Your SlideShare is downloading. ×
0
IS Unit 7_Network Security
IS Unit 7_Network Security
IS Unit 7_Network Security
IS Unit 7_Network Security
IS Unit 7_Network Security
IS Unit 7_Network Security
IS Unit 7_Network Security
IS Unit 7_Network Security
IS Unit 7_Network Security
IS Unit 7_Network Security
IS Unit 7_Network Security
IS Unit 7_Network Security
IS Unit 7_Network Security
IS Unit 7_Network Security
IS Unit 7_Network Security
IS Unit 7_Network Security
IS Unit 7_Network Security
IS Unit 7_Network Security
IS Unit 7_Network Security
IS Unit 7_Network Security
IS Unit 7_Network Security
IS Unit 7_Network Security
IS Unit 7_Network Security
IS Unit 7_Network Security
IS Unit 7_Network Security
IS Unit 7_Network Security
IS Unit 7_Network Security
IS Unit 7_Network Security
IS Unit 7_Network Security
IS Unit 7_Network Security
IS Unit 7_Network Security
IS Unit 7_Network Security
IS Unit 7_Network Security
IS Unit 7_Network Security
IS Unit 7_Network Security
IS Unit 7_Network Security
IS Unit 7_Network Security
IS Unit 7_Network Security
IS Unit 7_Network Security
IS Unit 7_Network Security
IS Unit 7_Network Security
IS Unit 7_Network Security
IS Unit 7_Network Security
IS Unit 7_Network Security
IS Unit 7_Network Security
IS Unit 7_Network Security
IS Unit 7_Network Security
IS Unit 7_Network Security
IS Unit 7_Network Security
IS Unit 7_Network Security
IS Unit 7_Network Security
IS Unit 7_Network Security
IS Unit 7_Network Security
IS Unit 7_Network Security
IS Unit 7_Network Security
IS Unit 7_Network Security
IS Unit 7_Network Security
IS Unit 7_Network Security
IS Unit 7_Network Security
IS Unit 7_Network Security
IS Unit 7_Network Security
IS Unit 7_Network Security
IS Unit 7_Network Security
IS Unit 7_Network Security
IS Unit 7_Network Security
IS Unit 7_Network Security
IS Unit 7_Network Security
IS Unit 7_Network Security
IS Unit 7_Network Security
IS Unit 7_Network Security
IS Unit 7_Network Security
IS Unit 7_Network Security
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

IS Unit 7_Network Security

352

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
352
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
28
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Chapter 7:Chapter 7:Chapter 7:Chapter 7:----Network SecurityNetwork SecurityNetwork SecurityNetwork SecurityBy:- Sarthak Patel (www.sarthakpatel.in)
  • 2. OutlineDigital SignaturesAuthentication ProtocolsDigital Signature StandardsApplication AuthenticationTechniques Like KerberosSarthak Patel (www.sarthakpatel.in)2Application AuthenticationTechniques Like KerberosX.509 DirectoryAuthentication ServicesActive Directory Service OfWindows NT/Windows 2000
  • 3. Digital SignaturesDigital signatures provide the ability to:verify author, date & time of signatureauthenticate message contentsbe verified by third parties to resolve disputesSarthak Patel (www.sarthakpatel.in)3
  • 4. Digital Signature Propertiesmust depend on the message signedmust use information unique to senderto prevent both forgery and denialmust be relatively easy to produceSarthak Patel (www.sarthakpatel.in)4must be relatively easy to producemust be relatively easy to recognize & verifybe computationally infeasible to forgebe practical save digital signature in storage
  • 5. Digital SignatureCategories of Digital Signature:DirectArbitrated.Sarthak Patel (www.sarthakpatel.in)5
  • 6. Direct Digital Signaturesinvolve only sender & receiverassumed receiver has sender’s public-keydigital signature made by sender signing entire message orhash with private-keycan encrypt using receivers public-keySarthak Patel (www.sarthakpatel.in)6can encrypt using receivers public-keyimportant that sign first then encrypt message & signaturesecurity depends on sender’s private-key
  • 7. Direct Digital SignatureSarthak Patel (www.sarthakpatel.in)7Confidentiality, Authentication & Digital Signature
  • 8. Weakness of Direct D.SThe validity of the scheme depends on the security of the sendersprivate key.If a sender later wishes to deny sending a particular message, thesender can claim that the private key was lost or stolen and thatsomeone else forged his or her signature.Sarthak Patel (www.sarthakpatel.in)8One example is to require every signed message to include atimestamp (date and time) and to require prompt reporting ofcompromised keys to a central authority.
