diffie-Hellman or Elleptic Curve Diffie-Hellman for key
exchange and does not permit RSA
• TLSv1.3 allows for a “1 round trip time” handshake by changing
the order of message sent with establishing a secure connection
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Change
Handshake Alert Heartbeat
Cipher Spec HTTP
Protocol Protocol Protocol
Protocol

Record Protocol

TCP

IP

Figure 17.2 SSL/TLS Protocol Stack

The SSL protocol consists of two layers of protocols: the SSL record
protocol at the lower layer and the SSL handshake protocol, the change
cipher spec protocol, and the alert protocol at the upper layer.

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Hyper Text Transfer
Protocol Secure (HTTPS)
• The secure version of HTTP

• HTTPS encrypts all communications between


the browser and the website

• Data sent using HTTPS provides three


important areas of protection:
• Encryption
• Data integrity
• Authentication

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Connection Initiation
For HTTPS, the agent There are three levels of
acting as the HTTP client awareness of a
also acts as the TLS client connection in HTTPS:
At the HTTP level, an HTTP client requests a
The client initiates a connection to the server connection to an HTTP server by sending a
on the appropriate port and then sends the TLS connection request to the next lowest layer
ClientHello to begin the TLS handshake •Typically the next lowest layer is TCP, but is may also be
TLS/SSL

At the level of TLS, a session is established


between a TLS client and a TLS server
When the TLS handshake has finished, the
•This session can support one or more connections at any
client may then initiate the first HTTP request time

A TLS request to establish a connection begins


All HTTP data is to be sent as TLS application with the establishment of a TCP connection
data between the TCP entity on the client side and
the TCP entity on the server side

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Connection Closure
• An HTTP client or server can indicate the closing of a
connection by including the line Connection: close in
an HTTP record

• The closure of an HTTPS connection requires that TLS close


the connection with the peer TLS entity on the remote side,
which will involve closing the underlying TCP connection

• TLS implementations must initiate an exchange of closure


alerts before closing a connection
• A TLS implementation may, after sending a closure alert, close
the connection without waiting for the peer to send its
closure alert, generating an “incomplete close”

• An unannounced TCP closure could be evidence of some


sort of attack so the HTTPS client should issue some sort of
security warning when this occurs
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Secure Shell (SSH)
A protocol for secure
network communications
designed to be relatively
simple and inexpensive to
SSH client and server implement
applications are widely
available for most
operating systems The initial version, SSH1
•Has become the method was focused on
of choice for remote login providing a secure
and X tunneling remote logon facility to
•Is rapidly becoming one replace TELNET and
of the most pervasive other remote logon
applications for schemes that provided
encryption technology
outside of embedded
no security
systems

SSH2 fixes a number of SSH also provides a more


security flaws in the original general client/server
scheme and is documented as capability and can be used
a proposed standard in IETF
RFCs 4250 through 4256 for such network functions
as file transfer and e-mail

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Change
Handshake Alert Hear
Cipher Spec HTTP
Protocol Protocol Pro
Protocol

Record Protocol

SSH User SSH


Authentication Protocol Connection Protocol TCP
Authenticates the client-side Multiplexes the encrypted
user to the server. tunnel into several logical
channels. IP
SSH Transport Layer Protocol
Provides server authentication, confidentiality, and integrity.
It may optionally also provide compression . Figure 17.2 SSL/TLS Protocol Stack

TCP
Transmission control protocol provides reliable, connection-
oriented end-to-end delivery.

IP
Internet protocol provides datagram delivery across
multiple networks.

Figure 17.8 SSH Protocol Stack

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Transport Layer Protocol
• Server authentication occurs at the transport layer,
based on the server possessing a public/private key pair
• A server may have multiple host keys using multiple
different asymmetric encryption algorithms
• Multiple hosts may share the same host key
• The server host key is used during key exchange to
authenticate the identity of the host
• RFC 4251 dictates two alternative trust models:
• The client has a local database that associates each host
name with the corresponding public host key
• The host name-to-key association is certified by a trusted
certification authority (CA); the client only knows the CA
root key and can verify the validity of all host keys certified
by accepted CAs
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Client
Server

Establish TCP Connection

SSH-protoversion-softwareversion
Identification string
exchange SSH-protoversion-softwareversion

SSH_MSG_KEXINIT
Algorithm
negotiation SSH_MSG_KEXINIT

Key Exchange

SSH_MSG_NEWKEYS
End of
key exchange SSH_MSG_NEWKEYS

Service SSH_MSG_SERVICE_REQUEST
request

Figure 17.9 SSH Transport Layer Protocol Packet Exchanges


© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Application Data

payload Fragment

Compress

Add MAC

COMPRESS
Encrypt

Append TLS
Record Header

Figure 17.3 TLS Record Protocol Operation


seq # pktl pdl compressed payload padding

ENCRYPT MAC

ciphertext

SSH Packet

pktl = packet length


pdl = padding length

Figure 17.10 SSH Transport Layer Protocol Packet Formation


© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Table 17.3 SSH Transport Layer Cryptographic Algorithms

