SECURITY MANAGEMENT

Basic terminology
Plaintext: original message to be

encrypted

Ciphertext: the encrypted message Enciphering or encryption: the process of

converting plaintext into ciphertext

Encryption algorithm: performs encryption

Two inputs: a plaintext and a secret key

 Deciphering or decryption: recovering

plaintext from ciphertext

Decryption algorithm: performs decryption

Two inputs: ciphertext and secret key

Secret key: same key used for encryption and

decryption

Also referred to as a symmetric key

 Cipher or cryptographic system : a scheme for

encryption and decryption

Cryptography: science of studying ciphers Cryptanalysis: science of studying attacks

against cryptographic systems

Cryptology: cryptography + cryptanalysis

Cryptography issues
Confidentiality: only sender, intended receiver should understand message contents sender encrypts message receiver decrypts message End-Point Authentication: sender, receiver want to confirm identity of each other Message Integrity: sender, receiver want to ensure message not altered (in transit, or afterwards) without detection
5

Ciphers
Symmetric cipher: same key used for

encryption and decryption

Block

cipher: encrypts a block of plaintext at a cipher: encrypts data one bit or one

time (typically 64 or 128 bits)

Stream

byte at a time
Asymmetric cipher: different keys used

for encryption and decryption

Classical Ciphers
Plaintext is viewed as a sequence of

elements (e.g., bits or characters) Substitution cipher: replacing each element of the plaintext with another element. Transposition (or permutation) cipher: rearranging the order of the elements of the plaintext.
7

Substitution ciphers A substitution cipher replaces one symbol with another. If the symbols in the plaintext are alphabetic characters, we replace one character with another.
i

A substitution cipher replaces one symbol with another. The simplest substitution cipher is a shift cipher (additive cipher).
16. 8

Example 16.1

Use the additive cipher with key = 15 to encrypt the message hello.
Solution We apply the encryption algorithm to the plaintext, character by character:

The ciphertext is therefore wtaad.

16. 9

Caesar Cipher
Earliest known substitution cipher

Invented by Julius Caesar

Each letter is replaced by the letter three

positions further down the alphabet.

Plain: a b c d e f g h i j k l m n o p q r s t u v w x y z Cipher: D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

Example: ohio state RKLR VWDWH

10

Caesar Cipher
Mathematically, map letters to numbers:

a, b, c, ..., x, y, z 0, 1, 2, ..., 23, 24, 25

Then the general Caesar cipher is:

c = EK(p) = (p + k) mod 26

Can be generalized with any alphabet.

p = DK(c) = (c k) mod 26

11

Transposition ciphers A transposition cipher does not substitute one symbol for another, instead it changes the location of the symbols. A symbol in the first position of the plaintext may appear in the tenth position of the ciphertext, while a symbol in the eighth position in the plaintext may appear in the first position of the ciphertext. In other words, a transposition cipher reorders (transposes) the symbols.
i

A transposition cipher reorders symbols.

16. 12

Double Transposition
Plaintext: attackxatxdawn
Permute rows and columns

Ciphertext:

xtawxnattxadakc Key: matrix size and permutations (3,5,1,4,2) and (1,3,2)

Modern symmetric-key ciphers

Since traditional ciphers are no longer secure, modern symmetric-key ciphers have been developed during the last few decades. Modern ciphers normally use a combination of substitution, transposition and some other complex transformations to create a ciphertext from a plaintext. Modern ciphers are bit-oriented (instead of character-oriented). The plaintext, ciphertext and the key are strings of bits. In this section we briefly discuss two examples of modern symmetric-key ciphers: DES and AES.

