View
227
Download
1
Tags:
Embed Size (px)
Citation preview
Chapter 29 Internet Security
Outline INTRODUCTION PRIVACY DIGITAL SIGNATURE SECURITY IN THE INTERNET APPLICATION LAYER SECURITY TRANSPORT LAYER SECURITY: TLS SECURITY AT THE IP LAYER: IPSEC FIREWALLS
INTRODUCTIONINTRODUCTION
29.129.1
The McGraw-Hill Companies, Inc., 2000
Introduction Security involves four aspects
Privacy (confidentiality) Message authentication Message integrity Nonrepudiation
Privacy The sender and the receiver expect
confidentiality
The transmitted message must make sense to only the intended receiver To all others, the message must be unintelligible
Authentication Receiver is sure of the sender’s identity
Integrity Data must arrive at the receiver exactly as it
was sent
There must be no changes during the transmission Either accidental or malicious
Nonrepudiation A receiver must be able to prove that a received
message came from a specific sender The sender must not be able to deny sending a message
that he, in fact, did send The burden of proof falls on the receiver
For example, when a customer sends a message to transfer money from one account to another The bank must proof that the customer actually requested
this transaction
Figure 29-1
Aspects of Security
The McGraw-Hill Companies, Inc., 2000
PRIVACYPRIVACY
29.229.2
The McGraw-Hill Companies, Inc., 2000
Privacy To achieve privacy
Message must be encrypted Sender:
Plaintext -> encrypted -> ciphertext Receiver
Ciphertext -> decrypted -> plaintext Two categories of encryption/decryption methods
The secret-key methods and the public-key methods
Secret-Key Encryption/Decryption The same key is used by both parties Thus, often referred to as symmetric
encryption
Well-known algorithm DES (Data encryption standard)
Secret-Key Encryption/Decryption The algorithm used for decryption is the
inverse of the algorithm used for encryption
For example If the encryption algorithm uses a combination of
addition and multiplication The decryption algorithm uses a combination of
division and subtraction
Figure 29-2
Secret-Key Encryption
The McGraw-Hill Companies, Inc., 2000
In secret-key encryption, In secret-key encryption, the same key is used by the sender the same key is used by the sender
(for encryption)(for encryption) and the receiver and the receiver (for decryption).(for decryption). The key is shared.The key is shared.
The McGraw-Hill Companies, Inc., 2000
Secret-key encryption is often called Secret-key encryption is often called symmetric encryption because symmetric encryption because
the same key can the same key can be used in both directions.be used in both directions.
The McGraw-Hill Companies, Inc., 2000
Advantages Secret-key algorithms are efficient
It takes less time to encrypt a message than using a public-key algorithm
Because the key is usually smaller
Thus, secret-key algorithms are used to encrypt and decrypt long message
Secret-key encryption is Secret-key encryption is often used for long messages.often used for long messages.
The McGraw-Hill Companies, Inc., 2000
Disadvantages Each pair of users must have a secret key
If N people want to use this method There needs to be N(N-1)/2 secret key
The distribution of the keys between two parties can be difficult
We discuss one secret-key We discuss one secret-key algorithm in Appendix E.algorithm in Appendix E.
The McGraw-Hill Companies, Inc., 2000
Key Distribution Center (KDC) In secret-key encryption
Two parties must agree on a shared secret key However, these two parties may never be in
contact with each other
One acceptable solution For both to trust a third party, a key distribution
center (KDC)
KDCKDC can solve the problem can solve the problem
of secret-key distribution.of secret-key distribution.
The McGraw-Hill Companies, Inc., 2000
Public-Key Encryption There are two keys
A private key and a public key The private key is kept by the receiver The public key is announced to be public
For example, in next slide, A wants to send a message to B A uses the public key to encrypt the message B use the private key to decrypt the message
Well-known algorithm: RSA
Figure 29-3
Public-Key Encryption
The McGraw-Hill Companies, Inc., 2000
Advantages The whole idea behind public-key encryption
is to remove the restriction of a shared key between two parties
The number of keys needed is reduced tremendously
Disadvantage The complexity of the algorithm
Public-key encryption is not recommended for large amounts of text
The association between an entity and it public key must be verified For example, if A sends its public key via an email to B
B must be sure that the public key really belongs to A and nobody else
Solution: Certification Authority (CA)
Public-key algorithms are more Public-key algorithms are more efficient for short messages.efficient for short messages.
