nonforgeable: recipiient (Alice) can verify that Bob, and no one else, signed docum ment.

ment. Simple digital signature forr message data definition laanguage. Purpose: syntax, semaantics of management data weell-defined, unambiguous. Base data types:
m: Bob encrypts m with his public key dB, creating signed message, dB(m). Bob sen nds m and dB(m) to Alice. Supp pose Alice straightforward, boring.
b OBJECT-TYPE : data tyype, status, semantics of manageed object. MODULE-IDENTIT TY : groups
receives msg m, and digital signature dB(m). Alice verrifies m signed by Bob by applyin ng Bob’s public key eB to dB(m) thhen checks related objects in
nto MIB module. Basic Data Types
T : INTEGER, Integer32, Unsigned32, OCTET STRING G, OBJECT
eB(dB(m) ) = m. If eB(d
( B(m) ) = m, whoever signed m mustm have used Bob’s private keey. Alice thus verifies that: Bob signed m. IDENTIFIED, Ip paddress, Counter32, Counter644, Guage32, Time Ticks, Opaqu ue. SNMP MIB. MIB module sspecified via
No one else signed m. Bob signed m and not m’. Non-repudiation: Alice can take m, m and signature dB(m) to court anda prove SMI MODULE-IIDENTITY (100 standardized MIBs, M more vendor-specific). MIB example: UDP module
that Bob signed m. Message
M Digests. Computationallly expensive to public-key-encryypt long messages. Goal: fixed-leength,easy
to compute digital signature, “fingerprint”. Apply hashh function H to m, get fixed size
s message digest, H(m). Hash h function SNMP Naming. questtion: how to 
properties: Many-to-1. Produces fixed-size msg diggest (fingerprint). Given messagge digest x, computationally infe feasible to name every possible standard 
find m such that x = H(m). Computationally infeassible to find any two messages m and m’ such that H(m) = H(m m’). Hash object (protocol, dataa, more..) in 
Function Algorithm ms. Internet checksum would make m a poor message digest. To oo easy to find two messages with w same every possible netwo ork 
checksum. MD5 hash function widely used. Computes 128-bit message digest in 4-step 4 process. arbitrary 128-bitt string x,
appears difficult to construct
c msg m whose MD5 haash is equal to x. SHA-1 is also used. u US standard. 160-bit messaage digest. standard?? answer: ISSO Object 
Trusted Intermediarries. Problem:How do two en ntities establish shared secret key
k over network? Solution: truusted key Identifier tree: hierarchical 
distribution center (KKDC) acting as intermediary bettween entities. Problem: When Alice A obtains Bob’s public key (ffrom web naming of all objects. each 
site, e-mail, diskette)), how does she know it is Bob’s public key, not Trudy’s? Soluution: trusted certification authorrity (CA). branchpoint has nam me, number  
Key Distribution Ceenter (KDC). Alice,Bob need sh hared symmetric key. KDC: serrver shares different secret key with w each
registered user. Alicce, Bob know own symmetricc keys, KA-KDC KB-KDC , for communicating c with KDC. Cerrtification
Authorities. Certificcation authority (CA) binds pub blic key to particular entity. Entity (person, router, etc.) can reegister its SNMP security and admin nistration. 
public key with CA. Entity provides “proof of identtity” to CA. CA creates certificatte binding entity to public key. Certificate
C Encryption: DES‐encrypt SSNMP 
digitally signed by CA.
C When Alice wants Bob’s pub blic key: gets Bob’s certificate (B
Bob or elsewhere). Apply CA’s public
p key message. Authentication:: 
to Bob’s certificate, get Bob’s public key. Firewall. isolates organization’s internal net from larger Internet, allow wing some compute, send  MIC(m,k): compute 
packets to pass, bloccking others. Two firewall types: packet filter, application gatew ways. Firewalls: Why. To prevent denial of hash (MIC) over message (m), 
Security Design n  service attacks: (SYN N flooding: attacker establishes many bogus TCP connections)). Attacked host alloc’s TCP buuffers for secret shared key (k). Pro otection 
Strategies. Makke  bogus connections, none left for “real” connectionss. To prevent illegal modificatio on of internal data. (e.g., attackerr replaces against playback: use non nce. View‐
sure that routeer  CIA’s homepage witth something else). To prevent intruders
i from obtaining secret info.
i Packet Filtering. Internal network
n is based access control. SNM MP entity 
connected to Intern net through a router. Router maanufacturer provides options fo or filtering packets, based on: (ssource IP maintains database of acccess 
operating systeem 
address, destination IP address, TCP/UDP source and a destination port numbers, ICMP message type, TCP SYN and a ACK
software has  rights, policies for variouss users. 