16. 14

Symmetric Encryption
Mathematically: Y = EK(X) or Y = E(K, X) X = DK(Y) or X = D(K, Y) X = plaintext Y = ciphertext K = secret key E = encryption algorithm D = decryption algorithm Both E and D are known to public

15

Figure 16.4 The general idea of symmetric-key cryptography

16. 16

Symmetric Encryption
Same key used at sender and receiver

Encryption process consists of algorithm

and a secret key which is independent of information Encryption algorithm must be such that the encrypted information is impractical to decrypt without knowing key Key used for encryption and decryption must be secret but the encryption and decryption algorithm need not be confidential

17

 This can be

DES - Swapping of Left and Right Halves

described functionally as
L(i) = R(i-1) R(i) = L(i-1) P(S( E(R(i-1)) K(i) ))

This forms one round

in an S-P network

Symmetric key crypto: DES

DES: Data Encryption Standard
US encryption standard [NIST 1993] 56-bit symmetric key, 64-bit plaintext input Block cipher with cipher block chaining

How secure is DES?

DES Challenge: 56-bit-key-encrypted phrase decrypted (brute force) in less than a day No known good analytic attack making DES more secure: 3DES: encrypt 3 times with 3 different keys (actually encrypt, decrypt, encrypt)

19

Symmetric key crypto: DES

DES operation initial permutation 16 identical rounds of function application, each using different 48 bits of key final permutation

20

 This can be

DES - Swapping of Left and Right Halves

described functionally as
L(i) = R(i-1) R(i) = L(i-1) P(S( E(R(i-1)) K(i) ))

This forms one round

in an S-P network

key

32
expand 32 48 48

28 shift

28 shift 28 28

Ki
48 28

compress 28

S-boxes

32 32
P box

One Round of DES

32 32 key

Advanced Encryption Standard

Replacement for DES AES competition (late 90s)
NSA

openly involved Transparent process Many strong algorithms proposed Rijndael Algorithm ultimately selected
Pronounced like Rain Doll or Rhine Doll

Developed by Joan Daemen & Vincent Rijmen

Iterated block cipher (like DES) Not a Feistel cipher (unlike DES)

AES Overview
Block size: 128, 192 or 256 bits

Key length: 128, 192 or 256 bits

(independent of block size) 10 to 14 rounds (depends on key length) Each round uses 4 functions (in 3 layers)

ByteSub (nonlinear layer) ShiftRow (linear mixing layer) MixColumn (nonlinear layer) AddRoundKey (key addition layer)

16-3 ASYMMETRIC-KEY CRYPTOGRAPHY

Figure 16.7 shows the general idea of asymmetric-key cryptography as used for confidentiality. The figure shows that, unlike symmetric-key cryptography, there are distinctive keys in asymmetric-key cryptography: a private key and a public key. If encryption and decryption are thought of as locking and unlocking padlocks with keys, then the padlock that is locked with a public key can be unlocked only with the corresponding private key. Eve should not be able to advertise her public key to the community pretending that it is Bobs public key.
16. 25

Uses for Public Key Crypto

Confidentiality Transmitting data over insecure channel Secure storage on insecure media Authentication
Digital signature provides integrity and

non-repudiation

No non-repudiation with symmetric keys

Figure 16.7 The general idea behind asymmetric-key cryptography

16. 27

Confidentiality using Public Key Encryption

This is the straightforward use of public key

encryption. Source A uses the public key KUb of the destination to encrypt M This scheme does not provide any authentication because any opponent could also use Bs public key to encrypt a message claiming to be A B can decrypt at the destination because he is the only one who has the private key KRb

Authentication using Public Key Encryption

To provide the authentication part A uses its private key to encrypt the

message, and B uses As public key to decrypt to authenticate. The principle here is similar to the digital signature principle. The reasoning is that A should be the only one who as As private key to generate that ciphered text. However this does not provide confidentiality since anyone with As public key can decrypt and see the message.

Authentication and Confidentiality using Public Key Encryption

To provide both confidentiality and authentication, A

can encrypt M first using its private key (the digital signature), then use Bs public key which will provide confidentiality. The only disadvantage is that the public key algorithm, which is complex must be exercised four times rather than two in each communication.

Message Integrity
Allows communicating parties to verify

that received messages are authentic.

