計(jì)算機(jī)網(wǎng)絡(luò)自頂向下方法(第4版)英文原版課件

1、8: Network Security8-1Chapter 8Network SecurityComputer Networking: A Top Down Approach ,4th edition. Jim Kurose, Keith RossAddison-Wesley, July 2007. 8: Network Security8-2Chapter 8: Network SecurityChapter goals: understand principles of network security: cryptography and its many uses beyond “con

2、fidentialityauthenticationmessage integritysecurity in practice:firewalls and intrusion detection systemssecurity in application, transport, network, link layers8: Network Security8-3Chapter 8 8.1 What is network security?8.2 Principles of cryptography8.3 Message integrity8.4 End point authenticatio

3、n8.5 Securing e-mail8.6 Securing TCP connections: SSL8.7 Network layer security: IPsec8.8 Securing wireless LANs8.9 Operational security: firewalls and IDS8: Network Security8-4What is network security?Confidentiality: only sender, intended receiver should “understand message contentssender encrypts

4、 messagereceiver decrypts messageAuthentication: sender, receiver want to confirm identity of each other Message integrity: sender, receiver want to ensure message not altered (in transit, or afterwards) without detectionAccess and availability: services must be accessible and available to users8: N

5、etwork Security8-5Friends and enemies:well-known in network security worldBob, Alice (lovers!) want to communicate “securelyTrudy (intruder) may intercept, delete, add messagessecuresendersecurereceiverchanneldata, control messagesdatadataAliceBobTrudy8: Network Security8-6Who might Bob, Alice be? w

6、ell, real-life Bobs and Alices!Web browser/server for electronic transactions (e.g., on-line purchases)on-line banking client/serverDNS serversrouters exchanging routing table updatesother examples?8: Network Security8-7There are bad guys (and girls) out there!Q: What can a “bad guy do?A: a lot!eave

7、sdrop: intercept messagesactively insert messages into connectionimpersonation: can fake (spoof) source address in packet (or any field in packet)hijacking: “take over ongoing connection by removing sender or receiver, inserting himself in placedenial of service: prevent service from being used by o

8、thers (e.g., by overloading resources)more on this later 8: Network Security8-8Chapter 8 roadmap8.1 What is network security?8.2 Principles of cryptography8.3 Message integrity8.4 End point authentication8.5 Securing e-mail8.6 Securing TCP connections: SSL8.7 Network layer security: IPsec8.8 Securin

9、g wireless LANs8.9 Operational security: firewalls and IDS8: Network Security8-9The language of cryptographysymmetric key crypto: sender, receiver keys identicalpublic-key crypto: encryption key public, decryption key secret (private)plaintextplaintextciphertextKAencryptionalgorithmdecryption algori

10、thmAlices encryptionkeyBobs decryptionkeyKB8: Network Security8-10Symmetric key cryptographysubstitution cipher: substituting one thing for anothermonoalphabetic cipher: substitute one letter for anotherplaintext: abcdefghijklmnopqrstuvwxyzciphertext: mnbvcxzasdfghjklpoiuytrewqPlaintext: bob. i love

11、 you. aliceciphertext: nkn. s gktc wky. mgsbcE.g.:Q: How hard to break this simple cipher?: brute force (how hard?) other?8: Network Security8-11Symmetric key cryptographysymmetric key crypto: Bob and Alice share know same (symmetric) key: Ke.g., key is knowing substitution pattern in mono alphabeti

12、c substitution cipherQ: how do Bob and Alice agree on key value?plaintextciphertextKA-Bencryptionalgorithmdecryption algorithmA-BKA-Bplaintextmessage, mK (m)A-BK (m)A-Bm = K ( ) A-B8: Network Security8-12Symmetric key crypto: DESDES: Data Encryption StandardUS encryption standard NIST 199356-bit sym

13、metric key, 64-bit plaintext inputHow secure is DES?DES Challenge: 56-bit-key-encrypted phrase (“Strong cryptography makes the world a safer place) decrypted (brute force) in 4 monthsno known “backdoor decryption approachmaking DES more secure:use three keys sequentially (3-DES) on each datumuse cip

14、her-block chaining8: Network Security8-13Symmetric key crypto: DESinitial permutation 16 identical “rounds of function application, each using different 48 bits of keyfinal permutationDES operation8: Network Security8-14AES: Advanced Encryption Standardnew (Nov. 2001) symmetric-key NIST standard, re

15、placing DESprocesses data in 128 bit blocks128, 192, or 256 bit keysbrute force decryption (try each key) taking 1 sec on DES, takes 149 trillion years for AES8: Network Security8-15Block Cipherone pass through: one input bit affects eight output bits64-bit inputT18bits8 bits8bits8 bits8bits8 bits8b

16、its8 bits8bits8 bits8bits8 bits8bits8 bits8bits8 bits64-bit scrambler64-bit outputloop for n roundsT2T3T4T6T5T7T8multiple passes: each input bit afects all output bits block ciphers: DES, 3DES, AES8: Network Security8-16Cipher Block Chainingcipher block: if input block repeated, will produce same ci

