Tutorial on Network Communications and Security

23
Lecture Notes © Raj Bridgelall, PhD (North Dakota State University, College of Business) Page 1/23 Introduction to Digital Networks and Security Raj Bridgelall, PhD

Transcript of Tutorial on Network Communications and Security

Lecture Notes

© Raj Bridgelall, PhD (North Dakota State University, College of Business) Page 1/23

Introduction to Digital Networks and Security

Raj Bridgelall, PhD

© Raj Bridgelall, PhD (North Dakota State University, College of Business) Page 2/23

Table of Contents

PART I – NETWORKING CONCEPTS.....................................................................................4

1 INTRODUCTION..................................................................................................................4

2 DATA COMMUNICATIONS ..............................................................................................4

2.1 THE OSI MODEL ...............................................................................................................4

2.2 NETWORKING DEVICES .....................................................................................................5

2.3 TCP/IP ..............................................................................................................................6

3 MOBILE IP ............................................................................................................................7

3.1 FIREWALLS........................................................................................................................9

3.2 DHCP AND DNS ..............................................................................................................9

3.3 IPV6 ................................................................................................................................10

PART II – CRYPTOGRAPHY AND NETWORK SECURITY .............................................12

4 SECRET KEY CRYPTOGRAPHY ...................................................................................12

4.1 SECRET KEY DISTRIBUTION ............................................................................................13

4.2 SECRET KEY AGREEMENT ...............................................................................................13

4.3 SECRET KEY EXCHANGE .................................................................................................13

5 PUBLIC KEY CRYPTOGRAPHY ....................................................................................13

5.1 RSA PUBLIC KEY CRYPTOGRAPHY .................................................................................15

5.2 ELLIPTIC CURVE CRYPTOGRAPHY ...................................................................................16

5.3 DIGITAL SIGNATURES .....................................................................................................17

5.3.1 Hashing ......................................................................................................................17

5.3.2 Non-repudiation .........................................................................................................18

5.4 DIGITAL CERTIFICATES ...................................................................................................18

5.4.1 PKI Based on X.509 ...................................................................................................18

5.4.2 PKI Based on PGP .....................................................................................................18

6 CRYPTOGRAPHIC PROTOCOLS ..................................................................................19

6.1 SSL .................................................................................................................................19

6.2 IPSEC ..............................................................................................................................19

6.3 VIRTUAL PRIVATE NETWORKS ........................................................................................21

6.4 POINT-TO-POINT PROTOCOL ...........................................................................................21

7 REFERENCES .....................................................................................................................22

8 LIST OF ACRONYMS .......................................................................................................23

© Raj Bridgelall, PhD (North Dakota State University, College of Business) Page 3/23

List of Figures

Figure 1: Illustration of the Mobile IP Process. .............................................................................. 8

Figure 2: Secure communications over an untrusted network using public key methods. ........... 14

Figure 3: IPSec protocol architecture. ........................................................................................... 20

Figure 4: Assurances from the four possible protocol/mode combinations of IPSec. .................. 21

© Raj Bridgelall, PhD (North Dakota State University, College of Business) Page 4/23

Part I – Networking Concepts

1 Introduction

Part I of this lecture note summarizes numerous network communications concepts that are

needed to appreciate various topics in cybersecurity. Part II summarizes network security

concepts, many of which have become the base technology for cryptographic applications such as

blockchains and crypto-currency.

2 Data Communications

The transmission of data between applications on remote computing nodes involves a well-

defined process for generating data packets and eventually converting them into transmissible bit

streams for reliable end-to-end delivery over an unreliable and untrustworthy media.

2.1 The OSI Model

Classical network communications theories layer each of these well-defined processes into a

stack consisting of seven layers. The International Standards Organization (ISO) created a broad

set of specifications for these seven layers. The ISO organized them into a model called the Open

Systems Interconnection (OSI) to facilitate widespread and standardized development of

interactive systems for a public network such as the Internet. These seven layers, starting with the

one closest to the hardware level are the physical, data link, network, transport, session,

presentation, and application layers (Forouzan 1998).

The physical layer is responsible for the transmission of bits over a physical medium with pre-

defined electrical and mechanical specifications. The bit encoding and bit representation schemes

are also determined at this layer. For example, at this layer we consider the carrier modulation

method and power fluctuations by which ‘ones’ and ‘zeros’ of a digital bit stream are represented

for physical media transmission. IEEE 802.3 is an example of a physical layer specification that

defines a bit encoding scheme (e.g. Manchester 10BaseT, 100BaseT, etc.) and a channel access

mechanism based on Carrier Sense Multiple Access/Collision Detection (CSMA/CD.)

Originally developed by Xerox Corporation and later extended as a joint venture that added Intel

and Digital Equipment Corporations, the IEEE 802.3 specification, also called Ethernet, became

the most popular physical layer specification for Local Area Network (LAN) communications.

The data link layer organizes bits into frames for node-to-node delivery. It adds headers and

trailers that get the frame from one physical node to the next in an error free manner. With flow

control, the data link protocol orders the frames and regulates the amount of data sent so as to

prevent receiver overflows. Synchronization bits alert the receiver when frames begin and end

and error bits indicate the need for re-transmission. Some examples of data link protocols are

XMODEM, LAPD (used in ISDN), PPP (used for serial communications between personal

computers and cellular phones), and Frame Relay (used for LANs.)

For WLAN, the IEEE further sub-divided the data link layer into the Logical Link Control (LLC)

and Media Access Control (MAC) layers. These implement the node-to-node and media sharing

mechanisms respectively. The IEEE standardized the LLC implementation across all WLAN

networks but allowed for dedicated implementation of the MAC as it pertained to the particular

communications device. The LLC also contains source and destination port numbers that identify

© Raj Bridgelall, PhD (North Dakota State University, College of Business) Page 5/23

the application end-points of the sending and receiving machines. The MAC layer resolves the

contention for the shared media. It contains the frame synchronization, error, flow control flags,

control specifications, and physical addresses necessary to move data between nodes.