Content of message has not been altered Source of message is who/what you think it is Message has not been artificially delayed (playback attack) Sequence of messages is maintained

31

Authentication and Integrity Using Public-Key Encryption

This will provide a digital signature as well as

message authentication. Advantage is that it does not require the distribution of keys to communicating parties. The entire message is not encrypted.

RSA
Invented by Cocks (GCHQ), independently,

by Rivest, Shamir and Adleman Let p and q be two large prime numbers Let N = pq be the modulus Choose e relatively prime to (p1)(q1) Find d s.t. ed = 1 mod (p1)(q1) Public key is (N,e) Private key is (N,d)

RSA
To encrypt message M compute

C = Me mod N M = Cd mod N

To decrypt C compute

Recall that e and N are public If attacker can factor N, he can use e to

easily find d since ed = 1 mod (p1)(q1) Factoring the modulus breaks RSA It is not known whether factoring is the only way to break RSA

Simple RSA Example

Example of RSA

Select large primes p = 11, q = 3 Then N = pq = 33 and (p1)(q1) = 20 Choose e = 3 (relatively prime to 20) Find d such that ed = 1 mod 20, we find that d = 7 works

Public key: (N, e) = (33, 3) Private key: d = 7

Simple RSA Example

Public key: (N, e) = (33, 3)

Private key: d = 7
Suppose message M = 8 Ciphertext C is computed as C = Me mod N = 83 = 512 = 17 mod 33 Decrypt C to recover the message M by

M = Cd mod N = 177 = 410,338,673 = 12,434,505 33 + 8 = 8 mod 33

RSA example:
Bob chooses p=5, q=7. Then n=35, z=24. e=5 (so e, z relatively prime). d=29 (so ed-1 exactly divisible by z). Encrypting 8-bit messages. me 24832 c = me mod n

encrypt:

bit pattern 0000l000

m 12 d c

17 m = cd mod n 12

decrypt:

c 17

481968572106750915091411825223071697

37

Why is RSA Secure?

Suppose you know Bobs public key (n,e).

How hard is it to determine d? Essentially need to find factors of n without knowing the two factors p and q. Fact: factoring a big number is hard.

Generating RSA keys

Have to find big primes p and q
Approach: make good guess then apply

testing rules

38

16-6 KEY MANAGEMENT

To use symmetric-key cryptography, a shared secret key needs to be established between the two parties. To use asymmetric-key cryptography, each entity needs to create a pair of keys and distribute the public key securely to the community. Key management defines some procedures to create and distribute keys securely.

16. 39

Symmetric-key distribution
In a community with n entities, n (n 1)/2 keys are needed for symmetric-key communication. The number of keys is not the only problem: the distribution of keys is another. If Alice and Bob want to communicate, they need a way to exchange a secret key. If Alice wants to communicate with a million people, how can she exchange a million keys with them? Using the Internet is definitely not a secure method. It is obvious that we need an efficient way to maintain and distribute secret keys.

16. 40

 Physical Delivery of Key

One of the communication party chooses key Physically delivers to other party Third party can generate and deliver physically to both the party Implementation in large network is infeasible Good for link level encryption or between pair of adjacent nodes but not for end to end encryption

Remote Delivery of Keys via Secure

Channel

Keys are different for different session Key for first session is delivered physically Key for next session is encrypted using previous session key and sent
41

Key distribution center: KDC

A practical solution is the use of a trusted third party, referred to as a key-distribution center (KDC). Each person establishes a shared secret key with the KDC. A secret key is established between the KDC and each member. The process is as follows:
1. Alice sends a request to the KDC stating that she needs a session (temporary) secret key between herself and Bob. 2. The KDC informs Bob about Alices request. 3. If Bob agrees, a session key is created between the two.
i

A session symmetric key between two parties is used only once.