  • 9. Arbitrated Digital Signaturesinvolves use of arbiterAvalidates any signed messagethen dated and sent to recipientrequires suitable level of trust in arbitercan be implemented with either private or public-keySarthak Patel (www.sarthakpatel.in)9can be implemented with either private or public-keyalgorithmsarbiter may or may not be able to see message
  • 10. Authentication Protocolsused to convince parties of each others identity and toexchange session keysmay be One-way or Mutualkey issues areconfidentiality – to protect session keysSarthak Patel (www.sarthakpatel.in)10confidentiality – to protect session keystimeliness – to prevent replay attackspublished protocols are often found to have flaws and need tobe modified
  • 11. (Mutual Authentication) ReplayAttackswhere a valid signed message is copied and later resentSimple replay: The opponent simply copies a message and replays it later.Repetition that can be logged: An opponent can replay atimestamped message within the valid time windowRepetition that cannot be detected: This situation could ariseSarthak Patel (www.sarthakpatel.in)11Repetition that cannot be detected: This situation could arisebecause the original message could have been suppressed and thus did not arriveat its destination; only the replay message arrivesBackward replay without modification: This is a replay back tothe message sender.
  • 12. Countermeasures to avoid ReplayAttackTimestamps (needs synchronized clocks)Party A accepts a message as fresh only if the message contains atimestamp that, in As judgment, is close enough to Asknowledge of current time. This approach requires that clocksamong the various participants be synchronized.Sarthak Patel (www.sarthakpatel.in)12Challenge/response (using unique nonce)Party A, expecting a fresh message from B, first sends B a nonce(challenge) and requires that the subsequent message (response)received from B contain the correct nonce value.
  • 13. Using Symmetric Encryptionas discussed previously, we can use a two-level hierarchy ofkeysusually with a trusted Key Distribution Center (KDC)each party shares own master key with KDCKDC generates session keys used for connections betweenSarthak Patel (www.sarthakpatel.in)13KDC generates session keys used for connections betweenpartiesmaster keys used to distribute these to them
  • 14. Needham-Schroeder Protocoloriginal third-party key distribution protocolfor session betweenA B mediated by KDCprotocol overview is:1. A->KDC: IDA || IDB || N1Sarthak Patel (www.sarthakpatel.in)141. A->KDC: IDA || IDB || N12. KDC ->A: EKa[Ks || IDB || N1 || EKb[Ks||IDA] ]3. A -> B: EKb[Ks||IDA]4. B ->A: EKs[N2]5. A -> B: EKs[f(N2)]
  • 15. Needham-Schroeder Protocolused to securely distribute a new session key forcommunications betweenA & Bbut is vulnerable to a replay attack if an old session key hasbeen compromisedSarthak Patel (www.sarthakpatel.in)15
  • 16. Using Public-Key Encryptionhave a range of approaches based on the use of public-keyencryptionneed to ensure have correct public keys for other partiesusing a central Authentication Server (AS)various protocols exist using timestamps or noncesSarthak Patel (www.sarthakpatel.in)16various protocols exist using timestamps or nonces
  • 17. Denning AS ProtocolDenning 81 presented the following:Sarthak Patel (www.sarthakpatel.in)17note session key is chosen byA, henceAS need not betrusted to protect ittimestamps prevent replay but require synchronizedclocks
  • 18. One-Way Authenticationrequired when sender & receiver are not in communicationsat same time (e.g., email)have header in clear so can be delivered by email systemSarthak Patel (www.sarthakpatel.in)18
