![CA- Certificate Authority
• Certificate Authority
• Validate identities and issue certificates
• A certificate is the binding of an Identity with a Public Key
• One must trust CA in identifying the validity of a Identity/Public Key pair
• Some popular CA- VeriSign, Comodo, and GoDaddy
• How is a Certificate issued?
X
A’s
Certificate
KCA
-
[A, KA
+] CA= KCA
-[A, KA
+]
CA
A
A sends its identity and public key in
Certificate Authority
CA encrypts A’s identity and public
key using CA’s private key KCA
- and
produce a Certificate CA of A.
The certificate is now registered and
available only in CA’s server](https://image.slidesharecdn.com/security101-170703202607/85/Digital-Security-101-16-320.jpg)
![Authentication Protocol 5
• Authentication using Asymmetric Key + Certificate
A B
“I am A”
r
m= KA
- (r)
“What’s your public key?”
My Public Key= KA
+
2. B sends a Nonce (r) to A
4. B asks for A’s public key
6. B go to CA to verify A’s Certificate
7. B decrypts A’s Certificate using CA’s public key
If the identity and the public key matches B knows
it’s A’s public key
B decrypts m using A’s public key KA
+
If the result is r, B knows it is indeed talking to A
1. A indicates it
wants to talk to
B
3. A encrypts r
using A’s secret
key KA
- and
sends m= KA
-(r)
5. A sends it’s
Public Key, KA
+,
to B
A sends data using KA
- to
Encrypt and receive data
using KA
- to Decrypt
Encrypted Data
CA
What’s A’s Certificate?
A’s Certificate= CA
= KCA
-[A, KA
+]
B sends data using KA
+
to Encrypt and receive
data using KA
+ to
Decrypt
How does A and B ensure each other is who it claimed to be?- Authentication
How does A and B ensure the received data is not altered?- Integrity](https://image.slidesharecdn.com/security101-170703202607/85/Digital-Security-101-17-320.jpg)
![Digital Signature
• To prove that a document signed by an individual was indeed signed by that individual
(verifiable)
• To prove that only that individual could have signed the document (Nonrepudiation)
• How does it work in Digital World?
• Use Asymmetric Key to produce Digital Signature
• Whoever signed the document must have used KA
-
• Verifiable
• “A” must be the only person who possesses the key KA
• Nonrepudiate
KA
-
[m] X
Signed Message
= KA
-[m]
X
KA
+
KA
+[KA
-[m]]
[m]
A B](https://image.slidesharecdn.com/security101-170703202607/85/Digital-Security-101-20-320.jpg)
![Integrity- Message Digest
• To verify the received data is not altered and is what is being sent by the sender
• Message Digest
• A mathematical function which takes an input message (m) and produces an mathematically
calculated output (H(m)).
• The Hash Function must have extremely low probability of producing same output with different
inputs.
• i.e. H(x) != H(y)
• Popular Hash Algorithms
• MD5, MD6
• SHA-1/2/3
[m]
Hash Function
H( )
H(m)](https://image.slidesharecdn.com/security101-170703202607/85/Digital-Security-101-22-320.jpg)
![Integrity + Authentication 1/2
• HMAC- Hashed Message Authentication Code
• Provides Integrity and Authentication
• Two techniques: HMAC + Key Cryptography
[m]
Hash Function
H( )
H(m)
A
KA
-
X
{m, K A
- [H(m)]}+
K A
- [H(m)]
Message is Hashed and Signed.
Signed Hash message is sent along original message.](https://image.slidesharecdn.com/security101-170703202607/85/Digital-Security-101-23-320.jpg)
![Integrity + Authentication 2/2
• HMAC- Hashed Message Authentication Code
• Provides Integrity and Authentication
• Two techniques: HMAC + Key Cryptography
B
{m, K A
- [H(m)]} -
K A
- [H(m)]
m
Hash Function
H( )
X KA
+
=
?
