Chapter 7: Network Security Chapter goals: O understand principles of network security o cryptography and its many uses beyond confidentiality o authentication o message integrity o key distribution O security in practice o firewalls o security in application transport network link layers 361.F2003
Comp 361, Fall 2003 7: Network Security 1 Chapter 7: Network Security Chapter goals: understand principles of network security: cryptography and its many uses beyond “confidentiality” authentication message integrity key distribution security in practice: firewalls security in application, transport, network, link layers
Chapter 7 roadmap 7.1 What is network security? 7.2 Principles of cryptography 7.3 Authentication 7.4 Integrity 7.5 Key distribution and certification 7.6 Access control: firewalls 7.7 Attacks and counter measures 7. 8 Security in many layers 361.F2003
Comp 361, Fall 2003 7: Network Security 2 Chapter 7 roadmap 7.1 What is network security? 7.2 Principles of cryptography 7.3 Authentication 7.4 Integrity 7.5 Key Distribution and certification 7.6 Access control: firewalls 7.7 Attacks and counter measures 7.8 Security in many layers
What is network security? Confidentiality: only sender, intended receiver should "understand"message contents o sender encrypts message o receiver decrypts message Authentication: sender, receiver want to confirm identity of each other Message Integrity: sender, receiver want to ensure message not altered (in transit, or afterwards without detection Access and Availability: services must be accessible and available to users 361.F2003
Comp 361, Fall 2003 7: Network Security 3 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents sender encrypts message receiver decrypts message Authentication: sender, receiver want to confirm identity of each other Message Integrity: sender, receiver want to ensure message not altered (in transit, or afterwards) without detection Access and Availability: services must be accessible and available to users
Friends and enemies: Alice Bob. Trudy o well-known in network security world o Bob, Alice (lovers! )want to communicate "securely o Trudy(intruder)may intercept, delete, add messages Alice Bob channe data, control messages data secure secure data sender recelver Trudy 361.F2003
Comp 361, Fall 2003 7: Network Security 4 Friends and enemies: Alice, Bob, Trudy well-known in network security world Bob, Alice (lovers!) want to communicate “securely” Trudy (intruder) may intercept, delete, add messages secure sender secure receiver channel data, control messages data data Alice Bob Trudy
Who might Bob, Alice be? g.. well real-life bobs and alices o Web browser/server for electronic transactions(e., on-line purchases O on-line banking client/server O DNS servers D routers exchanging routing table updates O other examples? 361.F2003
Comp 361, Fall 2003 7: Network Security 5 Who might Bob, Alice be? … well, real-life Bobs and Alices! Web browser/server for electronic transactions (e.g., on-line purchases) on-line banking client/server DNS servers routers exchanging routing table updates other examples?
There are bad guys(and girls)out there! Q: What can a bad guy"do? A: a lotl D eavesdrop: intercept messages o actively insert messages into connection o impersonation: can fake(spoof) source address in packet (or any field in packet) hjacking: take over"ongoing connection by removing sender or receiver inserting himself In place o denial of service: prevent service from being used by others(e.g, by overloading resources) more on this later… 361.F2003
Comp 361, Fall 2003 7: Network Security 6 There are bad guys (and girls) out there! Q: What can a “bad guy” do? A: a lot! eavesdrop: intercept messages actively insert messages into connection impersonation: can fake (spoof) source address in packet (or any field in packet) hijacking: “take over” ongoing connection by removing sender or receiver, inserting himself in place denial of service: prevent service from being used by others (e.g., by overloading resources) more on this later ……
Chapter 7 roadmap 7. 1 What is network security 7.2 Principles of cryptography 7.3 Authentication 7.4 Integrity 7.5 Key distribution and certification 7.6 Access control: firewalls 7.7 Attacks and counter measures 7. 8 Security in many layers 361.F2003
Comp 361, Fall 2003 7: Network Security 7 Chapter 7 roadmap 7.1 What is network security? 7.2 Principles of cryptography 7.3 Authentication 7.4 Integrity 7.5 Key Distribution and certification 7.6 Access control: firewalls 7.7 Attacks and counter measures 7.8 Security in many layers
The language of cryptography ⊙A|ices ⊙≥Bobs encryption decryption. s. key key plaintext, encryption_ciphertext decryption plaintext algorithm symmetric key crypto: sender, receiver keys identical public-key crypto: encryption key public, decryption key secret(private) 361.F2003
Comp 361, Fall 2003 7: Network Security 8 The language of cryptography symmetric key crypto: sender, receiver keys identical public-key crypto: encryption key public, decryption key secret (private) plaintext ciphertext plaintext K A encryption algorithm decryption algorithm Alice’s encryption key Bob’s decryption key K B
Symmetric key cryptograph substitution cipher: substituting one thing for another o monoalphabetic cipher: substitute one letter for another plaintext: abcdefghijklmnopqrstuvwxyz ciphertext: mnbvcxzasdfghjklpoiuytrewg E.g. Plaintext: bob. i love you. alice ciphertext: nkn. s gktc wky. mgsbc Q: How hard to break this simple cipher? 口 brute force( how haro? 口 other? 361.F2003
Comp 361, Fall 2003 7: Network Security 9 Symmetric key cryptography substitution cipher: substituting one thing for another monoalphabetic cipher: substitute one letter for another plaintext: abcdefghijklmnopqrstuvwxyz ciphertext: mnbvcxzasdfghjklpoiuytrewq Plaintext: bob. i love you. alice ciphertext: nkn. s gktc wky. mgsbc E.g.: Q: How hard to break this simple cipher?: ❑ brute force (how hard?) ❑ other?
Symmetric key cryptograph A-B B plaintext encryption-ciphertext decryption plaintext message, m algorithm algorithm A A-B、A-B symmetric key crypto: Bob and Alice share know same (symmetric) key: K A-B D eg, key is knowing substitution pattern in mono alphabetic substitution cipher 0 Q: how do bob and alice agree on key value? 361.F2003
Comp 361, Fall 2003 7: Network Security 10 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K e.g., key is knowing substitution pattern in mono alphabetic substitution cipher Q: how do Bob and Alice agree on key value? ciphertext plaintext KA-B encryption algorithm decryption algorithm A-B KA-B plaintext message, m K (m) A-B K (m) A-B m = K ( ) A-B