1、计算机网络通信文献报告0英 文 原 文 :CHAPTER 8 Security in Computer NetworksWay back in Section 1.6 we described some of the more prevalent and damaging classes of Internet attacks, including malware attacks, denial of service, sniffing, source masquerading, and message modification and deletion. Although we have s
2、ince learned a tremendous amount about computer networks, we still havent examined how to secure networks from those attacks. Equipped with our newly acquired expertise in computer networking and Internet protocols, well now study in-depth secure communication and, in particular, how computer networ
3、ks can be defended from those nasty bad guys.Let us introduce Alice and Bob, two people who want to communicate and wish to do so “securely.” This being a networking text, we should remark that Alice and Bob could be two routers that want to exchange routing tables securely, a client and server that
4、 want to establish a secure transport connection, or two e-mail appli- cations that want to exchange secure e-mailall case studies that we will consider later in this chapter. Alice and Bob are well-known fixtures in the security commu- nity, perhaps because their names are more fun than a generic e
5、ntity named “A” that wants to communicate securely with a generic entity named “B.” Love affairs, wartime communication, and business transactions are the commonly cited human needs for secure communications; preferring the first to the latter two, were happy to use Alice and Bob as our sender and r
6、eceiver, and imagine them in this first scenario.We said that Alice and Bob want to communicate and wish to do so “securely”but what precisely does this mean? As we will see, security (like love) is a many- splendored thing; that is, there are many facets to security. Certainly, Alice and Bob would
7、like for the contents of their communication to remain secret from an eavesdropper. They probably would also like to make sure that when they are communicating, they are indeed communicating with each other, and that if their communication is tampered with by an eavesdropper, that this tampering is
8、detected. In the first part of this chapter, well cover the fundamental cryptography techniques that allow for encrypting 计算机网络通信文献报告1communication, authenticating the party with whom one is communicating, and ensuring message integrity.In the second part of this chapter, well examine how the fundam
9、ental crypto- graphy principles can be used to create secure networking protocols. Once again taking a top-down approach, well examine secure protocols in each of the (top four) layers, beginning with the application layer. Well examine how to secure e- mail, how to secure a TCP connection, how to p
10、rovide blanket security at the net- work layer, and how to secure a wireless LAN. In the third part of this chapter well consider operational security, which is about protecting organizational networks from attacks. In particular, well take a careful look at how firewalls and intrusion detection sys
11、tems can enhance the security of an organizational network.What Is Network Security?Lets begin our study of network security by returning to our lovers, Alice and Bob, who want to communicate “securely.” What precisely does this mean? Certainly, Alice wants only Bob to be able to understand a messag
12、e that she has sent, even though they are communicating over an insecure medium where an intruder (Trudy, the intruder) may intercept whatever is transmitted from Alice to Bob. Bob also wants to be sure that the message he receives from Alice was indeed sent by Alice, and Alice wants to make sure th