bits). Example 1: blo ock incoming and outgoing dataagrams with IP protocol field = 17 and with either source or deest port =
been patched.  23. All incoming an nd outgoing UDP flows and teln net connections are blocked. Exxample 2: Block inbound TCP segments Database itself accessiblee as 
Identify those  with ACK=0. Preveents external clients from makin ng TCP connections with interrnal clients, but allows internal clients to managed object! 
information  connect to outside. Application gateways. Filters paackets on application data as weell as on IP/TCP/UDP fields. Example:
assets that are  allow select internall users to telnet outside. 1. Reqquire all telnet users to telnet th hrough gateway. 2. For authorizzed users,
most critical to  gateway sets up teln net connection to dest host. Gatteway relays data between 2 con nnections. 3. Router filter blockss all telnet
the corporation n,  connections not oriiginating from gateway. Limitattions of firewalls and gateways.. IP spoofing: router can’t know if data
and protect tho ose  “really” comes from m claimed source. If multiple ap pp’s. need special treatment, each h has own app. gateway. Clientt software
servers first.   must know how to contact
c gateway. e.g., must set IP
P address of proxy in Web brow wser. Filters often use all or nothiing policy
for UDP. Tradeoff: degree of communication with h outside world, level of securityy. Many highly protected sites still
s suffer
from attacks. Securee e-mail.1. Alice wants to send secret
s e-mail message, m, to Bob b. 2. generates random symmetrric private
Implement physical seccurity constraints to hinder physsical access to critical resources such as servers. Monitor system aactivity key, KS. 3. encryptss message with KS. 4. also encryp pts KS with Bob’s public key. 5. sends both KS(m) and eB(KS) to t Bob. 6.
logs carefully. Develo op a simple, effective, and enfforceable security policy and monitor
m its implementation. Co onsider Alice wants to proviide sender authentication messagge integrity. 7. Alice digitally sign ns message. 8. sends both messaage (in the
installing a proxy serveer or applications layer firewall. Block incoming DNS queries and a requests for zone transfers. Don’t SNMP protocol: message
m types
clear) and digital signnature. 9. Alice wants to providee secrecy, sender authentication,, message integrity. Note: Alice uses u both
publish the corporation’s complete DNS map on DN NS servers that are outside the firewall.
f Disable all non essentiaal TCP her private key, Bob b’s public key. Pretty good privaacy (PGP). Internet e-mail encryyption scheme, a de-facto stand dard. Uses
ports and services. Install only software and hardwaree that you really need on the nettwork. Allow only essential trafffic into symmetric key crypttography, public key cryptograp phy, hash function, and digital signature as described. Providess secrecy,
and out of the corporaate network and eliminate all oth her types by blocking with routers or firewalls. Investigate the buusiness sender authenticatio on, integrity. Inventor, Phil Zim mmerman, was target of 3-year federal
f investigation. Secure sockets layer
case for outsourcing Web-hosting
W services so that the corporate
c Web server is not phyysically on the same network as tthe rest (SSL). SSL: transporrt layer security to any TCP-bassed app using SSL services. SSL L: used between WWW browserrs, servers
of the corporate inforrmation assets. Use routers to filter traffic by IP address. RA ADIUS Architecture. RADIUS allows for e-commerce (shtttp). SSL security services:(server authentication, data encryption n, client authentication (optionall)). Server
network managers to centrally
c manage remote access users,
u access methods, and logon n restrictions. Tunneling Protoco ols and authentication: (SSL L-enabled browser includes pub blic keys for trusted CAs. Brow wser requests server certificate, iissued by
VPN. To provide VPN N capabilities using the Interneet as an enterprise network backkbone, specialized tunneling pro otocols trusted CA. Browserr uses CA’s public key to extractt server’s public key from certifiicate). Visit your browser’s securrity menu
were developed that co ould establish private, secure chaannels between connected system ms. Government Impace. Goverrnment to see its trusted CAAs. Encrypted SSL session: 1. Brrowser generates symmetric sessionn key, encrypts it with server’s puublic key,
agencies play a major role
r in the area of network secuurity. The two primary functions of these various government aggencies sends encrypted keyy to server. 2. Using private keyy, server decrypts session key. 3. 3 Browser, server know session key : All
are: Standards-makingg organizations that set standaards for the design, implemen ntation, and certification of ssecurity data sent into TCP socket (by client or server) encrypted with session key. SSL: basis of IETF Transport Layerr Security
technology and system ms. Regulatory agencies that con ntrol the export of security tecchnology to a company’s intern national (TLS). SSL can be used for non-Web applications, e.g., IMAP. Client authenticattion can be done with client ceertificates.
locations.Orange Bookk Certification. The primary fo ocus of the Orange Book is to t provide confidential protecttion of IPsec: Network Layyer Security. Network-layer seccrecy: (sending host encrypts th he data in IP datagram, TCP and a UDP
sensitive information based on these requirements: Security policy, Marking, Iden ntification, Accountability, Assuurance, segments; ICMP and d SNMP messages.). Network-laayer authentication (destination host can authenticate source IP address).
