Chapter 29 Internet Security. Outline INTRODUCTION PRIVACY DIGITAL SIGNATURE SECURITY IN THE INTERNET APPLICATION LAYER SECURITY TRANSPORT

Chapter 29 Internet Security

Outline INTRODUCTION PRIVACY DIGITAL SIGNATURE SECURITY IN THE INTERNET APPLICATION LAYER SECURITY TRANSPORT LAYER SECURITY: TLS SECURITY AT THE IP LAYER: IPSEC FIREWALLS

INTRODUCTIONINTRODUCTION

29.129.1

The McGraw-Hill Companies, Inc., 2000

Introduction Security involves four aspects

Privacy (confidentiality) Message authentication Message integrity Nonrepudiation

Privacy The sender and the receiver expect

confidentiality

The transmitted message must make sense to only the intended receiver To all others, the message must be unintelligible

Authentication Receiver is sure of the sender’s identity

Integrity Data must arrive at the receiver exactly as it

was sent

There must be no changes during the transmission Either accidental or malicious

Nonrepudiation A receiver must be able to prove that a received

message came from a specific sender The sender must not be able to deny sending a message

that he, in fact, did send The burden of proof falls on the receiver

For example, when a customer sends a message to transfer money from one account to another The bank must proof that the customer actually requested

this transaction

Figure 29-1

Aspects of Security


PRIVACYPRIVACY

29.229.2


Privacy To achieve privacy

Message must be encrypted Sender:

Plaintext -> encrypted -> ciphertext Receiver

Ciphertext -> decrypted -> plaintext Two categories of encryption/decryption methods

The secret-key methods and the public-key methods

Secret-Key Encryption/Decryption The same key is used by both parties Thus, often referred to as symmetric

encryption

Well-known algorithm DES (Data encryption standard)

Secret-Key Encryption/Decryption The algorithm used for decryption is the

inverse of the algorithm used for encryption

For example If the encryption algorithm uses a combination of

addition and multiplication The decryption algorithm uses a combination of

division and subtraction

Figure 29-2

Secret-Key Encryption


In secret-key encryption, In secret-key encryption, the same key is used by the sender the same key is used by the sender

(for encryption)(for encryption) and the receiver and the receiver (for decryption).(for decryption). The key is shared.The key is shared.


Secret-key encryption is often called Secret-key encryption is often called symmetric encryption because symmetric encryption because

the same key can the same key can be used in both directions.be used in both directions.


Advantages Secret-key algorithms are efficient

It takes less time to encrypt a message than using a public-key algorithm

Because the key is usually smaller

Thus, secret-key algorithms are used to encrypt and decrypt long message

Secret-key encryption is Secret-key encryption is often used for long messages.often used for long messages.


Disadvantages Each pair of users must have a secret key

If N people want to use this method There needs to be N(N-1)/2 secret key

The distribution of the keys between two parties can be difficult

We discuss one secret-key We discuss one secret-key algorithm in Appendix E.algorithm in Appendix E.


Key Distribution Center (KDC) In secret-key encryption

Two parties must agree on a shared secret key However, these two parties may never be in

contact with each other

One acceptable solution For both to trust a third party, a key distribution

center (KDC)

KDCKDC can solve the problem can solve the problem

of secret-key distribution.of secret-key distribution.


Public-Key Encryption There are two keys

A private key and a public key The private key is kept by the receiver The public key is announced to be public

For example, in next slide, A wants to send a message to B A uses the public key to encrypt the message B use the private key to decrypt the message

Well-known algorithm: RSA

Figure 29-3

Public-Key Encryption


Advantages The whole idea behind public-key encryption

is to remove the restriction of a shared key between two parties

The number of keys needed is reduced tremendously

Disadvantage The complexity of the algorithm

Public-key encryption is not recommended for large amounts of text

The association between an entity and it public key must be verified For example, if A sends its public key via an email to B

B must be sure that the public key really belongs to A and nobody else

Solution: Certification Authority (CA)

Public-key algorithms are more Public-key algorithms are more efficient for short messages.efficient for short messages.


Certification Authority (CA) Public-key encryption needs the owner of the

public key must be verified

Thus, a Certification Authority (CA) is an agency that binds a public key and an entity and issues a certificate

A A CACA

can certify the binding between can certify the binding between a public key and the owner.a public key and the owner.


Using the Combination We can combine both

The advantage of the secret-key method: efficiency

The advantage of the public-key method: easy distribution of keys

Method The public key is used to encrypt the secret key The secret key is used to encrypt the message

Using the Combination (Cont.) The procedures is as follows

The sender chooses a secret key The sender uses the public key of the receiver to encrypt

the secret key and sends the encrypted secret key to the receiver Since public-key method is good for short message A secret key is a short text message

The receiver uses its private key to decrypt the secret key The sender uses the shared secret key to encrypt the

actual message

Figure 29-4

Combination


To have the advantages of both To have the advantages of both secret-key and public-key secret-key and public-key

encryption, we can encrypt the secret key encryption, we can encrypt the secret key using the public key and encrypt using the public key and encrypt the message using the secret key.the message using the secret key.