The network layer is responsible for moving packets from source to destination nodes so as to

provide internetworking. It fragments the original message (packet) from the transport layer into

manageable pieces (frames) for final delivery and eventual re-assembly. Routers on the network

contain routing tables that facilitate the best known virtual path between intermediate nodes that

will eventually get the frame from the source address to the destination address. As frames move

between network nodes on its way to the final destination, each node substitutes an intermediate

data-link address header that moves the frame to the next node along the way. However, the

source and destination addresses do not change as frames move between nodes. The network

layer is also responsible for media sharing and channel-access so that multiple frames from

different applications can simultaneously move across the same physical media.

The transport layer provides a reliable end-to-end message delivery by overseeing the error

recovery and flow control processes. Unlike the network layer, the transport layer recognizes a

relationship between the frames so that they can be re-assembled into the original cohesive

message packet and delivered to the appropriate application. Since several applications may be

running simultaneously, the transport layer is responsible for identifying service points (also

known as port or socket addresses) and to deliver the message to the intended application. Some

session messages may be too long for reliable transport layer re-assembly or too short for

efficient use of the media. Therefore, the original session message is also appropriately

segmented or concatenated. Each message is sequenced so that they can be re-assembled in the

original order with which they were transmitted. TCP and UDP are popular transport layer

protocols, which we will briefly describe in Section 2.3.

The session layer is responsible for establishing, managing, and gracefully terminating

communication sessions between two remote applications. It synchronizes the interaction

between the two network entities so that processes can be reliably completed. For example, it

utilizes session checkpoints so as to continue processes from where they were suspended as the

lower levels recover from intermittent communications failure due to packet loss or packet

latency from a noisy or congested network.

The presentation layer translates between native communication languages, provides data

compression, and encryption for secure communications. Data translation provides a uniform

interface for applications running on any platform.

The application layer software programs facilitate access to the network resources. Some

examples are directory services, mail services, virtual terminals, and file management.

2.2 Networking Devices

The Internet is made up of a number of networking devices called Repeaters, Bridges, Routers,

and Gateways. Repeaters operate at the physical layer and their purposes are to intelligently

regenerate the bit-stream in order that packets can reliably travel large distances between nodes.

A repeater is not necessarily an amplifier, although the signal strength is generally restored to its

original level.

© Raj Bridgelall, PhD (North Dakota State University, College of Business) Page 6/23

Bridges operate at both the physical and data link layers. They divide a large network into

smaller sub-networks or combine smaller sub-networks of the same type into a larger network.

Bridges contain a list of all the nodes connected to either side of it and so it can intelligently filter

and forward packets to the intended recipients on either side.

Routers operate in the physical, data link, and network layers and they are needed to establish the

best paths for packets to travel along the way from source to destination nodes. They gain

knowledge about the network configuration and path characteristics from periodic

communications with other Routers. Eventually, all Routers have knowledge about the network

to which they are connected so that each can determine the best path for routing packets. Routers

typically use the Dijkstra graph theory algorithm 8 to determine the shortest path to other

Routers. They also track and update a packet’s lifetime and may eventually ‘kill’ a packet if it has

not found its owner within a predetermined time period. This mechanism prevents network

congestion when disabled nodes cause looping or bouncing because packets reach dead-ends.

Gateways can operate in all seven layers of the OSI model and convert between protocols so that

data can move across different network types. Physically, a gateway is no more than additional

software running on a Router.

2.3 TCP/IP

The Advanced Research Project Agency (ARPA), a U.S. Department of Defense arm, developed

TCP/IP in 1969 for connecting computers in a large network called ARPANET – now known as

the Internet. TCP/IP developed before the OSI standard and, therefore, does not exactly match

the OSI model. TCP/IP combines the three top layers of the OSI model (application,

presentation, and session) into a single application or message layer. TCP or UDP is defined for

the transport or Segment layer and IP is defined for the network or Datagram layer. The data link

and physical layers are network dependent and consist of an organized pattern of frames and bits

respectively.

IP is unreliable and connectionless. Unreliability means that IP does not provide error checking

or datagram tracking. Reliability is nevertheless obtained when IP is paired with a reliable

transport protocol such as TCP. Connectionless refers to the fact that no virtual circuit is

established for the transmission of the entire message which consists of an ordered series of

datagrams. Each datagram is separately transmitted and does not necessarily follow the same

path. Unlike a connection-oriented service, the receiver is not alerted about the incoming

message and it is not expected to acknowledge successful receipt of the entire message once it

has been completely transmitted.

Each datagram consists of a 20 to 60 byte header and a data portion where the total datagram

length does not exceed 65536 bytes. The header consists of information essential for its routing

and delivery. For example, the header includes fields containing the source IP address,

destination IP address, and datagram lifetime. There are also numerous other fields that relate to

packet fragmentation, service class, reference protocol, routing, timing, management, and

alignment controls. IP addresses of the present Internet version (IPv4) consist of four bytes that

define a class type, network identification (NID), and host identification (HID.) At present, only

the third of five address classes is available for use. The first two are already full. The fourth

class is for multicasting and the fifth is reserved.

© Raj Bridgelall, PhD (North Dakota State University, College of Business) Page 7/23

IP supports three additional sub-protocols known as Address Resolution Protocol (ARP),

Reverse Address Resolution Protocol (RARP), and Internet Control Message Protocol (ICMP.)

ARP is used to associate an IP address with the physical address of the device, which is usually

the Network Interface Card (NIC) hard coded address. Hosts and Routers find the physical

address associated with an IP address by broadcasting an ARP query packet to every node on its

sub-network and receiving an answer only from the owner. RARP allows a host to determine its

IP address when it knows only its physical address. The host broadcasts its physical address in an

RARP request packet and receives its IP address only from the network node that knows it.

ICMP allows the host to determine when an IP datagram is undeliverable.

Both TCP and UDP represent the transport layer portion of the protocol. TCP is reliable and

connection-oriented. UDP is unreliable and connectionless and is thus simpler. Both UDP and

TCP connections are port-to-port in contrast with IP, which provides host-to-host connectivity.

The multi-tasking operating system of the host machine assigns a port to each active process. A

port is generally a data buffer with which a process is associated. As such, UDP and TCP

segment headers carry both the source and destination port addresses. Unlike UDP, TCP also

contains identification and sequencing numbers so that the specific lost or damaged segment can

be identified. TCP sets up an end-to-end virtual circuit for the entire duration of the segment

transmission so that the end ports know to expect more datagrams and to check their sequencing.