16. 42

Diffie-Hellman
Invented by Williamson (GCHQ) and, A key exchange algorithm

independently, by D and H (Stanford)

Used to establish a shared symmetric key

Not for encrypting or signing Security rests on difficulty of discrete log

problem: given g, p, and gk mod p find k

Diffie-Hellman
Let p be prime, let g be a generator which is

primitive root of p

Set(n mod p,n2modp,np-1modp)=set(1,2.p-1)

Alice selects secret value a Bob selects secret value b Alice sends ga mod p to Bob Bob sends gb mod p to Alice Both compute shared secret gab mod p Shared secret can be used as symmetric key

Diffie-Hellman
Suppose that Bob and Alice use gab mod p

as a symmetric key Trudy can see ga mod p and gb mod p Note ga gb mod p = ga+b mod p gab mod p If Trudy can find a or b, system is broken If Trudy can solve discrete log problem, then she can find a or b

Diffie-Hellman
Public: g and p

Secret: Alices exponent a, Bobs exponent b

ga mod p

gb mod p
Alice, a Bob, b

Alice computes (gb)a = gba = gab mod p Bob computes (ga)b = gab mod p Could use K = gab mod p as symmetric key

Diffie-Hellman
Subject to man-in-the-middle (MiM) attack
ga mod p gt mod p Alice, a Trudy, t gt mod p gb mod p Bob, b

Trudy shares secret gat mod p with Alice Trudy shares secret gbt mod p with Bob Alice and Bob dont know Trudy exists!

Diffie-Hellman: Toy Example

p = 11 and g = 5

Private keys: SA = 3 and SB = 4

Public keys: TA = gSA mod p = 53 mod 11 = 125 mod 11 = 4 TB = gSB mod p = 54 mod 11 = 625 mod 11 = 9 Exchange public keys & compute shared secret: (TB)SA mod p = 93 mod 11 = 729 mod 11 = 3 (TA)SB mod p = 44 mod 11 = 256 mod 11 = 3 Shared secret: 3 = symmetric key
48

HASH FUNCTIONS

49

Message Digests
Function H( ) that takes as

input an arbitrary length message and outputs a fixed-length string: message signature Note that H( ) is a manyto-1 function H( ) is often called a hash function

large message m

H: Hash Function

H(m)
Desirable properties:

Easy to calculate Irreversibility: Cant determine m from H(m) Collision resistance: Computationally difficult to produce m and m such that H(m) = H(m) Seemingly random output
50

Hash Function Algorithms

MD5 hash function widely used (RFC 1321)

computes 128-bit message digest in 4-step process. SHA-1 is also used. US standard [NIST, FIPS PUB 180-1] 160-bit message digest

51

MD5
designed by Ronald Rivest (the R in RSA) latest in a series of MD2, MD4 produces a 128-bit hash value until recently was the most widely used hash

algorithm

in recent times have both brute-force & cryptanalytic concerns

specified as Internet standard RFC1321

MD5 Overview

MD5 Overview
1. 2. 3. 4. 5. 6.

pad message so its length is 448 mod 512 append a 64-bit length value to message initialise 4-word (128-bit) MD buffer (A,B,C,D) process message in 16-word (512-bit) blocks Divide 512 bit block into 16 sub blocks(32 bits) Each block is processed in 4 rounds

7. output hash value is the final buffer value

Input to each round are 16 sub blocks buffer values and some constants t[k] where k= 1,2 ...64 There are 16 iterations in each round Output of intermediate and final iteration is copied to buffer

MD5 Compression Function

MD5 Compression Function

each round has 16 steps of the form:

a = b+((a+g(b,c,d)+X[k]+T[i])<<<s)
a,b,c,d refer to the 4 words of the buffer,

but used in varying permutations note this updates 1 word only of the buffer where g(b,c,d) is a different nonlinear function in each round T[i] is a constant value derived from sin

Secure Hash Algorithm (SHA-1)

SHA was designed by NIST & NSA in 1993,

revised 1995 as SHA-1 US standard for use with DSA signature scheme

produces 160-bit hash values

standard is FIPS 180-1 1995, also Internet RFC3174 nb. the algorithm is SHA, the standard is SHS

now the generally preferred hash algorithm based on design of MD4 with key

differences

SHA Overview
1. 2. 3.