The McGraw-Hill Companies, Inc., 2000
Certification Authority (CA) Public-key encryption needs the owner of the
public key must be verified
Thus, a Certification Authority (CA) is an agency that binds a public key and an entity and issues a certificate
A A CACA
can certify the binding between can certify the binding between a public key and the owner.a public key and the owner.
The McGraw-Hill Companies, Inc., 2000
Using the Combination We can combine both
The advantage of the secret-key method: efficiency
The advantage of the public-key method: easy distribution of keys
Method The public key is used to encrypt the secret key The secret key is used to encrypt the message
Using the Combination (Cont.) The procedures is as follows
The sender chooses a secret key The sender uses the public key of the receiver to encrypt
the secret key and sends the encrypted secret key to the receiver Since public-key method is good for short message A secret key is a short text message
The receiver uses its private key to decrypt the secret key The sender uses the shared secret key to encrypt the
actual message
Figure 29-4
Combination
The McGraw-Hill Companies, Inc., 2000
To have the advantages of both To have the advantages of both secret-key and public-key secret-key and public-key
encryption, we can encrypt the secret key encryption, we can encrypt the secret key using the public key and encrypt using the public key and encrypt the message using the secret key.the message using the secret key.
The McGraw-Hill Companies, Inc., 2000
DIGITAL SIGNATUREDIGITAL SIGNATURE
29.329.3
The McGraw-Hill Companies, Inc., 2000
Digital Signature Privacy has been achieved above The other three methods can be achieved
using digital signature Authentication, integrity, and nonrepudication
Two choices Sign the entire document Sign the digest (condensed version) of the
document
Signing the Whole Document Public-key encryption can be used to sign a
document However, the role of public and private keys
are different here Sender uses her private key to encrypt (sign) the
message Receiver uses the public key to decrypt the
message
Figure 29-5
Signing the Whole Document
The McGraw-Hill Companies, Inc., 2000
Signing the Whole Document (Cont.) Digital signature can provide the
Integrity If an intruder intercepts the message and changes it
The decrypted message would be unreadable
Authentication If an intruder X sends a message pretending that it is
coming from user G However, X must use her private key for encryption But the receiver will decrypt the message using G’s public
key. As a result, the message would be unreadable
Signing the Whole Document (Cont.) Nonrepudiation
If the sender denies sending the message, however, it does sent before We can test the message using her private key and pubic key
Digital signature does not Digital signature does not provide privacy. provide privacy.
If there is a need for privacy, If there is a need for privacy, another layer of another layer of
encryption/decryption encryption/decryption must be applied.must be applied.
The McGraw-Hill Companies, Inc., 2000
Signing the Digest Public-key encryption is efficient if the
message is short Thus, sign the whole document using a public key
is very inefficient
Solution Sign a digest of the document instead of the
whole document
Figure 29-6
Signing the Digest
The McGraw-Hill Companies, Inc., 2000
Signing the Digest (Cont.) How to create a digest of the message
Use a hash function that creates a fixed-size digest from a variable-length message
Common hash function MD5 (Message Digest 5)
Produce a 120-bit digest
SHA-1 (Secure Hash Algorithm 1) Produce a 160-bit digest
Signing the Digest (Cont.) The hash function must has two properties
Hashing is one-way The digest can only be created from the message, not
vice versa
Hashing is a one-to-one function There is little probability that two messages will
create the same digest
The actions perform in the sender and receiver are shown in the two next slides
Figure 29-7
Sender Site
The McGraw-Hill Companies, Inc., 2000
Figure 29-8
Receiver Site
The McGraw-Hill Companies, Inc., 2000
Signing the Digest (Cont.) According to the previous discussion
Digest is secure in terms of integrity, authentication, and nonrepudiation
But, how about the message itself ? Integrity Authentication Nonrepudiation
Verify by yourself
SECURITY IN THESECURITY IN THEINTERNETINTERNET
29.429.4
The McGraw-Hill Companies, Inc., 2000
Security in the Internet Security measures can be applied to the
application layer, transport layer, and the IP layer
At the application layer Each application is responsible for providing