This virtual circuit session should not be confused with that of the session layer protocol, which

is more concerned with the entire message exchange and not just the segment. TCP achieves

reliability by adding header information that facilitates error detection, acknowledgements, and

frame retransmission.

3 Mobile IP

Mobile IP is a standard proposed within the Internet Engineering Task Force (IETF) that will

allow a mobile unit (MU) to have both a fixed home address and a care-of address that changes

as the MU roams through different networks (Perkins 1998). In effect, remote applications will

continue to transparently interact with the MU as it roams seamlessly across IP-based networks.

The scope of this standard includes only packet switched connections based on IP.

Mobile IP requires the existence of a home agent network node. Whenever the MU is attached to

a foreign network, it registers with a foreign agent of that network. Vendors generally implement

Mobile IP in routers that can serve as both home and foreign agents. The foreign agent assigns a

new care-of address to the MU. As the MU moves between networks, it obtains a new care-of

address via Dynamic Host Control Protocol (DHCP) and registers the new address with the

home agent. Registration is done either directly or indirectly via the foreign agent, depending on

the nature of the attachment. Mobile IP utilizes the User Datagram Protocol (UDP) with re-

transmission parameters in order to avoid the complexities of Transmission Control Protocol

(TCP.) After registration, all packets arriving at the home agent will be re-directed to the foreign

agent at the care-of address. After receiving the re-directed packets, the foreign agent substitutes

the destination-IP address for the static home-IP address and delivers the packet to the MU.

Mobile IP is implemented at the network layer of the OSI model such that applications running

above, such as TCP, will be unaware of roaming as the MU changes its point of attachment to the

network. Applications will see the MU’s static home-IP address as its source address when the

MU is sending data and as the destination address when the MU is receiving data. Therefore,

© Raj Bridgelall, PhD (North Dakota State University, College of Business) Page 8/23

Mobile IP implementation results in seamless application connectivity as the MU roams and

attaches to topologically new IP nodes.

Figure 1: Illustration of the Mobile IP Process.

The home agent facilitates this transparency by re-encapsulating the arriving packets with a new

IP address destination wrapper to the care-of address. The foreign agent then unwraps the packet

before forwarding it to the MU. This re-encapsulation is also frequently a subset of some secure

tunneling protocol, for example, IPsec. Therefore, Mobile IP can effectively accommodate a

VPN style tunnel between the home agent and the foreign agent. A secure connection between

the home and foreign agents is necessary in order to prevent rogue network entities from

inconspicuously updating the home agent with a fake care-of address, thereby redirecting packets

to an unintended destination.

When MUs roam, they must either discover home and foreign agents via their advertisements, or

they must solicit prospective agents. Several MUs utilizing a foreign agent may share a single

care-of address. This works because the home address for each MU will remain unique and

unchanged during the tunneling transit between the home and foreign agents. Therefore, after

“de-tunneling,” each MU will get the packets destined for them. MUs capable of running the

Mobile IP protocol can serve as their own foreign agent provided that they have access to a

DHCP server for IP address assignment. In this case, the specifications refer to the care-of

address as a co-located care-of address. When serving as its own foreign agent, the MU must

additionally be capable of running the required tunneling protocol. Foreign agents may directly

route packets from the MU to the remote host and bypass the home agent during the reverse trip

as illustrated in Figure 1. Hosts that are capable of implementing a directory cache of care-of

addresses and a tunneling protocol can bypass the home agent and communicate directly to the

MU. This is desirable for reducing network traffic congestion to the home agent as well as a

potentially inefficient route between the client and server.

© Raj Bridgelall, PhD (North Dakota State University, College of Business) Page 9/23

Although Mobile IP is one of the leading proposals for seamless roaming of next generation

mobile Internet applications, there are numerous disadvantages to using the standard. For

example, if the point of MU attachment changes faster than the round trip time for a packet, then

the foreign agent routers will not have time to update their routing tables and packets will be lost.

The round trip time for packets moving across the Internet depends on network utilization,

congestion, number of operational nodes, etc. Also, TCP timers, such as packet time-out and

retransmission counts, are not adaptively reconfigurable and depend on the network connection.

Therefore, switching between the data rates of a slower wireless connection such as a WWAN

and a faster wireless connection such as a WLAN may result in an inefficient data

communications link. As tunnel overhead and network related delays between the home and

foreign agents change while the MU roams, remote applications may unnecessarily increase error

and flow control handshakes, thereby exacerbating the problem.

3.1 Firewalls

Firewalls prevent unsolicited packets from entering the Intranet that it is protecting. They also

prevent packets that appear to have emanated from a node within the Intranet from re-entering. In

doing so, a firewall is attempting to filter out potentially malicious packets that are intended to

spoof internal computers. Therefore, the MU may not be able to communicate with neighboring

nodes within its domain if the home agent is located outside of this domain. One solution is to

setup a reverse tunnel from the foreign agent back to the home agent, thereby bypassing the

firewall function. However, this results in network routing inefficiencies that can possibly lead to

network congestion.

3.2 DHCP and DNS

The Dynamic Host Control Protocol (DHCP) provides new network clients with an IP address,

the Domain Name Server (DNS) address, domain names, default Router addresses, and other

configuration information needed for communications on the network. The DNS facilitates a

user-friendly method of naming hosts and provides the equivalent host name or IP address if

given either. When a client attaches to a network, it sends out a DHCP request. One or more

DHCP servers or agents hearing the message will formulate a service offer to the client via its

MAC address and source port. The DHCP server will not commit the IP address until the client

acknowledges the response. The DHCP assigns a lease time to the IP address it allocates to the

client. Hereafter the client is expected to renew the lease when it is at 67% of the expiration time

or risk losing the IP address while in the middle of an application.

In order to facilitate Mobile IP with conventional networks having DHCP and DNS servers, the

MU must use its new DHCP-allocated IP address as a co-located care-of address and update the

home agent. That is, the MU must now serve as its own foreign agent. However, the MU may

also ignore the use of the DHCP-allocated IP address and utilize one from an advertising foreign

agent instead.

