Network Security Continued

1
Network Security Continued
2
Digital Signature

• You want to sign a document.
• Three conditions.
• 1. The receiver can verify the identity of the
  sender.
• 2. The sender cannot later repudiate the content
  of the message.
• 3. The receiver cannot make the message up.

3
Using Public key / Private Key

• To send P, Alice send E_B(D_A(P)).
• Bob receives, decode it with his private key to
  get D_A(P), encode it with Alices public key to
  get P.

4
Digital Signature

• Can Bob verify this is the message from Alice?
• Yes, because (1) the message usually have some
  format and if it is not decoded correctly it will
  make no sense (2) Alice can send a hash of the
  message to Bob and Bob can verify whether the
  hash matches the decoded message

5
Digital Signature

• If Alice later denies she sent the message P, Bob
  can show P and D_A(P). A third party can check if
  he can get P with D_A(P) and Alices private key.
  If yes, Alice is lying because Bob does not know
  Alices private key and have no way to make up
  D_A(P).

6
Is problem solved?

• How can Alice and Bob know each others public
  key?
• Can Alice send a message to Bob to ask him to
  send her pkB?
• No. Tom may intercept this message and return
  Alice a message with his key or some junk.

7
Solution?

• Ask someone with authority, say, C.
• Alice asks C can you tell me the public key of
  Bob?
• C replies Here you are, pkB.
• Will this work?
• No. Because how can Alice be sure that this
  message is from C and not from Tom?

8
Solution

• Because C is well-known, Alice remembers his
  public key.
• So when C sends Alice the reply, he signs it
  with his private key D_skC(pkB, I am sending you
  the public key of Bob as you requested).
• When Alice gets this message, she knows that this
  must be from C and can be trusted.

9
Problems?

• If everyone must contact C before the session
  begins, can C still handle it?
• Note that the RSA algorithm involves
  multiplications of large numbers and is slow.

10
Solution

• In fact, C does not have to answer the reply in
  real time.
• He can send Bob a certificate like D_skCI
  hereby certificate that this key
  belongs to Bob. Bobs IP address is and
  his email is _at__at__at__at_.
• Later, when Bob wants to prove he is indeed Bob,
  he can just present this to Alice.
• Actually, it is D_skCSHA_1I hereby certificate
  that this key belongs to Bob. Bobs
  IP address is and his email is _at__at__at__at_. and
  C is called Certificate Authority (CA).

11
Optimizations

• Still, signing all these certificates is too much
  for a single machine.
• There is PKI (Public Key Infrastructure) as a
  tree. You have a root, Regional Authorities, and
  CAs.
• A node certifies the nodes under it by signing.
• Chain of trust.

12
Authentication

• If someone claims he is A and wants to have a
  conversation with you, how do you verify?
• He should present something to you which you can
  check and which he can have if and only if he is
  A.
• We can all think of certain things for our real
  friends, but does such thing exist in the
  electronic world?

13
Simple Protocol

• Will this work suppose A and B knows each
  others public key If A wants to communicate
  with B, A sends E_pkBD_skA(P), where P is the
  plain text message.
• Because of the digital signature scheme, B knows
  that this message is originally from A.
• But a message that is originally from A does not
  mean that it is from A the replay attack. What
  the adversary can do is first play the message
  with you, after you are tricked to believe it is
  A, then ask for transferring 10000.

14
The solution

• Recall that everyone has a public key and a
  private key.
• Suppose Alice and Bob knows each others public
  key.
• If Alice wants to setup a session with Bob, she
  sends Bob a message E_pkBAlice, R_a, meaning
  that I am Alice and I want to talk to you, where
  R_a is a number picked at random.
• Bob replies E_pkAR_a, R_b, K_s, where R_b is a
  number picked at random and K_s is the session
  key.
• Alice replies AES_K_sR_b.
• (not exactly the same as Skypes protocol, but
  the idea is the same)

15
Explanations

• Message 2. When Alice gets E_pkAR_a, R_b, K_s,
  she can decrypt it and can get R_a, R_b, K_s.
  When she sees R_a, she knows that this is the
  response she is waiting for and the sender must
  be Bob. Why?
• Because no one except Bob knows how to decode
  E_pkBAlice, R_a to get R_a and R_a is totally
  random and it is impossible for one to guess it
  right.

16
Explainations

• Message 3. When Bob gets AES_K_sR_b, he can use
  K_s to decode it to get R_b. Then he knows that
  this must be the message he is waiting for and
  the one who sent the first message must be Alice.
  Why?
• Because no one except Alice knows how to decode
  E_pkAR_a, R_b, K_s to get R_b and K_s to get
  AES_K_sR_b.

