Professional Documents
Culture Documents
Chapter 08
(version June 19, 2007)
01 Introduction
02 Physical Layer
03 Data Link Layer
04 MAC Sublayer
05 Network Layer
06 Transport Layer
07 Application Layer
08 Network Security
00 – 1 /
08 – 1 Network Security/Introduction
Cryptography
Passive Active
Intruder
intruder intruder
just can alter
listens messages
Encryption Decryption
Plaintext, P Plaintext, P
method, E method, D
Ciphertext, C = EK(P)
Encryption Decryption
key, K key, K
Cryptographic functions:
Digital Signatures
What we often really need is to authenticate a mes-
sage, and assure its integrity:
Bob
BB
2
KB (A, RA, t, P, KBB (A, t, P))
Public-Key Signatures
Transmission line
Alice's computer Bob's computer
m Hash
function,
H
Field
Meaning
Version Which version of X.509
Serial number This number plus the CA’s name uniquely identifies
the certificate
Signature algorithm The algorithm used to sign the certificate
Issuer X.500 name of the CA
Validity period The starting and ending times of the validity period
Subject name The entity whose key is being certified
Public key The subject’s public key and the ID of the algorithm
using it
Issuer ID An optional ID uniquely identifying the certificate’s
issuer
Subject ID An optional ID uniquely identifying the certificate’s
subject
Extensions Many extensions have been defined
Signature The certificate’s signature (signed by the CA s pri-
vate key)
Public-Key Infrastructures
Root RA 2 is approved.
RA 2 is approved.
Its public key is
47383AE349. . .
Its public key is
Root's signature
47383AE349. . .
Root's signature
RA 1 RA 2
CA 5 is approved.
Its public key is
CA 5 is approved.
6384AF863B. . .
RA 2's signature Its public key is
6384AF863B. . .
RA 2's signature
CA 1 CA 2 CA 3 CA 4 CA 5
(a) (b)
Authenticated
IP ESP TCP
(a) Payload + padding Authentication (HMAC)
header header header
Encrypted
Authenticated
New IP ESP Old IP TCP
(b) Payload + padding Authentication (HMAC)
header header header header
Encrypted
IPSec Header
Authenticated
32 Bits
Next header Payload len (Reserved)
Security parameters index
Sequence number
Packet Packet
filtering Application filtering
router gateway router
Backbone
Connections
to outside
networks
Tunnel
Office 3 Office 3
(a) (b)
Authentication
Authentication Protocols
Secret Keys
1
A
2
RB
3
Alice
Bob
KAB (RB)
4
RA
5
KAB (RA)
Bob
A, RB
4 Second session
RB2, KAB (RB)
5
KAB (RB) First session
Authentication Protocols
Reflection Attack (2/2)
1
A First session
2
B
3 RA Second session
4
RA
5 First session
KAB (RA)
Trudy
Alice
6
KAB (RA) Second session
8
RA2
9 Second session
KAB (RA2)
10 First session
KAB (RA2)
Bob
RB, HMAC(RA , RB , A, B, KAB)
3
HMAC(RA , RB , KAB)
1
n, g, gx mod n
Alice
2
Bob
gy mod n
2
n, g, gz mod n
Trudy
Alice
Bob
3
gz mod n
4
gy mod n
Needham-Schroeder (simplified)
1
RA, A, B
KDC
2
KA (RA, B, KS, KB(A, KS))
Alice
Bob
3
KB(A, KS), KS (RA2)
4
KS (RA2 –1), RB
5
KS (RB –1)
1
RA, A, B
KDC
2
KA (RA, B, KS, KB(A, KS))
Alice
Bob
3
KB(A, KS), KS (RA2)
4
KS (RA2 –1), RB
5
KS (RB –1)
Needham-Schroeder (cont’d)
Q1: Why does the KDC put Bob into its reply mes-
sage, and Alice into the ticket?
Directory 4. G
EB iv
me EB 5. H e me
G ive e is ere E
1. r is E A
. He A
2
3
EB (A, RA)
6
Alice
Bob
EA (RA, RB, KS)
7
KS (RB)
P1 compressed
Some observations:
Web Security
• Secure naming
• Secure sockets
Cracked
DNS
DNS
server
server
Bob's Trudy's
Web Web
1 server 1 server
2 2
Alice (36.1.2.3) Alice (42.9.9.9)
3 3
4 4
DNS
server
for com
1. Look up foobar.trudy-the-intruder.com
Alice's (to force it into the ISP's cache)
7 ISP's 2. Look up www.trudy-the-intruder.com
Trudy 5 cache (to get the ISP's next sequence number)
3. Request for www.trudy-the-intruder.com
1 (Carrying the ISP's next sequence number, n)
2 4. Quick like a bunny, look up bob.com
3 (to force the ISP to query the com server in step 5)
4 5. Legitimate query for bob.com with seq = n+1
6. Trudy's forged answer: Bob is 42.9.9.9, seq = n+1
6
7. Real answer (rejected, too late)
1
Possibilities
2
Choices
Server
Client
3
[ K+S ] CA
4
[ K+C ] CA
5
K +S ([ R ] C)