Computer and Network

Security

Course Code: ECEg - 5172

Credit Hr.: 5

1
Cyber Security

2
 Books
Textbook:
• "Network Security Essentials: Applications and Standards,"
Prentice Hall, Wm. Stallings, Third Edition.

References:
• Andrew S. Tanenbaum: Computer Networks
•

3
 Chapter 1 – Introduction
… teaches us to rely not on the likelihood of the
enemy's not coming, but on our own readiness
to receive him; not on the chance of his not
attacking, but rather on the fact that we have
made our position unassailable.
—The Art of War, Sun Tzu

故用兵之法，无恃其不来，恃吾有以待也；无
恃其不攻，恃吾有所不可攻也。
—《孙子兵法 · 九变篇》
4
 Outline
• Background
• Attacks, services and mechanisms
• Security attacks
• Security services
• Methods of Defense
• A model for Internetwork Security
• Internet standards and RFCs
5
 Background
• Information Security requirements have
changed in recent times
– Traditionally provided by physical and
administrative mechanisms
– Many daily activities have been shifted from
physical world to cyber space
• Use of computers
– Protect files and other stored information
• Use of networks and communications links
– Protect data during transmission
• The focus of many funding agencies in US
– DOD, NSF, DHS, etc.
– ONR: game theory for cyber security
6
 Definitions
• Computer Security
– Generic name for the collection of tools
designed to protect data and to thwart
hackers
• Network Security
– Measures to protect data during their
transmission
• Internet Security
– Measures to protect data during their
transmission over a collection of
interconnected networks
7
 OSI Security Architecture
• ITU-T X.800 “Security Architecture for
OSI”
– A systematic way of defining and providing
security requirements
– Provides a useful, if abstract, overview of
concepts we will study

ITU-T: International Telecommunication Union

Telecommunication Standardization Sector
OSI: Open Systems Interconnection
8
 3 Aspects of Info Security
• Security Attack
– Any action that compromises the security of
information.
• Security Mechanism
– A mechanism that is designed to detect, prevent, or
recover from a security attack.
• Security Service
– A service that enhances the security of data
processing systems and information transfers.
• Makes use of one or more security mechanisms.

9
 Security Attacks
Attacks
• Threat & attack
– Often used equivalently
• There are a wide range of attacks
– Two generic types of attacks
• Passive

• Active

10
Security Attack Classification

11
 Security Attacks
• Interruption: This is an attack on
availability
• Interception: This is an attack on
confidentiality
• Modification: This is an attack on
integrity
• Fabrication: This is an attack on
authenticity
12
3 Primary Security Goals

Fundamental security objectives for both data and

information/computing services
13
14
 Security Services
X.800
– A service provided by a protocol layer of communicating open systems,
which ensures adequate security of the systems or of data transfers
• Confidentiality (privacy)
• Authentication (who created or sent the data)
• Integrity (has not been altered)
• Non-repudiation (the order is final)
• Access control (prevent misuse of resources)
• Availability (permanence, non-erasure)
– Denial of Service Attacks
– Virus that deletes files

15
 Security Mechanism
• Features designed to detect, prevent, or
recover from a security attack
• No single mechanism that will support all
services required
• One particular element underlies many of
the security mechanisms in use:
– Cryptographic techniques
– Hence we will focus on this topic first

16
 Security Mechanisms (X.800)
• Specific security mechanisms:
– Encipherment, digital signatures, access controls,
data integrity, authentication exchange, traffic
padding, routing control, notarization
• Pervasive security mechanisms:
– Trusted functionality, security labels, event
detection, security audit trails, security recovery

17
Model for Network Security

18
 Model for Network Security
Using this model requires us to:
1. design a suitable algorithm for the security
transformation (message de/encryption)
2. generate the secret information (keys) used by
the algorithm
3. develop methods to distribute and share the
secret information (keys)
4. specify a protocol enabling the principals to
use the transformation and secret information
for a security service (e.g. ssh)
19
Model for Network Access Security

20
Model for Network Access Security
Using this model requires us to implement:
1. Authentication
 select appropriate gatekeeper functions to identify
users
2. Authorization
 implement security controls to ensure only
authorized users access designated information or
resources
Trusted computer systems may be useful
to help implement this model
21
 Methods of Defense
• Encryption
• Software Controls
– Limit access in a database or in operating
systems
– Protect each user from other users
• Hardware Controls
– Smartcard (ICC, used for digital signature and
secure identification)
• Policies
– Frequent changes of passwords
– Recent study shows controversial arguments
• Physical Controls
22
Internet standards and RFCs
• Three organizations in the Internet
society
– Internet Architecture Board (IAB)
• Defining overall Internet architecture
• Providing guidance to IETF
– Internet Engineering Task Force (IETF)
• Actual development of protocols and standards
– Internet Engineering Steering Group (IESG)
• Technical management of IETF activities and
Internet standards process
23
Internet RFC Publication
Standardization Process

24
2. SYMMETRIC CIPHERS

25
 Introduction
 Two types of encryption/decryption
techniques
 Symmetric Encryption
 Asymmetric Encryption

26
 Symmetric Encryption
 Conventional / private-key / single-
key.
 Sender and recipient share a
common key.

27
 Symmetric Encryption
 All classical encryption algorithms
are private-key.
 Was only type prior to invention of
public-key in 1970’s and by far most
widely used.