Continuous protection n. Two principle proto ocols: (authentication header (A AH) protocol, encapsulation seccurity payload (ESP) protocol). For both
NETWORK SECURIITY. Confidentiality: only sen nder, intended receiver should “understand” msg contents ((sender AH and ESP, sourcee, destination handshake: create network-layer logical channel caalled a security association (SA). Each SA
encrypts msg, receiverr decrypts msg). Authentication n: sender, receiver want to con nfirm identity of each other. M Message unidirectional. Uniqquely determined by: (security protocol (AH or ESP, sourrce IP address, 32-bit connecttion ID).
Integrity: sender, receiiver want to ensure message not n altered (in transit, or afterw wards) without detection. Acceess and Authentication Heaader (AH) Protocol. Provides source s host authentication, dataa integrity, but not secrecy. AH H header
Availability: services must
m be accessible and available to o users. inserted between IP P header and IP data field. Pro otocol field = 51. Intermediate routers process datagrams as usual. u AH
header includes: (co onnection identifier, authenticattion data: signed message digesst, calculated over original IP datagram,
d
Internet security threatts. Mapping: before attacking: “case the joint” – find out what services are implemented on neetwork. providing source auuthentication, data integrity; Neext header field: specifies type of data (TCP, UDP, ICMP, etc.). e ESP The presentation problem Q: does perfect mem mory-to-memory copy solve “thee communication problem”? A: not always!
Use ping to determine what hosts have addresses on network. Port-scanning: try to esttablish TCP connection to each port in Protocol. Provides secrecy,
s host authentication, dataa integrity. Data, ESP trailer encrrypted. Next header field is in ESSP trailer. problem: differen nt data format, storage conventtions. Solving the presentation problem. 1. Translate local-hosst format to
sequence (see what happens).
h nmap (http://www.insecure.org/nmap/) mapper: “network exploration and ssecurity ESP authentication field is similar to AH authentiication field. Protocol = 50. IE EEE 802.11 security. War-drivin ing: drive host-independentt format. 2. Transmit data in host-independent format. 3. Translaate host-independent format to rremote-host
auditing”. Packet sniffiing: broadcast media, promiscuo ous NIC reads all packets passingg by, can read all unencrypted daata (e.g. around Bay area, seee what 802.11 networks availlable? More than 9000 accessib ble from public roadways. 85% % use no format. ASN.1: Abstract
A Syntax Notation 1. ISSO standard X.680 : used exteensively in Internet, like eatingg vegetables,
passwords). IP Spoofin ng: can generate “raw” IP packeets directly from application, pu utting any value into IP source aaddress encryption/authentiication. packet-sniffing and vario ous attacks easy! Wired Equivallent Privacy (WEP): authenticaation as in knowing this “goo od for you”! Defined data typess, object constructors : like SMI. BER: Basic Encoding Rules : specify how
field, receiver can’t telll if source is spoofed. Denial of service (DOS): flood of maliciously generated packets “sw wamp” protocol ap4.0. host requests authentication from acccess point. access point sends 128 1 bit nonce. host encrypts non nce using ASN.1-defined data objects to be transmitted, each transmitted object has Tyype, Length, Value (TLV) enco oding. TLV
receiver. Distributed DOS
D (DDOS): multiple coordinaated sources swamp receiver. Sym mmetric key cryptography. Substtitution shared symmetric keey. access point decrypts nonce, authenticates host. Wired Equiivalent Privacy (WEP): data en ncryption. Encoding. Idea: transmitted
t data is self-identifyin
ng. T: data type, one of ASN.1-d
defined types. L: length of data in bytes. V:
cipher: substituting onne thing for another. DES: Dataa Encryption Standard. US encryyption standard. 56-bit symmetrric key, Host/AP share 40 bit b symmetric key (semi-permaneent). Host appends 24-bit initializzation vector (IV) to create 64-b bit key. 64 value of data, enccoded according to ASN.1 stan ndard. Network Management: su ummary. Network managementt : extremely
64 bit plaintext input. How secure is DES? DES Chaallenge: 56-bit-key-encrypted phrrase (“Strong cryptography makkes the bit key used to geneerate stream of keys, kiIV . kiIV ussed to encrypt ith byte, di, in fraame: ci = di XOR kiIV . IV and encrypted
e important: 80% of o network “cost”, ASN.1 for data description, SNMP proto ocol as a tool for conveying iinformation.
