Chapter 3 and 4:

Cryptography
and Network
Security

Computer Networking: A
Top-Down Approach
8th edition
Jim Kurose, Keith Ross
Pearson, 2020
Security: overview
Chapter goals:
▪ understand principles of network security:
• cryptography and its many uses beyond “confidentiality”
• authentication
• message integrity
▪ security in practice:
• firewalls and intrusion detection systems
• security in application, transport, network, link layers

Security: 8- 2
Chapter 8 outline
▪ What is network security?
▪ Principles of cryptography
▪ Message integrity, authentication
▪ Securing e-mail
▪ Securing TCP connections: TLS
▪ Network layer security: IPsec
▪ Security in wireless and mobile networks
▪ Operational security: firewalls and IDS

Security: 8- 3
What is network security?
confidentiality: only sender, intended receiver should “understand”
message contents
• sender encrypts message
• receiver decrypts message
authentication: sender, receiver want to confirm identity of each
other
message integrity: sender, receiver want to ensure message not
altered (in transit, or afterwards) without detection
access and availability: services must be accessible and available to
users

Security: 8- 4
Friends and enemies: Alice, Bob, Trudy
▪ well-known in network security world
▪ Bob, Alice (lovers!) want to communicate “securely”
▪ Trudy (intruder) may intercept, delete, add messages

Alice channel data, control Bob

messages

secure secure
data data
sender receiver

Trud
y
Security: 8- 5
Friends and enemies: Alice, Bob, Trudy
Who might Bob and Alice be?
▪ … well, real-life Bobs and Alices!
▪ Web browser/server for electronic transactions (e.g., on-line purchases)
▪ on-line banking client/server
▪ DNS servers
▪ BGP routers exchanging routing table updates
There are bad guys (and girls) out there!
Q: What can a “bad guy” do?
A: A lot! (recall section 1.6)
• eavesdrop: intercept messages
• actively insert messages into connection
• impersonation: can fake (spoof) source address in packet (or any
field in packet)
• hijacking: “take over” ongoing connection by removing sender or
receiver, inserting himself in place
• denial of service: prevent service from being used by others (e.g.,
by overloading resources)
Chapter 8 outline
▪ What is network security?
▪ Principles of cryptography
▪ Message integrity, authentication
▪ Securing e-mail
▪ Securing TCP connections: TLS
▪ Network layer security: IPsec
▪ Security in wireless and mobile networks
▪ Operational security: firewalls and IDS

Security: 8- 8
 Cryptography

⮚Cryptography is the science of secret, or hidden writing

⮚Cryptanalysis: The study of methods for obtaining the meaning of encrypted information
without accessing the secret information
⮚Cryptology
Cryptography + cryptanalysis

Terms used in Cryptography:

▪ plaintext - original message
▪ ciphertext - coded message
▪ encryption- converting plaintext to ciphertext
▪ decryption - recovering plaintext from ciphertext
▪ key- info used in encryption and decryption known only to sender/receiver
The language of cryptography
Alice’s Bob’s
KA encryption KB decryption
key key
plaintext encryption ciphertext decryption plaintext
algorithm algorithm

m: plaintext message
KA(m): ciphertext, encrypted with key KA
m = KB(KA(m))
Security: 8- 10
Goals of Cryptography
confidentiality: only sender, intended receiver should “understand” message contents
• sender encrypts message
• receiver decrypts message
authentication: sender, receiver want to confirm identity of each other
message integrity: sender, receiver want to ensure message not altered (in transit, or
afterwards) without detection
Nonrepudiation: assurance that someone cannot deny something.