28
 Some Basic Terminology
 Plaintext - original message
 Ciphertext - coded message
 Cipher - algorithm for transforming
plaintext to ciphertext
 Key - info used in cipher known only
to sender/receiver
29
 Some Basic Terminology
 Encipher (encrypt) - converting
plaintext to ciphertext.
 Decipher (decrypt) - recovering
ciphertext from plaintext
 Cryptography - study of encryption
principles/methods
30
 Some Basic Terminology
 Cryptanalysis (code breaking) -
study of principles/ methods of
deciphering ciphertext without
knowing key
 Cryptology - field of both
cryptography and cryptanalysis

31
 Requirements
• Two requirements for secure use of
symmetric encryption:
 a strong encryption algorithm
 a secret key known only to sender / receiver

32
 Requirements
• Mathematically:
Y = EK(X)
X = DK(Y)
• A secure channel to distribute key

33
 Cryptography
 Characterize cryptographic system
by:
 Type of encryption operations used
• substitution / transposition/product
 Number of keys used
• single-key or private / two-key or public
 Way in which plaintext is processed
• block / stream 34
 Cryptanalysis
 Objective to recover key not just
message
 General approaches:
 Cryptanalytic attack
 Brute-force attack

35
 Cryptanalysis
 An encryption algorithm is
computationally secure, if either of
the ff two criteria met
 The cost of breaking the cipher exceeds the
amount of encrypted information.

36
 Cryptanalysis
 The time required to break the cipher
exceeds the useful lifetime of the
information.

37
Cryptanalytic Attacks

38
 Cryptanalytic Attacks
 Ciphertext only
 only know algorithm & ciphertext, is
statistical, know or can identify plaintext
 Known plaintext
 know/suspect plaintext & ciphertext

39
 Cryptanalytic Attacks
 Chosen plaintext
 Select plaintext and obtain ciphertext
 Chosen ciphertext
 Select ciphertext and obtain plaintext
 Chosen text
 Select plaintext or ciphertext to en/decrypt

40
 Brute Force Search
 Always possible to simply try every
key.
 Most basic attack, proportional to
key size.
 Assume either know / recognise
plaintext.

41
 Brute Force Search
Key Size (bits) Number of Time required at 1 Time required at 106
Alternative Keys decryption/µs decryptions/µs

32 232 = 4.3  109 231 µs = 35.8 minutes 2.15 milliseconds

56 256 = 7.2  1016 255 µs = 1142 years 10.01 hours

128 2128 = 3.4  1038 2127 µs = 5.4  1024 5.4  1018 years
years

168 2168 = 3.7  1050 2167 µs = 5.9  1036 5.9  1030 years
years

26 characters 26! = 4  1026 2  1026 µs = 6.4 6.4  106 years

(permutation)  1012 years

42
 Stream Cipher

y
ek(x)  y dk(y)  x

 A stream cipher is one that encrypts

a digital data stream one bit or one
byte at a time.
43
 Classical Substitution Cipher
 Where letters of plaintext are
replaced by other letters or by
numbers or symbols.

44
 Classical Substitution Cipher
 Or if plaintext is viewed as a
sequence of bits, then substitution
involves replacing plaintext bit
patterns with ciphertext bit patterns

45
 Caesar Cipher
 Earliest known substitution cipher
 By Julius Caesar
 First attested use in military affairs
 Replaces each letter by 3rd letter on
 Example:
meet me after the toga party
PHHW PH DIWHU WKH WRJD SDUWB
46
 Caesar Cipher
 Can define transformation as:
a b c d e f g h i j k l m n o p q r s t u v w x y z
D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

 Mathematically give each letter a

number
a b c d e f g h i j k l m n o p q r s t u
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
v w x y z
21 22 23 24 25
47
 Caesar Cipher
 Then have Caesar cipher as:
c = E(p) = (p + k) mod (26)
p = D(c) = (c – k) mod (26)

48
Cryptanalysis of Caesar Cipher

 Only have 26 possible ciphers

 A maps to A,B,..Z
 Could simply try each in turn

49
Cryptanalysis of Caesar Cipher
A brute force search, given
ciphertext, just try all shifts of
letters
 Ex. break ciphertext "GCUA VQ
DTGCM“ (easy to break, with a shift
of 2, (key C))

50
 Monoalphabetic Cipher
 Rather than just shifting the
alphabet
 Could shuffle (jumble) the letters
arbitrarily
 Each plaintext letter maps to a
different random ciphertext letter

51
 Monoalphabetic Cipher
 Hence key is 26 letters long

Plain: abcdefghijklmnopqrstuvwxyz
Cipher: DKVQFIBJWPESCXHTMYAUOLRGZN

Plaintext: ifwewishtoreplaceletters
Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYA
52
 Monoalphabetic Cipher Security
 Now have a total of 26! = 4 x 1026
keys
 With so many keys, might think is
secure
 but would be !!!WRONG!!!
 Problem is language characteristics

53
Letter Frequency

54
 Stream Cipher

y
ek(x)  y dk(y)  x

 A stream cipher is one that encrypts

a digital data stream one bit or one
byte at a time.
55
 Cont.

Encryption yi  e xi   xi  si mod 2
Decryption xi  e yi   yi  si mod 2

…s3s2s1 …s3s2s1

…y3y2y1
…x3x2x1 …y3y2y1

56
 Cont.

xi si yi
0 0 0
0 1 1
1 0 1
1 1 0

57
 Cont.
Example: Encryption of ASCII “A”

x7 … x1 = 1 0 0 0 0 0 1
s7 … s 1 = 1 0 1 0 0 1 1
y7 … y1 = 0 0 1 0 0 1 0 y7 … y1 = 0 0 1 0 0 1 0
“l ” s7 … s 1 = 1 0 1 0 0 1 1
x7 … x1 = 1 0 0 0 0 0 1

58
 Modern Block Cipher
 One of the most widely used types
of cryptographic algorithms.
 Provide secrecy /authentication
services.