13、at the person with whom she is communicat- ing is indeed Bob. Alice and Bob also want to make sure that the contents of their messages have not been altered in transit. They also want to be assured that they can communicate in the first place (i.e., that no one denies them access to the resources ne
14、eded to communicate). Given these considerations, we can identify the following desirable properties of secure communication. Confidentiality. Only the sender and intended receiver should be able to under- stand the contents of the transmitted message. Because eavesdroppers may inter- cept the messa
15、ge, this necessarily requires that the message be somehow encrypted so that an intercepted message cannot be understood by an intercep- tor. This aspect of confidentiality is probably the most 计算机网络通信文献报告2commonly perceived meaning of the term secure communication. Well study cryptographic tech- niq
16、ues for encrypting and decrypting data in Section 8.2. Message integrity. Alice and Bob want to ensure that the content of their com- munication is not altered, either maliciously or by accident, in transit. Extensions to the checksumming techniques that we encountered in reliable transport and data
17、 link protocols can be used to provide such message integrity. We will study message integrity in Section 8.3. End-point authentication. Both the sender and receiver should be able to confirm the identity of the other party involved in the communication to confirm that the other party is indeed who
18、or what they claim to be. Face-to-face human communication solves this problem easily by visual recognition. When communicating entities exchange messages over a medium where they cannot see the other party, authentication is not so simple. When a user wants to access an inbox, how does the mail ser
19、ver ver- ify that the user is the person he or she claims to be? We study end-point authentication in Section 8.4. Operational security. Almost all organizations (companies, universities, and so on) today have networks that are attached to the public Internet. These net- works therefore can potentia
20、lly be compromised. Attackers can attempt to deposit worms into the hosts in the network, obtain corporate secrets, map the internal network configurations, and launch DoS attacks. Well see in Section 8.9 that operational devices such as firewalls and intrusion detection systems are used to counter
21、attacks against an organizations network. A firewall sits between the organizations network and the public network, controlling packet access to and from the network. An intrusion detection sys- tem performs “deep packet inspection,” alerting the network administrators about suspicious activity.Havi
22、ng established what we mean by network security, lets next 计算机网络通信文献报告3consider exactly what information an intruder may have access to, and what actions can be taken by the intruder. Figure 8.1 illustrates the scenario. Alice, the sender, wants to send data to Bob, the receiver. In order to exchang
23、e data securely, while meeting the requirements of confidentiality, end-point authentication, and message integrity, Alice and Bob will exchange control messages and data messages (in much the same way that TCP senders and receivers exchange control segments and data seg- ments). All or some of thes
24、e messages will typically be encrypted. As discussed in Section 1.6, an intruder can potentially perform eavesdroppingsniffing and recording control and data messages on the channel. modification, insertion, or deletion of messages or message content.Secure senderSecure receiverData DataControl, dat
25、a messagesChannelAlice BobFigure 8.1 Sender, receiver, and intruder (Alice, Bob, and Trudy)As well see, unless appropriate countermeasures are taken, these capabilities allow an intruder to mount a wide variety of security attacks: snooping on commu- nication (possibly stealing passwords and data),