Alice Bob
Mathematical Notation: Encryption and
Decryption
An encryption algorithm is a means of transforming plaintext into ciphertext
under the control of a secret key.
This process is called encryption or encipherment. We write c = Ek(m), where
• m is the plaintext
• E is the cipher function
• k is the secret key
• c is the ciphertext.
The reverse process is called decryption or decipherment, and we write
m = Dk(c).
The encryption and decryption algorithms E, D are public, the secrecy of m
given c depends totally on the secrecy of k

Security: 8- 12
Types of Attacks against Encryption
Type of Attack Known to Cryptanalyst

Ciphertext Only Encryption Algorithm, Ciphertext

Known Plaintext Encryption algorithm, Ciphertext,

One or more PT-CT pairs formed with secret key

Chosen Plaintext Encryption algorithm, Ciphertext,

PT message chosen by cryptanalyst, together with its CT generated with the secret key
(temporary access to the encryption system)

Chosen Ciphertext Encryption algorithm, Ciphertext,

CT chosen by cryptanalyst, together with its corresponding decrypted PT generated with the
secret key
(temporary access to the decryption system)
Rough slide

14
Symmetric key cryptography
KS KS

plaintext encryption ciphertext decryption plaintext

algorithm K S(m) algorithm

symmetric key crypto: Bob and Alice share same (symmetric)

key: K
▪ e.g., key is knowing substitution pattern in mono alphabetic
substitution cipher
Q: how do Bob and Alice agree on key value?
Security: 8- 15
Simple encryption scheme
substitution cipher: substituting one thing for another
▪ monoalphabetic cipher: substitute one letter for another

plaintext: abcdefghijklmnopqrstuvwxyz

ciphertext: mnbvcxzasdfghjklpoiuytrewq

e.g.: Plaintext: bob. i love you. alice

ciphertext: nkn. s gktc wky. mgsbc

Encryption key: mapping from set of 26 letters

to set of 26 letters
Security: 8- 16
Symmetric key crypto: DES
DES: Data Encryption Standard
▪ US encryption standard [NIST 1993]
▪ 56-bit symmetric key, 64-bit plaintext input
▪ block cipher with cipher block chaining
▪ how secure is DES?
• DES Challenge: 56-bit-key-encrypted phrase decrypted (brute force)
in less than a day
• no known good analytic attack
▪ making DES more secure:
• 3DES: encrypt 3 times with 3 different keys

Security: 8- 17
AES: Advanced Encryption Standard
▪ symmetric-key NIST standard, replaced DES (Nov 2001)
▪ processes data in 128 bit blocks
▪ 128, 192, or 256 bit keys
▪ brute force decryption (try each key) taking 1 sec on DES,
takes 149 trillion years for AES

Security: 8- 18
Types of Symmetric Key Encryption: Stream and Block Ciphers
The basic operation of encryption involves some function/operation involving the message and
the key
○ Example, let the encryption operation be the XOR operation
○ Message: 101000101
○ Key: 001101011
○ Ciphertext: 101000101 ⊕ 100101110 = 001101011
● A block cipher is one that allows you to use a key to encrypt data in groups
(blocks) of a pre-determined size (such as 128 bits, 256 bits, etc.)
○ If the last block is not full, padding bits are added to make it the same length
as the block size
○ Ciphertext blocks may be XORed with the next plaintext block to create even
stronger encryption through cipher chaining
Eg: DES, AES etc.
● Stream Ciphers
– Encrypt data one bit or one byte at a time
– Example: RC4
Traditional Encryptions