H(m)
H(m) Y Message is
not altered
Received signed hashed message is unlocked to reveal H(m)
Received original message is hashed to compare results](https://image.slidesharecdn.com/security101-170703202607/85/Digital-Security-101-24-320.jpg)
![IP HDR TCP Data
TCP Data + X
ESP Trailer
K
K[TCP, Data, ESP Trailer]
+
ESP HDR
ESP HDR
Encrypted
Data
HMAC
MD5
H[ESP HDR, Encrypted Data]
KA
-
X
+
K A
- [H(m)]
i.e. ESP Auth HDR
ESP HDR, Encrypted Data
IP HDR ESP HDR Encrypted Data
ESP
Authenticati
on
TCP Data ESP Trailer](https://image.slidesharecdn.com/security101-170703202607/85/Digital-Security-101-27-320.jpg)
![ESP- Confidentiality
IP HDR TCP Data
TCP Data + X
ESP Trailer
KDES
KDES[TCP, Data, ESP Trailer]
TCP Data ESP Trailer
Encrypted Payload
▪ ESP Confidentiality
▪ Achieved by encrypting [TCP, Data] payload
▪ AES, DES, 3DES or etc
DES encrypted payload
DES key arranged during IKE Session](https://image.slidesharecdn.com/security101-170703202607/85/Digital-Security-101-28-320.jpg)
![ESP- Authentication & Integrity
Encrypted Payload +
ESP HDR
Hash
H(ESP HDR, Encrypted Data)
KHMAC
+
KHMAC[H(m)]
i.e. ESP Auth HDR
IP HDR,
ESP HDR,
Encrypted Data
IP HDR ESP HDR Encrypted Data
ESP
Authenticat
ion
ESP HDR
Encrypted
Data
▪ ESP Authentication & Integrity
▪ Achieved by using HMAC-MD5/SHA over DES encrypted payload
X](https://image.slidesharecdn.com/security101-170703202607/85/Digital-Security-101-29-320.jpg)
Digital Security 101
- 1. Digital Security 101 Just for Fun: Gary Jan
- 2. Why Network Security? • The Internet was not designed to be secured • No “Security Layer” in the OSI 7 Layer reference model • Internet was designed in 1970 for academic institutions communicating across the continent • Digital information flows in plain text • Everyone can pick it up and read it • How does the receiver know the sender is who it claimed to be? • How does the receiver know the received information is not altered? • How does the sender make sure only the intended receiver can read it? • How to enforce network policy and security practice?
- 3. Trudy the Intruder Alice BobChannel Trudy What are the problems here? 1. Trudy can eavesdrop the communication between A and B ▪ Eavesdropping <-> Confidentiality / Privacy 2. Trudy can intercept the message and alter the content ▪ Man-in-the-Middle Attack <-> Integrity 3. Trudy can pretend to be either A or B ▪ Imposter <-> Authentication 4. Trudy can flood the resource on A and B ▪ Denial of Service <-> Availability / Access Control
- 4. What is Network Security 4 key elements in secure communication 1. Privacy / Confidentiality 2. Authentication 3. Integrity 4. Nonrepudiation
- 5. Principles of Cryptography • Cryptography • Disguise the data so that Trudy cannot access the intercepted data • Only the intended receiver can reconstruct the original data • Disguise the “Plaintext” into “Ciphertext” using Encryption Algorithm • These algorithms are usually published and standardized Example Plaintext: a b c d e f g h i j k l m n o p q r s t u v w x y z Ciphertext: w x y z s t u v o p q r k l m n g h i j c d e f a b “How are you” => “vme wgs amc?”
