哈工大计算机网络课件chapter8

ComputerNetworks8:NetworkSecurity1Chapter8:NetworkSecurityChaptergoals:ˆunderstandprinciplesofnetworksecurity:cryptographyanditsmanyusesbeyond“confidentiality”authenticationmessageintegritykeydistributionˆsecurityinpractice:firewallssecurityinapplication,transport,network,linklayersComputerNetworks8:NetworkSecurity2Chapter8roadmap8.1Whatisnetworksecurity?8.2Principlesofcryptography8.3Authentication8.4Integrity8.5KeyDistributionandcertification8.6Accesscontrol:firewalls8.7Attacksandcountermeasures8.8SecurityinmanylayersComputerNetworks8:NetworkSecurity3Whatisnetworksecurity?Confidentiality:onlysender,intendedreceivershould“understand”messagecontentssenderencryptsmessagereceiverdecryptsmessageAuthentication:sender,receiverwanttoconfirmidentityofeachotherMessageIntegrity:sender,receiverwanttoensuremessagenotaltered(intransit,orafterwards)withoutdetectionAccessandAvailability:servicesmustbeaccessibleandavailabletousersComputerNetworks8:NetworkSecurity4Friendsandenemies:Alice,Bob,Trudyˆwell-knowninnetworksecurityworldˆBob,Alice(lovers!)wanttocommunicate“securely”ˆTrudy(intruder)mayintercept,delete,addmessagessecuresendersecurereceiverchanneldata,controlmessagesdataAliceBobdataTrudyComputerNetworks8:NetworkSecurity5WhomightBob,Alicebe?ˆ…well,real-lifeBobsandAlices!ˆWebbrowser/serverforelectronictransactions(e.g.,on-linepurchases)ˆon-linebankingclient/serverˆDNSserversˆroutersexchangingroutingtableupdatesˆotherexamples?ComputerNetworks8:NetworkSecurity6Therearebadguys(andgirls)outthere!Q:Whatcana“badguy”do?A:alot!eavesdrop:interceptmessagesactivelyinsertmessagesintoconnectionimpersonation:canfake(spoof)sourceaddressinpacket(oranyfieldinpacket)hijacking:“takeover”ongoingconnectionbyremovingsenderorreceiver,insertinghimselfinplacedenialofservice:preventservicefrombeingusedbyothers(e.g.,byoverloadingresources)moreonthislater……ComputerNetworks8:NetworkSecurity7Chapter8roadmap8.1Whatisnetworksecurity?8.2Principlesofcryptography8.3Authentication8.4Integrity8.5KeyDistributionandcertification8.6Accesscontrol:firewalls8.7Attacksandcountermeasures8.8SecurityinmanylayersComputerNetworks8:NetworkSecurity8plaintextplaintextciphertextKAencryptionalgorithmdecryptionalgorithmAlice’sencryptionkeyBob’sdecryptionkeyKBThelanguageofcryptographysymmetrickeycrypto:sender,receiverkeysidenticalpublic-keycrypto:encryptionkeypublic,decryptionkeysecret(private)ComputerNetworks8:NetworkSecurity9Symmetrickeycryptographysubstitutioncipher:substitutingonethingforanothermonoalphabeticcipher:substituteoneletterforanotherplaintext:abcdefghijklmnopqrstuvwxyzciphertext:mnbvcxzasdfghjklpoiuytrewqE.g.:Plaintext:bob.iloveyou.aliceciphertext:nkn.sgktcwky.mgsbcQ:Howhardtobreakthissimplecipher?:‰bruteforce(howhard?)‰other?ComputerNetworks8:NetworkSecurity10plaintextciphertextKA-BencryptionalgorithmdecryptionalgorithmKA-Bplaintextmessage,mK(m)A-BK(m)A-Bm=K()A-BSymmetrickeycryptographysymmetrickeycrypto:BobandAliceshareknowsame(symmetric)key:Kˆe.g.,keyisknowingsubstitutionpatterninmonoalphabeticsubstitutioncipherˆQ:howdoBobandAliceagreeonkeyvalue?A-BComputerNetworks8:NetworkSecurity11Symmetrickeycrypto:DESDES:DataEncryptionStandardˆUSencryptionstandard[NIST1993]ˆ56-bitsymmetrickey,64-bitplaintextinputˆHowsecureisDES?DESChallenge:56-bit-key-encryptedphrase(“Strongcryptographymakestheworldasaferplace”)decrypted(bruteforce)in4monthsnoknown“backdoor”decryptionapproachˆmakingDESmoresecure:usethreekeyssequentially(3-DES)oneachdatumusecipher-blockchainingComputerNetworks8:NetworkSecurity12Symmetrickeycrypto:DESinitialpermutation16identical“rounds”offunctionapplication,eachusingdifferent48bitsofkeyfinalpermutationDESoperationComputerNetworks8:NetworkSecurity13AES:AdvancedEncryptionStandardˆnew(Nov.2001)symmetric-keyNISTstandard,replacingDESˆprocessesdatain128bitblocksˆ128,192,or256bitkeysˆbruteforcedecryption(tryeachkey)taking1seconDES,takes149trillionyearsforAESComputerNetworks8:NetworkSecurity14PublicKeyCryptographysymmetrickeycryptoˆrequiressender,receiverknowsharedsecretkeyˆQ:howtoagreeonkeyinfirstplace(particularlyifnever“met”)?publickeycryptographyˆradicallydifferentapproach[Diffie-Hellman76,RSA78]ˆsender,receiverdonotsharesecretkeyˆpublicencryptionkeyknowntoallˆprivatedecryptionkeyknownonlytoreceiverComputerNetworks8:NetworkSecurity15Publickeycryptographyplaintextmessage,mciphertextencryptionalgorithmdecryptionalgorithmBob’spublickeyplaintextmessageK(m)B+KB+Bob’sprivatekeyKB-m=K(K(m))B+B-ComputerNetworks8:NetworkSecurity16PublickeyencryptionalgorithmsneedK()andK()suchthatBB..givenpublickeyK,itshouldbeimpossibletocomputeprivatekeyKBBRequirements:12+-K(K(m))=mBB-++-RSA:Rivest,Shamir,AdelsonalgorithmComputerNetworks8:NetworkSecurity17RSA:Choosingkeys1.Choosetwolargeprimenumbersp,q.(e.g.,1024bitseach)2.Computen=pq,z=(p-1)(q-1)3.Choosee(withen)thathasnocommonfactorswithz.(e,zare“relativelyprime”).4.Choosedsuchthated-1isexactlydivisiblebyz.(inotherwords:edmodz=1).5.Publickeyis(n,e).Privatekeyis(n,d).KB-KB+ComputerNetworks8:NetworkSecurity18RSA:En