For WLANs, the access point (AP) can be configured as a foreign agent that advertises its

services to MUs as they associate. Therefore, the AP can assign the MU a care-of address. The

AP can also forward DHCP requests for a home IP address. In this case, the DHCP will return a

home IP address that is closely associated with a nearby home agent with which the MU can

register.

© Raj Bridgelall, PhD (North Dakota State University, College of Business) Page 10/23

Mobile IP must also facilitate the time latency required for authentication and network security.

Without network authentication, the MU cannot determine which DHCP server response is

authentic nor can a DHCP server trust the MU. For example, rouge MUs can issue multiple

DHCP requests, each with an associated fake MAC address so as to deplete the pool of IP

addresses that the server can issue. MUs can also register normally but then configure themselves

as fake DHCP servers and take control of the network.

3.3 IPv6

The number of Internet nodes has historically doubled every year. Each active Internet node

requires a separate and unique IP address. With the explosive growth of Internet users, the

present pool of IP addresses defined by IPv4 is dwindling rapidly. The Internet Engineering Task

Force (IETF) first proposed IPv6 in July 1994 in order to address this and other issues. IPv6

provides four times more address bits for a total length of 16 bytes rather than four bytes of the

current IPv4 standard. This results in 2(128-32) = 296 times more IP addresses. This is enough IP

address to cover nodes on every square inch of every planet in the solar system.

Each IPv6 datagram is composed of a payload that can be up to 65536 bytes and a fixed base

header that is 40 bytes long. The payload itself consists of an optional extension header plus the

data from upper layers. The 40 byte base header consists of a 16 byte source IP address and a 16

byte destination IP address plus other fields that are needed to route the datagram more

efficiently than IPv4 through the Internet. Extension headers provide a facility for better source

routing, fragmentation, authentication, and security.

IPv6 incorporates many of the general ideas of Mobile IP. It incorporates several new features

that removes the need for a foreign agent while more naturally facilitating the presence of a home

agent entity. The home agent and the MU cooperate via a registration process involving the care-

of address obtained from network access points. In IPv6, the MU has more responsibility for

managing its own mobility. The MU is also now able to automatically configure its care-of

address at the point of network attachment so that it contains the proper foreign network prefixes

and is also more globally routable based on its location. As the MU moves, it directly supplies

location information to its remote correspondents. The MU does so by using the IPv6 destination

and security options located in the extension headers. For privacy reasons, the MU is not

obligated to always communicate location information directly to its correspondents. Therefore,

the MU must also communicate care-of address updates to the home agent, which must now also

acknowledge receipt of the updates. IPv6 also has a new home address option that is generally

included for communications between the MU and its correspondent. This informs

correspondents that for mobile devices, they should consider sending packets to the home

address rather than to the source IP address (care-of address) that they find within the fixed base

header. This mechanism effectively resolves issues with firewall filtering.

The MU keeps track of its connectivity status through Neighbor Discovery and Network

Unreachability Detection (NUD) protocols. Routers periodically send multicast advertisements

and this is one mechanism by which the MU determines the status of its network connectivity.

Routers advertise their services such as whether or not they can serve as a home agent. In order to

facilitate smooth handoffs between points of network attachment, the MU sends a location

update packet to the previous router in order to indicate that it has moved to a new care-of

address. Subsequently, the MU sends a location update to the remote correspondent.

© Raj Bridgelall, PhD (North Dakota State University, College of Business) Page 11/23

In IPv6, each node on the network will have a destination address cache that it is responsible for

updating. This mechanism allows each node to process location updates from the MU and,

thereby redirect correspondence to the new care-of address.

© Raj Bridgelall, PhD (North Dakota State University, College of Business) Page 12/23

Part II – Cryptography and Network Security

Cryptography is Greek for “hidden writing.” In computer based cryptography, it is the art of

ciphering an easily understood message or “plain text” into one that cannot be easily deciphered

(Mel and Baker 2001). The basic components for a cryptographic system are a ciphering engine,

a key exchange mechanism, a hashing function, and a random number generator. A reversible

ciphering engine will encrypt or decrypt the plain text message using the same secret key. This is

called symmetric or secret key cryptography. It is different from public key cryptography

whereby one key is used for encryption while another mathematically related key must be used in

order to decipher the message. Ciphering engines are either block ciphers which encrypt blocks

of text at a time, or stream ciphers, which produce an output bit stream in response to an input bit

stream.

Cryptography is essential for maintaining the confidentiality, authenticity, and integrity of

messages that are communicated over untrustworthy channels. Confidentiality is the assurance

that only the owners of the secret key can have access to the data. Authenticity is the assurance

that the originator of the message is not an imposter. Integrity is the assurance that data has not

been altered while in transit.

All ciphering methods are based on the principles of diffusion and confusion, which are terms

coined by Claude Shannon. Diffusion is the technique of transposing and substituting characters

or bits. The intent is to disperse the statistical nature of the encrypted message or cipher text, and

thereby hide its relationship with the plain text. Alternatively, confusion is the cryptographic

principle of hiding the relationship between the cipher text and the secret key. Given a key length

in bits, a strong cryptographic method has many possible secret keys such that a brute force

search for the secret key will be infeasible.

4 Secret Key Cryptography

In secret key cryptography the same key both encrypts and subsequently decrypts a message. This

is also known as symmetric key cryptography. This type of cryptography is an attractive means

for secure communications among low cost computing devices such as sensors because it

involves less computationally expensive ciphering methods than public key cryptography.

However, its strength ultimately depends on the robustness of a system for distributing secret

keys to the network participants.

Data Encryption Standard (DES) is one of the most popular symmetric encryption algorithms and

has been a published standard since 1977. However in 1999, a team from the Electronic Frontier

Foundation managed to break the DES encryption in less than 24 hours. Around the time of this

event, the National Institute of Standards and Technology (NIST) requested algorithm

submissions for a new federal Advanced Encryption Standard (AES.) Five contenders made it to

the last round of selection. In October 2000 NIST selected the Rijndael algorithm, which was

developed by two Belgian cryptographers, Joan Daemen and Vincent Rijmen. While this

standard was being ratified, Walter Tuchman of IBM proposed Triple DES, which was an effort

to improve the security of the DES algorithm. With triple DES, the DES algorithm is applied

three times with two different secret keys.

