Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                

Network Security: Dr. Md. Imdadul Islam

Download as ppt, pdf, or txt
Download as ppt, pdf, or txt
You are on page 1of 50

Network Security

Dr. Md. Imdadul Islam


Professor, Department of Computer Science and
Engineering Jahangirnagar University
www.juniv.edu www.imdadul.webs.com 1
Computer networks are typically a shared resource used by many
applications representing different interests. The Internet is
particularly widely shared, being used by competing businesses,
mutually antagonistic governments, and opportunistic criminals.
Unless security measures are taken, a network conversation or a
distributed application may be compromised by an adversary.

The main tools for securing networked systems are cryptography


and firewalls.

2
Need for Security
• Some people who cause security problems and why.

3
An Introduction to Cryptography

Cryptography comes from the Greek words for ‘secret writing.’ It


has a long and colorful history going back thousands of years.
Professionals make a distinction between cipher and codes. A
cipher is a character-for-character or bit-for-bit transformation,
without regard to the linguistic structure of the messages. In
contrast, a code replace one word with another word or symbol.
Historically four groups of people have used and contributed to
the art of cryptography: the military, the diplomatic corps, diarists
and lovers.

4
The messages to be encrypted, known as plaintext, are transformed
by a function that parameterized by a key. The output of the
encryption process, known as the ciphertext, is then transmitted,
often by messenger or radio. We assume that the enemy or intruder,
hears and accurately copies down the complete ciphertext.

The encryption model (for a symmetric-key cipher)


5
Sometimes the intruder can only listen to the communication
channel (passive intruder) but can also record messages and play
them back later, inject his own messages or modify legitimate
messages before they get to the receiver (active intruder).
The art of breaking ciphers, called cryptanalysis and the art
devising them (cryptography) is collectively known as cryptology.

6
It will often be useful to have a notation for relating plaintext,
ciphertext and keys. We will use C = EK(P) to mean that the
encryption of the plaintext P using key K gives the ciphertext C.
Similarly P = DK(C) represents the decryption of C to get the
plaintext again. Therefore, DK(EK(P)) = P.

7
The sender applies an encryption function to the original plaintext
message, resulting in a ciphertext message that is sent over the
network, as in fig. below. In a symmetric-key cipher, both
participants in a communication share the same key. In other words,
if a message is encrypted using a particular key, the same key is
required for decrypting the message.

Symmetric-key encryption and decryption 8


Encryption methods have historically been divided into two
categories: substitution ciphers and transposition ciphers.

Substitution Ciphers
In substitution cipher each letter or group of letters is replaced by
another letter or group of letters to disguise it.
One of the oldest ciphers is the Caesar cipher, attributed to Julius
Caesar. In this method a becomes D, b becomes E, c becomes F,
…….., z becomes C. For example attack becomes DWWDFN.
A slight generalization of the Caesar cipher allows the ciphertext
alphabet to be shifted by k letters, instead of always 3. In this case k
becomes a key to the general method of circularly shifted alphabets.

9
The next improvement is to have the symbols in the plaintext, say, the
26 letters for simplicity map onto some other letters. For example:
Plaintext: a b c d e f g h i j k l mno pq r s t u v w x y z
Ciphertext: A Q E R T Y U I O P A S D F G H J K L Z X C V B N M
The general system of symbol-for-symbol substitution is called momoalphabetic
substitution, with the key being 26-letter string corresponding to the full alphabet.
Now attack become QZZQEA.
At first this might appeared to be safe because it requires 26! Keys and take 10 10
years if each trial needs 1nsec.

Statistical distribution of letters will be


changed.