  • 19. Using Symmetric Encryptioncan refine use of KDC but can’t have final exchange ofnonces:1. A->KDC: IDA || IDB || N12. KDC ->A: EKa[Ks || IDB || N1 || EKb[Ks||IDA] ]3. A -> B: EKb[Ks||IDA] || EKs[M]Sarthak Patel (www.sarthakpatel.in)193. A -> B: EKb[Ks||IDA] || EKs[M]does not protect against replayscould rely on timestamp in message, though email delays makethis problematic
  • 20. Public-Key Approacheshave seen some public-key approachesif confidentiality is major concern, can use:A->B: EPUb[Ks] || EKs[M]has encrypted session key, encrypted messageif authentication needed, use a digital signature with a digitalSarthak Patel (www.sarthakpatel.in)20if authentication needed, use a digital signature with a digitalcertificate:A->B: M || EPRa[H(M)] || EPRas[T||IDA||PUa]with message, signature, certificate
  • 21. Digital Signature Standard (DSS)US Govt approved signature schemedesigned by NIST & NSA in early 90spublished as FIPS-186 in 1991revised in 1993, 1996 & then 2000uses the SHA hash algorithmSarthak Patel (www.sarthakpatel.in)21uses the SHA hash algorithmDSS is the standard, DSA is the algorithmFIPS 186-2 (2000) includes alternative RSA & ellipticcurve signature variants
  • 22. Digital Signature Algorithm (DSA)creates a 320 bit signaturewith 512-1024 bit securitysmaller and faster than RSAa digital signature scheme onlysecurity depends on difficulty of computing discreteSarthak Patel (www.sarthakpatel.in)22security depends on difficulty of computing discretelogarithms
  • 23. Digital Signature Algorithm (DSA)Sarthak Patel (www.sarthakpatel.in)23
  • 24. DSA Signature Creationto sign a message M the sender:generates a random signature key k, k<qk must be random, be destroyed after use, and never be reusedthen compute signature pair:r = (gk(mod p))(mod q)Sarthak Patel (www.sarthakpatel.in)24r = (gk(mod p))(mod q)s = (k-1.H(M)+ x.r)(mod q)sends signature (r,s) with message M
  • 25. Authentication Applicationsdeveloped to support application-level authentication &digital signatureswill discuss Kerberos – a private-key authentication servicediscuss X.509 - a public-key directory authentication serviceSarthak Patel (www.sarthakpatel.in)25
  • 26. KerberosAuthentication service developed as a part of MIT’sAthenaprojectprovides centralized private-key third-party authentication ina distributed networkallows users access to services distributed through networkwithout needing to trust all workstationsSarthak Patel (www.sarthakpatel.in)26without needing to trust all workstationsrather all trust a central authentication servertwo versions in use: 4 & 5
  • 27. Why Kerberos is needed ?Problem: Not trusted workstation to identifytheir users correctly in an open distributed environment3Threats:Pretending to be another user from the workstationSending request from the impersonated workstationSarthak Patel (www.sarthakpatel.in)27Sending request from the impersonated workstationReplay attack to gain service or disrupt operations
  • 28. Why Kerberos is needed ? Cont.Solution:Building elaborate authentication protocols at eachserverA centralized authentication server (Kerberos)Sarthak Patel (www.sarthakpatel.in)28
  • 29. Requirements for KERBEROSSecure:An opponent does not find it to be the weak linkReliable:The system should be able to back up anotherTransparent:Sarthak Patel (www.sarthakpatel.in)29Transparent:An user should not be aware of authenticationScalable:The system supports large number of clients and severs
