Transcript Document
CCM 4300 Lecture 7
Computer Networks, Wireless
and Mobile Communications
Dr E. Ever
School of Computing Science
ccm4300
1
Lesson objectives
- Understand principles of network security:
Cryptography and its many uses beyond “confidentiality”.
Authentication.
Message integrity and non-repudiation.
Availability and access control.
Key distribution.
-Security in practice:
Firewalls
and IDS
Security and protocols in application, transport, network,
and link layers.
ccm4300
2
Session Content
What is network security?
Principles of cryptography
Authentication
Integrity
Key Distribution and certification
Access control: firewalls
Attacks and counter measures
Security in many layers
ccm4300
3
What is Network Security?
Confidentiality: only sender, intended receiver
should “understand” message contents sender
encrypts message receiver decrypts message
Authentication: sender, receiver want to confirm
identity of each other
Message Integrity and Non-Repudiation: sender,
receiver want to ensure message not altered (in
transit, or afterwards) without detection, and want
to be able to prove that the sender did, in fact,
send the message
Access and Availability: services must be accessible
and available to properly authorised users
ccm4300
4
Why is Network Security Difficult?
Open and interoperable protocols, while desirable, tend to
work against security.
Security is often sacrificed in return for gains in performance
and scalability.
Providing good security is expensive, so it an be difficult to
get resources to support it.
People tend to see security as a barrier to getting useful
work done, and resist it.
Information on circumventing security is widely available, as
are software tools. (view it as a puzzle)
Some people see circumventing security as a
challenge and enjoy doing it. (fun)
Most systems and networks were not designed with any
security concerns in mind. (not involved in the initial stage)
ccm4300
5
Security Planning, Policies, and Mechanisms
A secure network does not come naturally.
First, a security plan must be developed. Based
on this plan, security policies must be developed.
To enforce these policies, the appropriate
security mechanisms must be put in place.
This is not a one time effort either.
Security plans must be reviewed and revised.
Security policies must be assessed and updated.
Security mechanisms must be patched, updated,
or replaced as newer technologies become
available.
ccm4300
6
Security Planning, Policies, and Mechanisms
Security planning must do the following:
Determine what your security needs are.
Determine what your security threats and risks
are.
Identify who can be trusted to do what.
Security policies are developed from this information,
so be as specific as possible.
ccm4300
7
Security Planning, Policies, and Mechanisms
Security policies that are developed must ensure
appropriate levels of security for the activities
performed in the network by:
Making it clear what is protected and why.
Clearly stating responsibility for providing
that protection.
Making it clear what users are allowed to do, and
what they must or must not do.
Providing grounds on how to interpret and
resolve conflicts in policies later on.
ccm4300
8
Security Planning, Policies, and Mechanisms
Security mechanisms are employed to ensure that security policies are being
adequately enforced.
Mechanisms can be based on people, software, hardware, or other physical
means (for example, cameras, locks, cabling, and so on).
Choosing the right mechanisms can be difficult.
Can these mechanisms be trusted?
Determining if the mechanisms fully implement the desired security policies is
even harder.
You can try a formal proof, but those are complex and very time
consuming.
Addressing the problem of characterising and proving security properties
has led to an immensely promising research programme in computer
security using CSP (Communication Sequential Process) and its modelchecker, FDR (Failure Divergence Refinement Checker). The result is a
well-developed and intellectually-satisfying theory of security in CSP,
where formal proof is replaced by automatic checking.
ccm4300
9
Security Mechanisms
These Mechanisms exist to provide and
support security services and can be divided
into two classes:
Specific security mechanisms, used to provide
specific security services, and
Pervasive security mechanisms, not specific to
particular services.
ccm4300
10
Specific Security Mechanisms
Eight types:
encipherment,
digital signature,
access control mechanisms,
data integrity mechanisms,
authentication exchanges,
traffic padding,
routing control,
notarisation.
ccm4300
11
Specific Mechanisms
Encipherment mechanisms = encryption algorithms.
Can provide data and traffic flow confidentiality.
Digital signature mechanisms
signing procedure (private),
verification procedure (public).
Can provide non-repudiation, origin
authentication and data integrity services.
Both can be basis of some authentication exchange
mechanisms.
ccm4300
12
Specific Mechanisms … cont..
Access Control mechanisms
A server using client information to decide
whether to grant access to resources
E.g. access control lists, capabilities, security
labels.
Data integrity mechanisms
Protection against modification of data.
Provide data integrity and origin authentication
services. Also basis of some authentication
exchange mechanisms.
