network security the security problems in the networks may be subdivided in four cathegories: -...
TRANSCRIPT
Network Security
• The security problems in the networks may be subdivided in four cathegories:
- confidentiality- authenticity-non repudiation-integrity
• confidentiality : requires that information sent on the network only be accessible for reading to authorized parts.
• authenticity: requires that it is possible to verify the identity of the subjects involved in the communication.
• non repudiation : requires that it is impossible to repudiate the sending of a message.
• integrity : requires that the received message is the same respect to that sent.
Types of threats
a)Sniffing (snooping)
• A packet sniffer is a software that is able to capture each packet flowing in the network and, if needed, to decode and to analyze its content.
• Attack to the data confidentiality.
• Use of criptography techniques (VPN)
b)Address spoofing• IP spoofing refers to the creation of IP packets with a forged
source IP address, called spoofing, with the purpose of concealing the identity of the sender or impersonating another computing system.
• The machine that receives spoofed packets will send response back to the forged source address, which means that this technique is mainly used when the attacker does not care about the response.
.
Denial of service
• A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users.
• It consists of the concerted efforts of a person or people to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely.
• Perpetrators of DoS attacks typically target sites or services hosted on high-profile web services such as bank credit cards payment gateways, and even root name servers.
Example: TCP SYN flood attack
• When a client attempts to start a TCP connection to a server, the client and server exchange a series of messages(TCP three way handsake)
.• The client requests a connection by sending a SYN
(synchronize) message to the server. The server acknowledges this request by sending SYN-ACK back to the client. The client responds with an ACK, and the connection is established.
.
• In case of attack a malicious client can skip sending the SYN ACK message. The server will wait for the acknowledgement for some time, as simple network congestion could also be the cause of the missing ACK.
• If these half open connections bind resources on the server, it may be possible to take up all these resources by flooding the server with SYN messages. Once all resources set aside for half-open connections are reserved, no new connections (legitimate or not) can be made, resulting in denial of service .
Trojan Horse• A Trojan, sometimes referred to as a Trojan horse, is non-
self-replicating program that appears to perform a desirable function for the user but instead facilitates unauthorized access to the user's computer system.
• Trojan horses are designed to allow a hacker remote access to a target computer system. Once a Trojan horse has been installed on a target computer system, it is possible for a hacker to access it remotely and perform various operations.
• Examples: attacks of spamming, DDoS, Data theft (e.g.
passwords, credit card information, etc.),Installation of software (including other malware) ,Downloading-uploading of files ,modification or deletion of files, keystroke logging,..
.
Backdoor
• A backdoor is a method of bypassing normal authentication, securing remote access to a computer, obtaining access to plaintext, and so on, while attempting to remain undetected.
• A backdoor can be designed during the development or maintenance phases of a program to allow the direct acces to the code or it may be derived by errors in designing or coding a program.
Attack to a DNS server• Attack to the data integrity or to the service availability.
• Attack based on backdoor techniques: system control acquisition and modification of the data-base containing the corrispondence among logical and binary addresses
• DOS attack: the server is not accessible by the network nodes
• Sniffing or spoofing: the sending nodes will not receive an answer.
Cryptology.
• Cryptography: design and development of cryptographic systems.
A plaintext is converted into apparently random non sense, referred to as ciphertext.
• Cryptanalys: The process of attempting to decrypt the encrypted text.
Conventional Encryption Model• The encryption process consists of an algorithm and a key.
The key ia a value indipendent of the plaintext. The algorithm will produce a different output depending on the specific key being used at the time. Changing the key changes the output of the algorithm.
• The security of conventional encryption depends on the secrecy of the key, not the secrecy of the algorithm.
• The fact that the algorithm need not to be kept secret means that manufactures can and have developed low- cost chip implementation of data encryption algorithms.
decryption algorithm, D
plaintext,P
Encryption key,K
cyphertext C = Ek(P)
attacker
Encryptionalgorithm, E
Decryption key, K
passive attacker active attacker
DK(EK(P))=P
• E, D are mathematical functions named encryption algorithms or decryption algorithms. The algorithms, generally, are public and well known. The secret is the key.
• While the alghorithm always operare the same way, a different key used on the same plaintext will produces different ciphertext.
• A cryptographic key is a string used to characterize a known algorithm.
.
• It is foundamental that the algorithm is public.