59
 Block vs. Stream Cipher
 Block ciphers process messages in
blocks, each of which is then
en/decrypted.
 Stream ciphers process messages a
bit or byte at a time when
en/decrypting.

60
 Block vs. Stream Cipher
 Many current ciphers are block
ciphers.
 And have broader range of
applications.

61
 Block Cipher
 Most symmetric block ciphers are
based on a Feistel Cipher Structure.
 Block ciphers look like an extremely
large substitution.
 Would need table of 264 entries for a
64-bit block.

62
 Block Cipher Design
 Basic principles still like Feistel’s in
1970’s
 Number of rounds
 more is better, exhaustive search best
attack.

63
 Block Cipher Design
 Function f:
 provides “confusion”, is nonlinear, avalanche
 have issues of how S-boxes are selected
 Key schedule
 complex subkey creation, key avalanche

64
Data Encryption Standards
(DES)

64 64
X DES Y

56

K
65
 Claude Shannon & Substitution
Permutation Cipher
 Claude Shannon introduced idea of
substitution-permutation (S-P)
networks in 1949 paper
 Form basis of modern block ciphers

66
 Cont’
 S-P nets are based on the two
primitive cryptographic operations:
 substitution (S-box)
 permutation (P-box)
 Provide confusion & diffusion of
message & key

67
 Confusion and Diffusion

 Cipher needs to completely obscure

statistical properties of original
message.

68
 Confusion and Diffusion
 More practically Shannon suggested
combining S & P elements to obtain:
 Diffusion – dissipates statistical structure of
plaintext over bulk of ciphertext
 Confusion – makes relationship between
ciphertext and key as complex as possible

69
 Diffusion

X1 = 0010 1011 Y1 = 1011 1001

Block Cipher
X2 = 0000 1011 Y2 = 0110 1100

70
Feistel Structure

Round 1

Round 2

Round 16

71
 Feistel Cipher Design Element
 Block size
 Key size
 Number of rounds
 Subkey generation algorithm
 Round function
 Fast software en/decryption

72
Data Encryption Standards (DES)
 Most widely used block cipher in
world
 Encrypts 64-bit data using 56-bit
key
 Has widespread use

73
DES Encryption Overview

74
 Initial Permutation IP
 First step of the data computation
 IP reorders the input data bits
 Even bits to LH half, odd bits to RH
half

75
 Cont.

Initial Permutation

Inverse Initial
Permutation

76
DES Round Structure

77
DES Round Structure

78
 DES Round Structure
 Uses two 32-bit L & R halves
 As for any Feistel cipher can
describe as:
Li = Ri–1
Ri = Li–1  F(Ri–1, Ki)

79
 DES Round Structure
 F takes 32-bit R half and 48-bit sub-
key:
 expands R to 48-bits using perm E
 adds to subkey using XOR
 passes through 8 S-boxes to get 32-bit result
 finally permutes using 32-bit perm P

80
Expansion Permutation

Expansion Permutation (E)

Permutation Function(P)
81
 Substitution Boxes S
 Have eight S-boxes which map 6 to
4 bits
 Each S-box is actually 4 by 4 bit
boxes
 outer bits 1 & 6 (row bits) select one row of 4
 inner bits 2-5 (col bits) are substituted
 result is 8 lots of 4 bits, or 32 bits
82
Substitution Box Tables

83
Substitution Box Tables

84
 DES Key Schedule
 Forms subkeys used in each round
 initial permutation of the key (PC1) which
selects 56-bits in two 28-bit halves

85
 DES Key Schedule
 16 stages consisting of:
• rotating each half separately
either 1 or 2 places depending on
the key rotation schedule K
• selecting 24-bits from each half
& permuting them by PC2 for use
in round function F

86
 DES Key Schedule

PC-1 PC-2

Schedule of left shift

87
 DES Key Schedule
 Decrypt must unwind steps of data
computation
 With Feistel design, do encryption
steps again using subkeys in reverse
order (SK16 … SK1)
 IP undoes final FP step of encryption

88
 Cont’
 1st round with SK16 undoes 16th encrypt
round
 ….
 16th round with SK1 undoes 1st encrypt
round
 then final FP undoes initial encryption IP
 thus recovering original data value

89
 DES Decryption
 Reverse process of DES encryption

90
 Strength of DES-Key Size
 56-bit keys have 256 = 7.2 x 1016
values
 Brute force search looks hard
 Recent advances have shown is
possible
 in 1997 on Internet in a few months

91
 Strength of DES-Key Size
 in 1998 on dedicated h/w (EFF, Electronic
Frontier Foundation) in a few days
 in 1999 above combined in 22hrs!
 Must now consider alternatives to
DES

92
 Multiple Encryption & DES
 Clear a replacement for DES was
needed
 theoretical attacks that can break it
 demonstrated exhaustive key search attacks
 AES is a new cipher alternative

93
 Multiple Encryption & DES
 Prior to this alternative was to use
multiple encryption with DES
implementations
 Triple-DES is the chosen form

94
 Double DES
 Could use 2 DES encrypts on each
block
 C = EK2(EK1(P))

95
 Triple DES with two keys
 Hence must use 3 encryptions
 would seem to need 3 distinct keys
 But can use 2 keys with E-D-E
sequence
 C = EK1(DK2(EK1(P)))
 if K1=K2 then can work with single DES

96
 Triple DES with three keys
 Although are no practical attacks on
two-key Triple-DES have some
indications
 Can use Triple-DES with Three-Keys
to avoid even these
 C = EK3(DK2(EK1(P)))

97
 Cipher Block Chaining (CBC)
 Message is broken into blocks
 Linked together in encryption
operation.
 Each previous cipher blocks is
chained with current plaintext block.