26、impersonating another entitity, hijacking an ongoing session, denying service to legitimate network users by over- loading system resources, and so on. A summary of reported attacks is maintained at the CERT Coordination Center CERT 2012.Having established that there are indeed real threats loose in
27、 the Internet, what are the Internet equivalents of Alice and Bob, our friends who need to com- municate securely? Certainly, Bob and Alice might be human users at two end systems, for example, a real Alice and a real Bob who really do want to exchange secure e-mail. They might also be participants
28、in an electronic commerce transac- tion. For example, a real Bob might want to transfer his credit card number 计算机网络通信文献报告4securely to a Web server to purchase an item online. Similarly, a real Alice might want to interact with her bank online. The parties needing secure communication might themselv
29、es also be part of the network infrastructure. Recall that the domain name system (DNS, see Section 2.5) or routing daemons that exchange routing information (see Section 4.6) require secure communication between two parties. The same is true for network management applications, a topic we exam- ine
30、 in Chapter 9. An intruder that could actively interfere with DNS lookups (as discussed in Section 2.5), routing computations RFC 4272, or network manage- ment functions RFC 3414 could wreak havoc in the Internet.Having now established the framework, a few of the most important defi- nitions, and th
31、e need for network security, let us next delve into cryptography. While the use of cryptography in providing confidentiality is self-evident, well see shortly that it is also central to providing end-point authentication and message integritymaking cryptography a cornerstone of network security.Prin
32、ciples of CryptographyAlthough cryptography has a long history dating back at least as far as Julius Caesar, modern cryptographic techniques, including many of those used in the Internet, are based on advances made in the past 30 years. Kahns book, The Codebreakers Kahn 1967, and Singhs book, The Co
33、de Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography Singh 1999, provide a fascinating look at the long history of cryptography. A complete discussion of cryptography itself requires a complete book Kaufman 1995; Schneier 1995 and so we only touch on the essential aspects of cr
34、yptography, particularly as they are practiced on the Internet. We also note that while our focus in this section will be on the use of cryptography for confidentiality, well see shortly that cryptographic techniques are inextricably woven into authentication, message integrity, nonrepudiation, and
35、more.Cryptographic techniques allow a sender to disguise data so that an intruder can gain no information from the intercepted data. The receiver, of course, must be able to recover the original data from the disguised 计算机网络通信文献报告5data. Figure 8.2 illustrates some of the important terminology.Suppos
36、e now that Alice wants to send a message to Bob. Alices message in its original form (for example, “Bob, I love you. Alice”) is known as plaintext, or cleartext. Alice encrypts her plaintext message using an encryption algorithm so that the encrypted message, known as ciphertext, looks unintelligibl
37、e to any intruder. Interestingly, in many modern cryptographic systems, including those used in the Internet, the encryption technique itself is knownpublished, stan- dardized, and available to everyone (for example, RFC 1321; RFC 3447; RFC 2420; NIST 2001), even a potential intruder! Clearly, if ev