4.

5.

pad message so its length is 448 mod 512 append a 64-bit length value to message initialise 5-word (160-bit) buffer (A,B,C,D,E) to (67452301,efcdab89,98badcfe,10325476,c3d2e 1f0) process message in 16-word (512-bit) chunks: expand 16 words into 80 words by mixing & shifting use 4 rounds of 20 bit operations on message block & buffer add output to input to form new buffer value output hash value is the final buffer value

SHA-1 Compression Function

each round has 20 steps which replaces the

5 buffer words thus:

(A,B,C,D,E) <(E+f(t,B,C,D)+(A<<5)+Wt+Kt),A,(B<<30),C,D)

a,b,c,d refer to the 4 words of the buffer t is the step number

f(t,B,C,D)

is nonlinear function for round Wt is derived from the message block Kt is a constant value derived from sin

SHA-1 Compression Function

Cryptography and Network Security

SHA-1 verses MD5

brute force attack is harder (160 vs 128

bits for MD5) not vulnerable to any known attacks (compared to MD4/5) a little slower than MD5 (80 vs 64 steps) both designed as simple and compact optimised for big endian CPU's (vs MD5 which is optimised for little endian CPUs)

Message Authentication Code (MAC)

s message s = shared secret s message message H( ) compare

H( )

Authenticates sender Verifies message integrity

No encryption ! Also called keyed hash Notation: MDm = H(s||m) ; send m||MDm

Digital Signatures
Cryptographic technique analogous to handwritten signatures.
sender (Bob) digitally signs document,

establishing he is document owner/creator. Goal is similar to that of a MAC, except now use public-key cryptography verifiable, nonforgeable: recipient (Alice) can prove to someone that Bob, and no one else (including Alice), must have signed document

Digital signature = signed message digest

Bob sends digitally signed message: large message m
H: Hash function

Alice verifies signature and integrity of digitally signed message:

H(m)
digital signature (encrypt) encrypted msg digest

encrypted msg digest

Bobs private key

KB

large message m
H: Hash function

KB(H(m))

Bobs public key

KB

digital signature (decrypt)

KB(H(m))

H(m)

H(m)

equal ?

Digital Signatures (more)

Suppose Alice receives msg m, digital signature KB(m)
-

Alice verifies m signed by Bob by applying Bobs

+ + +

public key KB to KB(m) then checks KB(KB(m) ) = m.

-

If KB(KB(m) ) = m, whoever signed m must have used

Bobs private key.

Alice thus verifies that: Bob signed m. No one else signed m. Bob signed m and not m. Non-repudiation: Alice can take m, and signature KB(m) to court and prove that Bob signed m.

Public-key certification
Motivation: Trudy plays pizza prank on Bob
Trudy

Dear Pizza Store, Please deliver to me four pepperoni pizzas. Thank you, Bob

creates e-mail order:

Trudy signs order with her private key Trudy sends order to Pizza Store Trudy sends to Pizza Store her public key, but says its Bobs public key. Pizza Store verifies signature; then delivers four pizzas to Bob. Bob doesnt even like Pepperoni

Certification Authorities
Certification authority (CA): binds public key to

particular entity, E. E (person, router) registers its public key with CA.