world a safer place”) decrypted
d (brute force) in 4 mon nths, no known “backdoor” deccryption approach. Making DESS more bytes, ci sent in framme. Breaking 802.11 WEP encrryption. Security hole: 24-bit IV V, one IV per frame, -> IV’s eventually
e Network manageement: more art than sciencce : what to measure/monito or, how to respond to failuures? alarm
secure, use three keys sequentially
s (3-DES) on each daatum, use cipher-block chaining. DES operation. initial permutattion 16 reused. IV transmittted in plaintext -> IV reuse deteected. Attack: Trudy causes Alicce to encrypt known plaintext d1 d2 d3 d4 correlation/filterin
ng?
identical “rounds” of function
f application, each using different 48 bits of key final perrmutation. AES: Advanced Encrryption … , Trudy sees: ci = di XOR kiIV , Trudy knows ci di, so can compute kiIV , Trudy knows encrypting key sequencee k1IV k2IV
Standard. New symmeetric-key NIST standard (replaciing DES. Processes data in 1288 bit blocks. 128, 192, or 256 biit keys. k3IV …, Next time IV V is used, Trudy can decrypt! Network
N Security (summary). Bassic techniques = cryptography (symmetric
Brute force decryption n (try each key) taking 1 sec ono DES, takes 149 trillion yearss for AES. Public Key Cryptoggraphy. and public), authenttication, message integrity. Used d in many different security sceenarios = secure email, secure transport
symmetric key crypto. reequires sender, receiver know sh hared secret key. public key cryptography, radically different appproach, (SSL), IP sec, 802.111 WEP.
sender, receiver do not share secret key, encryption keyy public (known to all), decryption n key private (known only to recceiver). NETWORK MAN NAGEMENT. "Network managgement includes the deploymen nt, integration and coordinatio on of the
Public key encryption algorithms.
a Two inter-related reqquirements. 1. need dB (.) and eB (.) such that dB (eB (m)) = m. 22. need hardware, software, and human elements to monittor, test, poll, configure, analyzee, evaluate, and control the netw work and
public and private keyys for dB (.) and eB (.).RSA: Rivvest, Shamir, Adelson algorithm. RSA: Choosing keys. 1. Choo ose two element resources to o meet the real-time, operationall performance, and Quality of Seervice requirements at a reasonab ble cost.".
large prime numbers p, p q. (e.g., 1024 bits each). 2. Compute
C n = pq, z = (p-1)(q-1)). 3. Choose e (with e<n) that h has no Autonomous system ms (aka “network”): 100s or 10000s of interacting hw/sw compo onents. Other complex systems requiring
common factors with z. (e, z are “relatively prime”). 4. 4 Choose d such that ed-1 is exxactly divisible by z (in other wo ords: ed monitoring, control: jet airplane, nuclear power plant, others? Infrastructure for network management. Managiing entity
mod z = 1 ). 5. Publiic key is (n,e). Private key is (n,d)). RSA: Encryption, decryption. 0. Given (n,e) and (n,d) as com mputed (data), managed devicces contain managed objects whose data is gathered into a Mannagement Information Base (MIB). Network
above. 1. To encrypt bitb pattern, m, compute. c = me mod m n (i.e., remainder when m is
i divided by n). 2. To decrypt reeceived Management standaards. OSI CMIP. Common Management M Information Prottocol.designed 1980’s: the uniffying net
bit pattern, c, compute m = cd mod n. (i.e., remainder when c is divided by n). RSA example: Bob chooses p=5, q=7.. Then management standaard. Too slowly standardized. SN NMP: Simple Network Manageement Protocol. Internet roots (SGMP),
n=35, z=24. Bob choo oses p=5, q=7. Then n=35, z=224. e=5 (so e, z relatively primee). d=29 (so ed-1 exactly divisiblle by z. started simple, deplloyed, adopted rapidly, growth:: size, complexity, currently: SN NMP V3, de facto network man nagement
Encrypt: letter=1, m=12, m pangkat e=1524832, c=17. Deccrypt: c=17, c pangkaat d standard. SNMP ovverview: 4 key parts. Managem ment information base (MIB): distributed
d information store off network
=4819685721067509155091411825223072000, m=12, letter=1. Digital Signatures. Cryptographic C technique analoggous to management data. Structure of Management Inform mation (SMI): data definition langguage for MIB objects. SNMP protocol p :
hand-written signaturees. Sender (Bob) digitally signs document, establishing he is document owner/creator. Verrifiable, convey manager<-> >managed object info, command ds. Security, administration capab bilities : major addition in SNMP Pv3. SMI: