Discussion-11-14-2005-Information Security Management Cryptography (30 minutes) 1. 2. 3. 4. 5. 6. Discuss the basic components of cryptography. (Symmetric, Asymmetric) Discuss the weakness of symmetric cryptography. Discuss the weakness of the public key encryption Why is a hybrid crypto system preferred over symmetric and public key encryption systems? Discuss the role of digital signatures in modern communication. Discuss the limitations of a KDC system in modern communication. IPSec (30 minutes) 1. 2. What services are provided by IPSec, how? What parameters identify an SA and what parameters characterize the nature of a particular SA? 3. What is the difference between transport mode and tunnel mode? 4. What is a replay attack? 5. Why does ESP include a padding field? Advanced: 6. End-to-End authentication and encryption are desired between two hosts. Draw figures and show. a. Transport adjacency, with encryption applied before authentication b. A transport SA bundled inside a tunnel SA, with encryption applied before authentication. c. A transport SA bundled inside a tunnel SA, with authentication applied before encryption. 1 Answers: 1. Discuss the basic components of cryptography. (Symmetric, Asymmetric) 2. Discuss the weakness of symmetric cryptography. Symmetric encryption, although fast, suffers from several problems in the modern digital communication environment. These are a direct result of the nature of symmetric encryption. Perhaps the biggest problem is that a single key must be shared in pairs of each sender and receiver. In a distributed environment with large numbers of combination pairs involved in many-to-one communication topology, it is difficult for the one recipient to keep so many keys in order to support all communication. In addition to the key distribution problem above, the size of the communication space presents problems. Because of the massive potential number of individuals who can carry on communication I a many-to-one, one-to-many, and many-tomany topologies supported by the Internet for example, the secret-key cryptography, if strictly used, requires billions of secret keys pairs to be created, shared, and stored. The can be a nightmare! Large numbers of potential correspondents in the many-to-one, one-to-many, and many-to-many communication topologies may cause symmetric encryption to fail because of its requirement of prior relationships with the parties to establish the communication protocols like the setting up of and acquisition of the secret key. Besides the problems discussed above and as a result of them, the following additional problems are also observable: The integrity of data can be compromised because the receiver can not verify the message has not been altered before receipt. It is possible for the sender to repudiate the message because there are no mechanisms for the receiver to make sure that the message has been sent by the claimed sender. The method does not give a way to ensure secrecy even if the encryption process is compromised. The secret key may not be changed frequently enough to ensure confidentiality. 3. Discuss the weakness of the public key encryption Although public key encryption seems to have solved the major chronic encryption problems of key exchange and message repudiation, it still has its own problems. The biggest problem for public key cryptographic scheme is sped. Public key algorithms are extremely slow compared to symmetric algorithms. This is because public key calculations take longer than symmetric key calculations since they involve the use of exponentiation of very large numbers which in turn take longer to compute. For example, the fastest public key cryptography algorithm such as RSA is still far slower than any typical symmetric algorithm. This makes these algorithms and the public key scheme less desirable for use in cases of long messages. 2 In addition to speed, public key encryption algorithms have a potential to suffer from the man-in-the-middle attack. The man-in-the-middle attack is a well known attack, especially in network communication where an attacker sniffs packets off a communication channel, sniffs packets. The intruder convinces the correspondents that the intruder is the legitimate communication partner. 4. Why a hybrid crypto system preferred over symmetric and public key encryption systems? Symmetric algorithms, although faster than public key algorithms, are beset with a number of problems. Similarly public key encryption also suffers slowness and the potential of the man in the middle attacker. To address theses concerns and preserve both efficiency and privacy of the communication channel, and increase the performance of the system, a hybrid crypto system that uses the best of both and at the same time mitigating the worse in each system is widely used. 5. Discuss the role of digital signatures in modern communication. 6. Discuss the limitations of a KDC system in modern communication. KDC has several disadvantages including the following: The two network communicating elements must belong to the same KDC. Security becomes a problem because a central authority having access to keys is vulnerable to penetration. Because of the concentration of trust, a single security breach on the KDC would compromise the entire system. In large networks that handle all communication topologies, the KDC then becomes a bottleneck since each pair of users needing a key must access a central node at least once. Also failure of the central authority could disrupt the key distribution system. 