All traditional encryption schemes are symmetric

Example: shift cipher, substitution cipher

20
Shift Ciphers
● This is an ancient encryption technique wherein every letter in the English
alphabet is substituted by a letter k positions in front of it.
○ Eg: If k=3, A will be replaced by D, B by E… and Z by C
○ HELLO will be encrypted as KHOOR
○ The shift cipher with k=3 is often called the Caesar cipher
● Relatively easy to break
○ k can have only 26 possible values - one can simply examine all possible
combinations and decrypt -- Brute Force Approach
Polyalphabetic Substitution Ciphers
● Polyalphabetic Cipher: One letter in the plaintext is mapped to more than one
letter in the ciphertext
○ Plaintext alphabet ABCDEFGHIJKLMNOPQRSTUVWXYZ
○ Ciphertext alphabet one TMKGOYDSIPELUAVCRJWXZNHBQF
○ Ciphertext alphabet two DCBAHGFEMLKJIZYXWVUTSRQPON
○ Plaintext letters in an odd position are encrypted using the first ciphertext
alphabet, whilst the plaintext letters in even positions are encrypted using the
second alphabet
○ The plaintext word HELLO is encrypted to SHLJV
○ The two L’s in the plaintext are encrypted differently in the ciphertext
Symmetric Key Cryptography: Key Strength
▪ Strength of algorithm is determined by the size of the key
• The longer the key the more difficult it is to crack
▪ Key length is expressed in bits
▪ Set of possible keys for a cipher is called key space
• For 40-bit key there are 240 possible keys
• For 128-bit key there are 2128 possible keys
• Each additional bit added to the key length doubles the security
▪ To crack the key the hacker has to use brute-force
(i.e. try all the possible keys till a key that works is found)
• Super Computer can crack a 56-bit key in 24 hours (old stats, of course)
• It will take 272 times longer to crack a 128-bit key
(Longer than the age of the universe)
Limitations of Symmetric Key Cryptography
▪ Any exposure to the secret key compromises secrecy of ciphertext
▪ A key needs to be distributed to the receiver for decryption.
Problems
▪ Encrypt IIITS using polyalphabetic cipher. Use
○ Ciphertext alphabet one TMKGOYDSIPELUAVCRJWXZNHBQF
○ Ciphertext alphabet two DCBAHGFEMLKJIZYXWVUTSRQPON
Ans: IMITW
▪ Encrypt IIITS using Caesar Cipher
Ans: LLLWV
Public Key Cryptography
symmetric key crypto: public key crypto
▪ requires sender, receiver ▪ sender, receiver do not
know shared secret key share secret key
▪ Q: how to agree on key in ▪ public encryption key
first place (particularly if known to all
never “met”)? ▪ private decryption key
known only to receiver

Security: 8- 26
Public Key Cryptography
+
K Bob’s public key
B

-
K Bob’s private key
B

plaintext encryption ciphertext decryption plaintext

message, m algorithm + algorithm - +
K (m) m = KB (K (m))
B B

Security: 8- 27
Public key encryption algorithms
requirements:
1
+
. -.
need KB ( ) and K ( ) such that
B
- +
K (K (m)) = m
B B
+
2 given public key KB ,
it should be impossible to
-
compute private key KB

RSA: Rivest, Shamir, Adelman algorithm

Security: 8- 28
Prerequisite: modular arithmetic
▪ x mod n = remainder of x when divide by n
▪ Facts (Solve for a=5, b=7):
[(a mod n) + (b mod n)] mod n = (a+b) mod n
[(a mod n) - (b mod n)] mod n = (a-b) mod n.
[(a mod n) * (b mod n)] mod n = (a*b) mod n
(a mod n)d mod n = ad mod n
▪ example: x=14, n=10, d=2:
(x mod n)d mod n = 42 mod 10 = 6
xd = 142 = 196 xd mod 10 = 6
Security: 8- 29
RSA: getting ready
▪ message: just a bit pattern
• E.g. Alphabet ‘A’ is sent as 01000001
• bit pattern can be uniquely represented by an integer number
▪ thus, encrypting a message is equivalent to encrypting a number
example:
▪ m= 10010001. This message is uniquely represented by the decimal
number 145.
▪ to encrypt m, we encrypt the corresponding number, which gives a new
number (the ciphertext).