Authentication exchange mechanisms
Provide entity authentication service.
ccm4300
13
Specific Mechanisms … cont..
Traffic padding mechanisms
Routing control mechanisms
The addition of ‘pretend’ data to conceal real volumes of
data traffic.
Provides traffic flow confidentiality.
Used to prevent sensitive data using insecure channels.
E.g. route might be chosen to use only physically secure
network components.
Notarisation mechanisms
Integrity, origin and/or destination of data can be
guaranteed by using a third party trusted notary.
Notary typically applies a cryptographic transformation to the
data.
ccm4300
14
Security Threats
Q: What could an INTRUDER do?
A: Unfortunately, a lot more than you think!
interruption: somehow disrupt the service being
provided by the network to communicating parties
interception: eavesdrop on communication meant
to be private or confidential
modification: tamper with information or network
resources
fabrication: counterfeit information or network
resources or services are inserted into the
network
ccm4300
15
Security Threats: Interruption
In an interruption attack, a network service is made
degraded or unavailable for legitimate use.
Interruption attacks are attacks against the
availability of the network.
These attacks can take the form of: {DOS}
Overloading a server host so that it cannot respond.
Blocking access to a service by overloading an intermediate
network or network device.
Redirecting requests to invalid destinations.
Vandalizing software or hardware involved.
Theft of software or hardware involved.
ccm4300
16
Security Threats: Interception
In an interception attack, an unauthorized individual
gains access to confidential or private information.
Interception attacks are attacks against network
confidentiality.
These attacks can take the form of:
Eavesdropping on communication.
Wiretapping telecommunications networks.
Illicit copying of files or programs.
Obtaining copies of messages for later replay.
ccm4300
17
Security Threats: Modification
In a modification attack, an unauthorised individual
not only gains access to, but tampers with information,
resources, or services.
Modification attacks are attacks against the integrity
of the network.
These attacks can take the form of:
Modifying the contents of messages in the network.
Changing information stored in data files.
Altering programs so they perform differently.
Reconfiguring system hardware or network topologies.
Also called “man in the middle” attacks.
ccm4300
18
Security Threats: Fabrication
In a fabrication attack, an individual inserts counterfeit
information, resources, or services into the network.
Fabrication attacks are attacks against the
authentication, access control, and authorisation
capabilities of the network.
These attacks can take the form of:
Inserting messages into the network using the identity of
another individual.
Replaying previously intercepted messages.
Spoofing a web site or other network service.
Taking the address of another host or service, essentially
becoming that host or service.
Also called “masquerading” attacks.
ccm4300
19
Security Threats: Methods of Execution
Attacks on security can be carried out using software
or hardware tools, or by some other physical means.
Common software examples include:
Tools and toolkits: programs that automatically
probe for security weaknesses or attack systems.
Back doors and trap doors: openings (in code,
firewalls, and so on) intentionally left open to grant
access to individuals without going through normal
methods of authentication and authorization.
Logic bombs: code embedded in software that lies
dormant until some event triggers them to carry out
ccm4300
20
an attack.
Security Threats: Methods of Execution
Additional common software examples:
Viruses: executable code inserted into other code
or data that is executed when the other code or
data is used, and launches an attack.
Worms: relatively independent programs that
travel from machine to machine across network
connections to carry out attacks.
Trojan horses: programs that appear to have one
function but actually perform a hidden function
that attacks the system.
Bacteria or rabbit programs: programs that do no
damage other than replicate themselves
exponentially to overwhelm network resources.
ccm4300
21
Sometimes, these can work
together too.
Security Services and Mechanisms
Recall: A security threat is a possible means by
which a security policy may be breached (e.g.
loss of integrity or confidentiality).
Recall:A security mechanism is a means to
provide a service (e.g. encryption, digital
signature).
A security service is a measure which can be put
in place to address a threat (e.g. provision of
confidentiality).
ccm4300
22
Security Service Classification
Security services in ISO 7498-2 are a special class of
safeguard applying to a communications environment.
Five main categories of security service:
Authentication (including entity authentication and
origin authentication),
Access control,
Data confidentiality,
Data integrity,
Non-repudiation.
Sixth category: “other” – includes physical security,
personnel security, life-cycle controls,…
ccm4300
23
Authentication
Entity authentication provides checking of a
claimed identity at a point in time.
Typically used at start of a connection.
Addresses masquerade and replay threats.
Origin authentication provides verification of
source of data.
ccm4300
24
Access Control
Provides protection against unauthorised use of
resource, including:
use of a communications resource,
reading, writing or deletion of an information
resource,
execution of a processing resource.