98
 Cipher Block Chaining (CBC)
 Use Initial Vector (IV) to start
process
 Ci = DESK1(Pi XOR Ci-1)
 C-1 = IV

99
Cipher Block Chaining (CBC)

100
 Advantages & limitations of
CBC
 A ciphertext block depends on all
blocks before it
 Any change to a block affects all
following ciphertext blocks

101
 Advantages & limitations of
CBC
 Need Initialization Vector (IV)
 which must be known to sender & receiver
 if sent in clear, attacker can change bits of
first block, and change IV to compensate
 hence IV must either be a fixed value
 or must be sent encrypted in ECB mode before
rest of message
102
 RC4
 Variable key size, byte-oriented
stream cipher
 Widely used (web SSL/TLS, wireless
WEP)

103
 RC4 Block Diagram
Secret Key

RC4

Key Stream

Encrypted
Plain Text
Text

104
 RC4
 Key forms random permutation of all
8-bit values
 Uses that permutation to scramble
input info processed a byte at a time

105
 RC4 key schedule
 Starts with an array S of numbers:
0..255
 Use key to well and truly shuffle
 S forms internal state of the cipher

106
 RC4 key schedule
for i = 0 to 255 do
S[i] = i
T[i] = K[i mod keylen])
j = 0
for i = 0 to 255 do
j = (j + S[i] + T[i]) (mod 256)
swap (S[i], S[j])

107
 RC4 Encryption
 Encryption continues shuffling array
values
 Sum of shuffled pair selects "stream
key" value from permutation
 XOR S[t] with next byte of message
to en/decrypt

108
 RC4 Encryption
i = j = 0
for each message byte Mi
i = (i + 1) (mod 256)
j = (j + S[i]) (mod 256)
swap(S[i], S[j])
t = (S[i] + S[j]) (mod 256)
Ci = Mi XOR S[t]

109
RC4 Overview

110
3. PublIC KEY CRYPTogRaPHY

111
 Private-Key Cryptography

 Traditional private/secret/single
key cryptography uses one key
 Shared by both sender and receiver

112
 Private-Key Cryptography
 If this key is disclosed
communications are compromised
and also is symmetric, parties are
equal

113
 Public-Key Cryptography
 Uses two keys – a public & a private
key
 Asymmetric since parties are not
equal
 Complements rather than replaces
private key crypto

114
Why Public-Key Cryptography?
 Developed to address two key
issues:
 key distribution – how to have secure
communications in general without having to
trust a KDC with your key
 digital signatures – how to verify a message
comes intact from the claimed sender
115
 Public-Key Cryptography
 Public-key/two-key/asymmetric
cryptography involves the use of two
keys:
 a public-key, which may be known by anybody,
and can be used to encrypt messages, and
verify signatures

116
 Cont…
 a private-key, known only to the recipient,

used to decrypt messages, and sign (create)

signatures
• Is asymmetric because
 those who encrypt messages or verify
signatures cannot decrypt messages
or create signatures

117
Public-Key Cryptography?

118
 Public-Key Characteristics
 Public-Key algorithms rely on two keys
where:
 It is computationally infeasible to find decryption
key knowing only algorithm & encryption key
 It is computationally easy to en/decrypt messages
when the relevant (en/decrypt) key is known

119
 Public-Key Applications
 Can classify uses into 3 categories:
 Encryption/decryption (provide secrecy)
 Digital signatures (provide authentication)
 Key exchange (of session keys)

120
 RSA Key Setup
 Each user generates a
public/private key pair by:
 Selecting two large primes at random  p, q
 Computing their system modulus n=p.q
• note ø(n)=(p-1)(q-1)
 Selecting at random the encryption key e
• where 1<e<ø(n), gcd(e,ø(n))=1
121
 Cont…
 Solve the following equation to find
decryption key d
• e.d=1 mod ø(n) and 0≤d≤n
 Publish their public encryption key: PU={e,n}
 Keep secret private decryption key: PR={d,n}

122
 RSA Use
 To encrypt a message M the sender:
 obtains public key of recipient PU={e,n}
 computes: C = Me mod n, where 0≤M<n

123
 RSA Use
 To decrypt the ciphertext C the
owner:
 uses their private key PR={d,n}
 computes: M = Cd mod n

124
 RSA Example-Key Setup
1. Select primes: p=17 & q=11
2. Compute n = pq =17 x 11=187
3. Compute ø(n)=(p–1)(q-1)=16 x 10=160
4. Select e: gcd(e,160)=1; choose e=7
5. Determine d: de=1 mod 160 and d < 160 Value is
d=23 since 23x7=161= 10x160+1
6. Publish public key PU={7,187}
7. Keep secret private key PR={23,187}
125
 RSA Example-En/Decryption
 Sample RSA encryption/decryption
is:
 Given message M = 88 (88<187)
 Encryption:
C = 887 mod 187 = 11
 Decryption:
M = 1123 mod 187 = 88
126
 Exponentiation
 Can use the Square and Multiply
Algorithm
A fast, efficient algorithm for
exponentiation

127
 Exponentiation
 Concept is based on repeatedly
squaring base
 And multiplying in the ones that are
needed to compute the result