Security: 8- 30
RSA: Creating public/private key pair
1. choose two large prime numbers p, q. (e.g., 1024 bits each)

2. compute n = pq, z = (p-1)(q-1)

3. choose e (with e<n) that has no common factors with z (e, z are
“relatively prime”).
4. choose d such that ed-1 is exactly divisible by z. (in other words: ed
mod z = 1 ).
5. public key is (n,e). private key is (n,d).
KB+ KB-
Security: 8- 31
RSA: encryption, decryption
0. given (n,e) and (n,d) as computed above
1. to encrypt message m (<n), compute
c = m e mod n
2. to decrypt received bit pattern, c, compute
m = c d mod n

Security: 8- 32
RSA example:
Bob chooses p=5, q=7. Then n=35, z=24.
e=5 (so e, z relatively prime).
d=5 (so ed-1 exactly divisible by z).
encrypting 8-bit messages.

bit pattern m me c = memod n

encrypt:
00001100 12 24832 17

decrypt:
c cd m = cdmod n
17 1419857 12

Security: 8- 33
 RSA example:
• Choose p = 3, q = 11, and m=2
• Compute n = p * q = 3 * 11 = 33
• Compute φ(n) = (p - 1) * (q - 1) = 2 * 10 = 20
• Choose e such that 1 < e < φ(n) and e and φ (n) are coprime. Let e = 7
• Compute a value for d such that (d * e) % φ(n) = 1. One solution is d = 3 [(3
* 7) % 20 = 1]
• Public key is (e, n) => (7, 33)
• Private key is (d, n) => (3, 33)
• The encryption of m = 2 is c = 27 % 33 = 29
• The decryption of c = 29 is m = 293 % 33 = 2

Security: 8- 34
Why does RSA work?
▪ must show that cd mod n = m, where c = me mod n
▪ fact: for any x and y: xy mod n = x(y mod z) mod n
• where n= pq and z = (p-1)(q-1)
▪ thus,
cd mod n = (me mod n)d mod n
= med mod n
= m(ed mod z) mod n
= m1 mod n
=m

Security: 8- 35
RSA: another important property
The following property will be very useful later:
- + + -
KB (K (m)) = m = K (K (m))
B B B

use public key use private key

first, followed first, followed
by private key by public key

result is the same!

Security: 8- 36
 - + + -
Why KB (K (m)) = m = K (K (m)) ?
B B B

follows directly from modular arithmetic:

(me mod n)d mod n = med mod n

= mde mod n
= (md mod n)e mod n

Security: 8- 37
Why is RSA secure?
▪ suppose you know Bob’s public key (n,e). How hard is it to
determine d?
▪ essentially need to find factors of n without knowing the two
factors p and q
• fact: factoring a big number is hard

Security: 8- 38
RSA in practice: session keys
▪ exponentiation in RSA is computationally intensive
▪ DES is at least 100 times faster than RSA
▪ use public key crypto to establish secure connection, then
establish second key – symmetric session key – for
encrypting data
session key, KS
▪ Bob and Alice use RSA to exchange a symmetric session key KS
▪ once both have KS, they use symmetric key cryptography

Security: 8- 39
Chapter 8 outline
▪ What is network security?
▪ Principles of cryptography
▪ Authentication, message integrity
▪ Securing e-mail
▪ Securing TCP connections: TLS
▪ Network layer security: IPsec
▪ Security in wireless and mobile networks
▪ Operational security: firewalls and IDS

Security: 8- 40
Authentication
Goal: Bob wants Alice to “prove” her identity to him
Protocol ap1.0: Alice says “I am Alice”

“I am Alice” failure scenario??

Security: 8- 41
Authentication
Goal: Bob wants Alice to “prove” her identity to him
Protocol ap1.0: Alice says “I am Alice”

in a network, Bob
can not “see”
Alice, so Trudy
simply declares
“I am Alice” herself to be Alice

Security: 8- 42
Authentication: another try
Goal: Bob wants Alice to “prove” her identity to him
Protocol ap2.0: Alice says “I am Alice” in an IP packet containing
her source IP address

Alice’s
IP address “I am Alice”
failure scenario??

Security: 8- 43
Authentication: another try
Goal: Bob wants Alice to “prove” her identity to him
Protocol ap2.0: Alice says “I am Alice” in an IP packet containing
her source IP address

Trudy can create

a packet “spoofing”
Alice’s
Alice’s address
IP address “I am Alice”

Security: 8- 44
Authentication: a third try
Goal: Bob wants Alice to “prove” her identity to him
Protocol ap3.0: Alice says “I am Alice” Alice says “I am Alice” and
sends her secret password to “prove” it.