security The implementation of security at this level is the
simplest It only concerns two entities: client and server
Security in the Internet (Cont.) At the transport layer
Security is more complicated Implementation methods
Modify the transport layer for security Glue a new layer to the transport layer to provide security on
behalf of the transport layer
At the IP layer Implementation of security features is very complicated
Since every device must be able to handle it
APPLICTION LAYERAPPLICTION LAYERSECURITYSECURITY
29.529.5
The McGraw-Hill Companies, Inc., 2000
Application Layer Security Simpler since only involves two parties
For example, email or TELNET
Two well-known protocols PGP SSH
Pretty Good Privacy (PGP) Provide all four aspects of security in the sending of
email PGP uses one hash function, one secret key, and two
private-public key pairs PGP uses
Digital signature, a combination of hashing and public-key encryption, to provide integrity, authentication, and nonrepudiation
A combination of secret-key and public-key encryption to provide privacy
Figure 29-9
PGP at The Sender Site
The McGraw-Hill Companies, Inc., 2000
Figure 29-10
PGP at The Receiver Ssite
The McGraw-Hill Companies, Inc., 2000
Secure Shell (SSH) A client-server program that provides security
A secure form of the rlogin client-server application program
Authentication When a user logs into the system, the authentication test
must be passed SSH uses public-key encryption to provide authentication
Authorization SSH uses sophisticated authorization to allow access to
files
Secure Shell (SSH) (Cont.) Privacy
Data exchanged between the user and the system are encrypted to provide privacy
Integrity SSH guarantees the integrity of the message in
both directions Tunneling
SSH uses application level tunneling other applications inside itself
TRANSPORT LAYERTRANSPORT LAYERSECURITYSECURITY
(TLS)(TLS)
29.629.6
The McGraw-Hill Companies, Inc., 2000
Transport Layer Security: TLS TLS was designed to provide security at the
transport layer Derived from the Secure Sockets Layer (SSL)
Designed by Netscape to provide security on the WWW
A nonproprietary version of SSL designed by IETF
Transport Layer Security: TLS (Cont.) A browser needs the following
The customer needs to be sure that the server belongs to the actual vender A customer does not want an imposter to make
charges on her credit card The server must be authenticated
The customers needs to be sure that the contents of the message are not modified during transition A bill for $100 must not be changed to $1000 The integrity of the message must be preserved
Transport Layer Security: TLS (Cont.) The customer needs to be sure that an imposter
does not intercept sensitive information (credit card number) There is a need for privacy
Figure 29-11
Position of TLS
The McGraw-Hill Companies, Inc., 2000
Transport Layer Security: TLS (Cont.) Two protocols
Handshake protocol Data exchange protocol
Handshake Protocol The browser sends a hello message The server sends a certificate message
Include the public key of the server The public key is certified by some CA
Then the browser decrypts the certificate and finds the server public key Brower has a list of CAs and their public key Thus, browser also authenticates the server
Handshake Protocol (Cont.) The browser generates a secret key, encrypts it with
the server public key and sends it to the server The browser sends a message, encrypted by the
secret key, to inform the server that handshaking is terminating from the browser side
Finally, the server Decrypt the secret key using its private key Decrypt the message using the secret key Send a message, encrypted by the secret key, to inform
the browser that handshaking is terminating
Figure 29-12
Handshake Protocol
The McGraw-Hill Companies, Inc., 2000
Data Exchange Protocol Use the secret key to
Encrypt the data for secrecy Encrypt the message digest for integrity
SECURITY AT THESECURITY AT THEIP LAYERIP LAYER
(IPSec)(IPSec)
29.729.7
The McGraw-Hill Companies, Inc., 2000
Security at the IP Layer: IPSEC IPSec is a collection of protocols designed by the
IETF To provide security for a packet carried on the Internet
IPSec does not define the use of any specific encryption or authentication method It provide a framework and a mechanism It leaves the selection of the encryption/authentication and
hashing methods to the user
Security at the IP Layer: IPSEC (Cont.) IPSec defines two protocols to be used
Authentication Header (AH) protocol Encapsulating Security Payload protocol
