Download Network Security: Message Integrity and Digital Signatures and more Slides Computer Networks in PDF only on Docsity! Lecture 22 Network Security (cont) slides are modified from Dave Hollinger Docsity.com Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity 8.4 Securing e-mail 8.5 Securing TCP connections: SSL 8.6 Network layer security: IPsec 8.7 Securing wireless LANs 8.8 Operational security: firewalls and IDS Docsity.com Internet checksum: poor message digest Internet checksum has some properties of hash function: produces fixed length digest (16-bit sum) of input is many-to-one 5 But given message with given hash value, it is easy to find another message with same hash value. Example: Simplified checksum: add 4-byte chunks at a time: I O U 1 0 0 . 9 9 B O B 49 4F 55 31 30 30 2E 39 39 42 D2 42 message ASCII format B2 C1 D2 AC I O U 9 0 0 . 1 9 B O B 49 4F 55 39 30 30 2E 31 39 42 D2 42 message ASCII format B2 C1 D2 AC different messages but identical checksums! Docsity.com Hash Function Algorithms • MD5 hash function widely used (RFC 1321) – computes 128-bit message digest in 4-step process. • SHA-1 is also used. – US standard [NIST, FIPS PUB 180-1] – 160-bit message digest 6 Docsity.com Message Authentication Code (MAC) • Authenticates sender • Verifies message integrity • No encryption ! • Also called “keyed hash” • Notation: MDm = H(s||m) ; send m||MDm 7 m es sa ge H( ) s m es sa ge m es sa ge s H( ) compare s = shared secret Docsity.com OSPF Authentication • Within an Autonomous System, routers send OSPF messages to each other. • OSPF provides authentication choices – No authentication – Shared password: inserted in clear in 64-bit authentication field in OSPF packet – Cryptographic hash • Cryptographic hash with MD5 – 64-bit authentication field includes 32-bit sequence number – MD5 is run over a concatenation of the OSPF packet and shared secret key – MD5 hash then appended to OSPF packet; encapsulated in IP datagram 10 Docsity.com End-point authentication • Want to be sure of the originator of the message – end-point authentication • Assuming Alice and Bob have a shared secret, will MAC provide end-point authentication. – We do know that Alice created the message. – But did she send it? 11 Docsity.com MAC Transfer $1M from Bill to Trudy MAC Transfer $1M from Bill to Trudy Playback attack MAC = f(msg,s) Docsity.com Digital Signatures Simple digital signature for message m: • Bob signs m by encrypting with his private key KB, creating “signed” message, KB(m) 15 - - Dear Alice Oh, how I have missed you. I think of you all the time! …(blah blah blah) Bob Bob’s message, m Public key encryption algorithm Bob’s private key K B - Bob’s message, m, signed (encrypted) with his private key K B - (m) Docsity.com Alice verifies signature and integrity of digitally signed message: 16 large message m H: Hash function H(m) digital signature (encrypt) Bob’s private key K B - + Bob sends digitally signed message: KB(H(m)) - encrypted msg digest KB(H(m)) - encrypted msg digest large message m H: Hash function H(m) digital signature (decrypt) H(m) Bob’s public key K B + equal ? Digital signature = signed message digest Docsity.com Digital Signatures (more) • Suppose Alice receives msg m, digital signature KB(m) • Alice verifies m signed by Bob by applying Bob’s public key KB to KB(m) then checks KB(KB(m) ) = m. • If KB(KB(m) ) = m, whoever signed m must have used Bob’s private key. Alice thus verifies that: Bob signed m. No one else signed m. Bob signed m and not m’. Non-repudiation: Alice can take m, and signature KB(m) to court and prove that Bob signed m. 17 + + - - - - + - Docsity.com Certification Authorities • When Alice wants Bob’s public key: – gets Bob’s certificate (from Bob or elsewhere). – apply CA’s public key to Bob’s certificate, get Bob’s public key 20 Bob’s public key K B + digital signature (decrypt) CA public key K CA + K B + Docsity.com Certificates: summary • Primary standard X.509 (RFC 2459) • Certificate contains: – Issuer name – Entity name, address, domain name, etc. – Entity’s public key – Digital signature • signed with issuer’s private key • Public-Key Infrastructure (PKI) – Certificates and certification authorities – Often considered “heavy” 21 Docsity.com Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity 8.4 Securing e-mail 8.5 Securing TCP connections: SSL 8.6 Network layer security: IPsec 8.7 Securing wireless LANs 8.8 Operational security: firewalls and IDS Docsity.com Secure e-mail (continued) • Alice wants to provide sender authentication message integrity. • Alice digitally signs message. • sends both message (in the clear) and digital signature. H( ) . KA( ) . - + - H(m ) KA(H(m)) - m KA - Internet m KA( ) . + KA + KA(H(m)) - m H( ) . H(m ) compare Docsity.com Secure e-mail (continued) • Alice wants to provide secrecy, sender authentication, message integrity. Alice uses three keys: her private key, Bob’s public key, newly created symmetric key H( ) . KA( ) . - + KA(H(m)) - m KA - m KS( ) . KB( ) . + + KB(KS ) + KS KB + Internet KS Docsity.com Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity 8.4 Securing e-mail 8.5 Securing TCP connections: SSL 8.6 Network layer security: IPsec 8.7 Securing wireless LANs 8.8 Operational security: firewalls and IDS Docsity.com