E provides proof of identity to CA. CA creates certificate binding E to its public key. certificate containing Es public key digitally signed by CA CA says this is Es public key
Bobs public key

KB

digital signature (encrypt)

CA private key

KB certificate for Bobs public key, signed by CA

Bobs identifying information

K-

CA

Certification Authorities
When Alice wants Bobs public key:

gets Bobs certificate (Bob or elsewhere). apply CAs public key to Bobs certificate, get Bobs public key

+ KB

digital signature (decrypt)

CA public key

Bobs public + key KB

+ K CA

Certificates: summary
Primary standard X.509 (RFC 2459)

Certificate contains: Issuer name Entity name, address, domain name, etc. Entitys public key Digital signature (signed with issuers private key)
Public-Key Infrastructure (PKI) Certificates and certification authorities Often considered heavy

KERBEROS

Kerberos

Part of project Athena (MIT). Trusted 3rd party authentication scheme. Assumes that hosts are not trustworthy. Requires that each client (each request for service) prove its identity. Does not require user to enter password every time a service is requested!

Kerberos Design

User must identify itself once at the beginning of a workstation session (login session).

Passwords are never sent across the network in cleartext (or stored in memory)

Kerberos Design (cont.)

Every user has a password. Every service has a password. The only entity that knows all the passwords is the Authentication Server.

Ticket Granting Server

Server Server Server Server

Kerberos Database

Workstation

Authentication Server
Kerberos Key Distribution Service
74

Secret Key Cryptography

The encryption used by current Kerberos implementations is DES, although Kerberos V5 has hooks so that other algorithms can be used.
encryption key decryption ciphertext plaintext

plaintext ciphertext

Tickets

Each request for a service requires a ticket. A ticket provides a single client with access to a single server.

Tickets (cont.)

Tickets are dispensed by the Ticket Granting Server (TGS), which has knowledge of all the encryption keys.

Tickets are meaningless to clients, they simply use them to gain access to servers.

Tickets (cont.)

The TGS seals (encrypts) each ticket with the secret encryption key of the server. Sealed tickets can be sent safely over a network - only the server can make sense out of it. Each ticket has a limited lifetime (a few hours).

Ticket Contents

Client name (user login name) Server name Client Host network address Session Key for Client/Server Ticket lifetime Creation timestamp

Session Key

Random number that is specific to a session. Session Key is used to seal client requests to server. Session Key can be used to seal responses (application specific usage).

Authenticators

Authenticators prove a clients identity. Includes:
Client user name. Client network address. Timestamp.

Authenticators are sealed with a session key.

Bootstrap

Each time a client wants to contact a server, it must first ask the 3rd party (TGS) for a ticket and session key. In order to request a ticket from the TGS, the client must already have a TG ticket and a session key for communicating with the TGS!

Authentication Server

The client sends a plaintext request to the AS asking for a ticket it can use to talk to the TGS. REQUEST:

Since this request contains only well-known names, it does not need to be sealed.

TGS name

login name

Authentication Server

The AS finds the keys corresponding to the login name and the TGS name. The AS creates a ticket:

TGS name client network address

login name

The AS seals the ticket with the TGS secret key.

TGS session key

Authentication Server Response

The AS also creates a random session key for the client and the TGS to use. The session key and the sealed ticket are sealed with the user (login name) secret key. Sealed with TGS key
Ticket:

TGS session key

login name TGS name net address TGS session key

Sealed with user key

Accessing the TGS

The client decrypts the message using the users password as the secret key. The client now has a session key and ticket that can be used to contact the TGS. The client cannot see inside the ticket, since the client does not know the TGS secret key.

When a client wants to start using a server (service), the client must first obtain a ticket. The client composes a request to send to the TGS: TGS Ticket

sealed with TGS key sealed with session key

Authenticator
Server Name

TGS response

The TGS decrypts the ticket using its secret key. Inside is the TGS session key. The TGS decrypts the Authenticator using the session key. The TGS check to make sure login names, client addresses and TGS server name are all OK. TGS makes sure the Authenticator is recent.

TGS Response
Once everything checks out - the TGS: builds a ticket for the client and requested server. The ticket is sealed with the server key. creates a session key seals the entire message with the TGS session key and sends it to the client.

Client accesses Server

The client now decrypts the TGS response using the TGS session key. The client now has a session key for use with the new server, and a ticket to use with that server. The client can contact the new server using the same format used to access the TGS.