128
 Efficient Encryption
 Encryption uses exponentiation to
power e
 Hence if e small, this will be faster
 often choose e=65537 (216-1)
 also see choices of e=3 or e=17
 But if e too small (eg e=3) can
attack
129
 Efficient Decryption
 Decryption uses exponentiation to
power d
 this is likely large, insecure if not
 Only owner of private key who
knows values of p & q can use this
technique

130
 RSA Security
 Possible approaches to attack RSA
are:
 brute force key search (infeasible given size
of numbers)

131
 RSA Security
 mathematical attacks (based on difficulty of
computing ø(n), by factoring modulus n)

 timing attacks (on running of decryption)

132
 Timing Attacks
 Developed by Paul Kocher in mid-
1990’s
 Exploit timing variations in
operations
 E.g. multiplying by small vs large number
 Infer operand size based on time
taken
133
 Cont…
 RSA exploits time taken in
exponentiation
 Countermeasures
 use constant exponentiation time
 add random delays
 blind values used in calculations

134
 Key Management
 Public-key encryption helps address
key distribution problems
 Have two aspects of this:
 distribution of public keys
 use of public-key encryption to distribute
secret keys

135
 Distribution of Public Key
 Can be considered as using one of:
 public announcement
 publicly available directory
 public-key authority
 public-key certificates

136
 Public Announcement
 Users distribute public keys to
recipients or broadcast to community
at large
 Major weakness is forgery
 anyone can create a key claiming to be
someone else and broadcast it
 until forgery is discovered can masquerade as
claimed user 137
Cont…

138
 Publicly Available Directory
 Can obtain greater security by
registering keys with a public
directory

139
 Publicly Available Directory
 Directory must be trusted with
properties:
 contains {name,public-key} entries
 participants register securely with
directory
 participants can replace key at any time
 directory is periodically published
 directory can be accessed electronically 140
Cont…

141
 Publicly Key Authority
 Improve security by tightening
control over distribution of keys from
directory
 Has properties of directory and
requires users to know public key for
the directory

142
 Publicly Key Authority
 Then users interact with directory to
obtain any desired public key
securely
 does require real-time access to directory
when keys are needed

143
Cont…

144
 Publicly Key Certificate
 Certificates allow key exchange
without real-time access to public-
key authority

 A certificate binds identity to public

key
 usually with other info such as period of
validity, rights of use etc 145
 Cont…
 With all contents signed by a trusted
Public-Key or Certificate Authority
(CA)

 Can be verified by anyone who

knows the public-key authorities
public-key

146
Cont…

147
 Diffie-Hellman Key Exchange
• First public-key type scheme
proposed
• By Diffie & Hellman in 1976 along
with the exposition of public key
concepts

148
 Diffie-Hellman Key Exchange
 Is a practical method for public
exchange of a secret key
 Used in a number of commercial
products

149
 Cont…
 A public-key distribution scheme
 cannot be used to exchange an arbitrary
message
 rather it can establish a common key
 known only to the two participants

150
 Cont…
 Value of key depends on the
participants (and their private and
public key information)

151
 Diffie-Hellman Setup
 All users agree on global
parameters:
 large prime integer or polynomial q
 a being a primitive root mod q

 Each user (eg. A) generates their

key
 chooses a secret key (number): xA < q
xA
 compute their public key: yA = a mod q 152
 Diffie-Hellman Key Exchange
 Each user makes public that key yA
 Shared session key for users A & B
is KAB:
xA.xB
KAB = a mod q
xB
= yA mod q (which B can compute)
xA
= yB mod q (which A can compute)

153
 Diffie-Hellman Key Exchange
 KAB is used as session key in private-
key encryption scheme between
Alice and Bob

154
 Cont…
 If Alice and Bob subsequently
communicate, they will have the
same key as before, unless they
choose new public-keys.

155
 Diffie-Hellman Example
 Users Alice & Bob who wish to swap
keys:
 Agree on prime q=353 and a=3
 Select random secret keys:
 A chooses xA=97, B chooses xB=233

156
 Cont…
 Compute respective public keys:
97
 yA=3 mod 353 = 40 (Alice)
233
 yB=3 mod 353 = 248 (Bob)
 Compute shared session key as:
xA 97
 KAB= yB mod 353 = 248 = 160 (Alice)
xB 233
 KAB= yA mod 353 = 40 = 160 (Bob)

157
4. auTHEnTICaTIon

158
 Message Authentication
 Message authentication is concerned
with:
 protecting the integrity of a message
 validating identity of originator
 Source & destination non-repudiation

159
 Message Authentication
 Then three alternative functions
used:
 message encryption
 message authentication code (MAC)
 hash function
 Will consider the security
requirements
160
 Security Requirements
 Disclosure
 Traffic analysis
 Masquerade
 Content modification

161
 Security Requirements
 Sequence modification
 Timing modification
 Source repudiation
 Destination repudiation

162
 Message Encryption
 Message encryption by itself also
provides a measure of authentication

163
 Message Encryption
 Symmetric encryption is used then:
 receiver know sender must have created it
since only sender and receiver now key used
 know content cannot of been altered if
message has suitable structure, redundancy or
a checksum to detect any changes

164
 Message Authentication Code
(MAC)
 Generated by an algorithm that
creates a small fixed-sized block
 depending on both message and some key
 like encryption though need not be reversible
 Appended to message as a signature

165
 Message Authentication Code
(MAC)
 Receiver performs same
computation on message and checks
it matches the MAC
 Provides assurance that message is
unaltered and comes from sender

166
Cont…

167
 Cont…
 As shown the MAC provides
authentication.
 Can also use encryption for secrecy.
 generally use separate keys for each.
 can compute MAC either before or after
encryption.