- 6. Security Key • Security Key • A string of numbers or character (cipher-block) as input to the encryption algorithm to mix with the plaintext • The key encrypted data is only decrypt-able by the receiver • Trudy must know the “key” to decrypt • The encrypted plaintext (ciphertext) is unique and is extremely difficult if not impossible to be decrypted by Trudy m X KA X KB mKA (m)A B m= Message x= Encryption Algorithm KA= A’s Key KB= B’s Key KA(m)= Encrypted message using a’s Key
- 7. Type of Key Systems 1/2 1. Symmetric (Private) Key Systems • When KA = KB • The shared secret key is usually express as KAB 2. Asymmetric (Public) Key Systems • When KA ≠ KB • Use a pair of key • A Public Key (K+) • A Private Key (K-) • In this example • KA = KA + • KB = KA - m X KA X KB mKA (m)A B
- 8. Type of Key Systems 2/2 1. Symmetric Key • Also known as Private Key • The key is pre-agreed by the two end hosts for all sessions • A shared secret “Session Key” can also be generated for each session • Diffie-Hellman Key Exchange • Internet Key Exchange Protocol 2. Asymmetric Key • Also known as Public Key • Each host has a pair of keys: Public and Private Key • Use Public Key to encrypt; Private key to decrypt • Requires a Trusted third party to store the public key of a host • Key Distribution Centre • CA
- 9. Symmetric Key- DES and AES • Data Encryption Standard & Advanced Data Encryption Standard • A Symmetric (Private) Key based Encryption Algorithm • DES- 56 bit key size • AES- 128, 192, and 256 key size • FYI… it took 4 months to decrypt DES in 1997 • FYI… it took 22 hours to decrypt DES in 1999 • AES is the U.S. government standard replacing 3DES in 2002 m X KA X KB mKA (m)A B DES & AES addressed the Confidentiality/Privacy Requirement
- 10. Symmetric Key- Diffie-Hellman • Diffie-Hellman Algorithm • Provide a method to securely generate a private Session Key between two hosts in a public network • How it works? • Tx and Rx agrees on a generator number (g) and a large prime number (p) • Before exchanging, Tx selects a random number (x) and RX selects a random number (y) • Tx sends T= (gx mod p); Rx sends R= (gy mod p) • Tx receives R and generates K; K= gxy mod p • Rx receives T and generates K; K= gxy mod p • Trudy can eavesdrop p, g, T, and R but not x and y • x= logy(T) ; y= logx(R) Tx Rx T= (gx mod p) R= (gy mod p) K= Rx mod p K= gxy mod p K= Ty mod p K= gxy mod p K is the Symmetric Session Key Computation of x and y is extremely time consuming for large numbers of T and R
- 11. Diffie-Hellman Security Issues • Diffie-Hellman is subjected to Man-in-the-Middle and Client- Imposter Attack • Trudy can intercept T and R and fake it with T’ and R’ • How does Rx know the received message is indeed from Tx? Tx Rx T Trudy T’ R’ R K1 K2 In general Key Algorithms provide Privacy/Confidentiality but not Authentication. What about Authentication? What do we do?
- 12. Authentication Protocol 1/x • Authentication • To verify the validity of the person is who it claimed to be • Passport Photo • Driver’s License Number • Social Insurance Number and etc… • In digital communication world • ???
- 13. 1. A indicates it wants to talk to B 3. A encrypts r using the shared key KAB and sends m= KAB(r) 5. A then sends a Nonce (r’) to B 7. A decrypts m’ using shared secret key KAB. If the result is r, B knows it is indeed talking to A Authentication Protocol 2/x • Nonce- Number used Once • Also Known as Challenge-Response approach • Use Nonce to confirm the receiver is indeed talking to the intended transmitter • A random pseudonumber • Symmetric Key + Nonce • A and B can share a secret key, or • A and B can share a session key • Used to Authenticate the host and to verify the sender is “live” A B “I am A” r m= KAB(r) r’ m’= KAB(r’) 2. B sends a Nonce (r) to A 4. B decrypts m using shared secret key KAB. If the result is r, B knows it is indeed talking to A 6. B encrypts r’ using the shared key KAB and sends m’= KAB(r’) Using Nonce+ Key Cryptography, A knows it is indeed talking to B; B knows it is indeed talking to A
- 14. Authentication Protocol 3 • Asymmetric Key + Nonce • A and B knows each others Public and Private Key • Used to Authenticate the host and to verify the sender is “live” A B “I am A” r m= KA - (r) “What’s your public key?” My Public Key= KA + 2. B sends a Nonce (r) to A 4. B asks for A’s public key 6. B decrypts m using A’s public key KA + If the result is r, B knows it is indeed talking to A 1. A indicates it wants to talk to B 3. A encrypts r using A’s secret key KA - and sends m= KA -(r) 5. A sends it’s Public Key, KA +, to B How does B know KA + is indeed A’s public key? A sends data using KA - to Encrypt and receive data using KA - to Decrypt B sends data using KA + to Encrypt and receive data using KA + to Decrypt Encrypted Data
- 15. Authentication Protocol 4 • Authentication using Asymmetric Key still subjects to Man-in-the-Middle Attack A BTrudy“I am A” r m= KA - (r) “What’s your public key?” My Public Key= KA + “I am A” r m= KA - (r) “What’s your public key?” My Public Key= KT + B sends data using KT + to Encrypt and receive data using KT + to Decrypt Encrypted Data B sends data using KA - to Encrypt and receive data using KA - to Decrypt Encrypted Data Trudy decrypts received message from B using KT - Trudy sends modified data to A How does A and B ensure each other is who it claimed to be?- Authentication How does A and B ensure the received data is not altered?- Integrity
- 16. CA- Certificate Authority • Certificate Authority • Validate identities and issue certificates • A certificate is the binding of an Identity with a Public Key • One must trust CA in identifying the validity of a Identity/Public Key pair • Some popular CA- VeriSign, Comodo, and GoDaddy • How is a Certificate issued? X A’s Certificate KCA - [A, KA +] CA= KCA -[A, KA +] CA A A sends its identity and public key in Certificate Authority CA encrypts A’s identity and public key using CA’s private key KCA - and produce a Certificate CA of A. The certificate is now registered and available only in CA’s server
- 17. Authentication Protocol 5 • Authentication using Asymmetric Key + Certificate A B “I am A” r m= KA - (r) “What’s your public key?” My Public Key= KA + 2. B sends a Nonce (r) to A 4. B asks for A’s public key 6. B go to CA to verify A’s Certificate 7. B decrypts A’s Certificate using CA’s public key If the identity and the public key matches B knows it’s A’s public key B decrypts m using A’s public key KA + If the result is r, B knows it is indeed talking to A 1. A indicates it wants to talk to B 3. A encrypts r using A’s secret key KA - and sends m= KA -(r) 5. A sends it’s Public Key, KA +, to B A sends data using KA - to Encrypt and receive data using KA - to Decrypt Encrypted Data CA What’s A’s Certificate? A’s Certificate= CA = KCA -[A, KA +] B sends data using KA + to Encrypt and receive data using KA + to Decrypt How does A and B ensure each other is who it claimed to be?- Authentication How does A and B ensure the received data is not altered?- Integrity
- 18. Security Elements • 5 key elements in secure communication 1. Privacy / Confidentiality • Symmetric, Asymmetric, and Session Key 2. Authentication • Symmetric Key, Asymmetric Key + Certificate Authority 3. Integrity 4. Nonrepudiation 5. Availability and Access Control
- 19. Integrity and Nonrepudiation • Nonrepudiation • The sender must be able to prove it is the creator of the content • The sender must be able to prove it is the approver of the content • The receiver must be able to verify the creator and approver of the received content • Exactly like Human Signature • Sign checks, credit card receipts, and etc… • Signature indicates the signer has verified and is responsible for the content • Digital Signature • A cryptographic technique used to achieve the same goals of Human Signature
- 20. Digital Signature • To prove that a document signed by an individual was indeed signed by that individual (verifiable) • To prove that only that individual could have signed the document (Nonrepudiation) • How does it work in Digital World? • Use Asymmetric Key to produce Digital Signature • Whoever signed the document must have used KA - • Verifiable • “A” must be the only person who possesses the key KA • Nonrepudiate KA - [m] X Signed Message = KA -[m] X KA + KA +[KA -[m]] [m] A B
- 21. Security Elements • 5 key elements in secure communication 1. Privacy / Confidentiality • Symmetric, Asymmetric, and Session Key 2. Authentication • Symmetric Key, Asymmetric Key + Certificate Authority 3. Integrity 4. Nonrepudiation • Digital Signature 5. Availability and Access Control
- 22. Integrity- Message Digest • To verify the received data is not altered and is what is being sent by the sender • Message Digest • A mathematical function which takes an input message (m) and produces an mathematically calculated output (H(m)). • The Hash Function must have extremely low probability of producing same output with different inputs. • i.e. H(x) != H(y) • Popular Hash Algorithms • MD5, MD6 • SHA-1/2/3 [m] Hash Function H( ) H(m)
- 23. Integrity + Authentication 1/2 • HMAC- Hashed Message Authentication Code • Provides Integrity and Authentication • Two techniques: HMAC + Key Cryptography [m] Hash Function H( ) H(m) A KA - X {m, K A - [H(m)]}+ K A - [H(m)] Message is Hashed and Signed. Signed Hash message is sent along original message.
- 24. Integrity + Authentication 2/2 • HMAC- Hashed Message Authentication Code • Provides Integrity and Authentication • Two techniques: HMAC + Key Cryptography B {m, K A - [H(m)]} - K A - [H(m)] m Hash Function H( ) X KA + = ? H(m) H(m) Y Message is not altered Received signed hashed message is unlocked to reveal H(m) Received original message is hashed to compare results
- 25. IPSec ▪ IPSec- Internet Protocol Security ▪ Suite of protocols to ensure Confidentiality, Authentication, and Integrity across IP network ▪ Works on Layer 3 Packets ▪ Three Components ▪ AH- Authentication Header ▪ Authentication & Integrity ▪ ESP ▪ Authentication, Integrity, and Confidentiality ▪ IKE ▪ Key Management and Security Association Management ▪ Two Modes ▪ Tunnel Mode ▪ Transport Mode
- 26. IPSec- ESP • ESP- Encapsulating Security Payload • Confidentiality- Encrypted over payload, only intended receiver can decrypt • Authentication & Integrity- HMAC + MD5 IP HDR ESP HDR TCP Data ESP Trailer ESP Authenticat ion IP HDR TCP Data Encrypted Authenticated
- 27. IP HDR TCP Data TCP Data + X ESP Trailer K K[TCP, Data, ESP Trailer] + ESP HDR ESP HDR Encrypted Data HMAC MD5 H[ESP HDR, Encrypted Data] KA - X + K A - [H(m)] i.e. ESP Auth HDR ESP HDR, Encrypted Data IP HDR ESP HDR Encrypted Data ESP Authenticati on TCP Data ESP Trailer
- 28. ESP- Confidentiality IP HDR TCP Data TCP Data + X ESP Trailer KDES KDES[TCP, Data, ESP Trailer] TCP Data ESP Trailer Encrypted Payload ▪ ESP Confidentiality ▪ Achieved by encrypting [TCP, Data] payload ▪ AES, DES, 3DES or etc DES encrypted payload DES key arranged during IKE Session
- 29. ESP- Authentication & Integrity Encrypted Payload + ESP HDR Hash H(ESP HDR, Encrypted Data) KHMAC + KHMAC[H(m)] i.e. ESP Auth HDR IP HDR, ESP HDR, Encrypted Data IP HDR ESP HDR Encrypted Data ESP Authenticat ion ESP HDR Encrypted Data ▪ ESP Authentication & Integrity ▪ Achieved by using HMAC-MD5/SHA over DES encrypted payload X