Kerberos Summary

Every service request needs a ticket. Tickets come from the TGS (except the ticket for the TGS!). Workstations cannot understand tickets, they are encrypted using the server key. Every ticket has an associated session key. Tickets are reusable.

Kerberos Summary (cont.)

Tickets have a finite lifetime. Authenticators are only used once (new connection to a server). Authenticators expire fast ! Server maintains list of authenticators (prevent stolen authenticators). There is a lot more to Kerberos!!!

92

Elliptic Curve Cryptography

93

Elliptic curves in Cryptography

Elliptic Curve (EC) systems as applied to

cryptography were first proposed in 1985 independently by Neal Koblitz and Victor Miller.
curve groups is believed to be more difficult than the corresponding problem in Diffie-Helman Key Exchange.

The discrete logarithm problem on elliptic

Using Elliptic Curves In Cryptography

The central part of any cryptosystem

involving elliptic curves is the elliptic group. All public-key cryptosystems have some underlying mathematical operation.
RSA has exponentiation (raising the message or ciphertext to the public or private values) ECC has point multiplication (repeated addition of two points).

Elliptic Curve Cryptography

Example
y2+xy=x3+ax2+b

where x&y are variables and a & b are constants

96

Elliptic Curve Picture

y

Consider elliptic curve E: y2 = x3 - x + 1

P2 x P3

P1

If P1 and P2 are on E, we

can define P3 = P1 + P2 as shown in picture Addition is all we need

ECC
Choose an elliptic curve, make it public Choose a point F on the curve and make it public Check if the selected curve satisfies addition rule

Each party (A&B) chooses secret values (Pvt(A) &

Pvt(B)) on the elliptic curve as private key Each party computes public key

Pub(A)= Pvt(A)*F Pub(B)= Pvt(B)*F

Public keys are exchanged between parties Both party calculates session key Session key= Pvt(A)*Pub(B) at user A Session key= Pvt(B)*Pub(A) at user B Pvt(A)*Pub(B)= Pvt(B)*Pub(A) =Pvt(A)* Pvt(B)* F
98

Firewalls

Firewalls

Internet

Firewall

Internal network

Firewall must determine what to let in to

internal network and/or what to let out Access control for the network

Firewall Terminology
Types of firewalls

Packet filter works at network layer Stateful packet filter transport layer Application proxy application layer Personal firewall for single user, home network, etc.

Packet Filter
Operates at network layer
Can filters based on Source IP address Destination IP address Source Port Destination Port Flag bits (SYN, ACK, etc.) Egress or ingress
application transport network link physical

Packet Filter
Advantage Speed
Disadvantages No state Cannot see TCP connections Blind to application data
application transport network link

physical

Stateful Packet Filter

Adds state to packet filter
Operates at transport layer Remembers TCP connections and
application transport network link

flag bits Can even remember UDP packets (e.g., DNS requests)

physical

Stateful Packet Filter

Advantages Can do everything a packet filter can do plus... Keep track of ongoing connections Disadvantages Cannot see application data Slower than packet filtering
application transport network link

physical

Application Proxy
A proxy is something that acts

on your behalf Application proxy looks at incoming application data Verifies that data is safe before letting it in

application transport network link

physical

Application Proxy
Advantages

Complete view of connections and applications data Filter bad data at application layer (viruses, Word macros)

application transport network link

Disadvantage Speed

physical

Application Proxy
Creates a new packet before sending it

thru to internal network Attacker must talk to proxy and convince it to forward message Proxy has complete view of connection Prevents some attacks stateful packet filter cannot

Key Management in Asymmetric Encryption

Announcement of Public keys Email, distribute in multicast group, face book!! Possible for attacker to impersonate as another Directory of Public Keys Like telephone directory

Exchange of Public keys before Communication Possible for attacker to impersonate as another
Use of Public key Certificates Digital certificate A Hybrid Approach Diffie-Hellman,ECC
109