CS 378 - Network Security and Privacy

Download Report

Transcript CS 378 - Network Security and Privacy 

CS 378
Network Security and Privacy
Vitaly Shmatikov
http://www.cs.utexas.edu/~shmat/courses/cs378_spring05/
Course Personnel
Instructor: Vitaly Shmatikov
• Office: TAYLOR 4.115C
• Office hours: Thursday, 3:30-4:30pm (after class)
• Open door policy – don’t hesitate to stop by!
TA: Justin Brickell
• Office hours TBA
Watch the course website
• Assignments, reading materials, lecture notes
This course is an experiment!
• First UT course on network security
Prerequisites
Required: CS 372 (Operating Systems)
• My course has a substantial implementation component
• No waivers!
Recommended: Introduction to Computer
Security; Cryptography; Computer Networks
• Not much overlap with this course, but will help gain
deeper understanding of security mechanisms and
where they fit in the big picture
Recommended: exposure to C programming
• Project will involve implementing buffer overflow
exploits in C
Class Poll
Introduction to computer security?
• Access control, Web security, sandboxing, firewalls?
Cryptography?
• Public-key and symmetric encryption, digital signatures,
cryptographic hash, random-number generators?
Computer networks?
• Network architecture, application and transport layer
protocols?
Programming in C?
Course Logistics
Lectures
• Tuesday, Thursday 2-3:30pm
Five homeworks (40% of the grade)
• One or two may involve implementation
Project (15% of the grade)
• Involves a fair bit of implementation
• Security is a contact sport!
Midterm (20% of the grade)
Final (25% of the grade)
UTCS Code of Conduct will be strictly enforced
Course Materials
Textbook: William Stallings. “Network Security
Essentials: Applications and Standards.”
• Focuses on details of deployed security systems
• Lectures will focus on “big-picture” principles and ideas
of network attack and defense
• Attend lectures! Lectures will cover some material that
is not in the textbook – and you will be tested on it!
Occasional assigned readings
• Start reading “Smashing the Stack For Fun and Profit”
by Aleph One (from Phrack hacker magazine)
• Understanding it will be essential for your project
Other Helpful Books
Ross Anderson. “Security Engineering”.
• Focuses on design principles for secure systems
• Wide range of entertaining examples: banking, nuclear
command and control, burglar alarms
• Ross Anderson is famous for hacking tamper-resistant
hardware
Kaufman, Perlman, Speciner. “Network Security:
Private Communication in a Public World”.
• Comprehensive network security textbook
Main Themes of the Course
 Vulnerabilities of networked applications
• Worms, denial of service attacks, malicious code
arriving from the network, attacks on infrastructure
Defense technologies
• Protection of information in transit: cryptography,
application- and transport-layer security protocols
• Protection of networked applications: firewalls and
intrusion detection
Study a few deployed systems in detail: from
design principles to gory implementation details
• Kerberos, SSL/TLS, IPSec
What This Course is Not About
Not a comprehensive course on computer security
Not a course on ethical, legal or economic issues
• No file sharing, DMCA, free speech issues
Only cursory overview of cryptography
• Take CS 346 for deeper understanding
Only some issues in systems security
• No access control, OS security, secure hardware
• Will cover buffer overflow: #1 cause of remote
penetration attacks
No language-based security
Motivation
https://
Excerpt From “General Terms of Use”
YOU ACKNOWLEDGE THAT NEITHER WELLS
FARGO, ITS AFFILIATES NOR ANY OF THEIR
RESPECTIVE EMPLOYEES, AGENTS, THIRD
PARTY CONTENT PROVIDERS OR LICENSORS
WARRANT THAT THE SERVICES OR THE SITE
WILL BE UNINTERRUPTED OR ERROR FREE;
NOR DO THEY MAKE ANY WARRANTY AS TO
THE RESULTS THAT MAY BE OBTAINED FROM
USE OF THE SERVICES OR THE SITE, OR AS
TO THE TIMELINESS, SEQUENCE, ACCURACY,
RELIABILITY, COMPLETENESS OR CONTENT OF
ANY INFORMATION, SERVICE, OR
MERCHANDISE PROVIDED THROUGH THE
SERVICES AND THE SITE.
“Privacy and Security”
“As a Wells Fargo customer, your privacy
and security always come first.”
•
•
•
•
•
•
Privacy policy for individuals
Online privacy policy
Our commitment to online security
Online and computer security tips
How we protect you
General terms of use
What Do You Think?
What do you think should be included in
“privacy and security” for an e-commerce website?
?
Desirable Security Properties
Authenticity
Confidentiality
Integrity
Availability
Non-repudiation
Freshness
Access control
Privacy of collected information
Integrity of routing and DNS infrastructure
Syllabus (1): Security Mechanisms
Basics of cryptography
• Symmetric and public-key encryption, certificates,
cryptographic hash functions, pseudo-random
generators
Authentication and key establishment
• Case study: Kerberos
IP security
• Case study: IPSec protocol suite
Web security
• Case study: SSL/TLS (Transport Layer Security)
Syllabus (2): Attacks and Defenses
Buffer overflow attacks
Network attacks
• Distributed denial of service
• Worms and viruses
• Attacks on routing infrastructure
Defense tools
• Firewalls and intrusion detection systems
Wireless security
Privacy-enhancing technologies
Attack on Confidentiality
Confidentiality is concealment of information
Eavesdropping,
packet sniffing,
illegal copying
network
Attack on Integrity
Integrity is prevention of unauthorized changes
Intercept messages,
tamper, release again
network
Attack on Authenticity
Authenticity is identification and assurance of
origin of information
Unauthorized assumption of
another’s identity
network
Attack on Availability
Availability is ability to use information or
resources desired
Overwhelm or crash servers,
disrupt infrastructure
network
Network Stack
application
email, Web, NFS
Sendmail, FTP, NFS bugs,
chosen-protocol and
version-rollback attacks
presentation
session
transport
network
data link
RPC
RPC worms, portmapper exploits
TCP
SYN flooding, RIP attacks,
sequence number prediction
IP
802.11
IP smurfing and other
address spoofing attacks
WEP attacks
physical
Only as secure as the single weakest layer…
Network Defenses
Implementations
Firewalls, intrusion
detection…
Blueprints
Protocols and policies
SSL, IPSec, access
control…
Building
blocks
Cryptographic primitives
RSA, DSS, SHA-1…
Systems
…all defense mechanisms must work correctly and securely
Correctness versus Security
Program or system correctness:
program satisfies specification
• For reasonable input, get reasonable output
Program or system security:
program properties preserved in face of attack
• For unreasonable input, output not completely disastrous
Main difference: active interference from adversary
Modular design may increase vulnerability
• Abstraction is very difficult to achieve in security: what if
the adversary operates below your level of abstraction?
Bad News
Security often not a primary consideration
• Performance and usability take precedence
Feature-rich systems may be poorly understood
• Higher-level protocols make mistaken assumptions
Implementations are buggy
• Buffer overflows are the “vulnerability of the decade”
Networks are more open and accessible than ever
• Increased exposure, easier to cover tracks
Many attacks are not even technical in nature
• Phishing, impersonation, etc.
Better News
There are a lot of defense mechanisms
• We’ll study some, but by no means all, in this course
It’s important to understand their limitations
• “If you think cryptography will solve your problem,
then you don’t understand cryptography… and you
don’t understand your problem” -- Bruce Schneier
• Many security holes are based on misunderstanding
Security awareness and user “buy-in” help
Other important factors: usability and economics
Reading Assignment
Stallings, sections 1.1-1.5
Start reading buffer overflow materials on the
website