17、pher text:t=1m(1) = “HTTP/1.1blockcipherc(1) = “k329aM02cipher block chaining: XOR ith input block, m(i), with previous block of cipher text, c(i-1)c(0) transmitted to receiver in clearwhat happens in “HTTP/1.1 scenario from above?+m(i)c(i)t=17m(17) = “HTTP/1.1blockcipherc(17) = “k329aM02blockcipher

18、c(i-1)8: Network Security8-17Public key cryptographysymmetric key cryptorequires sender, receiver know shared secret keyQ: how to agree on key in first place (particularly if never “met)?public key cryptographyradically different approach Diffie-Hellman76, RSA78sender, receiver do not share secret k

19、eypublic encryption key known to allprivate decryption key known only to receiver8: Network Security8-18Public key cryptographyplaintextmessage, mciphertextencryptionalgorithmdecryption algorithmBobs public key plaintextmessageK (m)B+K B+Bobs privatekey K B-m = K (K (m)B+B-8: Network Security8-19Pub

20、lic key encryption algorithmsneed K ( ) and K ( ) such thatBB.given public key K , it should be impossible to compute private key K BBRequirements:12RSA: Rivest, Shamir, Adleman algorithm+-K (K (m) = m BB-+-8: Network Security8-20RSA: Choosing keys1. Choose two large prime numbers p, q. (e.g., 1024

21、bits each)2. Compute n = pq, z = (p-1)(q-1)3. Choose e (with eAlice data encryption keyEA: Alice-Bob data encryption keyMB: Bob-Alice MAC keyMA: Alice-Bob MAC keyencryption and MAC algorithms negotiable between Bob, Alicewhy 4 keys?8: Network Security8-61SSL: three phases3. Data transferH( ).MBb1b2b

22、3 bnddH(d)dH(d)H( ).EBTCP byte streamblock n bytes together compute MAC encrypt d, MAC, SSL seq. #SSL seq. #dH(d)Type Ver LenSSL record formatencrypted using EBunencrypted8: Network Security8-62Chapter 8 roadmap8.1 What is network security?8.2 Principles of cryptography8.3 Message integrity8.4 End p

23、oint authentication8.5 Securing e-mail8.6 Securing TCP connections: SSL8.7 Network layer security: IPsec8.8 Securing wireless LANs8.9 Operational security: firewalls and IDS8: Network Security8-63IPsec: Network Layer Securitynetwork-layer secrecy: sending host encrypts the data in IP datagramTCP and

24、 UDP segments; ICMP and SNMP work-layer authenticationdestination host can authenticate source IP addresstwo principal protocols:authentication header (AH) protocolencapsulation security payload (ESP) protocolfor both AH and ESP, source, destination handshake:create network-layer logical channel cal

25、led a security association (SA)each SA unidirectional.uniquely determined by:security protocol (AH or ESP)source IP address32-bit connection ID8: Network Security8-64Authentication Header (AH) Protocolprovides source authentication, data integrity, no confidentialityAH header inserted between IP hea

26、der, data tocol field: 51intermediate routers process datagrams as usualAH header includes:connection identifierauthentication data: source- signed message digest calculated over original IP datagram.next header field: specifies type of data (e.g., TCP, UDP, ICMP)IP headerdata (e.g., TCP, U

27、DP segment)AH header8: Network Security8-65ESP Protocolprovides secrecy, host authentication, data integrity.data, ESP trailer encrypted.next header field is in ESP trailer.ESP authentication field is similar to AH authentication field.Protocol = 50. IP headerTCP/UDP segmentESPheaderESPtrailerESPaut

28、hent.encryptedauthenticated8: Network Security8-66Chapter 8 roadmap8.1 What is network security?8.2 Principles of cryptography8.3 Message integrity8.4 End point authentication8.5 Securing e-mail8.6 Securing TCP connections: SSL8.7 Network layer security: IPsec8.8 Securing wireless LANs8.9 Operationa

29、l security: firewalls and IDS8: Network Security8-67IEEE 802.11 securitywar-driving: drive around Bay area, see what 802.11 networks available?More than 9000 accessible from public roadways85% use no encryption/authenticationpacket-sniffing and various attacks easy!securing 802.11encryption, authent

30、icationfirst attempt at 802.11 security: Wired Equivalent Privacy (WEP): a failurecurrent attempt: 802.11i8: Network Security8-68Wired Equivalent Privacy (WEP): authentication as in protocol ap4.0host requests authentication from access pointaccess point sends 128 bit noncehost encrypts nonce using

31、shared symmetric keyaccess point decrypts nonce, authenticates hostno key distribution mechanismauthentication: knowing the shared key is enough8: Network Security8-69WEP data encryptionhost/AP share 40 bit symmetric key (semi-permanent)host appends 24-bit initialization vector (IV) to create 64-bit

32、 key64 bit key used to generate stream of keys, kiIVkiIV used to encrypt ith byte, di, in frame:ci = di XOR kiIVIV and encrypted bytes, ci sent in frame8: Network Security8-70802.11 WEP encryptionSender-side WEP encryption8: Network Security8-71Breaking 802.11 WEP encryptionsecurity hole: 24-bit IV,