  • 30. Versions of KERBEROSTwo versions are in common useVersion 4 is most widely used versionVersion 4 uses of DESVersion 5 corrects some of the security deficiencies ofVersion 4Sarthak Patel (www.sarthakpatel.in)30Version 4Version 5 has been issued as a draft Internet Standard(RFC 1510)
  • 31. Kerberos v4 Overviewa basic third-party authentication schemehave an Authentication Server (AS)users initially negotiate with AS to identify selfAS provides a non-corruptible authentication credential (ticketgranting ticketTGT)Sarthak Patel (www.sarthakpatel.in)31granting ticketTGT)have aTicket Granting server (TGS)users subsequently request access to other services fromTGS onbasis of usersTGT
  • 32. Kerberos v4 Dialogue1. obtain ticket granting ticket from AS• once per session2. obtain service granting ticket fromTGT• for each distinct service required3. client/server exchange to obtain serviceSarthak Patel (www.sarthakpatel.in)323. client/server exchange to obtain service• on every service request
  • 33. Kerberos Version 4: Dialog 1- SimplePc=password of clientSarthak Patel (www.sarthakpatel.in)33Ticket=Ekv[IDc,ADc,IDv]kv=Secret Key betweenAS and V (Server)
  • 34. whereC= clientAS= authentication serverV=serverID = identifier of user on CSarthak Patel (www.sarthakpatel.in)34IDC= identifier of user on CIDV= identifier ofVPC= password of user on CADC= network address of CKv= secret encryption key shared byAS andV
  • 35. Kerberos Version 4 : Dialog 2-More SecureOnce per userlogon sessionticketTGS=EKtgs[IDc,ADc,IDtgs,TS1,LifeTime1 ]Sarthak Patel (www.sarthakpatel.in)354-TicketVOnce per type ofservice
  • 36. Kerberos Version 4 : Dialog 2- More Secure Cont.Once per service sessionSarthak Patel (www.sarthakpatel.in)365- TicketV+ IDcTicketV=EKv[IDc,ADc,IDv,Ts2,Lifetime2]
  • 37. Kerberos: The Version 4 AuthenticationDialogKERBEROSOnce per user logon sessionticketTGS=EKtgs [Kc.tgs,IDc,ADc,IDtgs,TS2,Sarthak Patel (www.sarthakpatel.in)371- IDc + IDtgs +TS12- EKc [Kc.tgs,IDtgs,Ts2,Lifetime2,TicketTGS]IDc,ADc,IDtgs,TS2,LifeTime2 ]
  • 38. Kerberos: The Version 4 AuthenticationDialog Cont.KERBEROSOnce per type of serviceticketTGS=EKtgs [Kc.tgs,IDc,ADc,IDtgs,TS2, LifeTime2 ]Sarthak Patel (www.sarthakpatel.in)383- TicketTGS + AuthenticatorC +IDv4-EKc.tgs[ Kc.v,IDv,Ts4,Ticketv]AuthenticatorC=EKc.tgs[IDc,ADc,TS3]ticketV=EKV[Kc.v,IDc,ADc,IDv, TS4,LifeTime4 ]
  • 39. Kerberos: The Version 4 AuthenticationDialog Cont.Once per service sessionSarthak Patel (www.sarthakpatel.in)395- TicketV+ AuthenticatorCTicketV=EKv [Kv.c, IDc, ADc, IDv, TS4, Lifetime4]AuthenticatorC=EKc.v [IDc,ADc,TS5]6- EKc.v[TS5+1]
  • 40. Overview of Kerberos: 1Sarthak Patel (www.sarthakpatel.in)40
  • 41. Overview of Kerberos: 2Sarthak Patel (www.sarthakpatel.in)41
  • 42. Overview of Kerberos: 3Sarthak Patel (www.sarthakpatel.in)42
  • 43. Overview of Kerberos: 4Sarthak Patel (www.sarthakpatel.in)43
  • 44. Kerberos 4 OverviewSarthak Patel (www.sarthakpatel.in)44
  • 45. Tickets:Contains information which must be considered private tothe userAllows user to use a service or to accessTGSReusable for a period of particular timeSarthak Patel (www.sarthakpatel.in)45Reusable for a period of particular timeUsed for distribution of keys securely
  • 46. AuthenticatorsProves the client’s identityProves that user knows the session keyPrevents replay attackUsed only once and has a very short life timeOne authenticator is typically built per session of use of aSarthak Patel (www.sarthakpatel.in)46One authenticator is typically built per session of use of aservice
  • 47. Kerberos RealmsA single administrative domain includes:a Kerberos servera number of clients, all registered with serverapplication servers, sharing keys with serverWhat will happen when users in one realm need access toSarthak Patel (www.sarthakpatel.in)47What will happen when users in one realm need access toservice from other realms?:Kerberos provide inter-realm authentication
