- Confidentiality: Only sender & receiver can understand message (sender encypt, receiver decrypt)
- Authentication: Sender & Receiver confirm each other's identity
- Message Integrity: Ensure message is not altered without detection
- Availability: network should always be available
Potential threats
Cryptography
- Plain-text: the message itself
- Ciphertext: the message after encryption
- Key: encrpytion key and decryption key at sender & receiver
Cipher-text can be broken by finding the most frequent key or by brute force.
- Substitution cipher: substitute one thing (letter) for another (letter), the encryption key is the mapping of a set of 26 letter to another
- Cycling substituion cipher: Use different ciphers for symbols on different locations
- Block cipher: message is broken into k-bit blocks, this encrypion method maps the k-bit block of cleartext to a k-bit block of ciphertext, and link them together to form ciphertext.
-
message 010110001111 gets encrypted into 101000111001
-
- Randomly permuted tables, The key for this block cipher algorithm would be the eight permutation tables
- DES: uses 64-bit blocks with a 56-bit key
-
3DES: DES with 3 cycles
- AES: 128-bit blocks and can operate with keys that are 128, 192, and 256 bits long
- Split
- Cypher
- Scramble
- Feed back
- Cycle through n times
- Output Cipher Text
Symmetric key encryption
Both sender and receiver knows the key, they are the same
But agreeing on that shared key is a big problem.
Public Key encryption
2 keys—a public key that is available to everyone in the world (including Trudy the intruder) and a private key that is known only to Bob
Private key can decrypt message encrypted by the public key.
Cannot get private key from public key.
- Sender encrypts plain-text with receiver's Public Key
- Receiver uses its private key to decrypt the message
Authentication
- Nonce (a number that is used once)
- Recording of that number won't work becuase it cannot be used a second time
- But the identity of sender can be spoofed
CA
Binds public key to a particular entity.
Entity registers its public key with CA and get a certificate. that certificate is binded to the public key.
TLS
Transport Layer Security
Provides confidentiality, integrity and authentication above the transportation layer
Pieces
Handshake
- Establish TCP handshake
- Verify Alice's certificate
- Send Master Secrete Key (MS), encrypted with its own public key, form encrypted master secret key (EMS)
- encrypted master secret key (EMS) is used in further TLS sessions
Issue: takes 3 round trips to connect, lots of overhead
Key Derivation
Different Keys for MAC & encryption
keys are derived from key derivation function (KDF)
Data Transfer
To ensure interity, we break data stream into series of records
Attacks on data stream
- Re-ordering: interception TCP segements and reorder them
- Replay: record the whole TCP transcation and replay them over and over again.
Solution:
- Use TLS seq number
- Use Nonce
Closure
To avoid hackers stops the transaction too early, include record types
IPsec
- Goal
- 2 modes
2 Protocols
- AH: provides authen, data integrity, not confidential
- ESP: provides authen, data integrity, AND confidential
Security Association
- Established before data sent
- Unidirectional, 2 needed if both entities send messages
State info:
- A 32-bit identifier for the SA, called the Security Parameter Index (SPI)
- The origin interface of the SA (in this case 200.168.1.100) and the destination interface of the SA (in this case 193.68.2.23)
- The type of encryption to be used (for example, 3DES with CBC) The encryption key
- The type of integrity check (for example, HMAC with MD5)
- The authentication key
An IPsec entity stores the state information for all of its SAs in its Security Association Database (SAD)
This info is used to determine how it should authenticate and encrypt the datagram at sender side, and to authenticate and decrypt any IPsec datagram at receiver side.
IPsec Datagram
-
A brand new IP header
-
ESP header:
-
The SPI indicates to the receiving entity the SA to which the datagram belongs; receiving entity use it to determine the appropriate authentication/decryption algorithms and keys
-
Sequence number field is used to defend against replay attacks.
-
-
ESP trailer:
-
Padding makes resulting “message” is an integer number of blocks (for block cipher)
-
Pad-length field indicates to the receiving entity how much padding is there
-
Next header identifies the type (e.g., UDP) of data contained in the payload-data field
-
Trailer and payload are concated and encrypted.
-
-
ESP MAC: calculated over the whole enchilada, the sender appends a secret MAC key to the enchilada and then calculates a fixed-length hash of the result.
SPD
Security Policy Database (SPD)
- SPD indicates what types of datagrams (as a function of source IP address, destination IP address, and protocol type) are to be IPsec processed
-
SPD indicates which SA should be used
SPD indicates “what” to do with an arriving datagram;
Security Association Database (SAD) indicates “how” to do it.
IKE
An automated mechanism for creating the SAs for large VPN.