DIGITAL SIGNATUREDIGITAL SIGNATURE

29.329.3


Digital Signature Privacy has been achieved above The other three methods can be achieved

using digital signature Authentication, integrity, and nonrepudication

Two choices Sign the entire document Sign the digest (condensed version) of the

document

Signing the Whole Document Public-key encryption can be used to sign a

document However, the role of public and private keys

are different here Sender uses her private key to encrypt (sign) the

message Receiver uses the public key to decrypt the

message

Figure 29-5

Signing the Whole Document


Signing the Whole Document (Cont.) Digital signature can provide the

Integrity If an intruder intercepts the message and changes it

The decrypted message would be unreadable

Authentication If an intruder X sends a message pretending that it is

coming from user G However, X must use her private key for encryption But the receiver will decrypt the message using G’s public

key. As a result, the message would be unreadable

Signing the Whole Document (Cont.) Nonrepudiation

If the sender denies sending the message, however, it does sent before We can test the message using her private key and pubic key

Digital signature does not Digital signature does not provide privacy. provide privacy.

If there is a need for privacy, If there is a need for privacy, another layer of another layer of

encryption/decryption encryption/decryption must be applied.must be applied.


Signing the Digest Public-key encryption is efficient if the

message is short Thus, sign the whole document using a public key

is very inefficient

Solution Sign a digest of the document instead of the

whole document

Figure 29-6

Signing the Digest


Signing the Digest (Cont.) How to create a digest of the message

Use a hash function that creates a fixed-size digest from a variable-length message

Common hash function MD5 (Message Digest 5)

Produce a 120-bit digest

SHA-1 (Secure Hash Algorithm 1) Produce a 160-bit digest

Signing the Digest (Cont.) The hash function must has two properties

Hashing is one-way The digest can only be created from the message, not

vice versa

Hashing is a one-to-one function There is little probability that two messages will

create the same digest

The actions perform in the sender and receiver are shown in the two next slides

Figure 29-7

Sender Site


Figure 29-8

Receiver Site


Signing the Digest (Cont.) According to the previous discussion

Digest is secure in terms of integrity, authentication, and nonrepudiation

But, how about the message itself ? Integrity Authentication Nonrepudiation

Verify by yourself

SECURITY IN THESECURITY IN THEINTERNETINTERNET

29.429.4


Security in the Internet Security measures can be applied to the

application layer, transport layer, and the IP layer

At the application layer Each application is responsible for providing

security The implementation of security at this level is the

simplest It only concerns two entities: client and server

Security in the Internet (Cont.) At the transport layer

Security is more complicated Implementation methods

Modify the transport layer for security Glue a new layer to the transport layer to provide security on

behalf of the transport layer

At the IP layer Implementation of security features is very complicated

Since every device must be able to handle it

APPLICTION LAYERAPPLICTION LAYERSECURITYSECURITY

29.529.5


Application Layer Security Simpler since only involves two parties

For example, email or TELNET

Two well-known protocols PGP SSH

Pretty Good Privacy (PGP) Provide all four aspects of security in the sending of

email PGP uses one hash function, one secret key, and two

private-public key pairs PGP uses

Digital signature, a combination of hashing and public-key encryption, to provide integrity, authentication, and nonrepudiation

A combination of secret-key and public-key encryption to provide privacy

Figure 29-9

PGP at The Sender Site


Figure 29-10

PGP at The Receiver Ssite


Secure Shell (SSH) A client-server program that provides security

A secure form of the rlogin client-server application program

Authentication When a user logs into the system, the authentication test

must be passed SSH uses public-key encryption to provide authentication

Authorization SSH uses sophisticated authorization to allow access to

files

Secure Shell (SSH) (Cont.) Privacy

Data exchanged between the user and the system are encrypted to provide privacy

Integrity SSH guarantees the integrity of the message in

both directions Tunneling

SSH uses application level tunneling other applications inside itself

TRANSPORT LAYERTRANSPORT LAYERSECURITYSECURITY

(TLS)(TLS)

29.629.6


Transport Layer Security: TLS TLS was designed to provide security at the

transport layer Derived from the Secure Sockets Layer (SSL)

Designed by Netscape to provide security on the WWW

A nonproprietary version of SSL designed by IETF

Transport Layer Security: TLS (Cont.) A browser needs the following

The customer needs to be sure that the server belongs to the actual vender A customer does not want an imposter to make

charges on her credit card The server must be authenticated

The customers needs to be sure that the contents of the message are not modified during transition A bill for $100 must not be changed to $1000 The integrity of the message must be preserved

Transport Layer Security: TLS (Cont.) The customer needs to be sure that an imposter

does not intercept sensitive information (credit card number) There is a need for privacy

Figure 29-11

Position of TLS


Transport Layer Security: TLS (Cont.) Two protocols

Handshake protocol Data exchange protocol

Handshake Protocol The browser sends a hello message The server sends a certificate message

