Communications Technology: Security

Security

Introduction

• The principles of integrity, authentication, and confidentiality are essential for secure communication across various technologies, including mobile, WiFi, and fixed-line communications.
• This section uses the scenario of a teleworker at home to illustrate how a secure connection can be established with a remote server using the IPsec protocol.

Overview

• Section 2: Introduces the teleworking case study and IPsec as a protocol for secure connections, emphasizing integrity, authentication, and confidentiality.
• Sections 3-5: Detail the requirements of integrity, authentication, and confidentiality.
• Section 6: Discusses the generation and secure sharing of cryptographic keys.
• Section 7: Provides details on the IPsec framework and its use in virtual private networks (VPNs).
• Section 8: Summarizes the part.

Case Study: Teleworking

• Scenario: A person working at home requires secure access to a corporate network, such as a server with client account details.
• Topology: Figure 4.1 illustrates a network topology with users inside and outside the head office accessing the network.
• Key corporate network components (LANs for Sales and Finance, email, web, and file exchange servers) are kept behind a firewall.
• External communication terminates on a VPN router connected to a wide area network (WAN) and the internet.
• The WAN connects to geographically stable locations like branch offices, while the internet connects less fixed locations like homes, mobile phones, and part-time contractors.
• Requirement: Unauthorized access to confidential corporate network information must be prevented.
• Home worker access: Via an internet service provider (ISP), traffic is forwarded across the internet to the head office's ISP, then to the VPN router.
• Figure 4.2 illustrates the home worker's connection to the ISP and the corporate network.
• Protocol stack layers: Higher layers (layer 3 - network layer and layer 4 - transport layer) are needed to establish, maintain, and provide useful services over a basic network connection.
• Layer 3 protocols: Establish and maintain connections.
• Layer 4 protocols: Enable services to run.
• Example: File transfer protocol (FTP) is a layer 7 (application layer) protocol that depends on layer 3 for routing and layer 4 (TCP) for reliable delivery.
• Insecurity of FTP: An FTP connection is not secure, and client information could be accessed by unauthorized parties.
• IP Security (IPsec): Used as a case study to explore how to make a connection secure.

Making a Secure Connection

• IPsec VPN: A common method for enabling secure remote access, as depicted in Figure 4.3, which demonstrates the establishment of an IPsec 'tunnel' from home to the office.
• IPsec VPN vs. MPLS VPN: The IPsec VPN creates a secure tunnel between a single user and a private network over the public internet, unlike MPLS VPNs, which connect fixed entry and exit points.
• Tunnel characteristics: The IPsec tunnel is established between the home worker's device and the gateway router at the office, requiring no dedicated connections or special hardware.
• Metaphorical 'tunnel': Security is similar to a real tunnel but implies no fixed path. IPsec packets are routed like any other IP packets and can vary from packet to packet.

Security Requirements

• Security in electronic communications refers to:
  • Integrity: Message is guaranteed not to have been altered during transit.
  • Authentication: Guarantee that the received information comes from the designated sender.
  • Confidentiality: Communication content is only visible to the intended recipient.
• Integrity, authentication, and confidentiality are tenets of cryptography (encryption).
• Cryptologists: Design and test algorithms to secure communications.
• IPsec provides options for authentication, confidentiality, and integrity, defined by IETF open standards RFC 2401 to 2412.
• Alternatives: Secure socket layer (SSL) and proprietary systems.

Algorithms for Security Requirements

• IPsec achieves integrity, authentication, and confidentiality through protocols or algorithms.
• Table 4.1 lists common algorithms used for secure communication.
• Protocols may cover more than one requirement, and versions exist (e.g., MD5).
• MD5: Used for ensuring integrity
• HMAC-MD5: used for authentication
• DES: used for confidentiality
• Key:
  • AES – advanced encryption standard
  • DES – data encryption standard
  • DSA – digital signature algorithm
  • HMAC – keyed-hash message authentication code
  • MD – message digest
  • RSA – Rivest, Shamir and Adelman
  • SHA – secure hash algorithm.
• Algorithms in multiple columns: Some algorithms are used for more than one function. For example, MD5 can be paired with HMAC for authentication (HMAC-MD5).