Cipher MAC algorithm


3des-cbc* Three-key 3DES in hmac-sha1* HMAC-SHA1; digest
CBC mode length = key length = 20
blowfish-cbc Blowfish in CBC mode hmac-sha1-96** First 96 bits of HMAC-
SHA1; digest length =
12; key length = 20
twofish256-cbc Twofish in CBC mode hmac-md5 HMAC-MD5; digest
with a 256-bit key length = key length = 16
twofish192-cbc Twofish with a 192-bit hmac-md5-96 First 96 bits of HMAC-
key MD5; digest length = 12;
key length = 16
twofish128-cbc Twofish with a 128-bit
key
aes256-cbc AES in CBC mode Compression algorithm
with a 256-bit key
aes192-cbc AES with a 192-bit key none* No compression
aes128-cbc** AES with a 128-bit key zlib Defined in RFC 1950
and RFC 1951
Serpent256-cbc Serpent in CBC mode
with a 256-bit key
Serpent192-cbc Serpent with a 192-bit
key
Serpent128-cbc Serpent with a 128-bit
key
arcfour RC4 with a 128-bit key
cast128-cbc CAST-128 in CBC
mode
(Table is on page 537 in the textbook)
* = Required
© 2020 Pearson Education, Inc., ** = Recommended
Hoboken, NJ. All rights reserved.
Key Generation

• The keys used for encryption and MAC (and


any needed IVs) are generated from the
shared secret key K, the hash value from the
key exchange H, and the session identifier,
which is equal to H unless there has been a
subsequent key exchange after the initial key
exchange

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


User Authentication
Protocol
• The User Authentication Protocol provides the
means by which the client is authenticated to the
server
• Three types of messages are always used in the
User Authentication Protocol
• User name is the authorization identity the client
is claiming, service name is the facility to which the
client is requesting access, and method name is
the authentication method being used in this
request

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Message Exchange
• The message exchange involves the following steps.
• The client sends a SSH_MSG_USERAUTH_REQUEST with a requested method
of none
• The server checks to determine if the user name is valid. If not, the server
returns SSH_MSG_USERAUTH_FAILURE with the partial success value of false.
If the user name is valid, the server proceeds to step 3
• The server returns SSH_MSG_USERAUTH_FAILURE with a list of one or more
authentication methods to be used
• The client selects one of the acceptable authentication methods and sends a
SSH_MSG_USERAUTH_REQUEST with that method name and the required
method-specific fields. At this point, there may be a sequence of exchanges to
perform the method
• If the authentication succeeds and more authentication methods are required,
the server proceeds to step 3, using a partial success value of true. If the
authentication fails, the server proceeds to step 3, using a partial success value
of false
• When all required authentication methods succeed, the server sends a
SSH_MSG_USERAUTH_SUCCESS message, and the Authentication Protocol is
over

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Authentication Methods
• Publickey
• The client sends a message to the server that contains the client’s public
key, with the message signed by the client’s private key
• When the server receives this message, it checks whether the supplied
key is acceptable for authentication and, if so, it checks whether the
signature is correct

• Password
• The client sends a message containing a plaintext password, which is
protected by encryption by the Transport Layer Protocol

• Hostbased
• Authentication is performed on the client’s host rather than the client
itself
• This method works by having the client send a signature created with the
private key of the client host
• Rather than directly verifying the user’s identity, the SSH server verifies
the identity of the client host
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Connection Protocol
• The SSH Connection Protocol runs on top of the SSH Transport
Layer Protocol and assumes that a secure authentication
connection is in use
• The secure authentication connection, referred to as a tunnel, is used
by the Connection Protocol to multiplex a number of logical channels

• Channel mechanism
• All types of communication using SSH are supported using separate
channels
• Either side may open a channel
• For each channel, each side associates a unique channel number
• Channels are flow controlled using a window mechanism
• No data may be sent to a channel until a message is received to
indicate that window space is available
• The life of a channel progresses through three stages: opening a
channel, data transfer, and closing a channel

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Client Server

Establish Authenticated Transport Layer Connection

SSH_MSG_CHANNEL_OPEN
Open a
channel SSH_MSG_CHANNEL_OPEN_CONFIR MATION

SSH_MSG_CHANNEL_DATA

SSH_MSG_CHANNEL_DATA

Data
transfer

SSH_MSG_CHANNEL_DATA

SSH_MSG_CHANNEL_DATA

Close a SSH_MSG_CHANNEL_CLOSE
channel

Figure 17.11 Example SSH Connection Protocol Message Exchange


© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Channel Types
Four channel types are recognized in the SSH Connection Protocol specification
Session
•The remote execution of a program
•The program may be a shell, an application such as file transfer or e-mail, a system
command, or some built-in subsystem
•Once a session channel is opened, subsequent requests are used to start the remote
program

X11
•Refers to the X Window System, a computer software system and network protocol that
provides a graphical user interface (GUI) for networked computers
•X allows applications to run on a network server but to be displayed on a desktop
machine

Forwarded-tcpip
•Remote port forwarding

Direct-tcpip
•Local port forwarding
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Port Forwarding
• One of the most useful features of SSH

• Provides the ability to convert any insecure TCP


connection into a secure SSH connection (also
referred to as SSH tunneling)

• Incoming TCP traffic is delivered to the


appropriate application on the basis of the port
number (a port is an identifier of a user of TCP)

• An application may employ multiple port numbers

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Client
Server

Client Server
Application Application

x y
TCP Unsecure TCP connection TCP
entity entity

(a) Connection via TCP

Client Server
Application Application

x y
Secure SSH Tunnel
SSH SSH
entity entity

a b
TCP Unsecure TCP connection TCP
entity entity

(b) Connection via SSH Tunnel

Figure 17.12 SSH Transport Layer Packet Exchanges


© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Summary
• Summarize Web • Compare the
security threats and pseudorandom
Web traffic security function used in
approaches Transport Layer
Security with those
• Present an overview discussed earlier in the
of Transport Layer book
Security (TLS)
• Present an overview of
• Understand the HTTPS (HTTP over SSL)
differences between
Secure Sockets Layer • Present an overview of
and Transport Layer Secure Shell (SSH)
Security
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.

You might also like