168
 Cont…
 Why use a MAC?
 sometimes only authentication is needed
 sometimes need authentication to persist
longer than the encryption (eg. archival use)
 Note that a MAC is not a digital
signature

169
 MAC Properties
 A MAC is a cryptographic checksum
MAC = CK(M)
 condenses a variable-length message M
 using a secret key K
 to a fixed-sized authenticator

170
 MAC Properties
 Is a many-to-one function
 potentially many messages have same MAC
 but finding these needs to be very difficult

171
 Requirements for MAC
 Taking into account the types of
attacks, need the MAC to satisfy the
following:
1. knowing a message and MAC, is infeasible to
find another message with same MAC
2. MACs should be uniformly distributed
3. MAC should depend equally on all bits of the
message
172
 Using Symmetric Cipher for
MACs
 Can use any block cipher chaining
mode and use final block as a MAC
 Data Authentication Algorithm
(DAA) is a widely used MAC based on
DES-CBC

173
 Hash Functions
 Condenses arbitrary message to
fixed size
h = H(M)
 Usually assume that the hash
function is public and not keyed

174
 Hash Functions
 Hash used to detect changes to
message
 Can use in various ways with
message
 Most often to create a digital
signature

175
Hash Functions and Digital
Signature

176
Requirements for Hash Functions
1. Can be applied to any sized message
M
2. Produces fixed-length output h
3. Is easy to compute h=H(M) for any
message M
4. Given h is infeasible to find x s.t.
H(x)=h
• one-way property:- pre-image resistance 177
 Cont…
5. Given x is infeasible to find y s.t.
H(y)=H(x)
• weak collision resistance: - second pre-image
resistance
6. Is infeasible to find any x,y s.t.
H(y)=H(x)
• strong collision resistance
178
 Secure Hash Algorithm (SHA-1)
 SHA was designed by NIST & NSA in
1993, revised 1995 as SHA-1.
 Produces 160-bit hash values
 Now the generally preferred hash
algorithm
 Based on design of MD4 with key
differences
179
 SHA-1 Overview
 Initialize 5-word (160-bit) buffer
(A,B,C,D,E) to
(67452301,efcdab89,98badcfe,10325476,c3d
2e1f0)
 process message in 16-word (512-bit) chunks:
 expand 16 words into 80 words by mixing &
shifting

180
 SHA-1 Overview
 use 4 rounds of 20 bit operations on message
block & buffer
 add output to input to form new buffer value
 Output hash value is the final buffer
value

181
SHA-1 Overview
X = (x1,…xn)

Padding
Hi-1
Hi 512

Compression
function

H(x) 182
 Compression Function
xi 512

Message Schedule Hi-1

w0
Round 0
32
w1
Round 1

w79
Round 79
32

183
 SHA-1 Compression function
 Each round has 20 steps which
replaces the 5 buffer words thus:
(A,B,C,D,E) <-
(E+f(t,B,C,D)+(A<<5)+Wt+Kt),A,(B<<30),C,D)
 a, b, c, d refer to the 4 words of the
buffer

184
 SHA-1 Compression function
 t is the step number
 f(t,B,C,D) is nonlinear function for
round
 Wt is derived from the message
block
 Kt is a constant value

185
SHA-1 Compression function

186
 SHA-1
 The four stages
 t1 = From round 0 to 19
 t2 = From round 20 to 39
 t3 = From round 40 to 59
 t4 = From round 60 to 79

187
 SHA-1
Stage t Round j Constant Kt Function F
1 0 - 19 K1 = 5A827999 f1(B,C,D) = (BΛC) V (BΛD)
2 20 - 39 K2 = 6ED9EBA1 f2(B,C,D) = B C D
3 40 - 59 K3 = 8F1BBCDC f3(B,C,D) = (BΛC) V (BΛD) V (CΛD)
4 60 - 79 K4 = CA62C1D6 f4(B,C,D) = B C D

188
 Message Schedule

Xi(0) Xi(1) Xi(15)

w0 w1 w15

wj = wj-16 wj-14 wj-8 wj-3 , 16 ≤ j ≤ 79

189
 Digital Signature
 Have looked at message
authentication
 but does not address issues of lack of trust
 Digital signatures provide the ability
to:
 verify author, date & time of signature

190
 Digital Signature
 authenticate message contents
 be verified by third parties to resolve
disputes
 Hence include authentication
function with additional capabilities.

191
 Digital Signature Properties
 Must depend on the message signed.
 Must use information unique to
sender
 to prevent both forgery and denial
 Must be relatively easy to produce.
 Must be relatively easy to recognize
& verify.
192
 Digital Signature Properties
 Be computationally infeasible to
forge
 Be practical save digital signature in
storage

193
 Direct Digital Signature
 Involve only sender & receiver
 Assumed receiver has sender’s
public-key
 Digital signature made by sender
signing entire message or hash with
private-key

194
 Direct Digital Signature
 Can encrypt using receivers public-
key
 Important that sign first then
encrypt message & signature.
 Security depends on sender’s
private-key.

