Introduction to System Administration
Download
Report
Transcript Introduction to System Administration
Introduction to Network
Security and Cryptography
CSCI 436 - Networking
Copyright © 2006 by Scott Orr and the
Trustees of Indiana University
Why Worry about Security?
Y2K Bug – 1/1/2000
DDoS Attack of Yahoo, CNN – 2/2000
Microsoft break-in – 10/2000
SPAM and Phishing
Viruses and Worms
Internet Worm – 11/1988
Melissa/ILoveYou Viruses – 1999 - 2000
CodeRed/Nimda/Slammer/Sobig – 2001-2003
MyDoom,Netsky/Bagel – 2004
SPAM/Virus Writer Connection
Terrorist Attacks - 9/11/2001
Numerous Web Defacements
Reported Incidents
140000
120000
100000
80000
60000
40000
20000
0
1995 1996 1997 1998 1999 2000 2001 2002 2003
Source: CERT
Reported Vulnerabilities
6000
5000
4000
3000
2000
1000
0
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005 2006*
Source: CERT
How much security?
Security
Ease of Use
Beware of Security through Obscurity!!!
Goals of Security
Confidentiality
Integrity
Availability
Accountability?
Source:
CERT (Phishing Exposed)
Packet Sniffing
Login:
scott
Password:
mypassword
Username: scott
Password: mypassword
Wireless?!?!?!
Network Hubs vs. Switches
Hub
Everyone can see traffic
Switch
Virtual circuit between pair
Switch Attacks
MAC Flooding – switch will act like hub
ARP Spoofing
Who is 10.0.0.1?
I am (1:2:3:7:8:9)
10.0.0.1
10.0.0.2
10.0.0.3
10.0.0.4
Wireless Networks
Extend Network Boundaries
Security Components
Service Set Identifier (SSID)
Shared secret key
SSID Broadcast issues
MAC-Based ACL
Encryption
Wired Equivalent Protocol (WEP) – Weak!!!
Wi-Fi Protected Access (WPA)
Wardriving
High Power Mode
450ft = 40 houses, 4 streets
Low Power Mode
150ft = 6 Houses, 1 street
IP Address Spoofing
Replace actual source address in IP
packets
Prevent packets from being traced back
Exploit IP address-based trust
relationships
DNS Spoofing
DNS/ARP Cache Poisoning
Break in and change trusted machine
entry to point to the attackers host
address
Trust-based access to other machines
Berkeley R Commands
Remote File systems (NFS)
Replay Attacks
Buy New CD
Buy
New
CD
Man in the Middle Attack
Buy New CD
Source Routing Attacks
Address set to
Trusted Host
(IP Spoofing)
DoS Trusted Host
Source routed
connection request
Attacker
R
R
R
R
R
R
Trusted Host
R
R
Source routed
response
Trusted Host
Session Hijacking
Destination Host
User Host
Attacker
Attacker watches live sessions to record sequence
numbers
Attacker DoS’s User Host and IP spoofs packets to
Destination using User Host’s sequence numbers
Destination continues session as if nothing happened
TCP Sequence Guessing
Attacker DoS’s Trusted Host
Attacker attempts to connect to
target many times and records
sequence numbers
Attacker calculates sequence
numbers which will be assigned
for next connection.
Attacker spoofs address of trusted
host and uses calculated
sequence numbers (router passes
trusted internal address
Target runs command from
spoofed trusted host
Trusted Host
Router
Attacker
Target
Port Scanning
Checking of all ports on a target
Banner Grabbing
Can looks for known service
bugs/exploits
Can leave a big footprint
Common Scanners
Satan/Saint/Sara
Nmap
Nessus
Service Exploits
Banner Grabbing/Vulnerability Scanners
Stack/Buffer Overflow
Backdoors
File Transfer Programs
Anonymous FTP
TFTP
FTP Bounces
OS Fingerprinting
FIN Probing
TCP ISN Sampling
IPID Sampling
TCP Timestamp
TCP Options
Fragmentation
Handling
TCP Retransmission
Timeouts
TCP Initial Window
ACK Values
ICMP Error Quoting
ICMP Error Message
Echo Integrity
ICMP Error Message
Type of Service
(TOS)
ICMP Error Message
Limiting
Denial of Service Attacks
ICMP Redirects
SYN Flooding
Smurf Attacks
Service Bombing
FTP
Finger
Mail Bombing
Service Bugs
Ping o’ Death
WinNuke
Teardrop
Distributed DoS
Targets may be Upstream
SYN Flood Attack
SYN(C, ISNc)
SYN(C, ISNc)
SYN(C, ISNc)
SYN(C, ISNc)
SYN(S, ISNs) ACK(C, ISNc)
Client
SYN(S, ISNs) ACK(C, ISNc)
SYN(S, ISNs) ACK(C, ISNc)
SYN(S, ISNs) ACK(C, ISNc)
Server
Server never gets ACKs to its SYN
Half Open Connections
Smurf Attacks
Attacker
172.21.0.35
Ping 10.1.1.255
Spoof source: 192.168.1.7
10.1.1.0/24 Network
192.168.1.7
Distributed DoS Attacks
Intruder
Master
D
D
D
Master
D
D
Master
D
D
D
Victim
Source: Results of the Distributed
Intruder Tools Workshop
Cryptography can help!