10
In English, e is the most common letter, followed by t, o, a, n, i etc.
Digrams: th, in, er, re and an.
Trigrams: the, ing, and and ion.
From the most frequent letter, T = e.

tXe will be the i.e. X= h


thYt will be that i.e. Y=a

11
Example-1: Ciphetext from an accounting firm should contains
financial

CTBMN BYCTC BTJDS QXBNS GSTJC BTSWX CTQTZ CQVUJ


QJSGS TJQZT MNQJS VLNSX VSZJU JDSSTS JQUUS JUBXJ
DSKSU JSNTK BGAQJ ZBGYQ TLCTZ BLCTZ BNYBN QJSW

Using our knowledge that financial has a repeated letter (i), with four
other letters between their occurrences. We look for repeated letters
in the ciphertext at this spacing. We find 12 hits at positions 6, 15,
27, 31, 42, 48, 56,66, 70, 71, 76 and 82. However, only two of these,
31 and 42, have the next letter( corresponding to n in the plaintext)
repeated in the popper place. Of these two only 31 also has the a
correctly positioned, so we know that financial begins at position1230.
Transposition Ciphers
Transpositional ciphers in contrast reorder the letters but do not disguise them.
Therefore statistical distribution of letters will remain same. The cipher is keyed by
a word or phrase not containing any repeated letters. In this example,
MEGABUCK is the key. If the intruder assume that the plain text contains
milliondollar then he can try to beak it

Fig.2 A transposition cipher. 13


The cryptanalyst must first aware he is dealing with transposition
cipher (from the statistical distribution of letters).

For example, suppose that our cryptanalyst suspects that the


plaintext phrase milliondollars occurs somewhere in the message.
Observe that digrams MO, IL, LL, LA, IR and OS occur in the
ciphertext as a result of this phrase wrapping around. 14
The ciphertext letter O follows the ciphertext letter M (they are
vertically adjacent in column 4) because they are separated in the
probable phrase by a distance equal to the key length. If a key length
seven had been used, the digrams: MD, IO, LL, LL, IA , OR and NS
would have occurred instead.

By hunting for various possibilities, the cryptanalyst can easily find
the key length.

The remaining step is to order the columns. If the key length is k


then k(k-1) column pair can be examined to see if its digram
frequencies match those for English plaintext.

15
Public-Key Algorithms
Key had to be protected from theft, but they also had to be
distributed.
In 1976, two researcher at Stanford University, Diffie and Hellman
(1976) proposed a radically new kind of cryptosystem, one in
which the encryption and decryption key were different, and the
decryption key could not feasibly be derived from the
encryption key. In their proposal, the (keyed) encryption
algorithm, E, and the (keyed) decryption algorithm, D, had to
meet three requirements:
1. D(E(P)) = P
2. It is exceedingly difficult to deduce D from E.
3. E can not be broken by a chosen plaintext attack.
16
Public-key cryptography requires each user to have two key: a
public key, used by the entire world for encrypting messages to be
sent to that user and a private key, which the user needs for
decrypting message.

17
RSA
One good method was discovered by a group at M.I.T. , 1978 known
as RSA( Rivest, Shamir, Adleman). The RSA method is based on
some principles from number theory.

1. Select two large primes: p = 17, q = 11 (typically 1024 bits)


2. Compute n = pq = 17×11 = 187 and z = (p–1)(q-1) = 16×10 = 160
3. Select d: gcd (d, 160) = 1 and d < 160. Actually d is a number
relatively prime to z. (for example d = 7)
4. choose e such that de = 1 mod z (We will divide de = 7e by z =160
and the remainder will be 1 for example you can get e = 23)

18
To encrypt a message, P, compute C = Pe(mod n). To decrypt C,
compute P = Cd (mod n).
Let, p = 3, q = 11
n = pq = 33, z = (p-1)(q-1) = 20
d = 7, since 20 and 7 does not have common factor
Now 7e = 1 mod 20 which provides e = 3
C = P3 (mod 33) which provides encoded value C

19
Fig. An example of the RSA algorithm.
RSA In Image Encryption and Decryption
e = 3;
n = 33;
d = 7;
N=256;
I=imread('17.jpg');
I=rgb2gray(I);
I=imresize(I,[N, N]);
subplot(2,2,1)
imshow(I)
title('Original Image')
R=mod(I,16);
R=double(R);
I=double(I);
for i=1:N
for j=1:N
Q(i,j)=round(deconv(I(i,j),16)-0.5);
% quisont of the image
end 20
end
for i =1:N
for j = 1:N
Original Image Encrypted Quiscent Image
Qe(i, j)=mod(Q(i,j)^e, n);
Re(i, j)=mod(R(i,j)^e, n);
%Decryption of image
Qd(i, j)=mod(Qe(i,j)^d, n);
Rd(i, j)=mod(Re(i,j)^d, n);
end
End
Rec=Qd*16+Rd; Encrypted Remainder Image Decrypted Image