© Raj Bridgelall, PhD (North Dakota State University, College of Business) Page 13/23

4.1 Secret Key Distribution

A trusted third party or key distribution center (KDC) is often used to distribute copies of secret

keys. Key distribution can become a significant problem when the number of keys to distribute

grows exponentially with the addition of as new network clients. Therefore, the KDC can

become the bottleneck of information exchange and is also a likely target for hackers. One way

around this is to use public key encryption as a secure means of exchanging secret keys so that

subsequent communications will use the less computationally expensive symmetric key methods.

4.2 Secret Key Agreement

The Diffie-Hellman (DH) algorithm developed by Whitfield Diffie and Martin Hellman of

Stanford in 1976 is a popular method of key agreement. That is, the shared secret key is derived,

rather than distributed by another system, via plain text communications across an untrustworthy

network. Correspondents agree on a large prime generator g and a large prime number modulus

n, each of which can be made public. The generator, g must have the property that its

exponentiation with a random number from the selected number space will result in a large

number of unique outcomes. The following table summarizes the DH algorithm for secret key

agreement:

Correspondent-A Correspondent-B

Publicly known: {g, n}

Generate random number A (secret) Generate random number B (secret)

Calculate X = gA MOD n Calculate Y = gB MOD n

Transmit X Transmit Y

Calculate Key = YA MOD n

= (gB)A MOD n = gBA MOD n

Calculate Key = XB MOD n

= (gA)B = gAB MOD n

Shared Key = gAB MOD n

For a key that is 1024 bits long, an eavesdropper will need to compute the discrete log of both X

and Y many times in order to discover the random numbers A and B. Fortunately, the discrete log

problem is so computationally intensive that it will take a supercomputer several thousand years

to compute.

4.3 Secret Key Exchange

Even though the DH algorithm allows each party to create a secret key with publicly exchanged

parameters it does not provide authentication. That is, neither correspondent can be assured that

the other is genuine. Therefore, public key techniques are used to first exchange secret keys that

correspondents can subsequently utilize.

5 Public Key Cryptography

Unlike secret key cryptography, public key cryptography provides a better way to publicly

distribute keys while keeping the secret or private key safely guarded. Public key cryptography is

also known as asymmetric key cryptography because one key is used for encryption while

another mathematically related key is used for decryption. Asymmetric or public key encryption

methods typically use the concept of modular inverses to create public/private key pairs.

Modular inverses are a pair of numbers in modular arithmetic that when multiplied together yield

© Raj Bridgelall, PhD (North Dakota State University, College of Business) Page 14/23

unity. For example, the numbers 3 and 7 are modular inverses in modulo 10 arithmetic because

(3 7) MOD 10 = 1.

To encrypt a message, we essentially multiply numeric equivalents of it with the first number,

transmit the result as the encrypted message, and then multiply the received encryption with the

second number so as to recover the original message. We can view the overall process as

multiplying the message by unity whereby the first number is the public key, and it’s inverse as

the private key or vice versa.

The success of public key cryptography for worldwide electronic commerce depends on the

establishment of a trusted third party that will authenticate and distribute public keys. This will

prevent imposters from claiming any public key as their own without first presenting proof of

authenticity. Even though public key cryptography can provide all of the needed security

functions while secret key cryptography cannot, it is not as practical to implement across all

platforms primarily because of its high computational complexity. Therefore, secret key

techniques are used for many networking applications, while public key techniques are used

when necessary to facilitate authentication and secret key exchanges.

RSA from the Massachusetts Institute of Technology (MIT), and Pretty Good Privacy (PGP),

which was created in 1991 by Philip Zimmerman are probably the two most well-known public

key cryptographic systems. Figure 2 illustrates the basic operation of a public key based message

exchange.

Figure 2: Secure communications over an untrusted network using public key methods.

The sender first obtains the recipient’s public key from a trusted third party that vies for its

authenticity. Section 5.4 describes public key distribution and digital certificates. With the

© Raj Bridgelall, PhD (North Dakota State University, College of Business) Page 15/23

assurance that the public key is indeed assigned to the intended recipient, the sender encrypts the

plain text message with the recipient’s public key B and transmits the encrypted message. The

recipient decrypts the ciphered message with its securely held private key B. However, this

process only provides confidentiality, which is the assurance that no one else could have

deciphered the message in transit, other than the recipient. However, the message itself could

have been intercepted, substituted, re-encrypted with the recipient’s public key, and delivered

instead of the original message. Therefore, in order to authenticate the message, the sender adds a

digital signature to the transmitted packet by encrypting a highly compressed form (a hash) of the

original message with the sender’s private key. Upon receiving the message, the recipient also

decrypts the hash with the sender’s public key and compares the result with its own hash of the

received message, thereby validating the authenticity of the message. Section 5.3 describes

hashing and digital signatures in greater detail.

5.1 RSA Public Key Cryptography

RSA is named after its inventors, Ronald L. Rivest, Adi Shamir, and Leonard M. Adleman of

MIT. It is a popular public key encryption algorithm that many cryptographers scrutinize. Its

strength is based on the difficulty of factoring a very large number into two large prime numbers.

The algorithm, developed from a basic theory by Pierre de Fermat in the 1600’s, specifies

m(p-1) MOD p = 1

for any prime number p and positive number m that is less than p. Later, Leonard Euler extended

Fermat’s theorem in the 1700’s by proving that the expression was also true for prime products.

That is, when replacing p by the product of two primes pa and pb, the expression

m(pa-1)(pb-1) MOD papb = 1

is also true for base m and modulus (papb) relatively prime, which means having no common

factors other than unity. Multiplying both sides by m yields

m(pa-1)(pb-1)+1 MOD papb = m

Letting

(pa-1)(pb-1) = (n)

where n = papb, any message m raised to the power (n)+1 in modulo n arithmetic gives back the

original message m or

m(n)+1 MOD n = m

The basic idea behind asymmetric key cryptography is to generate two numbers (keys) Kp and Kq

such that their products will be equal to (n)+1,

KpKq = (n)+1

This problem is the same problem as finding Kp and Kq such that their product in modulo (n)

arithmetic is unity. That is,

KpKq = 1 MOD (n)

Note that Kp and Kq are mathematical inverses of each other in modulo (n) arithmetic. Picking

© Raj Bridgelall, PhD (North Dakota State University, College of Business) Page 16/23

one of the numbers, for example Kp, such that it is relatively prime with both (pa-1) and (pb-1)

allows for the Extended Euclidean algorithm then generate Kq Error! Reference source not

ound.. Therefore, if the public key is {Kp,n} then the private key would be Kq.