Alice’s Alice’s
IP addr password “I am Alice” failure scenario??
Alice’s OK
IP addr

Security: 8- 45
Authentication: a third try
Goal: Bob wants Alice to “prove” her identity to him
Protocol ap3.0: Alice says “I am Alice” Alice says “I am Alice” and
sends her secret password to “prove” it.
playback attack:
Alice’s Alice’s
IP addr password “I am Alice” Trudy records
Alice’s packet
and later
plays it back to Bob

Security: 8- 46
Authentication: a modified third try
Goal: Bob wants Alice to “prove” her identity to him
Protocol ap3.0: Alice says “I am Alice” Alice says “I am Alice” and
sends her encrypted secret password to “prove” it.

Alice’s encrypted
IP addr password “I am Alice” failure scenario??
Alice’s OK
IP addr

Security: 8- 47
Authentication: a modified third try
Goal: Bob wants Alice to “prove” her identity to him
Protocol ap3.0: Alice says “I am Alice” Alice says “I am Alice” and
sends her encrypted secret password to “prove” it.

Alice’s encrypted
IP addr password “I am Alice” playback attack still
works: Trudy records
Alice’s packet
and later plays it
back to Bob
Note: Trudy does not
have the Alice’s key
Security: 8- 48
Authentication: a fourth try
Goal: avoid playback attack
nonce: number (R) used only once-in-a-lifetime
protocol ap4.0: to prove Alice “live”, Bob sends Alice nonce, R
▪ Alice must return R, encrypted with shared secret key
“I am Alice”

R
KA-B(R) Bob know Alice is live, and
only Alice knows key to
encrypt nonce, so it must
Failures, drawbacks? be Alice!
Security: 8- 49
Authentication: ap5.0
ap4.0 requires shared symmetric key - can we authenticate
using public key techniques?
ap5.0: use nonce, public key cryptography

“I am Alice”
Bob computes
R + -
- K (K (R)) = R
K A (R) A A
and knows only Alice could
Send me your public key have the private key, that
encrypted R such that
K+A + -
K (K (R)) = R
A A
Security: 8- 50
Chapter 8 outline
▪ What is network security?
▪ Principles of cryptography
▪ Authentication, message integrity
▪ Securing e-mail
▪ Securing TCP connections: TLS
▪ Network layer security: IPsec
▪ Security in wireless and mobile networks
▪ Operational security: firewalls and IDS

Security: 8- 51
Digital signatures
cryptographic technique analogous to hand-written signatures:
▪ sender (Bob) digitally signs document: he is document owner/creator.
▪ verifiable, nonforgeable: recipient (Alice) can prove to someone that Bob,
and no one else (including Alice), must have signed document
▪ simple digital signature for message m:
• Bob signs m by encrypting with his private key KB, creating “signed” message, KB-
(m)
- Bob’s private -
Bob’s message, m KB m,KB(m)
key
Dear Alice Dear Alice
Oh, how I have missed Oh, how I have missed
you. I think of you all the
Public key you. I think of you all the
time! …(blah blah blah) encryption time! …(blah blah blah)
algorithm -
Bob Bob KB(m)

Security: 8- 52
Digital signatures
-
▪ suppose Alice receives msg m, with signature: m, KB(m)
+ -
▪ Alice verifies m signed by Bob by applying Bob’s public key KB to KB(m)
+ -
then
+ -checks KB(KB(m) ) = m.
▪ If KB(KB(m) ) = m, whoever signed m must have used Bob’s private key

Alice thus verifies that:

▪ Bob signed m
▪ no one else signed m
▪ Bob signed m and not m’
non-repudiation: -
✔ Alice can take m, and signature KB(m) to court and prove that Bob
signed m
Security: 8- 53
Message digests
computationally expensive to public-key-encrypt long messages
goal: fixed-length, easy- to-compute digital “fingerprint”
▪ apply hash function H to m, get fixed size message digest, H(m)

large
message H: Hash
Function H(m)
m

Hash function properties:

▪ produces fixed-size msg digest (fingerprint)
▪ given message digest x, computationally infeasible to find m such
that x = H(m), i.e. One-way
Security: 8- 54
Internet checksum: poor crypto hash function
Internet checksum has some properties of hash function:
▪ produces fixed length digest (16-bit sum) of message
▪ is many-to-one
but given message with given hash value, it is easy to find another
message with same hash value:
message ASCII format message ASCII format
IOU1 49 4F 55 31 IOU9 49 4F 55 39
00.9 30 30 2E 39 00.1 30 30 2E 31
9BOB 39 42 D2 42 9BOB 39 42 D2 42
B2 C1 D2 AC different messages B2 C1 D2 AC
but identical checksums!
Security: 8- 55
Digital signature = signed message digest
Bob sends digitally signed message: Alice verifies signature, integrity
of digitally signed message:
large
message H: Hash
m Function H(m) encrypted
message digest
-
KB(H(m))
digital
Bob’s signature large
private -
key KB (encrypt) message
m digital
Bob’s signature
public +
key KB (decrypt)
encrypted H: Hash
message digest
+ -
KB(H(m))
function

H(m) H(m)

?
equal
Security: 8- 56
Hash function algorithms
▪ MD5 hash function widely used (RFC 1321)
• computes 128-bit message digest in 4-step process.
• arbitrary 128-bit string x, appears difficult to construct msg m whose
MD5 hash is equal to x
▪ SHA-1 is also used
• US standard [NIST, FIPS PUB 180-1]
• 160-bit message digest

Security: 8- 57
 Authentication: ap5.0 flaw!

I am Alice I am Alice
R
-
K (R)

?
T
R Where are Send me your public key
- mistakes +
K (R) K Bob computes
A made here? T + -
Send me your public key K (K T(R)) = R,
+ T
K authenticating
A Trudy as Alice
Trudy recovers m: +
Trudy recovers Bob’s m: + - + K (m) Bob sends a personal
- + m = K (K (m)) T
m = K (K (m)) K (m) T T message, m to Alice
A A A sends m to Alice
and she and Bob meet a week encrypted with
later in person and discuss m, Alice’s public key
not knowing Trudy knows m
Security: 8- 58
Need for certified public keys
▪ motivation: Trudy plays pizza prank on Bob
• Trudy creates e-mail order:
Dear Pizza Store, Please deliver to me
four pepperoni pizzas. Thank you, Bob
• Trudy signs order with her private key
• Trudy sends order to Pizza Store
• Trudy sends to Pizza Store her public
key, but says it’s Bob’s public key
• Pizza Store verifies signature; then
delivers four pepperoni pizzas to Bob
• Bob doesn’t even like pepperoni
Security: 8- 59
Public key Certification Authorities (CA)
▪ certification authority (CA): binds public key to particular entity, E
▪ entity (person, website, router) registers its public key with CA
• CA creates certificate binding identity E to E’s public key
• certificate containing E’s public key digitally signed by CA: CA says “this is E’s
public key”

Bob’s digital
public + signature +
key KB (encrypt) KB

CA’s
private
K
- certificate for Bob’s
Bob’s key
identifying
CA public key, signed by CA
information

Security: 8- 60
Rough slide

Security: 8- 61
Public key Certification Authorities (CA)
▪ when Alice wants Bob’s public key:
• gets Bob’s certificate (Bob or elsewhere)
• apply CA’s public key to Bob’s certificate, get Bob’s public key

digital Bob’s
+
KB signature + public
(decrypt) KB key

CA’s
public +
key KCA

Security: 8- 62
Chapter 8 outline
▪ What is network security?
▪ Principles of cryptography
▪ Authentication, message integrity
▪ Securing e-mail
▪ Securing TCP connections: TLS
▪ Network layer security: IPsec
▪ Security in wireless and mobile networks
▪ Operational security: firewalls and IDS