33、 one IV per frame, - IVs eventually reusedIV transmitted in plaintext - IV reuse detectedattack:Trudy causes Alice to encrypt known plaintext d1 d2 d3 d4 Trudy sees: ci = di XOR kiIVTrudy knows ci di, so can compute kiIVTrudy knows encrypting key sequence k1IV k2IV k3IV Next time IV is used, Trudy c

34、an decrypt!8: Network Security8-72 802.11i: improved securitynumerous (stronger) forms of encryption possibleprovides key distributionuses authentication server separate from access point8: Network Security8-73AP: access pointAS:Authentication serverwirednetworkSTA:client station1 Discovery ofsecuri

35、ty capabilities3STA and AS mutually authenticate, togethergenerate Master Key (MK). AP servers as “pass through23STA derivesPairwise Master Key (PMK)AS derivessame PMK, sends to AP4STA, AP use PMK to derive Temporal Key (TK) used for message encryption, integrity 802.11i: four phases of operation8:

36、Network Security8-74wirednetworkEAP TLSEAP EAP over LAN (EAPoL) IEEE 802.11 RADIUSUDP/IPEAP: extensible authentication protocolEAP: end-end client (mobile) to authentication server protocolEAP sent over separate “l(fā)inksmobile-to-AP (EAP over LAN)AP to authentication server (RADIUS over UDP)8: Network

37、 Security8-75Chapter 8 roadmap8.1 What is network security?8.2 Principles of cryptography8.3 Message integrity8.4 End point authentication8.5 Securing e-mail8.6 Securing TCP connections: SSL8.7 Network layer security: IPsec8.8 Securing wireless LANs8.9 Operational security: firewalls and IDS8: Netwo

38、rk Security8-76Firewallsisolates organizations internal net from larger Internet, allowing some packets to pass, blocking others.firewall administerednetworkpublicInternetfirewall8: Network Security8-77Firewalls: Whyprevent denial of service attacks:SYN flooding: attacker establishes many bogus TCP

39、connections, no resources left for “real connectionsprevent illegal modification/access of internal data.e.g., attacker replaces CIAs homepage with something elseallow only authorized access to inside network (set of authenticated users/hosts)three types of firewalls:stateless packet filtersstateful

40、 packet filtersapplication gateways8: Network Security8-78Stateless packet filteringinternal network connected to Internet via router firewallrouter filters packet-by-packet, decision to forward/drop packet based on:source IP address, destination IP addressTCP/UDP source and destination port numbers

41、ICMP message typeTCP SYN and ACK bits Should arriving packet be allowed in? Departing packet let out?8: Network Security8-79Stateless packet filtering: exampleexample 1: block incoming and outgoing datagrams with IP protocol field = 17 and with either source or dest port = 23.all incoming, outgoing

42、UDP flows and telnet connections are blocked.example 2: Block inbound TCP segments with ACK=0.prevents external clients from making TCP connections with internal clients, but allows internal clients to connect to outside.8: Network Security8-80PolicyFirewall SettingNo outside Web access.Drop all out

43、going packets to any IP address, port 80No incoming TCP connections, except those for institutions public Web server only.Drop all incoming TCP SYN packets to any IP except 03, port 80Prevent Web-radios from eating up the available bandwidth.Drop all incoming UDP packets - except DNS and router broa

44、dcasts.Prevent your network from being used for a smurf DoS attack.Drop all ICMP packets going to a “broadcast” address (eg 55).Prevent your network from being traceroutedDrop all outgoing ICMP TTL expired trafficStateless packet filtering: more examples8: Network Security8-81actionsourceaddressdest

45、addressprotocolsourceportdestportflagbitallow222.22/16outside of222.22/16TCP 102380anyallowoutside of222.22/16222.22/16TCP80 1023ACKallow222.22/16outside of222.22/16UDP 102353allowoutside of222.22/16222.22/16UDP53 1023denyallallallallallallAccess Control ListsACL: table of rules, applied top to bott

46、om to incoming packets: (action, condition) pairs8: Network Security8-82Stateful packet filteringstateless packet filter: heavy handed tooladmits packets that “make no sense, e.g., dest port = 80, ACK bit set, even though no TCP connection established:actionsourceaddressdestaddressprotocolsourceport

47、destportflagbitallowoutside of222.22/16222.22/16TCP80 1023ACKstateful packet filter: track status of every TCP connectiontrack connection setup (SYN), teardown (FIN): can determine whether incoming, outgoing packets “makes sensetimeout inactive connections at firewall: no longer admit packets8: Netw

48、ork Security8-83actionsourceaddressdestaddressprotosourceportdestportflagbitcheck conxionallow222.22/16outside of222.22/16TCP 102380anyallowoutside of222.22/16222.22/16TCP80 1023ACKxallow222.22/16outside of222.22/16UDP 102353allowoutside of222.22/16222.22/16UDP53 1023xdenyallallallallallallStateful

49、packet filteringACL augmented to indicate need to check connection state table before admitting packet8: Network Security8-84Application gatewaysfilters packets on application data as well as on IP/TCP/UDP fields.example: allow select internal users to telnet outside.host-to-gatewaytelnet sessiongateway-to-remote host t