Points of Vulnerability Network Systems Security Mort Anvari Points of Vulnerability    Adversary can eavesdrop from a machine on the same LAN Adversary can eavesdrop by dialing into communication server Adversary can eavesdrop by gaining physical control of part of external links   twisted pair, coaxial cable, or optical fiber radio or satellite links 9/14/2004 Placement of Symmetric Encryption   Two major placement alternatives Link encryption     encryption occurs independently on every link implies must decrypt traffic between links requires many devices, but paired keys End-to-end encryption   encryption occurs between original source and final destination need devices at each end with shared keys 9/14/2004 Characteristics of Link and End-to-End Encryption 9/14/2004 Placement of Encryption  Can place encryption function at various layers in OSI Reference Model    link encryption occurs at layers or end-to-end can occur at layers 3, 4, 6, If move encryption toward higher layer   less information is encrypted but is more secure application layer encryption is more complex, with more entities and need more keys 9/14/2004 Scope of Encryption 9/14/2004 Traffic Analysis    When using end-to-end encryption, must leave headers in clear so network can correctly route information Hence although contents are protected, traffic patterns are not protected Ideally both are desired   end-to-end protects data contents over entire path and provides authentication link protects traffic flows from monitoring 9/14/2004 Key Distribution    Symmetric schemes require both parties to share a common secret key Need to securely distribute this key If key is compromised during distribution, all communications between two parties are compromised 9/14/2004 Key Distribution Schemes  Various key distribution schemes for two parties     A can select key and physically deliver to B third party C can select and deliver key to A and B if A and B have shared a key previously, can use previous key to encrypt a new key if A and B have secure communications with third party C, C can relay key between A and B 9/14/2004 Key Distribution Scenario 9/14/2004 10 Asymmetric Encryption for Authentication 9/14/2004 17 Applications for Asymmetric Encryption  Three categories    Encryption/decryption: sender encrypts a message with receiver’s public key Digital signature: sender “signs” a message with its private key Key exchange: two sides exchange a session key 9/14/2004 18 Security of Asymmetric Encryption      Like symmetric schemes brute-force exhaustive search attack is always theoretically possible, but keys used are too large (>512bits) Not more secure than symmetric encryption, dependent on size of key Security relies on a large enough difference in difficulty between easy (en/decrypt) and hard (cryptanalyse) problems Generally the hard problem is known, just made too hard to in practice Require using very large numbers, so is slow compared to symmetric schemes 9/14/2004 19 RSA      Invented by Rivest, Shamir & Adleman of MIT in 1977 Best known and widely used public-key scheme Based on exponentiation in a finite (Galois) field over integers modulo a prime  exponentiation takes O((log n) 3) operations (easy) Use large integers (e.g 1024 bits) Security due to cost of factoring large numbers  factorization takes O(e log n log log n) operations (hard) 9/14/2004 20 RSA Key Setup  Each user generates a public/private key pair by    select two large primes at random: p, q compute their system modulus n=p·q  note ø(n)=(p-1)(q-1) select at random the encryption key e where 1