Security: 8- 63
Secure e-mail: confidentiality
Alice wants to send confidential e-mail, m, to Bob.
KS

m KS( ). KS(m ) KS(m )

KS( ) . m

+ Internet - KS

KS
+
KB( ). +
KB(KS )
+
KB(KS )
-
KB( ) .
K+
B K-B
Alice:
▪ generates random symmetric private key, KS
▪ encrypts message with KS (for efficiency)
▪ also encrypts KS with Bob’s public key
▪ sends both KS(m) and K+B(KS) to Bob
Security: 8- 64
Secure e-mail: confidentiality (more)
Alice wants to send confidential e-mail, m, to Bob.
KS

m KS( ). KS(m ) KS(m )

KS( ) . m

+ Internet - KS

KS
+
KB( ). +
KB(KS )
+
KB(KS )
-
KB( ) .
K+
B K-B
Bob:
▪ uses his private key to decrypt and
recover KS
▪ uses KS to decrypt KS(m) to recover m

Security: 8- 65
Secure e-mail: integrity, authentication
Alice wants to send m to Bob, with message integrity, authentication

KA- K+
A
- -
m H(.) K (.)
-
A
KA(H(m)) KA(H(m)) +
KA( ). H(m )

+ Internet - compare

m H( ). H(m )
m

▪ Alice digitally signs hash of her message with her private key,
providing integrity and authentication
▪ sends both message (in the clear) and digital signature

Security: 8- 66
Secure e-mail: integrity, authentication
Alice sends m to Bob, with confidentiality, message integrity, authentication
KA- confidentiality
-
m .
H( )
-
KA( ) . KA(H(m))
KS

+ KS( ) . KS(m )

m + Internet
message integrity, authentication
KS
+
KB( ) . +
KB(KS )
K+
B

Alice uses three keys: her private key, Bob’s public key, new symmetric key
What are Bob’s complementary actions?
Security: 8- 67
Secure e-mail: integrity, authentication
Alice sends m to Bob, with confidentiality, message integrity, authentication

What are Bob’s complementary actions?

1. Decrypt shared key using his private key

2. Decrypt the message using shared key
3. Decrypt hash using Alice’s public key
4. Compute hash of the message
5. Check if the computed hash (Step 4) matches with the decrypted hash
received (Step 3)

Security: 8- 68
Five services for security systems

Confidentiality
Integrity
Availability
Non-repudiation
Authentication

Which of these are provided by Digital signatures?

Security: 8- 69
IP Sec
▪ provides datagram-level encryption, authentication, integrity
• for both user traffic and control traffic (e.g., BGP, DNS messages)
▪ two “modes”: payload

payload

payload

tunnel mode:
transport mode: ▪ entire datagram is encrypted,
authenticated
▪ only datagram payload is ▪ encrypted datagram encapsulated
encrypted, authenticated in new datagram with new IP
header, tunneled to destination
Security: 8- 70
Two IPsec protocols
▪ Authentication Header (AH) protocol [RFC 4302]
• provides source authentication & data integrity but not confidentiality
▪ Encapsulation Security Protocol (ESP) [RFC 4303]
• provides source authentication, data integrity, and confidentiality
• Anti-replay protection
• more widely used than AH

Security: 8- 71
Chapter 8 outline
▪ What is network security?
▪ Principles of cryptography
▪ Authentication, message integrity
▪ Securing e-mail
▪ Securing TCP connections: TLS
▪ Operational security: firewalls and IDS

Security: 8- 72
Firewalls
firewall
isolates organization’s internal network from larger
Internet, allowing some packets to pass, blocking others

administered public
network Internet
trusted “good guys” untrusted “bad guys”
firewall
Security: 8- 73
Firewalls: why
prevent denial of service attacks:
▪ SYN flooding: attacker establishes many bogus TCP connections, no
resources left for “real” connections
prevent illegal modification/access of internal data
▪ e.g., attacker replaces CIA’s homepage with something else
allow only authorized access to inside network
▪ set of authenticated users/hosts
three types of firewalls:
▪ stateless packet filters
▪ stateful packet filters
▪ application gateways

Security: 8- 74
Stateless packet filtering
Should arriving
packet be allowed
in? Departing
packet let out?

