Download Network Security: Message Integrity and Digital Signatures and more Slides Computer Networks in PDF only on Docsity!
Lecture 22
Network Security (cont)
slides are modified from Dave Hollinger
Chapter 8 roadmap
8.1 What is network security?
8.2 Principles of cryptography
8.3 Message integrity
8.4 Securing e-mail
8.5 Securing TCP connections: SSL
8.6 Network layer security: IPsec
8.7 Securing wireless LANs
8.8 Operational security: firewalls and IDS
Message Digests
- Function H( ) that takes as input an arbitrary length message and outputs a fixed-length string: “message signature”
- Note that H( ) is a many-to- function
- H( ) is often called a “hash function” - Desirable properties: - Easy to calculate - Irreversibility : Can’t determine m from H(m) - Collision resistance : Computationally difficult to produce m and m’ such that H(m) = H(m’) - Seemingly random output
4
large message m
H: Hash Function
H(m)
Internet checksum: poor message digest
Internet checksum has some properties of hash function: produces fixed length digest (16-bit sum) of input is many-to-one
5
But given message with given hash value, it is easy to find another message with same hash value.
Example: Simplified checksum: add 4-byte chunks at a time:
I O U 1
9 B O B
49 4F 55 31
39 42 D2 42
message ASCII format
B2 C1 D2 AC
I O U 9
9 B O B
49 4F 55 39
39 42 D2 42
message ASCII format
different messages^ B2 C1 D2 AC but identical checksums!
Message Authentication Code (MAC)
- Authenticates sender
- Verifies message integrity
- No encryption!
- Also called “keyed hash”
- Notation: MD (^) m = H(s||m) ; send m||MD (^) m
7
message
H( )
s
message^ message
s
H( )
compare
s = shared secret
HMAC
• Popular MAC standard
• Addresses some subtle security flaws
1. Concatenates secret to front of message.
2. Hashes concatenated message
3. Concatenates the secret to front of digest
4. Hashes the combination again.
OSPF Authentication
System, routers send OSPF
messages to each other.
authentication choices
- No authentication
- Shared password: inserted in clear in 64-bit authentication field in OSPF packet
- Cryptographic hash
MD
- 64-bit authentication field includes 32-bit sequence number
- MD5 is run over a concatenation of the OSPF packet and shared secret key
- MD5 hash then appended to OSPF packet; encapsulated in IP datagram
End-point authentication
• Want to be sure of the originator of the
message
– end-point authentication
• Assuming Alice and Bob have a shared secret,
will MAC provide end-point authentication.
– We do know that Alice created the message.
– But did she send it?
“I am Alice”
R
MAC
Transfer $1M from Bill to Susan
MAC =
f(msg,s,R)
Defending against playback
attack: nonce
Digital Signatures
Cryptographic technique analogous to hand-written
signatures.
- sender (Bob) digitally signs document, establishing he is
document owner/creator.
- Goal is similar to that of a MAC,
- except now use public-key cryptography
- verifiable, nonforgeable: recipient (Alice) can prove to
someone that Bob, and no one else (including Alice),
must have signed document
Alice verifies signature and integrity of digitally signed message:
16
large message m
H: Hash function H(m)
digital signature (encrypt)
Bob’s private key (^) K B
Bob sends digitally signed message:
KB^ - (H(m))
encrypted msg digest
KB (H(m))
encrypted msg digest
large message m
H: Hash function
H(m)
digital signature (decrypt)
H(m)
Bob’s public key (^) K B
equal
Digital signature = signed message digest
Digital Signatures (more)
- Suppose Alice receives msg m, digital signature K (^) B(m)
- Alice verifies m signed by Bob by applying Bob’s public key K (^) B to
KB(m) then checks KB(KB(m) ) = m.
- If K (^) B(KB(m) ) = m, whoever signed m must have used Bob’s private
key.
Alice thus verifies that:
Bob signed m.
No one else signed m.
Bob signed m and not m’.
Non-repudiation:
Alice can take m, and signature K B(m) to court and prove
that Bob signed m.
17
Certification Authorities
- Certification authority (CA): binds public key to particular
entity, E.
- E (person, router) registers its public key with CA.
- E provides “proof of identity” to CA.
- CA creates certificate binding E to its public key.
- certificate containing E’s public key digitally signed by CA – CA says “this is E’s public key”
19
Bob’s public key KB
Bob’s identifying information
digital signature (encrypt) CA private key KCA
KB
certificate for Bob’s public key, signed by CA
Certification Authorities
- When Alice wants Bob’s public key:
- gets Bob’s certificate (from Bob or elsewhere).
- apply CA’s public key to Bob’s certificate, get Bob’s public key
20
Bob’s public KB^ + key
digital signature (decrypt)
CA public key
KCA^ +
KB