Advanced Computer Networks: Lecture 41. This lecture will cover the following: message integrity protocols; digital signature using RSA; session key communication; key distribution center; man-in-the-middle attack in Diffie-Hellman; tree-structured CA hierarchy; PGP message integrity and authentication;...
CS716 Advanced Computer Networks By Dr. Amir Qayyum 1 Lecture No. 41 Message Integrity Protocols • Digital signature using RSA – Special case of a message integrity where the code can only have been generated by one participant – Compute signature with private key and verify with public key Message Integrity Protocols • Keyed MD5 – Sender: m + MD5 (m + k) + E(E(k, rcvpub), private) – Receiver • recovers random key using the sender’s public key • applies MD5 to the concatenation of this random key message Message Integrity Protocols • MD5 with RSA signature – Sender: m + E(MD5(m), private) – Receiver • Decrypts signature with sender’s public key • Compares result with MD5 checksum sent with message Authentication Session Key Communication Session Key Communication Key Distribution Center Kerberos 10 PGP Message Encryption Create a random secret key k Encrypt message using DES with secret key k Encrypt k using RSA with recipient s public key Encode message + E(k) in ASCII for transmission Original message Decrypt message using DES with secret key k Decrypt E(k) using RSA with my private key k Convert ASCII message Transmitted message 17 Example (PGP) 18 SSH Port Forwarding 19 Secure Transport Layer Application (e.g HTTP) Secure transport layer TCP IP Subnet 20 TLS Handshake Protocol Client Server Hell o [C [Cer ertifica te t Ve rify] ] Keys Finis hed h Finis ed Data 21 TLS Handshake Protocol 22 IPSEC Authentication Header NextHdr PayloadLength Reserved SPI SeqNum AuthenticationData 23 IPSEC ESP Header 24 ESP Packet 25 Firewalls 26 Firewalls Firewall Rest of the Internet Local site • FilterBased Solution – Example ( 192.12.13.14, 1234, 128.7.6.5, 80 ) (*,*, 128.7.6.5, 80 ) – Default: forward or not forward? – How dynamic? 27 ProxyBased Firewalls • Problem: complex policy • Example: web server Remote Company User Firewall Internet Web Server Company net Random External User 28 ProxyBased Firewalls • Solution: proxy Firewall External Client Local Server Proxy External HTTP/TCP connection Internal HTTP/TCP connection • Design: transparent vs classical • Limitations: Internal attacks 29 Simple Proxy Scenario S P R 30 Denial of Service • Attacks on end hosts – SYN attack • Attacks on routers – Christmas tree packets – Pollute route cache • Authentication attacks • Distributed DoS attacks 31 .. .Lecture? ?No.? ?41 Message Integrity Protocols • Digital signature using RSA – Special case of a message integrity where