Include the public key of the server The public key is certified by some CA

Then the browser decrypts the certificate and finds the server public key Brower has a list of CAs and their public key Thus, browser also authenticates the server

Handshake Protocol (Cont.) The browser generates a secret key, encrypts it with

the server public key and sends it to the server The browser sends a message, encrypted by the

secret key, to inform the server that handshaking is terminating from the browser side

Finally, the server Decrypt the secret key using its private key Decrypt the message using the secret key Send a message, encrypted by the secret key, to inform

the browser that handshaking is terminating

Figure 29-12

Handshake Protocol


Data Exchange Protocol Use the secret key to

Encrypt the data for secrecy Encrypt the message digest for integrity

SECURITY AT THESECURITY AT THEIP LAYERIP LAYER

(IPSec)(IPSec)

29.729.7


Security at the IP Layer: IPSEC IPSec is a collection of protocols designed by the

IETF To provide security for a packet carried on the Internet

IPSec does not define the use of any specific encryption or authentication method It provide a framework and a mechanism It leaves the selection of the encryption/authentication and

hashing methods to the user

Security at the IP Layer: IPSEC (Cont.) IPSec defines two protocols to be used

Authentication Header (AH) protocol Encapsulating Security Payload protocol

Authentication Header (AH) Protocol Designed to provide integrity

Involve a digital signature using a hashing function

Authentication Header (AH) Protocol Addition of an AH header follows the steps

An AH header is added to the payload with the authentication data field set to zero

The AH header and the payload are hashed to create the authentication data

The authentication data are inserted into the AH header The IP header is added after changing the value of the

protocol field to 51 The original value of the protocol field is copied to a field in AH

header

Figure 29-13

Authentication


Header Format Next Header: 8-bit

Define the type of the payload carried by the IP datagram (TCP, UDP, ICMP, OSPF)

Copy the value of the protocol field in the IP datagram The value of the protocol field in IP is changed to 51

Payload Length: 8-bit Define the length of the AH header in multiples of 4 bytes Does not define the length of the payload

Header Format (Cont.) Security Parameter Index: 32-bit

Define the security method used in creating the authentication data

Sequence Number: 32-bit Provide ordering information

Authentication Data The result of applying a hash function to the

entire IP datagram, except for the fields that are changed during transmit, e.g., time-to-live

Figure 29-14

Header Format


Encapsulating Security Payload The AH protocol does not provide privacy

Only provides integrity and message authentication (digital signature)

IPSec thus defines another protocol called Encapsulating Security Payload (ESP) Provide privacy and a combination of integrity

and message authentication

Encapsulating Security Payload (Cont.) ESP procedures

An ESP trailer is added to the payload The payload and the trailer are encrypted The ESP header is added The ESP header, payload, and the ESP trailer are used to

create authentication data The authentication data are added at the end of the ESP

trailer The IP header is added after changing the protocol field to

50

Figure 29-15

ESP


Format of Header and Trailer ESP header

Security Parameter Index: 32-bit Define the security method used in creating the authentication data

Sequence Number: 32-bit ESP trailer

Padding: a variable length field For alignment or make the length of data to be encrypted a multiple of

some predefined value Pad Length: 8-bit

Define the number of padding bytes Next header: 8-bit

Copy the value in the protocol field in the IP datagram The protocol value in the IP datagram is changed to 50

Figure 29-16

ESP Format


Format of Header and Trailer (Cont.) ESP Auth.

Authentication Data: The result of applying an authentication scheme to

parts of the datagram

FIREWALLSFIREWALLS

29.829.8


Firewalls A router attached between the internal

network of an organization and the rest of the Internet

Firewalls are normally used for two purposes As a packet-filter firewall As a proxy-based firewall

Figure 29-17

Firewall


Packet-Filter Firewall Forward or block packets based on the

information in the network layer and transport layer headers Source and destination IP addresses Source and destination port addresses Type of protocol (TCP or UDP)

Figure 29-18

Packet-Filter Firewall


Packet-Filter Firewall (Cont.) According to the above table

Incoming packets from network 131.34.0.0 are blocked The * means “any”

Incoming packets destined for any internal TELNET server (port 23) are blocked

Incoming packets destined for internal host 194.78.20.8 are blocked Organization wants this host for internal use only

Outgoing packet destined for an HTTP server (port 80) are blocked The organization does not want employees to browse the Internet

A packet-filter firewall filters A packet-filter firewall filters at the network or transport layer.at the network or transport layer.


Proxy Firewall Packet-filter firewall is based on the

information available on the network layer and transport layer headers

However, we may need to filter a message based on the information available in the message itself At the application layer

Proxy Firewall (Cont.) Solution:

A proxy computer Sometimes called an application gateway

Look at the packet in the application level

Figure 29-19

Proxy Firewall


A proxy firewall A proxy firewall filters at the application layer.filters at the application layer.


Documents

Chapter 29 Internet Security. Outline INTRODUCTION PRIVACY DIGITAL SIGNATURE SECURITY IN THE INTERNET APPLICATION LAYER SECURITY TRANSPORT