▪ internal network connected to Internet via router firewall

▪ filters packet-by-packet, decision to forward/drop packet based on:
• source IP address, destination IP address
• TCP/UDP source, destination port numbers
• ICMP message type
• TCP SYN, ACK bits
Security: 8- 75
Stateless packet filtering: example
Should arriving
packet be allowed
in? Departing
packet let out?

▪ example 1: block incoming and outgoing datagrams with IP protocol field = 6

and with either source or dest port = 23
• result: all incoming, outgoing TCP flows and telnet connections are blocked
▪ example 2: block inbound TCP segments with ACK=0
• result: prevents external clients from making TCP connections with internal
clients, but allows internal clients to connect to outside

Security: 8- 76
Stateless packet filtering: more examples
Policy Firewall Setting
no outside Web access drop all outgoing packets to any IP
address, port 80
no incoming TCP connections, drop all incoming TCP SYN packets to any
except those for institution’s public IP except [Link], port 80
Web server only.
prevent Web-radios from eating up drop all incoming UDP packets - except
the available bandwidth. DNS and router broadcasts.
prevent your network from being drop all ICMP packets going to a
used for a smurf DoS attack. “broadcast” address (e.g.
[Link])
prevent your network from being drop all outgoing ICMP TTL expired traffic
tracerouted

Security: 8- 77
Access Control Lists
ACL: table of rules, applied top to bottom to incoming packets: (action,
condition) pairs
source dest source dest flag
action protocol
address address port port bit
outside of any
allow 222.22/16 TCP > 1023 80
222.22/16
allow outside of 222.22/16
TCP 80 > 1023 ACK
222.22/16
outside of
allow 222.22/16 UDP > 1023 53 ---
222.22/16
allow outside of 222.22/16
UDP 53 > 1023 ----
222.22/16
deny all all all all all all
Security: 8- 78
Stateful packet filtering
▪ stateless packet filter: heavy handed tool
• admits packets that “make no sense,” e.g., dest port = 80, ACK bit set, even though no
TCP connection established:

action source dest protocol source dest flag

address address port port bit
allow outside of 222.22/16
TCP 80 > 1023 ACK
222.22/16

▪ stateful packet filter: track status of every TCP connection

• track connection setup (SYN), teardown (FIN): determine whether incoming,
outgoing packets “makes sense”
• timeout inactive connections at firewall: no longer admit packets

Security: 8- 79
Rough Slide

Security: 8- 80
Stateful packet filtering
ACL augmented to indicate need to check connection state table before
admitting packet
action source dest proto source dest flag check
address address port port bit connection
outside of any
allow 222.22/16 TCP > 1023 80
222.22/16

allow outside of 222.22/16

TCP 80 > 1023 ACK x
222.22/16

outside of
allow 222.22/16 UDP > 1023 53 ---
222.22/16

allow outside of 222.22/16

UDP 53 > 1023 ----
x
222.22/16

deny all all all all all all

Security: 8- 81
Application gateways
▪ filter packets on host-to-
gateway application
application data as well telnet session gateway
router and filter
as on IP/TCP/UDP fields.

gateway-to-remote
host telnet session

1. require all telnet users to telnet through gateway.

2. for authorized users, gateway sets up telnet connection to dest host
• gateway relays data between 2 connections
3. router filter blocks all telnet connections not originating from gateway
Security: 8- 82
Limitations of firewalls, gateways
▪ IP spoofing: router can’t know ▪ tradeoff: degree of
if data “really” comes from communication with outside
claimed source world, level of security
▪ if multiple apps need special ▪ many highly protected sites
treatment, each has own app. still suffer from attacks
gateway
▪ client software must know
how to contact gateway
• e.g., must set IP address of
proxy in Web browser

Security: 8- 83