  • 48. Inter-realm Authentication:Kerberos server in each realm shares a secret key with otherrealms.It requiresKerberos server in one realm should trust the one in otherrealm to authenticate its usersSarthak Patel (www.sarthakpatel.in)48realm to authenticate its usersThe second also trusts the Kerberos server in the first realmProblem: N*(N-1)/2 secure key exchange
  • 49. Request for Service in another realm:Sarthak Patel (www.sarthakpatel.in)49
  • 50. KERBEROS Version 5 versus Version4Environmental shortcomings ofVersion 4:Encryption system dependence: DESInternet protocol dependenceTicket lifetimeAuthentication forwardingSarthak Patel (www.sarthakpatel.in)50Authentication forwardingInter-realm authentication
  • 51. KERBEROS Version 5 versus Version4Technical deficiencies ofVersion 4:Double encryptionSession KeysSarthak Patel (www.sarthakpatel.in)51Session KeysPassword attack
  • 52. RealmIndicates realm of the userOptionsTimesFrom: the desired start time for the ticketTill: the requested expiration timeNew Elements in Kerberos Version 5Sarthak Patel (www.sarthakpatel.in)52Till: the requested expiration timeRtime: requested renew-till timeNonceA random value to assure the response is fresh
  • 53. Kerberos Version 5 Message Exchange:1To obtain ticket-granting ticket:(1)C AS : Options || IDc || Realmc || IDtgs ||Times ||Nonce1(2) AS C : Realmc || IDc ||Ticket tgs ||EKc [ Kc,tgs || IDtgs ||Times || Nonce1 ||| Realm tgs ]Sarthak Patel (www.sarthakpatel.in)53EKc [ Kc,tgs || IDtgs ||Times || Nonce1 ||| Realm tgs ]Ticket tgs= EKtgs [ Flags || Kc,tgs || Realm c ||IDc ||ADc ||Times]
  • 54. Kerberos Version 5 Message Exchange:2To obtain service-granting ticket :(3)C TGS : Options || IDv ||Times || Nonce2 ||Ticket tgs ║Authenticator c(4)TGS C : Realmc || IDc ||Ticket v || EK c,tgs [ Kc,v ║Times||Nonce2 || IDv ║ Realm v]Sarthak Patel (www.sarthakpatel.in)54Nonce2 || IDv Realm v]Ticket tgs= EKtgs [ Flags || Kc,tgs || Realm c || IDc ||ADc ||Times]Ticket v : EK v [Kc,,v ║ Realmc || IDc ║ADc ║Times ]Authenticator c : EK c,tgs [IDc ║ Realmc ║TS1]
  • 55. Kerberos Version 5 Message Exchange:3To obtain service(5) C S : Options ||Ticket v||Authenticator c(6) S C : EK c,v [TS2|| Subkey || Seq# ]Ticket v : EK v [Flags || Kc,v || Realmc ||Sarthak Patel (www.sarthakpatel.in)55Ticket v : EK v [Flags || Kc,v || Realmc ||IDc ||ADc ||Times ]Authenticator c : EK c,v [IDc || Realmc ||TS2 || Subkey|| Seq# ]
  • 56. Kerberos : StrengthsUsers passwords are never sent across the network, encrypted orin plain textSecret keys are only passed across the network in encrypted formClient and server systems mutually authenticateIt limits the duration of their users authentication.Authentications are reusable and durableSarthak Patel (www.sarthakpatel.in)56Authentications are reusable and durableKerberos has been scrutinized by many of the top programmers,cryptologists and security experts in the industry
  • 57. Certificate:Electronic counterparts to driver licenses, passportsVerifies authenticity of the public keyPrevents impersonationEnables individuals and organizations to secure business andpersonal transactionsSarthak Patel (www.sarthakpatel.in)57personal transactions
  • 58. What a certificate includes:Name of Entity being CertifiedPublic KeyName of CertificateAuthoritySerial NumberExpiration DateSarthak Patel (www.sarthakpatel.in)58Expiration DateDigital signature of the issuerOther information (optional)