38、eryone knows the method for encoding data, then there must be some secret information that prevents an intruder from decrypting the transmitted data. This is where keys come in.Encryption algorithmDecryption algorithmPlaintext PlaintextCiphertextChannelKAKBAlice BobKey:Figure 8.2 Cryptographic compo
39、nentsIn Figure 8.2, Alice provides a key, KA, a string of numbers or characters, as input to the encryption algorithm. The encryption algorithm takes the key and theplaintext message, m, as input and produces ciphertext as output. The notation KA(m) refers to the ciphertext form (encrypted using the
40、 key KA) of the plaintext message, m. The actual encryption algorithm that uses key KA will be evident from the context. Similarly, Bob will provide a key, KB, to the decryption algorithm that takes the ciphertext and Bobs key as input and produces the original plain- 计算机网络通信文献报告6text as output. Tha
41、t is, if Bob receives an encrypted message KA(m), he decrypts it by computing KB(KA(m) = m. In symmetric key systems, Alices and Bobs keys are identical and are secret. In public key systems, a pair of keys is used. One of the keys is known to both Bob and Alice (indeed, it is known to the whole wor
42、ld). The other key is known only by either Bob or Alice (but not both). 译文:第 8 章 计算机网络中的安全早在 1.6 节就阐述了一些流行的和危险的网络攻击,包括恶意的软件攻击、拒绝服务、嗅探、源伪装以及报文修改和删除。虽然我们学习过有关计算机网络的相关知识,但却没有考察如何使用网络安全,使计算机远离攻击的威胁。在获得了新的计算机网络和网络协议的专业知识后,现在我们将深入地学习安全通信,尤其是计算机网络可以防御那些讨厌的坏家伙的原理。首先,我们介绍一下 Alice 和 Bob,他们两个人要进行通信,并希望这个过程是安全的
43、。因为本书是网络教科书,所以 Alice 和 Bob 可以是两台需要安全地交换路由选择表的路由器,也可以是希望建立一个安全传输链接的客户和服务器,或者是两个交换安全电子邮件的电子邮件程序,所有这些案例都是在本站后面要考虑的。总之,Alice 和 Bob 是安全领域中我们熟知的两个设备,也许因为使用 Alice 和 Bob更有趣,这和命名 A 的普通实体需要安全地与名为 B 的普通实体进行通信的作用是一样的。需要安全通信的例子通常包括不正当的情人关系、战时通信和商务往来;我们更喜欢用第一个例子而不是后两个,并乐于使用 Alice 和 Bob 作为我们的发送方和接收方,并以第一种例子作为背景来讨论
44、接下来的问题。我们说过,Alice 和 Bob 要进行通信并希望做到安全,那么此处的安全的确切意义是什么呢?正如我们将会看到的那样,安全性(像爱一样)是多姿多彩的;换句话说,安全性有很多方面。毫无疑问,Alice 和 Bob 希望他们之间的通信内容是保密的。他们可能也想希望他们需要通信时确实是在和对方在通信,还希望如果他们之计算机网络通信文献报告7间的通信被窃听者篡改时,他们能够知道该通信已被这种篡改破坏。在本章的第一部分,我们将会讨论能够加密通信的密码技术,鉴别正在与他通信的对方并确保报文完整性。在本章的第二部分,我们将研究基本的密码学原则怎样被应用于生成安全的网络协议。我们再次采用自顶向下
45、方法,从应用层开始,将逐层(上面四层)研究安全协议。我们将研究如何加密电子邮件,如何加密一条 TCP 连接,如何在网络层提供覆盖式安全性,以及如何使无线 LAN 安全。在本章的第三部分,我们将考虑运行的安全性,这与保护机构网络免受攻击有关。特别的是,我们将仔细观察防火墙和入侵检测系统是怎样加强机构网络的安全性的。网络安全是什么?我们还是以要进行安全通信的情人 Alice 和 Bob 为例,开始我们的网络安全研究。这意味着什么呢?显然,Alice 希望即使他们在一个不安全的媒体上进行通信,也只有 Bob 能够明白她发送的报文,其中入侵者(设入侵者叫 Trudy)能够在这个媒体上截获这个报文。Bo
46、b 也需要确认从 Alice 接收的报文确实是 Alice 发送的,并且 Alice 也要确认和她进行通信的人就是 Bob。Alice 和 Bob 还要确认通信过程中报文没有被修改。他们首先也要确认他们能够通信(即无人能够拒绝他们进行通信所接入的资源)。考虑了这些问题后,我们能够指出安全通信具有下列所需要的特性。 保密性。仅由发送方和其希望的接收方能够理解传输的报文的内容。因为窃听者可以截获报文,这就要求报文必须在一定程度上进行加密,是被截取的报文无法被窃听者理解。保密性的这个方面大概就是通常意义上对于术语安全通信的理解。我们将会在 8.2 节学习数据加密和解密的密码学技术。 报文完整性。Al
47、ice 和 Bob 希望确保其通信内容在传输过程中没有改变或者恶意篡改或意外的改动。我们在可靠传输和数据链路协议中遇到的检验和技术在扩展后能够用于提供这种报文完整性,我们将在 8.3节中研究这个主题。 端点鉴定。发送方和接收方都应该能够证实通信时涉及的另一方,以确定通信的另一方确实具有他们所声称的身份。人们的面对面通信可以通过视觉轻易的解决这个问题。当通信实体在不能看到对方的媒体上交换报文时,坚定就不是那么简单的了。当某用户要访问一个邮箱,邮件服务器如何证实该用户就是他或她所声称的那个人呢?我们将在 8.4 节学习端点鉴定技术。 运行安全性。几乎所有的机构(公司、大学等等)今天都有了与公共因特
48、网相连的网络。这些网络都因此潜在地能够被危及安全。攻击者能试图在网络主机中安放蠕虫,获取公司秘密,勘察内部网络配置并发起计算机网络通信文献报告8DoS 攻击。我们将在 8.9 节看到诸如防火墙和入侵检测系统等运行设备正被运用于反制对机构网络的攻击。防火墙位于机构网络和公共网络之间,控制接入和来自网络的分组。入侵检测系统执行深度分组检查任务,向网络管理员发起有关可疑活动的警告。明确了我们所指的网络安全的具体含义后,接下来要考虑的是入侵者可能要访问的是哪些信息,以及入侵者可能会采取哪些行动。图 8-1 阐述了一种情况。Alice(发送方)想要发送数据给 Bob(接收方)。为了安全的交换数据,即在满
49、足保密性、端点鉴定和报文完整性要求下,Alice 和 Bob 将交换控制报文和数据报文(以非常类似于 TCP 发送和接受双方交换控制报文和数据报文的方式进行)。通常将这些报文全部或部分加密。如在 1.6 节所讨论的那样,入侵者能够潜在地执行下列行为:图 8-1 发送方、接收方和入侵者(Alice、Bob 和 Trudy) 窃听坚挺并记录信道上传输的控制报文和数据报文。 修改、插入、或删除报文或报文内容。如我们将要看到的那样,除非采取适当的措施,否则上述能力使入侵者可以用各种各样的方式发动多种攻击:窃听通信内容(可能窃取口令和数据),假冒另一个实体,“劫持”一个正在进行的会话,通过使系统资源过载拒绝合法用户的服务请求等等。CERT 协调中心对已报道的攻击进行了总结【CERT 2012】。已经知道在因特网中某个角落存在真实的威胁,则 Alice、Bob(我们的两个需要安全通信的朋友)在因特网上的对应的实体是什么呢?当然,Alice、Bob 可以是两个位于端系统的人类用户,例如,真实的 Alice 和真实的 Bob 真的需要交换安全电子邮件。他们也可以参与电子商务事务。例如,一个真实的 Bob 希望安全的向一台 Web 服