Encrypting the message requires an exponentiation of it with the public key within the modulus

n. Decrypting the message similarly requires an exponentiation of the encrypted message with

the private key within the modulus n to get the original message m as follows:

Encryption Decryption

(m)Kp MOD n (mKp)Kq MOD n = m(n)+1 MOD n = m

An observer knowing Kp, n, and the cipher text (m)Kp MOD n cannot solve for the message m

within a few lifespan by using the fastest computer currently available. The only known practical

method for computing m is to first know the secret key Kp. If pa and pb are known, then the secret

key Kq can be derived. However, finding pa and pb will involve brute-force factoring of a very

large (1024-bit) number, and this will also take several lifespans with the fastest computer

currently available.

5.2 Elliptic Curve Cryptography

Since the RSA key lengths have become so long (1024 bits), new techniques such as Elliptic

Curve Cryptography (ECC) have been invented. ECC is based on sets of predefined

mathematical rules for translating coordinates on an elliptic curve in modulo arithmetic. The

elliptic curve is defined as

y2 MOD p = (x3 + ax + b) MOD p

The public key includes the curve parameters (p, a, b), a point on the curve defined by an (x,y)

coordinate pair P, and another point on the curve Q that is a “special” translation of the point P

by some secret amount d. This secret amount d is the private key. The “special” translation is

such that

d P = Q

This special translation operation is a one way function. That is, one cannot solve for the secret

translation scalar d simply by knowing the input and output coordinates P and Q respectively.

Therefore, correspondents at each end of the untrustworthy communications channel can easily

derive a shared secret key by combining their private key with the correspondent’s public key as

illustrated in the following table.

Correspondent-A Correspondent-B

Public Key A = {p, a, b, P, Qa} Public Key B = {p, a, b, P, Qb}

Private Key A = {da} Private Key B = {db}

Transmit Qa = da P Transmit Qb = db P

Shared Key = da Qb = da (db P) Shared Key = db Qa = db (da P)

This form of key exchange works because the correspondent’s public key also contains the

© Raj Bridgelall, PhD (North Dakota State University, College of Business) Page 17/23

private key in cryptic form. This process is also referred to as the EC Diffie-Hellman Algorihm.

EC keys require about 20 bytes of storage compared with about 256 bytes for RSA keys.

Researchers found that a 170 bit EC key length will give approximately the same level of

security as a 1024 bit RSA key. Smaller key sizes provide more flexibility for storage in low-end

computing devices such as smart cards.

5.3 Digital Signatures

Encrypting the plain text or a compressed version of it with the private key rather than the public

key creates a digital signature. The recipient verifies the authenticity of the signature by applying

the associated public key as we illustrated in Figure 2. The U.S. Federal Information Processing

Standard (FIPS) adopted Digital Signature Algorithm (DSA) in the 1990s, even though RSA

could have also been used. DSA is used only for digital signatures. Unlike RSA, DSA cannot be

used with a public key to decipher the original plain text message. In fact, it requires the original

plain text in order to verify the signature. RSA can verify signatures much faster than DSA.

However, DSA can create signatures faster than RSA by using pre-computed values. Therefore,

it is likely to be used for low complexity computing devices such as smart cards where the

verification can be performed on servers which generally has computing capability.

5.3.1 Hashing

When creating a digital signature with the private key, the original plain text message itself is not

used directly. This is because it is not sensible to encrypt the plain text itself with a private key

since it can be decrypted with a public key, as in RSA. Therefore, practical systems sign an

irreversible and highly compressed version of the message so that the recipient can verify the

signature as shown in Figure 2. Hashing is such a one way function that can produce an

irreversible and highly compressed version of the message. When applied to a message, the

hashing function produces a sequence of numbers known as the “digital fingerprint” since it is

unique and repeatable. The hash value can also be viewed as a form of cryptographic checksum

that must change if the input text changes. The hashing function output is also called a Message

Integrity Code (MIC) or a Modification Detection Code (MDC.) MICs have a one-to-one

mapping with the message. That is, no two messages will produce the same code. This is called

weak collision resistance. MICs also have the reciprocal mapping property whereby each code

uniquely represents only one message. This is called strong collision resistance. The subtle

difference is that weak collision resistance prevents finding any two different messages that will

result in the same code while strong collision resistance prevents finding two different source

messages in the message space when given a specific code. Message Digest 5 (MD5), created by

Ron Rivest, is a popular MIC hashing function. NIST enhanced the previous version of it (MD4)

to produce Secure Hash Algorithm (SHA-1). NIST then released the SHA-2 family in 2001,

which includes an update to SHA-256 in March 2012used by Bitcoin.

A Message Authentication Code (MAC) is another form of message compression and coding that

utilizes a secret key. Unlike a MIC, the correspondents using a MAC must share a secret key in

order to create and then to later verify the message authenticity. Most MACs are made with

secret key ciphers that are repeatedly applied to intermediate compressions of the message. For

example, Data Authentication Algorithm (DAA), the FIPS standard since 1985, is really a

combination of DES and a compression method. MACs execute much more slowly than MICs.

© Raj Bridgelall, PhD (North Dakota State University, College of Business) Page 18/23

Therefore in 1996, cryptographers proposed the combination of MIC hashing with secret keys

and called it HMAC.

5.3.2 Non-repudiation

Non-repudiation is the assurance that the sender cannot deny having originated the message

because only one who has possession of the secret key could have constructed the digital

signature in question. In addition to confidentiality, authentication, and integrity, public key

cryptography also provides non-repudiation. Secret key cryptography cannot provide non-

repudiation.

5.4 Digital Certificates

A correspondent cannot be assured that a public key does indeed belong to the claimed party.

Therefore, the public key must be distributed by a trusted source that is willing to certify its

authenticity. A digital certificate is the method of choice for public key distribution. The third

party authenticates a public key by attaching a digitally signed hash of the plain text message.