17
Explanations

• The key is, we can make sure that every message
  must be the response of the previous message.
• After the session key is exchanged, the
  conversation can begin.

18
SSL -- Secure Sockets Layer and HTTPS

• Build a secure connection between two sockets.
• It is a layer between the application layer and
  the transportation layer.
• When HTTP is run over SSL, it is HTTPS.

19
SSL

• Twp protocols, one for establishing a secure
  connection, the other for using it.
• Fig. 8-51. Establishing connection.
• A-gtB. SSL version, Preferences, R_A.
• B-gtA. SSL version, Choices, R_B. Certificate.
  Done.
• A-gtB. E_pkBpremaster key. Change cipher.
  Finished.
• B-gtA. Change cipher. Finished.
• R_A, R_B, premaster key used to get the session
  key.
• A is sure that she is talking to B. B use
  passwords to make sure that he is talking to A.

20
PGP Pretty Good Privacy

• Used in E-mails.

EB
RSA
K_M
DA
zip
MD5
RSA
IDEA
P
21
Attacks SYN Flood

• SYN Flood
• TCP establishes the connection by three-way
  handshake. Client sends SYN, server receives SYN,
  sends SYN ACK, at the same time allocating memory
  for this connection.
• If the client just send SYN, but not respond to
  the SYN ACK, the server will wait for a while and
  release the memory.
• What if people use spoofed source IP addresses to
  send SYN packets?

22
Attacks Reflection

• Reflection.
• What if people use the a lot of computers sending
  SYN to server with a victims IP address as the
  source address?

23
Attacks

• http//www.nytimes.com/2008/11/10/technology/inter
  net/10attacks.html
• http//www.scmagazine.com/asia/news/article/419816
  /a-next-generation-dos-attack-distributed-reflecti
  on/

24
DDoS

• DDoS Distributed Denial of Service
• Why would any one want to do this?
• In some cases, for bringing down service of
  competitors, or for extortion money.

25
Application Layer Attack

• There is a particular type of attack simply ask
  bots to send requests to the victim for large
  files.
• Now, the victim, the server, has to send large
  files therefore the bandwidth is saturated and no
  more requests can be satisfied.

26
CAPTCHA

• One way is to see if we can distinguish human
  from bots.
• CAPTCHA -- Completely Automated Public Turing
  test to tell Computers and Humans Apart
• Below is a picture from wiki

27
CAPTCHA

• Was proposed by Luis von Ahn, Manuel Blum,
  Nicholas J. Hopper, and John Langford.
• http//www.captcha.net/captcha_crypt.pdf

28
Other things you can do

• With the CAPTCHA idea, they actually did
  something else scan an old book, and show a
  word in the book along with one from CAPTCHA.
• You dont know which one is from where.
• So while you login, you help the library to
  recognize words.

29
Problem with CAPTCHA

• The problem is that you do not want to answer a
  CAPTCHA problem every 30 mins if you are watching
  a movie.

30
The other solution

• Ask the client to solve a puzzle, basically
  asking the client to spend some resource before
  getting service.
• Can you design some puzzles?

31
Puzzles

• Some puzzles include
• Finding a string such that the first k bits of
  its SHA-1 hash are 0.
• By controlling k, you control the difficulty of
  the puzzle.
• A problem is that this puzzle is biased toward
  clients with fast machines.

32
Memory-bound puzzles are better

• Memory speed varies less significantly than CPU
  speed.
• Forcing the client to do a lot of random read
  from main memory.
• How?

33
One memory bound puzzle

• There is a one-to-one function F() that cannot be
  reversed.
• Server started from x_0. x_i F(x_i-1).
• Server sends x_k to the client. Ask him to return
  x_0.
• It is to the best interest of the client to build
  a table, because table lookup is much faster than
  calculating the function, then search which input
  results in x_k, to get x_k-1, and so on.

34
Other solutions

• Speak-up When system is in trouble, instead
  waiting to drown, you should speak up!
• Meaning that you should also send a lot of
  requests.
• The server serves the one with loudest voice.
• From their 2006 sigcomm paper

35
Speak-up

• Actually, every client has to pay the server some
  currency in the form of bandwidth.
• The hope is that the clients have spare
  bandwidths but the attackers already have used up
  their bandwidths.
• These dummy byes are a waste of resource.

36
What we are working on

• Introducing p2p to DDoS defense.

37
A useful link

• http//staff.washington.edu/dittrich/misc/ddos/