Integrity

• Integrity check: Verifies that a message has not been tampered with during transit. Performed by the recipient or as part of a system like online banking.

• Hash function: The sender generates a hash by applying a hash function to the message and sends it with the message.

• Hash operation: Similar to the cyclic redundancy check (CRC) algorithm.

• Figure 4.4: Illustrates the hash function process.

• Data block $x$: Input to the hash function $H$.

• Hash $h$: Output of the hash function, where $H(x) = h$.

• Function definition: A mathematical process operating on an entity to produce another, with the output dependent on both the input and the function.

• Characteristics of the hash: A number or message digest characteristic of the message.

• Change to message: A change to the message, however minute, will produce a different hash.

• One-way function: The hashing function $H$ is a one-way function, making it virtually impossible to recreate the original message from the digest.

• Process at receiving end: The receiving end applies the same hash function $H$ to the received message to generate another message digest, which is compared to the received digest that was sent with the message.

• If the message digests match: The integrity of the message is assured.

• If the message digests do not match: The message has been tampered with in transit.

• MD5 algorithm: One of the early hashing functions, developed by Ron Rivest in 1991, but has been proven susceptible to attack.

• Secure hash algorithm (SHA): Developed by the US National Institute of Standards and Technology (NIST), replacing MD5.

• SHA-1 algorithm: Used on messages with fewer than $2^{64}$ bits, producing a 160-bit digest. Slightly slower than MD5 but more secure due to its larger message digest.

• Additional hash functions in the SHA family: NIST has published four additional hash functions in the SHA family.

  • SHA-224 (224 bits)
  • SHA-256 (256 bits)
  • SHA-384 (384 bits)
  • SHA-512 (512 bits).

• SHA-2: The four versions above are collectively known as SHA-2

• SHA-1, SHA-224, SHA-256, SHA-384 and SHA-512: Required by law for use in certain US government applications.

• Figure 4.5: General principle of the SHA-512 algorithm.

• The original message: Divided into blocks of 512 bits, shown as $m<em>1$, $m</em>2$, etc. up to $m_n$.

• Function $F$: Applied to each block in turn, applying the algorithm through a number of rounds (80 in the case of SHA-512) to generate a 512-bit output, shown as $h_1$ after the first stage.

• Coding function: Applied to each 512-bit block in turn until the final hash code, $h_n$, is derived.

• Overall output: Applying a sequence of codes to the message is a single 512-bit hash.

Person-in-the-middle attack

• A received message could pass the hash test and yet not be the one sent by the original sender as a result of a person-in-the-middle attack.
• The message and digest are intercepted, the message is changed and a new digest is generated by applying the hash function to the new message.
• Example: The amount of an online bank transfer might be changed from £100 to £10 000 and a new hash generated.

Authentication

• Objective: Providing recipient confidence that a received message originates from the claimed sender.
• Keys: Serve as the basis for authentication in network security.
• Key definition: An authorized sequence of numbers.
• Analogy: Combination padlock (Figure 4.6) where the correct combination (key) unlocks the lock, and access is only permitted with the key.
• Process: Message from Sarah is locked using a pre-chosen combination of numbers (key).
• Authentication mechanism: The key not only unlocks the message but also authenticates it; confident that the message came from Sarah, as only she could have locked it with that key.
• Multiple recipients: If they know the secret combination of numbers that constitutes the key, then a single key can authenticate the source of a message to several recipients.
• Complicated algorithms: Are used in practice because a simple six-digit combination of denary numbers would be relatively straightforward to crack.
• Figure 4.7 shows how an authentication process analogous to the one in Figure 4.6 can be created by combining a secret key and a hash function.
• The input to the hashing function $H$ is a combination of the message text $x$ and the secret key $k$, so the output is $h = H(x + k)$.
• Combining cryptographic hash and secret key: Is called a keyed-hash message authentication code (HMAC).
• HMAC cryptographic strength: Dependent upon the hash function used, the length of the hash digest, and the strength of the keys.
• Authentication protocols: HMAC-MD5, HMAC-SHA-1, RSA, and DSA.
• RSA: one of the most common authentication algorithms. It has a variable key length, and the keys are usually 512 to 2048 bits long.
• Dependence on a Secret Shared Key: Secret key exchange, is feasible amongst a small number of trusted users however, is impractical with a large number of users.
• Public keys: used where the number of users is large

Confidentiality

• Confidentiality: Ensuring that the contents of a communication are invisible to all except the intended recipient.
• Encryption: Applying an encryption algorithm to a plain-text message produces a completely new, encrypted message that contains all the content of the original message.

Symmetric and Asymmetric Encryption Keys

• Like authentication, encryption involves the use of a key: a sequence of bits that is input into an encryption algorithm together with the message to be encrypted.
• An encrypted message cannot be read by the recipient without:
  • The correct key.
  • The encryption algorithm used by the originator.
• Approaches to ensuring the security of encrypted data:
  • Protecting the algorithm
  • Protecting the keys
• Encryption algorithms: described as symmetric or asymmetric, depending on how the keys are used:
  • Symmetric encryption algorithms: use the same key for both encryption and decryption.
  • Asymmetric encryption algorithms: use different keys to encrypt and decrypt data.
• Asymmetric algorithms: are more resource intensive and slower to execute then symmetric algorithms.

Using Encryption Keys

• Encryption and decryption with secret, symmetric keys can be represented by Figure 4.8, in which user A encrypts a message that is decrypted by user B using the same key.
• Complete trust: Between all sharers of a secret key is required.
• Asymmetric Key Exchange: Is attractive because asymmetric algorithms use different types of keys for encryption and decryption, one key can be made public. The other key must remain private.

Public and Private Keys

• Are in effect a matched pair, in the sense that either key can be used to decrypt a message encrypted by the other key.
• Work in a one-to-many relationship, with one private key being able to service a widely distributed public key.
• A key exchange between two users (A and B) is shown in Figure 4.9.
• In the sequence shown in Figure 4.9, the only person in the exchange using a private (or secret) key is B, the recipient.
• Additional procedures: Supplied by public key infrastructure (PKI), where a certificate authority verifies the user and issues a digital ‘certificate’, which the user binds to the public key.

Managing Keys

• Mechanisms for obtaining and exchanging (or distributing) keys are required.
• Keys used in cryptography can be defined by two characteristics: their length (in bits) and the keyspace.
• Keyspace: The total number of different possible keys of the given length.
  • A 2-bit key length gives a keyspace of $2^2 = 4$ possible keys (00, 01, 10, 11).
  • A 4-bit key length gives a keyspace of $2^4 = 16$ possible keys.
  • A 32-bit key length gives a keyspace of $2^{32} = 4294967296$ possible keys.
• Breaking a 32-bit key by brute force would require a great deal of computing power and time.
• Important aspects of key management:
  • Generation, or developing new keys: new algorithms are developed to keep ahead of malicious compromising of existing keys. Random number generation plays a large part in key design.
  • Verification: this is done by attempting to break new keys to ensure that developers keep ahead of illegal hackers.
  • Storage: if key storage is insecure, keys can be illicitly copied, thus compromising their legitimate use and requiring a new set of keys to be exchanged.
  • Exchange: key exchanges must ensure that keys are delivered only to legitimate users. A well-known algorithm for secret key exchange is the Diffie–Hellman algorithm.

Diffie–Hellman (DH) Key Exchange

• The Diffie–Hellman (DH) key exchange algorithm: Is widely used as the basis of automatic key exchange methods. Is not used for encryption but to exchange secret keys for encryption and authentication.
• Key-agreement protocol: It uses mathematical algorithms to generate an identical key on both ends of an exchange.
• Diffie–Hellman key generation method: Is preferred to using asymmetric keys because it is quicker, and because it provides authentication (unlike asymmetric keys).
• Figure 4.10 outlines the operation of the Diffie–Hellman algorithm for two parties, A and B.
• Base Number: A and B agree on a small base number (in this example, 4).
• Prime Number: A and B agree on a larger prime number (in this example, 29).
• Each Party Generates a Secret Number: A generates secret number 8 and B generates secret number 5.
• Modular Arithmetic: Each party uses modular arithmetic to derive another number from their secret number, the base number, and the prime number.
• Modulo Operation: The modulo operation (written $x <br />\newline mod <br />\newline y$) calculates the remainder when x is divided by y.
• Calculation of A: A calculates $4^8 <br />\newline mod <br />\newline 29$ for an answer of 25
• Calculation of B: calculates $4^5 <br />\newline mod <br />\newline 29$ for an answer of 9
• The results of these calculations (9 and 25 - not secret): each party now sends to the other the number it has calculated.
• Final Step: Each party uses the number it has received from the other in a further modulo 29 calculation, using their still-secret numbers (8 and 5).
• Results: The Diffie-Hellman key exchange produces the same secret key of 20

The IPsec Framework

• The principle behind the IPsec framework is to provide options for security without being limited to current technology.

IPsec Security Policies

• The various options for providing security using IPsec are shown in Table 4.2, which has much in common with Table 4.1.
• Various Options for Security Using IPsec:
  • The IPsec specification allows for new options to be specified to meet the ever-changing security attacks.
  • Note that there are gaps in some columns because not all aspects of IPsec require all three of integrity, authentication and confidentiality.
  • The protocols in any row do not have to be used together.
• Table 4.2 IPsec framework
• Column 1 of Table 4.2 shows the protocols used by IPsec, with the corresponding security options shown in the same row.
• During negotiation between the two ends of an IPsec VPN, a particular IPsec protocol will be agreed by each end and used for the duration of the session.

Establishing a VPN

• The first stage of setting up an IPsec VPN is the establishment of a security association between the two endpoints of the VPN.

• Achieved through use of the internet key exchange (IKE) protocol.

• Figure 4.11: IKE establishes a security association in three phases, as shown in Figure 4.11.

• The first phase of IKE starts with the negotiation of a policy set, which must be the same for each end of the security association.

• During the second phase, the two endpoints share the parameters that enable them to generate a shared secret key to produce the necessary hash and encryption algorithms. This is achieved using the Diffie–Hellman (DH) algorithm, as was explained in Section 6.

• Authentication is undertaken in phase 3, where each endpoint authenticates the other using one of the algorithms from the IPsec framework.

The IPsec Tunnel

• In the security association described above, each end is terminated by an IPsec device, and the devices at each end are in a peer-to-peer arrangement.
• Modes of Operation for IPsec:
  • Transport Mode: Provides security at layer 4 (the transport layer). However, because of the encapsulation principle, in which data packets at a particular layer have encapsulated within them data packets from higher layers, IPsec transport mode provides security for layer 4 and above.
  • Tunnel Mode: Provides the more complete protection, at layer 3 (the network layer) and above. Tunnel mode is the preferred mode on home-to-office VPNs because it protects the whole of the connection regardless of intermediate routing options, which can be more varied on the internet than across an intranet, for example. Across a closed intranet, transport mode is more likely to be used.
• For a home worker, the necessary IPsec software will need to be on the host computer as the broadband modem does not provide this functionality. In most cases, the other end will be terminated by the gateway router at the edge of the office LAN.
• Figure 4.12 Tunnel mode packet structure