The recipient verifies the message authenticity by decrypting the hash (verifying the signature)

with the third party’s public key and comparing the revealed hash with that resulting from

hashing the received plain text. The plain text contains the public key as an attachment and it also

describes attributes of the public key owner.

Public Key Infrastructure (PKI) is a digital certificate administrative framework for public key

delivery. Well-known PKI standards are X.509 and Pretty Good Privacy (PGP.)

5.4.1 PKI Based on X.509

A root Certificate Authority (CA) in X.509 PKI is the first trusted source for authentic digital

certificates. The CA can also subcontract its responsibilities to trusted Registration Authorities

(RA) and hence form a trusted tree-structure for certificate distribution. Amongst other

information, the digital certificate consists of plain text identifying the issuer, the subject unique

identity (also called a distinguished name), the subject’s public key, signature method used, and a

certificate expiration date. Software vendors typically pay a CA to distribute public keys and so

already include CA public keys in their configuration parameters. These are called root

certificates because they are self-signed by the CA and contains the CA’s trusted public key.

Subjects need the CA’s public key to verify the CA’s digital signature on a certificate that it

issues.

The CA also issues a challenge message in order to be sure that the subject does indeed possess

the associated private key. In doing so, the CA encrypts a random message with the subject’s

public key and sends it. The subject decrypts the message with the private key and responds with

the plain text message. The CA verifies that the response is the same as the challenge plain text.

In addition to managing public keys, the CA also informs users when certificates have been pre-

maturely revoked and puts the certificates on a certificate revocation list (CRL.)

5.4.2 PKI Based on PGP

Philip Zimmermann developed PGP because he was not comfortable with the bureaucratic style

architecture of X.509. Rather than using a CA, users in a PKI based on PGP issue and manage

their own digital certificates as well as sign and forward those of other trusted correspondents.

© Raj Bridgelall, PhD (North Dakota State University, College of Business) Page 19/23

This also means that unlike X.509, each certificate can be signed by more than one subject

thereby adding higher levels of thrust. Therefore, rather than a centralized thrust model, PGP

utilizes a distributed thrust model. PGP is based on RSA public key cryptography but it also

supports Diffie-Hellman.

6 Cryptographic Protocols

6.1 SSL

Secure Socket Layer (SSL) is a data communications protocol primarily utilized by Internet

browsers to facilitate secret key exchanges and provide authentication, confidentiality, and

message integrity. It operates above TCP/IP. The IETF standardize it as the Transport Layer

Security (TLS) in 1998. Microsoft was the first to incorporate TLS into its browser.

SSL/TSL completes a secure transaction by first negotiating which cryptographic algorithms. It

then exchanges public keys via digital certificates, generates shared secret keys, authenticates its

clients, and finally bulk encrypts the transmitted data for confidentiality and integrity. SSL/TSL

uses six secret keys. Both corresponding parties independently generate these from a pre-master

secret, which is a random number that the initiating party generates and sends to the

correspondent in encrypted form. Three keys are used in each communication direction for each

bulk encryption, message integrity check, and cipher engine initialization.

6.2 IPSec

In simplest terms, IPSec can authenticate data entering and encrypt data leaving a

communications device. It is, however, a complex protocol and several books have been

dedicated to the subject (Doraswamy and Harkins 1999). Functionally, IPSec consists or two

main parts, secret key exchanges using Internet Key Exchange (IKE) by default, and bulk

encryption. The IKE manages authentication and key exchanges while the bulk encryption

process provides confidentiality and message integrity. The IKE is a two-phase protocol whereby

the first phase openly negotiates parameters to protect the second phase, which in turn negotiates

parameters in secrecy for the bulk encryption part. Once the parties agree on cryptographic

parameters, the bulk encryption part uses either of two protocols and either of two modes to

provide data packet assurances. Devices that use IPSec must also comply with policies that the

network manager defines in a Security Policy Database (SPD.) Figure 3 illustrates the overall

organization of the IPSec protocol.

Unlike SSL/TSL, IKE involves two secret parameter exchanges in two phases so as to add

greater security and speed. These separate secret parameter exchanges or phases are also called

Security Associations (SA) because each result in the generation of many secret keys. Phase one

(also known as IKE-SA) key agreement uses Diffie-Hellman to initially establish an

authenticated and secure channel between the IPSec parties. Each party then derives three

separate keys for symmetric cryptographic exchanges. Phase two (also known as IPSec-SA)

cryptographic parameters and secret keys are then exchanged confidentially using phase one

secret keys. The phase two parameters are used for the bulk encryption process and different

secret keys are generated for different applications that IPSec services. These are derived much

faster than phase one parameters because a secure and authenticated channel has already been

established in phase one via more lengthy public key operations. For added security, IPSec

© Raj Bridgelall, PhD (North Dakota State University, College of Business) Page 20/23

automatically updates phase two secret keys once they have aged beyond a pre-determined

lifetime. Phase one keys are updated less often because they involve more computationally

intensive public key methods. IPSec also requires a different SA for inbound and outbound

messages of the bulk encryption part of the protocol.

IPSEC

Bulk

Encryption

ESP AH Tunnel Transport

Protocols Modes

Phase 2

Phase 1

IKE

SPD

Policies

Figure 3: IPSec protocol architecture.

Once the key exchange phases are complete, IPSec is ready to encrypt packets via one of two

protocols and one of two modes. The protocol attribute controls the level of assurance, depending

on whether, or not one or both message confidentiality and integrity is required. The mode

attribute controls how much of the data packet will be protected by the protocol chosen.

The two protocol choices are Encapsulating Security Protection (ESP) and Authentication

Header (AH.) The mode choices are tunnel and transport. Therefore, there are four possible

combinations of protocols and modes. ESP provides both message integrity and confidentiality

whereas AH provides only message integrity. The ESP protocol encrypts both the upper layer

payload data and the source/destination IP addresses in tunnel mode but only the payload data in

transport mode. ESP also includes a signed hash (HMAC) of its own header and encrypted

portion of the packet. The encrypted data is also often padded in order to fix the length of the

packets. Fixed length data packets make it more difficult for eavesdropper to analyze the

statistical nature of the traffic flow between hosts. The AH protocol does not encrypt any of the

packet. It provides message integrity by including a signed hash of the payload data in transport

mode and a signed hash of both the payload data and IP addresses in tunnel mode.

