Basic Internet Security Concepts

© MMII JW Ryder CS 428 Computer Networking 1

 Purpose
• Some ideas on Internet Security
• Classes of mischief on Internet, definitions
• Tools to fight mischief
• Combinations of these tools

© MMII JW Ryder CS 428 Computer Networking 2

Purpose continued
 Very high level
 Good starting point for further study about
 General networking & strategies
 Cryptography
 Key Management
 Algorithm Analysis

© MMII JW Ryder CS 428 Computer Networking 3

 Introduction
• The Internet is a vast wilderness, an infinite
world of opportunity
• Exploring, e-mail, free software, chat,
video, e-business, information, games
• Explored by humans

© MMII JW Ryder CS 428 Computer Networking 4

Internet Security Concepts
 Introduction of several basic security
concepts
 General mechanisms for protection

© MMII JW Ryder CS 428 Computer Networking 5

Sniffing and Spoofing
 [1]
 Sniffing
 The ability to inspect IP Datagrams which are not
destined for the current host.
 Spoofing
 After sniffing, create malicious havoc on the
internet

© MMII JW Ryder CS 428 Computer Networking 6

 Private Network node Unprotected Internet Gabrielle
Secure Gateway node node A Guy Poirot (C)
1
Bank
(I)

Sears
Steve
Burns
(C) Wall Street
(N)
A Guy’s
Ramon Swiss
Sanchez Bank
© MMII JW Ryder
(A) CS 428 Computer Networking 7
A Guy has no Integrity
 Swiss Bank Scam
 Integrity - The guarantee that, upon receipt
of a datagram from the network, the receiver
will be able to determine if the data was
changed in transit

© MMII JW Ryder CS 428 Computer Networking 8

Ramon springs for sound
 Sears solid state stereos
 Authentication - The guarantee that, upon
receipt of a datagram from the network, the
receiver will be able to determine if the stated
sender of the datagram is, in fact, the sender

© MMII JW Ryder CS 428 Computer Networking 9

A guy sniffs success
 Gabrielle and Steve almost strike it rich
 Confidentiality - Ensure that each party,
which is supposed to see the data, sees the
data and ensure that those who should not see
the data, never see the data.

© MMII JW Ryder CS 428 Computer Networking 10

Wall Street Woes
 A guy spots a hot stock tip
 Non-repudiation - Once a host has sent a
datagram, ensure that that same host cannot
later claim that they did not send the datagram

© MMII JW Ryder CS 428 Computer Networking 11

A guy becomes desperate
 Bring Wall St. to its knees
 Denial of Service Attack - Flood a given IP
Address (Host) with packets so that it spends
the majority of its processing time denying
service

© MMII JW Ryder CS 428 Computer Networking 12

 One Way Hash
Functions Application 2
(MD5,SHA1)

In Comm. Stack

Key Mgmt.
Functions
IP

Crypto Functions Physical

(DES, CDMF, Adapter
3DES)

© MMII JW Ryder CS 428 Computer Networking 13

Protocol Flow
 [2, 3]
 Through layers, each layer has a collection of
responsibilities
 ISO OSI Reference Model - (Open Systems
Interconnection)
 IP Datagram

© MMII JW Ryder CS 428 Computer Networking 14

 3
IP Hdr. Data

IP Datagram
Data MAC Fn Digest

MAC Function
IP Hdr. Data Digest

Integrity
© MMII JW Ryder CS 428 Computer Networking 15
Keys
 Bit values fed into cryptographic algorithms
and one way hashing functions which provide
help provide confidentiality, integrity, and
authentication
 The longer the better - 40, 48, 56, 128
 Brute force attacks can win with small keys

© MMII JW Ryder CS 428 Computer Networking 16

Symmetric Keys
 Have qualities such as life times, refresh rates,
etc.
 Symmetric - Keys that are shared secrets on
N cooperating, trusted hosts

© MMII JW Ryder CS 428 Computer Networking 17

Asymmetric
 Public / Private key pairs
 Public key lists kept on well known public key
servers
 Public key is no secret. If it is, the strategy will not
work.
 Public and Private keys inverse functional values
 Private key is only known to you and must remain
secret

© MMII JW Ryder CS 428 Computer Networking 18

Concept
 Sender encrypts data with private key
 Receiver decrypts data with public key
 Receiver replies after encrypting with public
key
 Sender receives response and decrypts with
private key

© MMII JW Ryder CS 428 Computer Networking 19

 4

Data
Crypto Fn. Encrypted
Key Data

Encryption Function
IP Hdr. Encrypted
Data

© MMII JW Ryder
Confidentiality
CS 428 Computer Networking 20
 5

Encrypted
Data
Crypto Fn. Data
Key

Decryption Function
Data

Confidentialit
© MMII JW Ryder

y CS 428 Computer Networking 21

MACs
 Message Authentication Codes, One Way Hashing
Functions
 A function, easy to compute but computationally
infeasible to find 2 messages M1 and M2 such that
 h (M1) = h (M2)
 MD5 (Rivest, Shamir, Adleman) RSA ; SHA1
(NIST)
 MD5 yields a 128 bit digest [3]

© MMII JW Ryder CS 428 Computer Networking 22

DES
 Data Encryption Standard
 U.S. Govt. Standard
 56 bit key - originally 128 bits
 Absolute elimination of exhaustive search of key
space
 U.S. Security Agency Request - Reduce to 56 bits
 Export CDMF (40 bits)
 Keys are secrets to algorithms, not algorithms
themselves [4, 5]
© MMII JW Ryder CS 428 Computer Networking 23
 Encrypted
IP Hdr. Digest
Data
Confidentiality &
IntegrityEncrypted Digital Signature
IP Hdr.
Data (Encrypted Digest)

Confidentiality, Integrity,
& Authentication
© MMII JW Ryder CS 428 Computer Networking 24
 Data CF EM

DS
Key MAC
Digest
MAC_Time < CF _Time
Why would a guy prefer a Digital Signature over a Keyed Keyed
Digest? Why not? Digest
What types of Security are provided with EM, DS, Digest,
Keyed Digest?
© MMII JW Ryder CS 428 Computer Networking 25
 No Security
Msg
Integrity
Msg MD
Confidentiality
EM
Conf. & Integrity
EM MD
Integrity & Auth.
Msg DS
Conf., Int., & Auth.
EM DS
Integrity & Auth.
Msg KD

EM Conf., Int., & Auth.

KD
© MMII JW Ryder CS 428 Computer Networking 26
Post Presentation Results
 You should be familiar with concepts & terms
such as
 Integrity, Authentication, Non-repudiation,
Confidentiality
 Keys, MACs, Cryptography, Digest, Digital
Certificates, Datagram
 High level understanding of some methods to
combat some the above types of Internet mischief

© MMII JW Ryder CS 428 Computer Networking 27

One-Way Hashing Function Demo
 Show MD5 example

© MMII JW Ryder CS 428 Computer Networking 28

Sniffers
 Threads comment
 Show Sniffer.java

© MMII JW Ryder CS 428 Computer Networking 29