Data and Computer

Communications
Eighth Edition
by William Stallings

Lecture slides by Lawrie Brown
Chapter 21 Network Security
Network Security
To guard against the baneful influence exerted by
strangers is therefore an elementary dictate of savage
prudence. Hence before strangers are allowed to enter
a district, or at least before they are permitted to
mingle freely with the inhabitants, certain ceremonies
are often performed by the natives of the country for
the purpose of disarming the strangers of their magical
powers, or of disinfecting, so to speak, the tainted
atmosphere by which they are supposed to be
surrounded.
The Golden Bough, Sir James George Frazer

Security Requirements
confidentiality - protect data content/access
integrity - protect data accuracy
availability - ensure timely service
authenticity - protect data origin
Passive Attacks
eavesdropping on transmissions
to obtain information
release of possibly sensitive/confidential
message contents
traffic analysis which monitors frequency and
length of messages to get info on senders
difficult to detect
can be prevented using encryption
Active Attacks
masquerade
pretending to be a different entity
replay
modification of messages
denial of service
easy to detect
detection may lead to deterrent
hard to prevent
focus on detection and recovery
Symmetric Encryption
Requirements for Security
strong encryption algorithm
even known, unable to decrypt without key
even if many plaintexts & ciphertexts available
sender and receiver must obtain secret
key securely
once key is known, all communication
using this key is readable

Attacking Encryption
cryptanalysis
relay on nature of algorithm plus some knowledge of
general characteristics of plaintext
attempt to deduce plaintext or key
brute force
try every possible key until plaintext is recovered
rapidly becomes infeasible as key size increases
56-bit key is not secure
Block Ciphers
most common symmetric algorithms
process plain text in fixed block sizes
producing block of cipher text of equal size
most important current block ciphers:
Data Encryption Standard (DES)
Advanced Encryption Standard
Data Encryption Standard
US standard
64 bit plain text blocks
56 bit key
broken in 1998 by Electronic Frontier
Foundation
special purpose US$250,000 machine
with detailed published description
less than three days
DES now worthless
Triple DEA
ANSI X9.17 (1985)
incorporated in DEA standard 1999
uses 2 or 3 keys
3 executions of DEA algorithm
effective key length 112 or 168 bit
slow
block size (64 bit) now too small

Advanced Encryption
Standard
NIST issued call for proposals for an Advanced
Encryption Standard (AES) in 1997
security strength equal to or better than 3DES
significantly improved efficiency
symmetric block cipher with block length 128 bits
key lengths 128, 192, and 256 bits
evaluation include security, computational efficiency,
memory requirements, hardware and software
suitability, and flexibility
AES issued as FIPS 197 in 2001
AES Description
assume key length 128 bits
input a 128-bit block (square matrix of bytes)
copied into state array, modified at each stage
after final stage, state copied to output
128-bit key (square matrix of bytes)
expanded into array of 44 32-bit key schedule words
byte ordering by column
1st 4 bytes of 128-bit input occupy 1st column
1st 4 bytes of expanded key occupy 1st column
AES
Encryption
and
Decryption
AES Encryption Round
Location of Encryption
Devices
Link Encryption
each communication link equipped at both ends
all traffic secure
high level of security
requires lots of encryption devices
message must be decrypted at each switch to
read address (virtual circuit number)
security vulnerable at switches
particularly on public switched network
End to End Encryption
encryption done at ends of system
data in encrypted form crosses network
unaltered
destination shares key with source to decrypt
host can only encrypt user data
otherwise switching nodes could not read header or
route packet
hence traffic pattern not secure

solution is to use both link and end to end
Key Distribution
symmetric encryption needs key distribution
protected for access by others
changed frequently
possibilities for key distribution
1. key selected by A and delivered to B
2. third party selects key and delivers to A and B
3. use old key to encrypt & transmit new key from A to B
4. use old key to transmit new key from third party to A
and B
Automatic Key Distribution
Traffic Padding
addresses concern about traffic analysis
though link encryption reduces opportunity
attacker can still assess traffic volume
traffic padding produces ciphertext
continuously
if no plaintext, sends random data
makes traffic analysis impossible
Message Authentication
protection against active attacks with
falsification of data
falsification of source
authentication allows receiver to verify that
message is authentic
has not been altered
is from claimed/authentic source
timeliness
Authentication Using
Symmetric Encryption
assume sender & receiver only know key
only sender could have encrypted
message for other party
message must include one of:
error detection code
sequence number
time stamp

Authentication Without
Encryption
authentication tag generated and appended to
each message
message not encrypted
useful when dont want encryption because:
messages broadcast to multiple destinations
have one destination responsible for authentication
one side heavily loaded
encryption adds to workload
can authenticate random messages
programs authenticated without encryption can be
executed without decoding


Message Authentication Code
generate authentication code based on shared
key and message
common key shared between A and B
if only sender and receiver know key and code
matches:
receiver assured message has not altered
receiver assured message is from alleged sender
if message has sequence number, receiver assured
of proper sequence
can use various algorithms, eg. DES
Message Authentication Code
One Way Hash Function
accepts variable size message and produces
fixed size tag (message digest)
but without use of a secret key
send digest with message
in manner that validates authenticity
advantages of authentication without encryption
encryption is slow
encryption hardware expensive
encryption hardware optimized for large data sets
algorithms covered by patents
algorithms subject to export controls (from USA)

Using
One
Way
Hash
Functions
Secure Hash Functions
produce a fingerprint of message/file
must have the following properties:
can be applied to any size data block
produce fixed length output
easy to compute
not feasible to reverse
not feasible to find two messages with the
same hash
giving weak & strong hash functions
also used for data integrity
Secure Hash Algorithm
Secure Hash Algorithm (SHA)
SHA defined in FIPS 180 (1993), 160-bit hash
SHA-1 defined in FIPS 180-1 (1995)
SHA-256, SHA-384, SHA-512 defined in FIPS
180-2 (2002), 256/384/512-bit hashes
SHA-1 being phased out, attack known
SHA-512 processes input message
with total size less than 2
128
bits
in 1024 bit blocks
to produce a 512-bit digest
SHA-512 Hash Function
Public Key Encryption
Public Key Encryption -
Operation
public key is used for encryption
private key is used for decryption
infeasible to determine decryption key given
encryption key and algorithm
steps:
user generates pair of keys
user places one key in public domain
to send a message to user, encrypt using public key
user decrypts using private key

Digital Signatures
Digital Signatures
sender encrypts message with private key
receiver decrypts with senders public key
authenticates sender
does not give privacy of data
must send both original and encrypted copies
more efficient to sign authenticator
a secure hash of message
send signed hash with message
RSA
Algorithm
RSA Example
RSA Security
brute force search of all keys
given size of parameters is infeasible
but larger keys do slow calculations
factor n to recover p & q
a hard problem
well known 129 digit challenge broken in 1994
key size of 1024-bits (300 digits) currently
secure for most apps
Public Key Certificates
Secure Sockets Layer /
Transport Layer Security
Secure Sockets Layer (SSL) is a widely used set
of general purpose security protocols
use TCP to provide reliable end-to-end service
Transport Layer Security (TLS) in RFC 2246
two implementation options
incorporated in underlying protocol suite
embedded in specific packages
minor differences between SSLv3 and TLS
SSL Architecture
SSL Connection and Session
SSL Connection
a transport connection providing suitable service
are peer-to-peer, transient
associated with one session
multiple secure connections between parties possible
SSL session
an association between client and server
created by Handshake Protocol
define set of cryptographic security parameters
to avoid negotiation of new security parameters for
each connection
multiple simultaneous sessions between parties
possible but not used in practice
SSL Record Protocol
provides confidentiality service
used to encrypt SSL payload data
provides message integrity service
used to form message authentication code
(MAC)
Handshake Protocol defines shared secret
keys for each of above services
SSL Record Protocol
Operation
Record Protocol Header
content type (8 bits)
change_cipher_spec, alert, handshake, and
application_data
no distinction between applications (eg. HTTP)
content of application data opaque to SSL
major version (8 bits) SSL v3 is 3
minor version (8 bits) - SSLv3 value is 0
compressed length (16 bits)
maximum 2
14
+ 2048
Change Cipher Spec Protocol
uses Record Protocol
single message
single byte value 1
cause pending state to be copied into
current state
updates cipher suite to be used on this
connection

Alert Protocol
convey SSL-related alerts to peer entity
alert messages compressed and encrypted
two bytes
first byte warning(1) or fatal(2)
if fatal, SSL immediately terminates connection
other connections on session may continue
no new connections on session
second byte indicates specific alert
eg. fatal alert is an incorrect MAC
eg. nonfatal alert is close_notify message
Handshake Protocol
most complex protocol
allows parties to authenticate each other
and negotiate encryption and MAC
algorithm and cryptographic keys
series of messages with four phases:
phase 1 Initiate Connection
phase 2 Certificate/Key Exchange
phase 3 Client Verifies Certificate, Parameters
phase 4 Complete Secure Connection Setup
SSL
Handshake
Protocol
SSL Handshake Protocol
Parameters
version
random
session ID
ciphersuite
compression method
IPv4 and IPv6 Security
IP Security extensions (IPSec) for IPv4/v6
developed in response to observed weaknesses
to stop unauthorized traffic monitoring, secure
user traffic with authentication & encryption
example uses:
secure branch office connectivity over Internet
secure remote access over Internet
extranet and intranet connectivity
enhanced electronic commerce security
can encrypt / authenticate all traffic at IP level
IPSec Facilities
Authentication Header (AH)
authentication only service
Encapsulated Security Payload (ESP)
combined authentication & encryption service
generally used for virtual private networks
key exchange
both manual and automated
in RFCs 2401,2402,2406,2408 (1998)
Security Association (SA)
one-way sender-receiver relationship
for two-way, need two security associations
three SA identification parameters
security parameter index (in AH/ESP header)
IP destination address (unicast only)
security protocol identifier (AH or ESP)
SA uniquely identified by dest address in
IPv4/6 header and SPI in AH/ESP header
SA Parameters
sequence number counter
sequence counter overflow
anti-reply windows
AH information
ESP information
lifetime of this association
IPSec protocol mode
path MTU
Authentication Header
Encapsulating Security
Payload
WiFi Protected Access
WiFi Protected Access (WPA) extensions
to address 802.11 security issues
based on current 802.11i standard
addresses authentication, key management,
data transfer privacy
uses authentication server and a more
robust protocol
encryption with AES or 104-bit RC4
WiFi Protected Access
802.11i Access Control
802.11i Privacy & Integrity
have Temporal Key Integrity Protocol
(TKIP) or WPA-1
s/w only changes to existing equipment
using same RC4 algorithm as older WEP
and Counter Mode CBC MAC (CCMP) or
WPA-2 using AES encryption
both add message integrity code (MIC)
generated using Michael algorithm
Summary
security requirements and attacks
confidentiality using symmetric encryption
message authentication & hash functions
public-key encryption & digital signatures
secure socket layer (SSL)
IPSec
WiFi Protected Access