The ESP and AH headers contain a Security Parameters Index (SPI), sequence numbers, and

anti-replay attributes. The SPI helps the receiver to quickly locate the governing SA in the

database. The sequence numbers and anti-replay attributes are used to detect packets that hackers

may copy and replay in an attempt to overload the IPSec protocol and possibly cause the host

application to ‘hang-up.’ The sender numbers each packet and the receiver looks within a pre-

determined window size for indication of duplicate sequence numbers. The receiver can ignore

packets with duplicate sequence numbers and, thereby, prevent hackers from flooding the system

with old packets.

© Raj Bridgelall, PhD (North Dakota State University, College of Business) Page 21/23

ESP

Header

Encrypted

{TCP/Data/Padding}HMAC

Host IP

Addresses

Authenticated

ESP

Header

Encrypted

{TCP/Data/Padding}HMAC

Encrypted

Host IP

Addresses

Authenticated

Gateway IP

Addresses

AH

Header

Plain-Text

{TCP/Data}HMAC

Host IP

Addresses

Authenticated

ESP

HeaderTCP/DataHMAC

Host IP

Addresses

Authenticated

Gateway IP

Addresses

TunnelTransport

ESP

AH

Figure 4: Assurances from the four possible protocol/mode combinations of IPSec.

A Security Policy Database (SPD) stores a set of rules that every IPSec enabled host must follow.

These set of rules limit the degree with which its host can correspond with other computers on

the Internet.

6.3 Virtual Private Networks

A Virtual Private Network (VPN) is a secure communications channel that is established

between two networking devices (e.g. routers) on a transit or public network such that the two

entities can communicate in privacy. Before VPN technology became widespread, corporations

leased dedicated channels on private networks in order to communicate in confidence. VPN’s are

also used for establishing a secure point-to-point communications channel between the server of

a remote client (e.g. a mobile professional) and a corporate server.

Point to Point Tunneling Protocol (PPTP), Layer 2 Tunneling Protocol (L2TP), and IPSec are

examples of technologies used for establishing Virtual Private Networks (VPN’s.) Most IPSec

based VPN products utilize the ESP protocol with tunnel mode because it is the most robust

combination. Tunnel mode must be used when proxy gateways or servers (e.g. firewalls) are

established between the correspondent hosts. Tunnel mode conceals both the packet and the host

address headers. The proxy servers decrypt the packets before forwarding them to the addressed

hosts.

6.4 Point-to-Point Protocol

PPP was designed to send data across dedicated point-to-point connections between a dial-up

client and a Network Access Server (NAS.) It is a four-phase protocol that encapsulates IP (also

IPX or NetBEUI) packets. PPP is often used for MODEM dial up connections over a serial

communications link. It allows two machines on a point-to-point communications channel to

negotiate the network layer protocols that will be used during the session. The phase one portion

of the protocol establishes, maintains, and eventually tears-down the physical connection. This is

also the phase where authentication protocols are selected for the next three phases of

communications. The decision to use encryption and compression are also determined in this

phase but the specific selections are made in the last phase.

Phase two involves client and server authentication and utilizes Password Authentication

© Raj Bridgelall, PhD (North Dakota State University, College of Business) Page 22/23

Protocol (PAP), or Challenge Handshake Authentication Protocol (CHAP), or Microsoft

Challenge Handshake Authentication Protocol (MSCHAP). PAP communicates user name and

password in plain text and does not provide any security. CHAP utilizes a challenge and response

mechanism whereby the client sends an MD5 hash made with the password, and containing the

password, a random challenge string, and the session identification. The server verifies the MD5

hash with the password linked to the user name and thereby completes the authentication phase.

The third phase of PPP is an optional callback control mechanism whereby the NAS will

disconnect then call back the client at the specified phone number. The fourth and last phase

invokes the various control protocols selected in the previous phases. In addition, both data

compression and encryption protocols will be selected. Finally, data transfer begins with an

encapsulation of the packets with PPP headers.

7 References

[1] Doraswamy, Naganand, and Dan Harkins. 1999. IPSec: The New Security Standard for the

Internet, Intranets, and Virtual Private Networks. NJ: Prentice Hall.

[2] Forouzan, Behrouz. 1998. Introduction to Data Communications and Networking. McGraw-

Hill.

[3] Mel, H. X., and Doris Baker. 2001. Cryptography Decrypted. Addison-Wesley.

[4] Perkins, Charles E. 1998. Mobile IP: Design Principles and Practices. Addison-Wesley.

© Raj Bridgelall, PhD (North Dakota State University, College of Business) Page 23/23

8 List of Acronyms

Acronym Meaning

802.11a A section of the IEEE 802.11 standard that specifies WLAN networks for speeds up to 54

MBPS using OFDM for channel access and QPSK or QAM for carrier modulation. In

general, the 802.11 standard specifies channel sharing via CSMA/CA mechanisms that are

managed by the MAC.

802.11b A section of the IEEE 802.11 standard that specifies WLAN networks for speeds up to 11

MBPS using DSSS for channel access and QPSK for carrier modulation.

API Applications programmer interface.

CSMA/CA Carrier sense multiple access/collision avoidance.

HTTP Hypertext transfer protocol.

IP Internetworking protocol.

IPsec IP Security – a set of protocols for secure exchange of Internet packets.

ITU International telecommunications union.

LLC Logical link control – upper sublayer of the data link layer as defined by IEEE 802.2.

MAC Media access control.

MSC Mobile switching center.

NAS Network Authentication Server

PDA Personal digital assistant (e.g. Palm pilot, Compact IPAQ)

PHY Physical (layer.)

PPP Point to point protocol.

RADIUS Remote Authentication Dial-In User Service.

RTP Real-time protocol.

TCP Transmission control protocol.

UDP User datagram protocol.

VoIP Voice-over-Internetworking protocol.

VPN Virtual private network.

WLAN Wireless local area network.

WSD Wireless systems division of Symbol Technologies.

WWAN Wireless wide area network.