• A cryptographyc system based on a secret algorithm presents serious drawbacks. In fact, it is necessary to change it everytime the danger exists that it is no moreunknown.
• Instead, a key may be easily modified..
• The basic model of a cryptographic system is constituted.
of a solid, well known algorithm and a fixed size or variable size “strong key” .
Criptography
Criptographic systems are generally classified along three independent dimensions:• The type of operations used for transforming plaintext to
ciphertext.
All encryption algorithms are based on two general principles: substitution, in which each element in the plaintext (bit, letter, group of bit or letters) is mapped into another element, and transposition, in which elements in the plaintext are rearranged.
Most systems, referred to as product systems, involve multiple stages of subsitution and transposition.
• The criptographic methods are subdivided in two cathegories:
- Transposition technique- Substitution technique
In a transposition technique the units of the plaintext ( (single letters, pairs of letters,..) are rearranged in a different and usually quite complex order, but the units themselves are left unchanged.
• In a substitution technique, the units of the plaintext are retained in the same sequence in the cybertext, but the units themselves are altered.
• The number of keys usedIf both sender and receiver use the same key, the system is referred to as symmetric, single key, secret key or conventional encryption.If the sender and the receiver each use a different key, the system is referred to as asymmetric, two key, or public key encription.
• The way in which the plaintext is processed. A block cypher processes the input one block of elements at a time, producing an output block for each input block. A stream cypher processes the input elements continously, producing output one element at a time, as it goes along.
Cryptanalysis• brute force attack is a strategy used to break the encryption of data.
•It involves traversing the search space of all possible keys until the correct key is found.
•The resources required for a brute force attack scale exponentially with encreasing key size, not linearly. As a result doubling the key size for an algorithm does not simply double the required number of operations but rather squares them.
•Although there are algoritms which use 56-bit symmetric keys (e.g. Data Encryption standard),usually 128-256 bit keys are standard. .
• If some words in the encrypted text are known, the decryption is simplified
Average time required for exhaustive key search
keys size number of time required at(bits) altenative keys 106 decript/sec
32 232= 4.3 x 1092.15 msec 56 256=7.2 x 1016 10 hours128 2128=3.4x 1038 5.4x1018 years168 2168=3.7x 1050 5.9x 1030 years
Computationally secure encryption scheme
• The cost of breaking the cipher exceeds the value of the encrypted information.
• The time required to break the cipher exceeds the useful lifetime of the information.
• The criptographic methods are subdivided in two cathegories:
- Transposition technique- Substitution technique
In a transposition technique the units of the plaintext ( (single letters, pairs of letters,..) are rearranged in a different and usually quite complex order, but the units themselves are left unchanged.
• In a substitution technique, the units of the plaintext are retained in the same sequence in the cybertext, but the units themselves are altered.
Substitution technique
•Caesar ciphereach letter of the alphabet in the plaintext is
replaced with the letter standing three places further down the alphabet.For instance,
plaintext: de bello gallicoencrypted text: gh ehoor ldoonfr
AD, BE, CF…ZC
• Note that the alphabet is wrappep around, so that the letter following Z is A. We can define the trasformation by listing all possibilities, as follows:
plain: a b c d e f g h i j k l m n o p q r s t u v w x y z
D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
• If we assign a numerical equivalent to each letter (a=1,b=2,..) for each plaintext letter p, substitute the letter C
C=E(p)=(p+3)mod 26
• A shift may be of any amount, so that the general Caesar algorithm is:
C=E(p)=(p+k)mod(26)
where k takes on a value in the range 1 to 25.
• The decryption algorithm is
P=D(C)= (C-k) mod(26)
• There are only 25 possible keys
Monoalfabetic Ciphers• Each character in the plaintext is replaced by an another
character (arbitrary substitution).
plaintext: : a b c d e f g h i j l m n o p q r s t u v w x y zcipher line: Q W E R T Y U I O PR S T U V W X Y Z X C V B N M
• The cipher line can be any permutation of the 26 alphabetic characters, then there are 26! (4x1026 ) possible keys.
• However, if the cryptanalyst knows the nature of the plaintext (e.g. non compressed english text) then the analist can exploit the regularities of the language (relative frequence of the letters,frequence of two letter combination,..)
- in english language e is the most common letter, followed by t,o,a,n,i,etc..