Non-repudiation
Integrity
Confidentiality
Authorization
Authentication
Classical Cryptography
Alphabetic Substitutions
Shifts
Mono-Alphabetic Replacements
Poly-Alphabetic Replacements
One-Time Pads
Transpositions/Permutations
Most were stream ciphers
Symmetric Key Encryption
Shared
Secret Key
-------------------------------------
Plaintext
Encryption
++++++
++++++
++++++
++++++
++++++
++++++
Ciphertext
Decryption
-------------------------------------
Plaintext
Data Encryption Standard
Created by IBM called LUCIFER
Adopted in 1977 by National Bureau of
Standards (now NIST)
56 bit key to encrypt 64 bit blocks
Consists of 16 stages plus initial/final
permutations
Advanced Encryption Standard (AES)
DES – One Round
Ln – 32 bits
Rn – 32 bits
Key
56 bits
E-Box
48 Bits
Key-Box
48 Bits
S-Box
32 Bits
P-Box
Ln+1 – 32 bits
Rn+1 – 32 bits
Source: Cryptography and
Network Security, 2E
by William Stallings
DES Substitution Boxes
E-Box Key (48 Bits)
S1
S2
S8
P-Box (32 Bits)
Source: Cryptography and
Network Security, 2E
by William Stallings
S-Box Lookups
0
1
2
3
4
5
6
7
8
9
10 11 12 13 14 15
0
14
4
13
1
2
15 11
8
3
10
6
12
5
9
0
7
1
0
15
7
4
14
2
13
1
10
6
12 11
9
5
3
8
2
4
1
14
8
13
6
2
11 15 12
9
7
3
10
5
0
3
15 12
8
2
4
9
1
7
3
14 10
0
6
13
101110
S1
5
11
1011
Source: Cryptography and
Network Security, 2E
by William Stallings
Attacks on DES
Weak key size
Originally used a 128 bit key
Shortened to 56 bits to fit on 1 chip
Brute force attacks
RSA Challenges
Deep Crack – EFF built $210K system
Distributed.Net – 1000s of Internet
connected systems working together
Triple DES (3DES)
Plaintext
EDES
DDES
Ciphertext
EDES
KeyD
KeyE
Rijndael (AES) Structure
Subkey
Keyadd
Subkey
Substitution
Shiftrow
Plaintext
Ciphertext
Mixcolumn
No
Keyadd
Shiftrow
Substitution
Keyadd
Final
Round?
Yes
Subkey
Source: Classical and Contemporary Cryptology
by Richard J. Spillman
WEP Authentication
Request to Connect
Challenge Plaintext
Plaintext
Access Granted
WEP
Key
WEP
Key
WEP Frame
Message
CRC
Keystream = RC4 (IV,
IV
ID
Ciphertext
)
WEP Attacks
Initial connection sniffing
IV Reuse
Look for IV collisions
Some APs reset IV to 0 each time system is
(re)initialized
IV Dictionary Attacks
Injection attacks with known plaintext
Wi-fi Protected Access / 802.11i
IV Reuse Occurrences
1% after 582 encrypted frames
10% after 1,881 encrypted frames
50% after 4,823 encrypted frames
99% after 12,430 encrypted frames
Jesse R. Walker
IEEE P802.11 Wireless LANS: Unsafe at any key size
Shared Secret Key Distribution
Alice
Bob
Charlie
Scott
• How does Alice distribute the key?
• What happens if Scott leaves?
Secret Key Pairs
Alice
Bob
Charlie
Scott
# of Keys = n * (n – 1)/2
Where n is the # of users
Asymmetric Key Encryption
Recipient’s
Public Key
-------------------------------------
Plaintext
Encryption
Recipient’s
Private Key
++++++
++++++
++++++
++++++
++++++
++++++
Ciphertext
Decryption
-------------------------------------
Plaintext
PKE Algorithm Components
One or more Prime Numbers
Large integer factoring
Modular arithmetic
Big integer exponentiation
Example Algorithms
Rivest-Shivar-Adelman (RSA)
Diffie-Hellman Key Exchange
RSA Public Key Encryption
Developed by MIT professors Ron Rivest, Adi
Shamir and Len Adleman (1977)
Message blocks treated as a large number
less that some number n
Block size 2k bits 2k < n < 2k+1
Relies on:
Large prime numbers
Large number factoring
Modular arithmetic
RSA Key Generation
Select 2 prime numbers, p and q
Let n = p * q
Let (n) = (p – 1)(q – 1)
Pick e that is relatively prime to (n)
Find d d = e-1 mod (n) de = 1 mod (n)
Generated keys:
Public: e & n
Private: d & n
RSA Encryption & Decryption
Encryption:
Break message into M sized blocks < n
Cipher C = Me mod n
Decryption:
Message M = Cd mod n
RSA Example
Key Generation:
Let p = 5 and q = 11
N = 5 * 11 = 55
(n) = (5 – 1)(11 – 1) = 40
Let e = 3
Find d 3d = 1 mod 40; d = 27
Encrypt M = 5 C = 53 mod 55 = 15
Decrypt C M = 1527 mod 55 = 5
Digital Signatures
Sender’s
Private Key
-------------------------------------
Plaintext
Hash
Encryption
Sender’s
Public Key
--------------------++++++
++++++
Signed
Message
Hash
Decryption
-------------------------------------
Plaintext
One-Way Encryption
Encryption function has no inverse
Referred to as Hashes or Checksums
Uses
Authentication Systems
File Integrity Checkers
Message Digests
Hash Functions
Accept messages of any size and
generated a small, fixed size output
One way function
Easy and fast to calculate
Collision Resistant
XOR Example
Break message into fixed length blocks
XOR first element of all blocks
Repeat for all elements
G
o
n
o
w
0
0
0
0
0
0
10
11
11
11
11
10
5
0
0
0
0
0
1
0
1
1
1
0
1
11
11
11
11
11
11
E
1
1
0
1
1
0
Not very collision resistant!!!