subplot(2,2,2)
imshow(uint8(Qe))
title('Encrypted Quiscent Image')
subplot(2,2,3)
imshow(uint8(Re))
title('Encrypted Remainder Image')
subplot(2,2,4)
imshow(uint8(Rec))
title('Decrypted Image')
21
Digital Signatures
The authority of many legal, financial and other documents is
determined by the presence or absence of an authorized handwritten
signature.
Basically, what is needed is a system by which one party can send a
signed message to another party in such a way that the following
conditions holds:
1.The receiver can verify the claimed identity of the sender.
2.The sender cannot later repudiate (deny) the contents of the
message.
3.The receiver cannot possibly have concocted the massage himself.

22
Symmetric-Key Signatures

One approach to digital signature is to have a central authority that


knows everything and whom everyone trusts, say big brother (BB).
Each user then chooses a secret key and carries it by hand to BB’s
office. Thus only Alice and BB know Alice’s secret key KA and so on.

Digital signatures with Big Brother

23
When Alice wants to send a signed plaintext message P, to her banker, Bob, she
generates KA(B, RA, t, P), where B is Bob’s identity, RA is a random number
chosen by Alice, t is a timestamp to ensure freshness, and KA(B, RA, t, P) is the
message encrypted with her KA. Then she send it as depicted in fig, below. BB
sees that the message is from Alice , decrypts it and sends a message to Bob as
shown. The message to Bob contains the plain text of Alice’s message and also
the signed message KBB(A, t, P). Bob now carries out Alice’s request.

Digital signatures with Big Brother

24
Public-Key Signatures

The structural problem with using symmetric-key cryptography


for digital signature is that everyone has to agree to trust Big
Brother. Furthermore Big Brother gets to read all signed
messages. The most logical candidates for running the Big Brother
server are the government, the banks, the accountants and the
lawyers. Unfortunately none of these organizations inspire total
confidence in all citizens. Hence it would be nice if signing
documents did not require a trusted authority.

25
Fortunately public-key cryptography can make an important
contribution in this area. Let us assume that the public-key
encryption and decryption algorithms have the property that E(D(P))
= P, in addition of course, to the usual property that D(E(P)) = P
(RSA has this property, so the assumption is not unreasonable). Here
D is private key encryption and E is public key encryption algorithm.

Assuming that this is the case, Alice can send a signed plaintext
message, P to Bob by transmitting EB(DA(P)). Note carefully that
Alice knows her own (private) key, DA, as well as Bob’s public key,
EB, so constructing this message is something Alice can do.

26
When Bob receives the message, he transform it using his private
key, as usual, yielding DA(P) shown below. He stores this text in a
safe place and then applies EA to get the original plaintext.

Digital signatures using public-key cryptography

27
To see how the signature properly works, suppose that Alice
subsequently denies having sent the message P to Bob. When the
case comes up in the court, Bob can produce both P and DA(P).

The judge can easily verify that Bob indeed has a valid message
encrypted by DA by simply applying EA to it. Sine Bob does not
know what Alice’s private key is, the only way Bob could have
acquired a message encrypted by it is if Alice did indeed send it.

28
Problems:
1.Bob can prove that a message was sent by Alice only as long as DA
remains secret. If Alice discloses her secret key, the argument no
longer holds, because anyone could have sent the message including
Bob himself.

2.An other problem with signature scheme is what happens if Alice


decides to change her key. Doing so is clearly legal, and it is
probably a good idea to do so periodically. If a court case later arises,
as described above, the judge will apply the current EA to DA(P) and
discover that it does not produce P. Bob will look pretty stupid at this
point.

29
Message Digests

This scheme is based on the idea of a one way hash function that
takes an arbitrary long piece of plaintext and from it computes a fixed
length bit string. This hash function, MD often called a message
digest, has four important properties:

1.Given P, it is easy to compute MD(P).


2.Given MD(P), it is effectively impossible to find P.
3.Given P no one can find Ṕ such that MD(Ṕ ) = MD(P).
4.A change to the input of even 1 bit produces a very different output.