- Two letters (digrams) more common: th, in, er,re,an.
- Three letters (trigrams) more common: the,ing, and,e ion
• The relative frequency of the letters of the encrypted text is evaluated; to the letter with higher frequency the e letter is associated, then the letter t etc..
• If there are trigrams of the form tXe the letter X is substituted by h, ec..
Transposition Techniques•Columnar transpositionM E G A B U C K key (no duplicated letters)7 4 5 1 2 8 3 6 numerical position in the alphabetp l e a s e t ra n s f e r o ne m i l l i o n …d o l l a r s tO m y s w i s s …….plaintext: pleasetransferonemilliondollarstomyswiss…Testo cifrato:AFLLSKSOSELAWAIATOOSSCTCLNMOMANTESILYNT..
The encrypted text is read by columns beginning from the column with lowest key letter.
Even in this case the statistical properties of the language may be used to facilitate the work of a cryptoanalyst.
monouse blocks
a) Key: random generated string of bit
b) The plain text is converted in a string of bit using, ad example, the ASCII representation for the characthers.
c)XOR of the two strings is evaluated.
• The encrypted text cannot be decrypted independently by the computer power is used.
• The encrypted message does not contain any information because all the possible plaintext with the same probability are contained in it
• ExampleMessage “i love you” is converted using a 7 bit ASCII code Message :1001001 0100000 1101100 1101111 1110110 1100101 0100000 1111001 1101111 1110101 0101110
Monouse block:1010010 1001011 1110010 1010101 1010010 1100011 0001011 0101010 1010111 1100110 0101011
Encrypted text0011011 1101011 0011110 0111010 0110100 0000110 0101011 1010011 0111000 0010011 0000101
• To decrypt the message all the possible monouse blocks can be used in order to examine the corresponding plaintexts. It is possible to find more acceptable plaintexts.
• . There is no information on the encrypted text.
Monouse blocks:problems
• Sender and receiver must know a copy of the key (network transmission).
• The amount of sent data is limited by the key length.
.
Two types A block cypher processes the input one block of elements at a time,
producing an output block for each input block. A stream cypher processes the input elements continously,
producing output one element at a time, as it goes along.
plaintext
secret key
algorithm
secret key
algorithm
plaintext
encrypted text
encrypted text
Symmetric key algorithms
DES (Data Encryption Standard)
Adopted in 1977 by the National Bureau of Standards as Federal
Information Processing Standard.
DES encrypts 64-bit blocks and uses a key 56 bits; longer blocks of
plaintext are encrypted in blocks of 64 bits
DES processes plaintext by passing each 64-bit input through 16
iterations, producing an intermediate 64-bit value at the end of each
iteration. Each iteration is essentially the same complex function that
involves a permutation of the bits and substituting one bit pattern for
another. The input at each stage consists of the output of the
previous stage plus a permutation on the key bits , where the
permutation is known as a subkey.
DES utilizes logical and arithmetic operations that can be easily
hardware implemented.
• Realized by IBM in 1974.• Agreement between IBM and U.S. NAS (National
Security Agency).• There is the suspect that the algorithm had been covertly
weekened by the Intelligence Agency so that they, but no-one else, could easily read encrypted messages.
• Published as an Official Federal Information Processing Standard (FIPS) in 1977.
• The original algorithm was 64 bits key however, only 56 of these are actually used by the algorithm. 8 bits are used for checking parity.
• DES is now considered to be insecure for many applications
The strength of DES
• 1998. Electronic Frontier Foundation (EFF) announced that it had broken a new DES challenge using a special purpose “DES cracker” machine that was built for less than $ 250,000.
• The attack took less than three days• Hardware prices will continue to drop as speed increase,
making DES worthless.• Fortunately, there are a number of alternative available
in the marketplace.
Triple DEA
• Given the potential vulnerability of DES to a brute force attack, there has been considerable interst in finding an alternative.
• One approach, which preserves the existing investment in software and equipment, is to use multiple encription with DES and multiple keys.
• Triple DEA (TDEA) usese three keys and three executions of the DES algorithm (168-bit key length)
AES (Advanced Encription Standard)
NIST (National Institute of Standards and Technology) 2001.
Key lenght:128,192,256 bit. Blocks 128 bits.