Authentication Header (AH) Protocol Designed to provide integrity
Involve a digital signature using a hashing function
Authentication Header (AH) Protocol Addition of an AH header follows the steps
An AH header is added to the payload with the authentication data field set to zero
The AH header and the payload are hashed to create the authentication data
The authentication data are inserted into the AH header The IP header is added after changing the value of the
protocol field to 51 The original value of the protocol field is copied to a field in AH
header
Figure 29-13
Authentication
The McGraw-Hill Companies, Inc., 2000
Header Format Next Header: 8-bit
Define the type of the payload carried by the IP datagram (TCP, UDP, ICMP, OSPF)
Copy the value of the protocol field in the IP datagram The value of the protocol field in IP is changed to 51
Payload Length: 8-bit Define the length of the AH header in multiples of 4 bytes Does not define the length of the payload
Header Format (Cont.) Security Parameter Index: 32-bit
Define the security method used in creating the authentication data
Sequence Number: 32-bit Provide ordering information
Authentication Data The result of applying a hash function to the
entire IP datagram, except for the fields that are changed during transmit, e.g., time-to-live
Figure 29-14
Header Format
The McGraw-Hill Companies, Inc., 2000
Encapsulating Security Payload The AH protocol does not provide privacy
Only provides integrity and message authentication (digital signature)
IPSec thus defines another protocol called Encapsulating Security Payload (ESP) Provide privacy and a combination of integrity
and message authentication
Encapsulating Security Payload (Cont.) ESP procedures
An ESP trailer is added to the payload The payload and the trailer are encrypted The ESP header is added The ESP header, payload, and the ESP trailer are used to
create authentication data The authentication data are added at the end of the ESP
trailer The IP header is added after changing the protocol field to
50
Figure 29-15
ESP
The McGraw-Hill Companies, Inc., 2000
Format of Header and Trailer ESP header
Security Parameter Index: 32-bit Define the security method used in creating the authentication data
Sequence Number: 32-bit ESP trailer
Padding: a variable length field For alignment or make the length of data to be encrypted a multiple of
some predefined value Pad Length: 8-bit
Define the number of padding bytes Next header: 8-bit
Copy the value in the protocol field in the IP datagram The protocol value in the IP datagram is changed to 50
Figure 29-16
ESP Format
The McGraw-Hill Companies, Inc., 2000
Format of Header and Trailer (Cont.) ESP Auth.
Authentication Data: The result of applying an authentication scheme to
parts of the datagram
FIREWALLSFIREWALLS
29.829.8
The McGraw-Hill Companies, Inc., 2000
Firewalls A router attached between the internal
network of an organization and the rest of the Internet
Firewalls are normally used for two purposes As a packet-filter firewall As a proxy-based firewall
Figure 29-17
Firewall
The McGraw-Hill Companies, Inc., 2000
Packet-Filter Firewall Forward or block packets based on the
information in the network layer and transport layer headers Source and destination IP addresses Source and destination port addresses Type of protocol (TCP or UDP)
Figure 29-18
Packet-Filter Firewall
The McGraw-Hill Companies, Inc., 2000
Packet-Filter Firewall (Cont.) According to the above table
Incoming packets from network 131.34.0.0 are blocked The * means “any”
Incoming packets destined for any internal TELNET server (port 23) are blocked
Incoming packets destined for internal host 194.78.20.8 are blocked Organization wants this host for internal use only
Outgoing packet destined for an HTTP server (port 80) are blocked The organization does not want employees to browse the Internet
A packet-filter firewall filters A packet-filter firewall filters at the network or transport layer.at the network or transport layer.
The McGraw-Hill Companies, Inc., 2000
Proxy Firewall Packet-filter firewall is based on the
information available on the network layer and transport layer headers
However, we may need to filter a message based on the information available in the message itself At the application layer
Proxy Firewall (Cont.) Solution:
A proxy computer Sometimes called an application gateway
Look at the packet in the application level
Figure 29-19
Proxy Firewall
The McGraw-Hill Companies, Inc., 2000
A proxy firewall A proxy firewall filters at the application layer.filters at the application layer.
The McGraw-Hill Companies, Inc., 2000