  • 59. Certificate Authorities:Trusted entity which issue and manage certificates for a populationof public-private key-pair holders.A digital certificate is issued by a CA and is signed with CA’sprivate key.Sarthak Patel (www.sarthakpatel.in)59
  • 60. Who are the Certificate Authorities?VeriSignGTE CyberTrustEntrustIBMCertCoSarthak Patel (www.sarthakpatel.in)60CertCoUSPS / Cylink
  • 61. Certificate Issuance Process:Generate public/private key pairSends public key to CAProves identity to CA - verifyCA signs and issues certificateCA e-mails certificate or Requestor retrieves certificate fromSarthak Patel (www.sarthakpatel.in)61CA e-mails certificate or Requestor retrieves certificate fromsecure websitesRequestor uses certificate to demonstrate legitimacy of theirpublic key
  • 62. Types of Digital CertificatesE-Mail CertificatesBrowser CertificatesServer (SSL) CertificatesSoftware Signing CertificatesSarthak Patel (www.sarthakpatel.in)62Software Signing Certificates
  • 63. Potential security holes:Was the user really identified?Security of the private keyCan the Certificate Authority be trusted?Names are not uniqueSarthak Patel (www.sarthakpatel.in)63Names are not unique
  • 64. X.509 Directory Authentication ServiceDefines a framework for the authentication servicesThe X.509 directory serving as a repository of public-keycertificatesDefines alternative authentication protocolsSarthak Patel (www.sarthakpatel.in)64
  • 65. X.509 Certificate formatVersionSerial numberAlgorithmAlgorithmNotation to define a certificate:CA<<A>>=CA{V,SN,AI,CA,Ta,A,Ap}AlgorithmParametersIssuerNot beforeNot afterSubjectAlgorithmParameterKeySignatureSarthak Patel(www.sarthakpatel.in)65AlgorithmidentifierPeriod ofvaliditySubject’spublic keyCA<<A>>=CA{V,SN,AI,CA,Ta,A,Ap}whereY<<X>>= the certificate of user Xissued by certification authority YY{I}=the signing of I by Y. It consists ofI with an enciphered hash codeappended.
  • 66. Securely Obtain a Public KeyScenario:A has obtain a certificate from the CA X1B has obtain a certificate from the CA X2A can read the B’s certificate but cannot verify it.Solution: X1<<X2> X2<<B>>Sarthak Patel (www.sarthakpatel.in)66A obtain the certificate of X2 signed by X1 from directory. obtain X2’spublic keyA goes back to directory and obtain the certificate of B signed by X2.obtain B’s public key securely
  • 67. X.509 CA HierarchySarthakPatel(www.sarthakpatel.in)A acquires B certificateusing chain:X<<W>>W<<V>>V<<Y>>Y<<Z>> Z<<B>>B acquires A certificateusing chain:Z<<Y>>Y<<V>>V<<W>>W<<X>> X<<A>>67
  • 68. Authentication Procedures:Three alternative authentication procedures:One-WayAuthenticationTwo-WayAuthenticationThree-WayAuthenticationSarthak Patel (www.sarthakpatel.in)68Three-WayAuthenticationAll use public-key signatures
  • 69. One-Way Authentication:1 message ( A->B) used to establishthe identity ofA and that message is fromAmessage was intended for Bintegrity & originality of messageSarthak Patel (www.sarthakpatel.in)69A B1-A {ta,ra,B,sgnData,PUb[Kab]}Ta-timestamp A=nonce B =identitysgnData=signed with A’s private key
  • 70. Two-Way Authentication2 messages (A->B, B->A) which also establishes in addition:the identity of B and that reply is from Bthat reply is intended forAintegrity & originality of replySarthak Patel (www.sarthakpatel.in)70A B1-A {ta,ra,B,sgnData,KUb[Kab]}2-B {tb,rb,A,sgnData,KUa[Kab]}
  • 71. Three-Way Authentication3 messages (A->B, B->A,A->B) which enables aboveauthentication without synchronized clocksSarthak Patel (www.sarthakpatel.in)71A B1- A {ta,ra,B,sgnData,KUb[Kab]}2 -B {tb,rb,A,sgnData,KUa[Kab]}3- A{rb}
  • 72. THE ENDTHE ENDSarthak Patel (www.sarthakpatel.in)72

×