Hardware and software:b efficient implementations (time and memory)
Symmetric encryption problems
• Key distribution
• Source authentication and non repudiation
Key distribution
• For symmetric encryption technique to work, the two parties to an exchange must share the same key, and that key must be protected from an access by others.
• Key distribution technique:
-A key can be selected by A and phisically delivered to B
- A third part can select the key and phisically deliver it to A and B
- If A and B have previously and recently used a key, one party can transmit the new key to the other, encrypted
using the old key
KDC (Key Distribution Center)
• KDC shares a secret key with every user and then it can comunicate in a secure way with each user.
• When Alice wants to communicate with Bob, she sends a request to the KDC.
• KDC asks Bob if he want to communicate with Alice and in the case of a positive answer, it will create a secret key (session key) and will communicate the key both toAlice and Bob.
• Bob and Alice will communicate by using the session key.• Obviously, it necessary to distribute a secret key for each
user. The problem has been reduced by N(N-1)/2 keys to N keys
• In a distributed system, any given host or terminal may need to engage in exchanges with many others hosts and terminals over time. Thus, each device needs a number of keys supplied dynamically.
• If encryption is done at thy application level , then a key is necessary for every pair of users or processes that require communication.
• In a system with N users there are N(N-1)/2 pairs of users and then it is necessary to exchange N(N-1)/2 secret keys
• A network using node-level encryption with 1000 nodes would need to distribute as many as half a million keys. If the same network supported 10000 applications, then 50 milion keys may be required for application level encryption.
Public key encryption
• The encryption technique assign each user a pair of keys.One of the user’s keys, called the private key, is kept secret, while the other, called the public key, is published along the name of the user, so everyone knows the value of the key.
Two properties
• The cryptographic algorithm has the mathematical property that a message encrypted with the public key can be decrypted only with the relative private key.
• It is computationally infeasible to determine the decryption key given only knowledge of the cryptographic algorithm and the encryption key.
RSA
• Rivest, Shamir, Adleman. MIT (1978)
• Keys of at least 1024 bit are required in order to obtain a good security. The algorithm is computationally complex . It is based on the properties of prime numbers.
• It is the only widely accepted and implemented general purpose approach to public key encryption.
.
RSA• pair of keys for each user
(Kpub,Kpriv)A
(Kpub,Kpriv)B
• Key properties:- A message encrypted with one of the two keys is
decryptable only with the other- Known one the two keys (public) is impossible to
obtain the other (private)
Performance:
• RSA in hardware: is about 1000 times slower than
DES
• RSA in software: is about 100 times slower than DES
Confidentiality (encryption)
The essential steps for sending an encrypted message :
• Each user generates a pair of keys to be used for the encryption and decryption of messages.
• Each user places one of the two keys in a public register or other accessible file (public key). The other key is private.
• If Bob wishes to send a private message to Alice, Bob encrypts the message using Alice’s public key.
• When Alice receives the message, she decrypts it using her private key. No other recipient can decrypt the message because only Alice knows Alice’s private key.
confidentiality with public key encryption
Alice takes the public key of Bob from the CA database; Aliceencrypts the message using the Bob’s public key and sends it to Bob; Bob decrypts the meessage using its private key
AliceBob
public keys Directory
Bob Public key Bob privat key
ciphertextdecryptionencryption
Authentication
• Suppose that Bob wants to send a message to Alice and, although it is not important that the message be kept secret, he wants Alice be certain that the message is indeed from him.
• Bob uses his own private key to encrypt the message. When Alice receive the ciphertext, she finds that she can decrypt it with Bob’ public Key, thus proving that the message must have been encrypted by Bob.
• No one else has Bob’ private key and therefore no one else could have created a cyphertext that could be decrypted with Bob’s public key.
Authentication with public key systems
• The encryption mechanism can also be used to authenticate the sender of a message.
• The sender encrypts the message with its private key and the receiver uses the corresponding public key. Because only the user knows the private key, only the user can encrypt the message that can be decoded with thepublic key.
Public key Encryption
plaintextplaintext
algorithm
public key of the receiver
private key of the receiver
ciphertextalgorithm
encryption
private key of the sender
public key of the sender
authentication
Confidentiality and Authenticity
• Two levels of encryption can be used to guarantee that a message is both authentic and confidential.
• First the message is encrypted by using the sender private key. Second, the encrypted message is encrypted again using the recipient’s public key.
• At the receiving end, the decription process is the reverse of the encryption process.