195
 Authentication Protocols
 Used to convince parties of each
others identity and to exchange
session keys
 May be one-way or mutual

196
 Authentication Protocols
 Key issues are
 confidentiality – to protect session keys
 timeliness – to prevent replay attacks

197
 Replay Attack
 Where a valid signed message is
copied and later resent
 simple replay
 repetition that can be logged
 repetition that cannot be detected
 backward replay without modification

198
 Replay Attack
 Countermeasures include
 use of sequence numbers (generally
impractical)
 timestamps (needs synchronized clocks)
 challenge/response (using unique nonce)

199
 Digital Signature Algorithm
(DSA)
 Creates a 320 bit signature
 With 512-1024 bit security
 Smaller and faster than RSA
 A digital signature scheme only

200
Digital Signature Algorithm
(DSA)

201
5. nETwoRK SECuRITY

202
wEb SECuRITY

203
 Web Security
 Web now widely used by business,
government, individuals
 But Internet & Web are vulnerable

204
 Web Security
 Have a variety of threats
 integrity
 confidentiality
 denial of service
 authentication
 Need added security mechanisms

205
 SSL (Secure Socket Layer)
 Transport layer security service
 Originally developed by Netscape
 Version 3 designed with public input
 Subsequently became Internet
standard known as TLS (Transport
Layer Security)

206
 SSL (Secure Socket Layer)
 Uses TCP to provide a reliable end-
to-end service
 SSL has two layers of protocols

207
SSL Architecture

208
 SSL Architecture
 SSL connection
 a transient, peer-to-peer, communications link
 associated with 1 SSL session

209
 SSL Architecture
 SSL session
 an association between client & server
 created by the Handshake Protocol
 define a set of cryptographic parameters

210
SSL Change Cipher Spec Protocol
 One of 3 SSL specific protocols
which use the SSL Record protocol
 A single one byte message
 Causes negotiated parameter to
become current
 Hence updating the cipher suite in
use
211
 SSL Alert Protocol
 Conveys SSL-related alerts to peer
entity.
 Two byte message.
 Severity
 warning or fatal

212
 SSL Alert Protocol
 Specific alert
 fatal: unexpected message, bad record mac,
decompression failure, handshake failure,
illegal parameter
 warning: close notify, no certificate, bad
certificate, unsupported certificate,
certificate revoked, certificate expired,
certificate unknown
213
 SSL Handshake Protocol
 Allows server & client to:
 authenticate each other
 to negotiate encryption & MAC algorithms
 to negotiate cryptographic keys to be used

214
 SSL Handshake Protocol
 Comprises a series of messages in
phases
1. Establish Security Capabilities
2. Server Authentication and Key
Exchange
3. Client Authentication and Key
Exchange
4. Finish 215
IP SECuRITY

216
 IPSec
 General IP Security mechanisms
 Provides
 authentication
 confidentiality
 key management
 Applicable to use over LANs, across
public & private WANs, & for the
Internet 217
IPSec Uses

218
 Benefits of IPSec
 In a firewall/router provides strong
security to all traffic crossing the
perimeter
 In a firewall/router is resistant to
bypass

219
 Benefits of IPSec
 Can be transparent to end users
 Can provide security for individual
users
 Secures routing architecture

220
 IPSec Services
 Access control
 Connectionless integrity
 Data origin authentication
 Rejection of replayed packets
 Confidentiality (encryption)

221
IPSec Architecture

222
 Security Association
A one-way relationship between
sender & receiver that affords
security for traffic flow
 Defined by 3 parameters:
 Security Parameters Index (SPI)
 IP Destination Address
 Security Protocol Identifier, AH or ESP
223
 Security Association
 Has a number of other parameters
 seq no, AH & EH info, lifetime etc
 Have a database of Security
Associations

224
 Authentication Header (AH)
 Provides support for data integrity &
authentication of IP packets
 Parties must share a secret key

225
Authentication Header

226
 Encapsulating Security Payload
(ESP)
 Provides message content
confidentiality & limited traffic flow
confidentiality
 Can optionally provide the same
authentication services as AH

227
 Encapsulating Security Payload
(ESP)
 Ensure confidentiality, data origin
authentication, connectionless
integrity, and anti reply attack.

228
 Transport vs Tunnel Mode
 Transport mode is used to encrypt &
optionally authenticate IP data
 data protected but header left in clear
 can do traffic analysis but is efficient
 good for ESP host to host traffic

229
 Transport vs Tunnel Mode
 Tunnel mode encrypts entire IP
packet
 add new header for next hop
 good for VPNs, gateway to gateway security

230
 Key Management
 Handles key generation &
distribution
 Typically need 2 pairs of keys
 2 per direction for AH & ESP
 Manual key management
 sysadmin manually configures every system

231
 Key Management
 Automated key management
 automated system for on demand creation of
keys for SA’s in large systems
 has Oakley & ISAKMP elements

232
FIREwallS

233
 What is firewall?
 A firewall is a device (hardware,
software, both) that is designed to:
• Prevent unauthorized outside users from
accessing a network or workstations.
• Prevent inside users from transmitting sensitive
information or accessing unsecure resources

234
 What is firewall?
 All traffic from inside to outside and
vice versa must pass through the
firewall
 A single checking point that keeps
unauthorized traffic (i.e., worm) out
of the protected network

235
 What is Firewall?
 A firewall protects a local ntk from
outside global ntk
 Firewalls work by inspecting each inbound &
outbound packet & determining whether it
should be blocked or allowed to pass through.

236
 What is Firewall?
 Firewalls keep “bad things” out but can also
used to keep sensitive data in
 Properly implemented firewalls can
reduce or eliminate many ntks
threats.

237
 What is firewall?

Internet

238
 Firewall Limitations
 Cannot protect from attacks
bypassing it.
 Cannot protect against internal
threats
 Cannot protect against transfer of all
virus infected programs or files

239
 Firewall security policy
 A firewall security policy is a set of
rules that a firewall relies upon to
determine which traffic be allowed
to pass through a ntk boundary.