Source: Classical and Contemporary Cryptology
by Richard J. Spillman
MD5 Hash
Developed by Ron Rivest
Generates a 128-bit hash
Initialization
Pad message (1 followed by n 0s) such that the
message size is 448 mod 512
(message size) mod 264 appended to message as 64bit number
4 32-bit registers used store intermediate and final
results
512-bit message block processed in 4 rounds, each
consisting of 16 stages
MD5 Rounds
Blocki
D
CVi
C
B
A
F
T[1..16]
G
T[17..32]
H
T[33..48]
I
T[49..64]
+
D
+
C
+
B
+
A
CVi+1
MD5 Stage
G
D
D
C
C
B
B
A
+
+
Blocki[k]
+
T[j]
Rot
+
A
Diffie-Hellman Key Exchange
Bob and Alice together select a prime number, p, and
a base, g
Alice:
Selects secret number a
Sends Bob ga mod p
Bob:
Selects secret number b
Sends Alice gb mod p
Shared secret: k
k = (ga mod p)b mod p = (gb mod p)a mod p
Used as key in symmetric cryptography algorithm
Public Key Distribution
Sent via disk/email
Downloaded from web page
Public Key Server
Fingerprints and key signing
Public Key Infrastructure
Certificate Authorities
Registration Authorities
Certificate Distribution System
Key Escrow
Certificate Types
Personal Certificates
Server Certificates
Software Publisher Certificates
Certificate Authority Certificates
X.509 Certificates
Version
Serial Number
Algorithm Info
Issuer
Period
Subject
Subject’s Public Key
Issuer Signature
Source: Web Security and Commerce
Simson Garfinkel and Gene Spafford
Session Encryption
Application
Server
Internet
Secure Socket Layer
Separate algorithms based on task
Encryption
Authentication
Data Integrity
SSL Hello
Efficient – Caches Master Secret key
Certificate-based authentication
SSL Hello
Supported Encryption
Selected Encryption
Request Session key
Public
Key
Public
Key
Session key
Client
Rest of session
Server
Session
Key
Wi-Fi Protected Access (WPA)
Certificate
Credentials
Username/Password
TLS
Authentication Protocols
PEAP
EAP
802.1x
Encryption Algorithms
RC4
RC4
AES
Encryption Standards
WEP
WPA-TKIP
802.11i
Source: Effective Wireless Security – Technology and Policy
By Dan Ziminski and Bill Davidge
802.1x EAP-TLS Authentication
Client digital cert
From XYZ CA
Station
Supplicant
Access Point
Authenticator
RADIUS Server
Authorizer
Server Digital cert
From XYZ CA
Source: Effective Wireless Security – Technology and Policy
By Dan Ziminski and Bill Davidge
Virtual Private Networks
VPN
Server
Internet
Application
Server
Virtual Private Network
802.1x PEAP authentication
Digital cert
From XYZ CA
Access Point
Authenticator
Station
Supplicant
RADIUS Server
Authorizer
Username sorr
Password: encrypted
Success/Fail
Directory Server
Source: Effective Wireless Security – Technology and Policy
By Dan Ziminski and Bill Davidge
Point to Point Tunneling Protocol
Based on
Point to Point Protocol (PPP)
Generic Routing Encapsulation (GRE)
IP Hdr
GRE Hdr
Encrypted
GRE Body
PPP
IP TCP
Data
Weaknesses
Poor Encryption
Session handshaking done in clear
IPSec
Part of IPv6 Spec
Authentication Header (AH)
IPv4 Hdr
Auth Hdr
TCP/UDP Hdr & Data
Encapsulating Security Payload (ESP)
IPv4 Hdr
ESP Hdr
Encrypted
TCP Hdr
DataPayload
ESP Tlr
Modes: Transport and Tunnel
ESP Auth