• First the receiver ueses his private key to decrypt the message.Second, the recipient uses the sender’s public key to decrypt the message again.
52
Distribution of symmetric keys using public-key techniques
Encryption Process Decryption Process
encrypt file usingsymmetric key
encrypt symmetric keyfor recipients using
their public keys
+
combine header withprotected data in one file
extract symmetrickey using
private key
decrypt file usingsymmetric key
recoveroriginal file
Problemes: the public key algorithms are computationally complex the protocol does not provide source authentication. How is possible that Alice be sure that the public key found in the
database actually belongs to Bob?
Key authenticity problem => solution= the assurance scheme is improved in
terms of scalability and security when it is based on the trust in a third party
(CA, Certification Authority) that ensures the integrity and the authenticity
of the public key stored in the database.
Comunication confidentiality of public key systems
Digital signature
• The public key algorithms do not provide good performances in the signature of high dimension documents.• To improve the perfomance in implementing the digital signature hash functions are introduced.
A
encryption
B
decryptionCypher text
A private key A public key
plaintextplaintext
Hash Functions
•A hash value is generated by a function H of the form
h=H(M)
where M is a variable-length message and H(M) is the fixed-length hash value.
•The purpose of a hash function is to produce a “ digest” of a file, message or other block of data.
Requirements for a hash function:
- H can be applied to a block of data of any size.
- H produces a fixed -length output
- H(x) is relatively easy to compute for any given x, making both hardware and software implementations practical.
- For any given code h, it is computationally infeasible to find x such that H(x)=h (one- way property)
- It is computationally infeasible to find any pair (x,y) such that H(x)= H(Y). This is sometimes referred to as strong collision resistance.
Examples:
• MD5 Algorithm di Ron Rivest (RFC1321) produces a 128 bit digest
• SHA-1 Algorithm (Secure Hash Algorithm) federal standard (USA)produces a 160 bit digest
Digital Signature
Digital signature obtained using public key criptography and one-way hash functions
The two hash are compared
signature process verification process
hash
hash encryption with the private key
a new hash is calculated
the sent hash is decryptedwith the sender public key
=
RSA Algorithm
• RSA is based on the high computational complexity of prime numbers factorization.
• In 2005 a number of 640 bits (193 decimal numbers) has been decomposed into two 320 bits prime numbers by using an Opteron cluster with 80 processors (2.2 GHZ)during a 5 months period of time .
Prime Factorization
• A prime number can be divided evenly only by 1 or itself.They cannot be factored any further.
• Every other whole number can be broken down into prime number factors.
• Prime Factorization
"Prime Factorization" is finding which prime numbers multiply together to make the original number.• There is only one (unique) set of prime factors for any
number.
• Example : What are the prime factors of 12 ?• It is best to start working from the smallest
prime number, which is 2, so let's check:
12 ÷ 2 = 6• But 6 is not a prime number, so we need to go
further. Let's try 2 again:6 ÷ 2 = 3
• 3 is a prime number, so we have the answer:12 = 2 × 2 × 3
• every factor is a prime number, so the answer must be right.
– 2142:2– 1071:3– 357:3 – 119:7– 17:17– 1
2142=2*3*3*7*17
RSA Algorithm
• The public encryption key is a pair (e,n); the private key is a pair (d,n), where e,d,n are positive integers.
• Each message is represented as an integer between 0 and n-1 (a long message is broken into a series of smaller messages, each of which can be represente as such an integer).
• The functions E,D are defined as:E(m)= me mod n =CD(C) = Cd mod n
• The integer n is computed as the product of two large (100 or more digits) randomely chosen prime numbers p,q with
n=pxq
• The value of d is chosen to be a large, randomely chosen integer relatively prime to (p-1)x(q-1). That is , e satisfies
exd mod(p-1)x (q-1)=1
• Note that, although n is publicy known, p and q are not. This condition is allowed because, as is well known, it is difficult to factor n. Consequently, the integers d and e cannot be guessed easily.
.
1. Choose two large prime numbers p e q . (RSA-2048 uses two prime numbers with more than 300 digit).
2. Compute n=p x q (module) and f(n)= (p-1)x(q-1).
3. Choose a number e (public exponent) relative prime to f (coprime)
4. Find d (private exponent) such that e x d = 1 mod f
Two numbers are "relatively prime" when they have no common factors other than 1 .In other words you cannot divide both by some common value.