240
 Firewall security policy -
Example
 Examples of firewall security policy
rules are:
• Block all access from outside, allow all access to
the outside.
• Allow access from outside
• Only for certain activities
• Only for certain sub-networks, hosts,
application, users
241
 Types of firewall
 Packet Filter Gateways
 Stateful Inspection Firewalls
 Application Proxy Gateways
 Circuit-Level Gateways

242
 Packet Filters
 Is a type of firewall that regulates
networks boundary access by
• Examining the source and/or destination IP
address for each packet.
• Examining the types of transport protocol for
each packet (eg. HTTP, FTP, telnet etc)

243
 Packet Filters (Cont…)

 Packets that are not acceptable in

light of the firewall security policy
are discarded.
 Packet filtering gateways are the
simplest & often most effective type
of firewall
244
 Pros & Cons
 Proc
 Simple
 Fast
 Do not require special client computer
configuration
 Cons
 No application-specific protection
245
 Stateful Inspection Firewalls
 Unlike packet filtering gateway, a
stateful inspection firewall considers
the state of or context of the packets
that it evaluates
• It remember the network activities of host

246
 Stateful Inspection Firewalls
 The goal of this firewall is to identify
hosts that represent a threat by
accumulating evidence against
them.
• If the negative evidence against a host exceeds
a threshold established by the firewall’s
security policy, the host can be blocked
247
 Application Proxy Gateway
 Is a type of firewall that runs
pseudo-applications which mimic
the proper behavior of a real
applications
• These pseudo-applications examine the contents
of the packet traveling b/n application inside
the network boundary & application users
outside of the network boundary. 248
 Application Proxy Gateway

 The application proxy gateway can

filter out unacceptable protocol
commands or other malformed
commands while they are in transit
b/n application & a user
• Command filtering is bidirectional

249
 Circuit-Level Gateway
 Is a type of firewall that enables one
ntk to become a virtual extension of
another ntk.
 Incoming/out going packets are
examined to determine whether
they are being sent to/ received
from the tangent ntk
250
 Circuit-Level Gateway
• If so, packet are decrypted or encrypted as
necessary
• If not, packets are routed through normal
firewall
 Circuit-level gateways can be used
to implement virtual private network
(VPNs).
251
 Personal Firewalls
 In contrast to a firewall that is
implemented as a separate
hardware devices, a personal
firewall is a firewall that is
implemented as a software program.

252
 Personal Firewalls
 Personal firewalls are installed on a
computing & inspect inbound or
outbound ntk traffic to determine
whether it should be blocked or
allowed to pass through

253
 Personal Firewalls
 Personal firewall can be used to
protect home computers and other
personal computing devices from
outside attackers, virus, and other
types of malware.

254
MalICIouS SoFTwaRE
(MalwaRE)

255
 Malicious Software
 Malicious software is a software
written to intentionally cause
unanticipated or undesirable effect.
 Malicious software can do anything
that a normal program can do.

256
 Malicious Software
 Malicious software can change
 Data
 Other programs

257
 Forms of Malware
Virus
Time
Bomb Zombie

Trojan
Horse Rabbit
Malware

Trapdoor Worm

Script Logic
Attack Bomb
258
 Trapdoors
 A hidden computer flaw known to an
intruder, or a hidden computer
mechanism installed by intruder,
who can use the trapdoor to gain
access to a computer without being
blocked by security service or
mechanism.
259
 Trapdoors
Very hard to be blocked in O/S

260
 Logic Bomb
 One of oldest types of malicious
software
 Code embedded in legitimate
program

261
 Logic Bomb
 Activated when specified conditions
met
 eg presence/absence of some file
 particular date/time
 particular user
 When triggered typically damage
system
 modify/delete files/disks
262
 Time Bomb
 A type of logic bomb that activates
at a specified date/time.
 Launch distributed denial of service on
holydays.

263
 Trojan Horse
 A computer program that appears to
have a useful function, but also has a
hidden and malicious purpose that
evades security mechanism.
 Sometimes by exploiting the
legitimate authorizations of the user
who invokes the program.
264
 Trojan Horse
 When run performs some additional
tasks
 allows attacker to indirectly gain access they
do not have directly
 Often used to propagate a
virus/worm or install a backdoor
 Or simply to destroy data
265
 Zombie
 Malicious SW that enables a
computer to be controlled by a
remote master machine
 Then uses it to indirectly launch
attacks

266
 Zombie
 Often used to launch distributed
denial of service (DDoS) attacks
 Exploits known flaws in network
systems

267
 Viruses
 A hidden, self-replicating section of
computer software that propagates
by infecting another program or
computer memory.
 A transient virus:- is active only when its
host program is active.

268
 Viruses
 A resident virus:- establishes itself in the
computer’s memory & can remain active without
its host.

269
 Viruses Operations
 Virus phases:
 dormant – waiting on trigger event
 propagation – replicating to programs/disks
 triggering – by event to execute payload
 execution – of payload

270
 Worms
 A computer program that can run
independently, can propagate a
complete working version of itself
onto other hosts on a network.
 May consume computer resources
destructively.

271
 Worm Operations
 Worm phases like those of viruses:
 dormant
 propagation
• search for other systems to infect
• establish connection to target remote
system
• replicate self onto remote system
 triggering
 execution 272
 Rabbit
 A virus or worm that replicates
itself without limit to exhaust
system resources.

273
 Script attack
 Malicious code written in a
scripting language that is
downloaded when a user loads a
webpage.

274