3 1. What services are provided by IPSec, how? a) Access control, to prevent an unauthorized access to the resource. Both AH and ESP are vehicles for access control, based on the distribution of cryptographic keys and the management of traffic flows relative to these security protocols. b) Connectionless Integration. To give an assurance that the traffic received has not been modified in any way. c) Data Origin authentication. Particularly source authentication so that when a destination host receives an IP datagram, with a particular IP source address, it is possible to be sure that the IP datagram was indeed generated by the host with the source IP address. This prevents spoofed IP addresses. d) Rejection or replayed packets. (Sequence number): to guarantee that each packet exchanged between two parties is different. f) Confidentiality (encryption): to ensure that internet trafficked is not examined by non-authorized parties. This requires all IP datagrams to have their data field, TCP, UDP, ICMP, or any other datagram data field segment, encrypted. g) Limited traffic flow confidentiality (padding) AH Access control Connectionless integrity Data origin authentication Rejection of replayed packets confidentiality Limited traffic flow confidentiality ESP(encryption ESP (encryption and only) authentication) y y y y y y y y y y y y y y 2. What parameters identify an SA and what parameters characterize the nature of a particular SA? An association is a one-way relationship between a sender and a receiver that affords security services to the traffic carried on it. If a peer relationship is needed, for two way secure exchange, then two security associations are required. Security services are afforded to an SA for the use of AH, ESP, but not both. A security association is uniquely identified by three parameters: Security Parameters Index: a bit string assigned to this SA and having local significance only. The SPI is carried in AH and ESP headers to enable the receiving system to select the SA under which a received packet will be processed. IP Destination Address: Currently, only unicast addresses are allowed; this is the address of the destination endpoint of the SA, which may be an end user system or a network system such as a firewall or router. Security Protocol Identifier: this indicates whether the association is an AH or ESP security association. Additional parameters: 4 Secret key—which defines the keys to be sued Encapsulation mode – defining how encapsulation headers are created and which parts of the header and user traffic are protected during the communication process. 3. What is the difference between transport mode and tunnel mode? Transport mode Transport mode provides host-to-host protection to higher layer protocols. That is, transport mode protection extends to the payloads of an IP packet. Examples include a TCP or UDP segment or an ICMP packet, all of which operate directly above IP in a host protocol stack. Typically, transport mode is used for end-to-end communication between two hosts. When a host runs AH or ESP over IPv4, the payload is the data that normally follow the IP header. For IPv6, the payload is the data that normally follow both the IP header and any IPv6 extensions headers that are present, with the possible exception of the destination options header, which may be include dint eh protection. ESP in transport mode encrypts and optionally authenticates the IP payload but not the IP header. AH in transport mode authenticates the IP payload and selected portions of the IP header. Tunnel mode Tunnel mode provides protection to the entire IP packet. To achieve this, after the AH or ESP fields are added to the IP packet, the entire packet plus security fields is treated as the payload of new “outer” IP packet with a new outer IP header. The entire original, or inner, packet travels through a “tunnel” from one point of an IP network to another; no routers along the way are able to examine the inner IP header. Because the original packet is encapsulated, the new larger packet may have totally different source and destination addresses, adding to the security. Tunnel mode is used when one or both ends of an SA is a security gateway, such as a firewall or router that implements IPSec. With tunnel model, a number of hosts on networks behind firewalls may engage in security communications without implementing IPSec. The unprotected packets generated by such hosts are tunneled through external networks by tunnel mode SAs set up by the IPSec software in the firewall or secure router at the boundary of the local network. Original IP IP packet header TCP header Transport mode protected packet IP header IPsec header Tunnel mode protected packet IP header IPsec header data TCP header 5 IP header data TCP header data 4. What is a reply attack? A replay attack is one in which an attacker obtains a copy of an authenticated packet and later transmits it to the intended destination. The receipt of duplicate, authenticated IP packets may disrupt service in some way or may have some other undesired consequence. The sequence number field is designed to thwart such attacks. 5. Why does ESP include a padding field? The padding field serves several purposes: If an encryption algorithm requires the plaintext to be a multiple of some number of bytes (e.g., the multiple of a single block for a block cipher), the Padding field is used to expand the plaintext (consisting of the Payload Data, Padding, Pad Length, and Next Header fields) to the required length. The ESP format requires hat the PAD length and Next header fields be right aligned within a 32-bit word. Equivalently, the cipher text must be an integer multiple of 32 bits. The padding field is used to assure this alignment. Additional padding may be added to provide partial traffic flow confidentiality by concealing the actual length of the payload. Advanced: 6. End-to-End authentication and encryption are desired between two hosts. Draw figures and show a) Transport adjacency, with encryption applied before authentication b) A transport SA bundled inside a tunnel SA, with encryption applied before authentication. c) A transport SA bundled inside a tunnel SA, with authentication applied before encryption. 6