Examples: • 7 and 20 are relatively prime (no common factor)• 6 and 20 are not relatively prime because you can divide both by 2 (2 is a common factor).
Example.p=5 and q=7. Then n=35 and (p-1)x(q-1)=24. Since 11 è relative prime to 24, we can choose d=11; and since11x11 mod 24=1 e =11.
Suppose that m=3, we have:
C= me mod n=311 mod 35=12
andCd mod n3=1211 mod 35=3 =m
Then if we encode m using e, we can decode m using d.
.
1. Choose two large prime numbers p e q . (RSA-2048 uses two prime numbers with more than 300 digit).
2. Compute n=p x q (module) and f(n)= (p-1)x(q-1).
3. Choose a number e (public exponent) relative prime to f (coprime)
4. Find d (private exponent) such that e x d = 1 mod f
Two numbers are "relatively prime" when they have no common factors other than 1 .In other words you cannot divide both by some common value.
Examples: • 7 and 20 are relatively prime (no common factor)• 6 and 20 are not relatively prime because you can divide both by 2 (2 is a common factor).
The security can be provided in each of the following levels:
• Application• Session• Network
Security on the different levels
Application level security
Security aspects to be considered:
• Data confidentiality
• Sender and receiver authentication
• Data integrity
Application level security
• Application specific security services are embedded within the particular application (data are encrypted at the application level).
• The packets sent on the network are not more encrypted. They can be decripted only at the destination of the communication.
• The advantage of this approach is that the service can be tailored to the specific needs of a given application.
Session level security(SSL)
• SSL (Secure Socket Level) guarantees the server and client authentication and the encryption of all the data sent on the channel (secure channel).
• It may be considered as a layer between the application layer and the transport layer.
• On the sender site, SSL receive the data from an application, encrypts and sends them to a TCP socket.
• On the receiver site, SSL reads the data from the TCP socket, decrypts and sends them to the application.
• HTTPS. Secure web. Use of the HTTP application protocol on a secure channel
• Secure channel creation between two networks nodes. The channel is used by a specific transaction or communication session
• The informations are encrypted when they leave the node and decrypted when they are received by the other node.
The operation is transparent to the application
Network level security (IPsec):
Confidentiality. The host must encrypt the data field of every IP datagram before sending it on the network.The encryption may use simmetric key, public key and session key.The data field may be a TCP segment, a UDP segment,..
Source authentication. The destination host must ensure that the source IP associated with the received datagram corresponds to the IP of the host that actually sent the datagram
• La sicurezza a livello di rete non fornisce la sicurezza a livello di utente.
• Esempio: un sito commerciale non può affidarsi della sicurezza dello strato IP per autenticare un cliente che sta comprando beni dal sito.
• Quindi c’è la necessità di una funzionalità di sicurezza agli strati più alti rispetto alla sola copertura degli strati più bassi.
• IPsec (IP security) suite di protocolli che fornisce sicurezza allo strato di rete.
• Due protocolli principali:- Protocollo di intestazione per l’autenticazione
(AH, Authentication Header)- Protocollo incapsulamento sicuro del carico utile
(ESP,Encapsulation Security Payload)
• AH fornisce autenticazione della sorgente ed integrità dei dati
• ESP fornisce autenticazione della sorgente, integrità dei dati e confidenzialità
• Sia per AH che ESP prima di inviare datagrammi sicuri da un host sorgente ad uno di destinazione viene creata una connessione logica di rete SA (Security Association).
• AH :formato del datagramma
Intestazione IP IntestazioneAH Segmento TCP/UDP
Intestazione AH contiene un digest firmato del messaggio calcolato sul datagramma originale.
La firma digitale si ottiene usando l’algoritmo di autenticazione specificato in S.A.
Formato del datagramma ESP
Intestazione IP Intestazione ESP SegmentoTCP/UDP trailerESP Autenticazione ESP
cifrato
autenticato
Modalità tunnel• L’intero pacchetto IP viene incapsulato nel corpo di un
nuovo pacchetto IP• E’ utile quando il tunnel arriva in un posto diverso dalla
sua destinazione finale (firewall o gateway di un’azienda)• Il firewall incapsula e decapsula i pacchetti che lo
attraversano• Le macchine sulle LAN dell’azienda non sono a
conoscenza di IPsec.
VPN
• VPN “permanenti” per connessioni reciproche di sedi interaziendali.
• VPN “temporanee” per la connessione da remoto di utenti con caratteristiche di nomadicità.
• Installazione in ciascuna di esse di un apparato detto terminatore di VPN (nel caso di VPN temporanee il terminatore di VPN è un programma installato sul PC dell’utente).
• Ciascun terminatore cifra il traffico proveniente dalla propria LAN e lo invia al terminatore di VPN presente presso l’altra sede.
• Solo i due apparati terminatori conoscono le chiavi per eseguire codifica e decodifica dei pacchetti
Home banking
• Obiettivo: proteggere la comunicazione tra due nodi connessi alla rete internet:
client utilizzato dall’utente (browser) server messo a a disposizione dalla banca (web server
con funzioni di front end verso il sistema informativo bancario).
• Creazione di un canale di comunicazione sicuro tra i due nodi
• Tecnologia SSL (Secure Socket Layer)
Realizzazione di un canale di comunicazione sicuro.
• Utilizzo di un algoritmo a chiave simmetrica per trasferire le informazioni tra i due nodi (minore complessità computazionale).
• Neccessità che i due nodi condividano la chiave simmetrica: scambio in modo sicuro della chiave.
• Proprietà di temporaneità della chiave (validità limitata alla sessione di comunicazione) : chiave simmetrica di sessione.
1) Il client invia al server una richiesta di creazione di un canale di comunicazione sicuro temporaneo.
2) Il server della banca, che possiede una coppia di chiavi asimmetriche (AK1-pubblica, AK2- privata) invia la chiave pubblica AK1 al cliente (browser dell’utente).
3) Il client genera la chiave di sessione SK (chiave simmetrica), la crittografa utilizzando la chiave pubblica AK1 ed invia il risultato al server. Solo il server è in grado di decodificare la chiave di sessione utilizzado AK2.
4) I due nodi condividono il segreto (chiave di sessione simmetrica SK) e possono iniziare a comunicare “in modo sicuro” trasmettedo le varie informazioni crittografate con un algoritmo simmetrico:informazioni di autenticazione (username e password) e finanziarie
Misure aggiuntive di sicurezza: - Scadenza sella sessione sicura: qualora l’utente , una volta
autenticato, non esegua operazioni di navigazione sul sito per un certo tempo, la sessione “scade” (neccessità di ripetere le operazioni di autenticazione)
- Alcune operazioni particolarmente critiche (trasferimento di somme di denaro consistenti richiedono un’ulteriore autenticazione (es. one time password)
Sicurezza a livello di applicazione( e-mail)
• caratteristiche di sicurezza desiderabili:- confidenzialità- autenticazione del sender - integrità del messaggio
• Bob, Alice, Trudy. Utilizzo di PGP
• Alice a Bob “ Non ti amo più. Non voglio più vederti. Una volta tua. Alice”
• I dati crittografati vengono inviati in “pacchetti” di rete ai quali non è applicata alcuna operazione di cifratura. (per la rete i dati sono “in chiaro”, ma sono di fatto indecifrabili in quanto cifrati alla fonte).
Sicurezza a livello di sessione ( SSL)
• SSL è stato sviluppato per fornire la cifratura e l’autenticazione tra un client web ed un server web.
• SSL (Secure Socket Layer). Garantisce l’autenticazione del server e del client e la cifratura di tutti i dati che transitano sul canale (canale sicuro).
• Dal lato che spedisce SSL riceve i dati (es. messaggio HTTP) da un’applicazione, li cifra e li spedisce ad una socket TCP.
Dal lato che riceve, SSL legge dal socket TCP, decifra i dati e li indirizza all’applicazione..
Sicurezza a livello di sessione ( SSL)
• SSL è stato sviluppato per fornire la cifratura e l’autenticazione tra un client web ed un server web.
• SSL (Secure Socket Layer). Garantisce l’autenticazione del server e del client e la cifratura di tutti i dati che transitano sul canale (canale sicuro).
• Dal lato che spedisce SSL riceve i dati (es. messaggio HTTP) da un’applicazione, li cifra e li spedisce ad una socket TCP.
Dal lato che riceve, SSL legge dal socket TCP, decifra i dati e li indirizza all’applicazione..