30
Computing a message digest from a piece of plaintext is much faster than
encrypting that plaintext with a public-key algorithm, so message digests can be
used to speed up digital signature algorithms. To see how this works, consider the
signature protocol of fig. below again. Instead of signing P with KBB (A, t, P), BB
now computes the message digest by applying MD to P, yielding MD(P). BB then
encloses KBB(A, t, MD(P)), as the fifth item in the list encrypted with KB that is sent
to Bob, instead of KBB(A, t, P).

Digital signatures with Big Brother

Digital signature using message digest 31


If a dispute arises, Bob can produce both P and KBB(A, t, MD(P)).
After Big brother has decrypted it for the judge, Bob has MD(P),
which is guaranteed to be genuine, and the alleged P. However since
it is effectively impossible for Bob to find any other message that
gives this hash, the judge will easily be convinced that Bob is telling
the truth. Using message digest in this way saves both encryption
time and message transport cost.

32
SHA-1
The other major message digest function is SHA-1 (Secure Hash
Algorithm-1). A typical way for Alice to send a nonsecret but
signed message to Bob is illustrated in fig. below. Here her
plaintext message is fed into the SHA-1 algorithm to get a 160-bit
SHA-1 hash. Alice then signs the hash with her RSA privte key and
sends both the plaintext massage and the signed hash to Bob.

Use of SHA-1 and RSA for signing nonsecret messages 33


After receiving the message, Bob computes the SHA-1 hash himself
and also applies, Alice’s public key to the signed hash to get the
original hash, H. If the two agree, the message is considered valid.
Since there is no way for intruder to modify the message (plaintext)
while it is in transit and produce a new one that hashes to H, Bob can
easily detect any change.

34
IP Security (IPsec)
One of the weaknesses of the original Internet Protocol is that it lacks any sort
of general purpose mechanism for ensuring the authenticity and privacy of data
as it is passed over the internetwork. Since IP datagrams must usually be routed
between two devices over unknown networks, any information in them is subject
to being intercepted and even possibly changed. With the increased use of the
Internet for critical applications, security enhancements were needed for IP. To
this end, a set of protocols called IP Security or IPSec was developed.

Internet Protocol Security (IPsec) is a technology protocol suite for


securing Internet Protocol (IP) communications by authenticating and encrypting
each IP packet of a communication session.

It can be used in protecting data flows between a pair of hosts (host-to-host),
between a pair of security gateways (network-to-network), or between a security
gateway and a host (network-to-host)
IP Security (IPsec)

IPsec provides three degrees of freedom.


First, it is highly modular, allowing users to select from a variety
of cryptographic algorithms and specialized security protocols.

Second, IPsec allows users to select from a large menu of security


properties, including access control, integrity, authentication,
originality, and confidentiality.

Third, IPsec can be used to protect narrow streams (e.g., packets


belonging to a particular TCP connection being sent between a pair
of hosts) or wide streams (e.g., all packets flowing between a pair of
gateways).

36
Basic Concepts:
Authentication Verifies that each datagram was originated by the claimed sender
that the sender is not impersonated by third party. (data origin authentication).

Integrity Verifies that the contents of a datagram were not changed in transit,
either deliberately or due to random errors.

Confidentiality With certain security mechanism (so-called


encryption/decryption), data is protected during transmission from third party 's
knowing the content. (Conceals the content of a message, typically by using
encryption.)

Security Association (SA) An agreement between two communication parties on


knowing and using certain combination of security mechanisms for data
transmission between them. It's based on destination address and a certain index,
called Security Parameters Index (SPI).
Transport and Tunnel Modes
IPsec can be used in either of two modes. In transport mode, the
IPsec header is inserted just after the IP header. In tunnel mode,
the entire IP packet, header and all, is encapsulated in the body of
a new IP packet with completely new IP header.

Transport mode is used to encrypt & optionally authenticate


IP data
* data protected but header left in clear
* can do traffic analysis but is efficient
* good for ESP host to host traffic
Tunnel mode encrypts entire IP packet
* add new header for next hop
* good for VPNs, gateway to gateway security
An IP Security Scenario
The IPsec authentication header in transport mode for IPv4.

40
Next Header:The Next Header is an 8-bit field that identifies the
type of the next payload after the Authentication Header. The
value of this field is chosen from the set of IP Protocol Numbers
defined on the web page of Internet Assigned Numbers Authority
(IANA). For example, a value of 4 indicates IPv4, a value of 41
indicates IPv6, and a value of 6 indicates TCP.

Payload Length: This 8-bit field specifies the length of AH in 32-


bit words (4-byte units), minus "2". For IPv6, the total length of
the header must be a multiple of 8-octet units. (Note that
although IPv6 characterizes AH as an extension header, its length
is measured in 32-bit words, not the 64-bit words used by other
IPv6 extension headers.) .

Reserved: This 16-bit field is reserved for future use. It MUST be


set to "zero" by the sender, and it SHOULD be ignored by the
recipient. 41
Security Parameters Index: The Security Parameters Index is the
connection identifier tag. It is inserted by the sender to indicate a
particular record in the receiver’s database. The record contains the
shared key used on this connection and other information about the
connection.

Sequence Number
This unsigned 32-bit field contains a counter value that increases
by one for each packet sent, i.e., a per-SA packet sequence number.

42
Authentication Data: It is a variable-length field contains the
payload’s digital signature. Normally public-key-cryptography is
not used here because packets must be processed extremely rapidly
and all known public key algorithms are too slow. One simple way
is to compute the hash over the packet plus the shared key. The
shared key is not transmitted, of course. A scheme like this is called
an HMAC (Hashed Message Authentication Code)

43
Firewall
A firewall is a system that is the sole point of connectivity between
the site it protects and the rest of the network, as illustrated in Figure
below. It is usually implemented as part of a router, although a
personal firewall may be implemented on an end-user machine.

A firewall filters packets flowing between a site and the rest of the Internet 44
In terms of walls, a firewall is like the only door (connection)
through a wall (the absence of any other connection). A firewall
provides access control by restricting which messages it will relay
between the site and the rest of the network; it forwards messages
that are allowed, and filters out messages that are disallowed. For
example, it might filter out all incoming messages addressed to a
particular IP address or to a particular TCP port number.

45
The firewall shown in fig. below has two components: two routers
that do packet filtering and an application gateway. Each packet
filter is a standard router equipped with some extra functionality.

A firewall consisting of two packet filter and an application gateway


46
Firewalls packet filtering (two packet filters inside the firewall) is
based on IP, TCP, and UDP information, among other things. They are
configured with a table of addresses that characterize the packets they
will, and will not, forward. By addresses, we mean more than just the
destination’s IP address, although that is one possibility. Generally,
each entry in the table is a 4-tuple: It gives the IP address and TCP (or
UDP) port number for both the source and destination. For example, a
firewall might be configured to filter out (not forward) all packets that
match the following description:

<192.12.13.14, 1234, 128.7.6.5, 80>

This pattern says to discard all packets from port 1234 on host
192.12.13.14 addressed to port 80 on host 128.7.6.5. (Port 80 is the
well-known TCP port for HTTP.)
47
Of course it’s often not practical to name every source host whose
packets you want to filter, so the patterns can include wildcards. For
example,
<*, *, 128.7.6.5, 80>
says to filter out all packets addressed to port 80 on 128.7.6.5,
regardless of what source host or port sent the packet.

48
Modern firewalls also understand and filter based on many specific
application level protocols such as HTTP, Telnet, or FTP. They use
information specific to that protocol, such as URLs in the case of
HTTP, to decide whether to discard a message.

The second half of the firewall is the application gateway. Rather


than just looking at raw packets, the gateway operates at the
application level. A mail gateway for example, can be set up to
examine each message going in or coming out. For each one the
gateway decides whether to transmit or discard the message based on
header fields, message size, or even the content (i.e. at a military
installation, the presence of words like ‘nuclear’ or ‘bomb’ might
cause some special action to be taken.

49
Even if the firewall is perfectly configured, plenty of security
problems still exits. For example, if a firewall is configured to
allow in packets from only specific networks ( i.e. company’s other
plants), an intruder outside the firewall can put in false source
address to bypass this check.

If an insider wants to ship out secret documents , he can encrypt


them or even convert the message in jpeg image which bypasses
any word filter.

50

You might also like