Example: file permissions in Unix/NT file systems.
ccm4300
25
Data Confidentiality
Protection against unauthorised disclosure of
information.
Four types:
Connection confidentiality,
Connectionless confidentiality,
Selective field confidentiality,
Traffic flow confidentiality.
Example: encrypting routers as part of Swift funds
transfer network.
ccm4300
26
Data Integrity
Provides protection against active threats to the
validity of data.
Five types:
Connection integrity with recovery,
Connection integrity without recovery,
Selective field connection integrity,
Connectionless integrity,
Selective field connectionless integrity.
Example: MD5 hashes on software at
http://www.apache.org/dist/httpd/binaries/linux/
Example: AH protocol in IPSec
ccm4300
27
Non-repudiation
Protects against a sender of data denying that data
was sent (non-repudiation of origin).
Protects against a receiver of data denying that data
was received (non-repudiation of delivery).
Example: analogous to signing a letter and sending
via recorded delivery.
Example: signatures in S/MIME secure e-mail system
ccm4300
28
Security Provisioning
How can we protect ourselves from these attacks?
Interruption attacks:
Firewalls, replication, backups, hardware
appliances
Interception attacks:
Encryption, traffic padding
Modification attacks:
Encryption, traffic padding, backups, messaging
techniques (checksums, sequence numbers,
digests, authentication codes)
Fabrication attacks:
Authentication and authorisation, firewalls,
digital signatures
ccm4300
29
Security Principles To Follow
There is no a 100% secure environment.
Expect the unexpected.
The more you know the better you can defend your system.
The more someone knows about you, the better they can
exploit you.
Do unto yourself before someone does unto you.
Never assume that all security risks are from the outside, and
not the inside.
Never assume that your users know what they are doing.
Security is only as good as the least secure link in the chain.
Security is a process, not an end product.
Do not forget about the simple aspects of physical security
ccm4300
30
Security Principles To Follow
The following are rules/principles you may or
may not follow:
Policy first, access second.
Deny first, permit only when required.
Mistrust everyone.
ccm4300
31
The language of cryptography
Alice’s
K encryption
A
key
plaintext
encryption
algorithm
Bob’s
K decryption
B key
ciphertext
decryption plaintext
algorithm
symmetric key crypto: sender, receiver keys identical
The encryption key is related to the decryption key.
They may be identical or there is a simple transformation to go
between the two keys
public-key crypto: encryption key public, decryption key secret (private)
ccm4300
32
Symmetric key cryptography
substitution cipher: substituting one thing for another
monoalphabetic cipher: substitute one letter for another
plaintext:
abcdefghijklmnopqrstuvwxyz
ciphertext:
mnbvcxzasdfghjklpoiuytrewq
E.g.:
Plaintext: bob. i love you. alice
ciphertext: nkn. s gktc wky. mgsbc
Q: How hard to break this simple cipher?:
brute force (how hard?)
other?
ccm4300
33
Symmetric key cryptography
KA-B
KA-B
plaintext
message, m
encryption ciphertext
algorithm
K (m)
A-B
decryption plaintext
algorithm
m = K ( KA-B(m) )
A-B
symmetric key crypto: Bob and Alice share know
same (symmetric) key: KA-B
e.g., key is knowing substitution pattern in mono
alphabetic substitution cipher
Q: how do Bob and Alice agree on key value?
ccm4300
34
Symmetric key crypto: DES
DES: Data Encryption Standard
US encryption standard [NIST 1993]
56-bit symmetric key, 64-bit plaintext input
How secure is DES?
DES Challenge: 56-bit-key-encrypted phrase
(“Strong cryptography makes the world a safer
place”) decrypted (brute force) in 4 months
no known “backdoor” decryption approach
making DES more secure:
use three keys sequentially (3-DES) on each datum
use cipher-block chaining
ccm4300
35
Symmetric key
crypto: DES
DES operation
initial permutation
16 identical “rounds”
of function
application, each
using different 48
bits of key
final permutation
The algorithm is a series of 16 transformations, which are
called rounds. During the first round, the algorithm will
transform the right half using a sub key generated by a
series of operations that generates a 48-bit key from the
original 56-bit key. Then it XORs the left half of the block
with the new transformed block, and this becomes the
new left half of the block. Then the algorithm swaps the
left and right sides of the block and sends it through the
next round.
ccm4300
36
AES: Advanced Encryption Standard
new (Nov. 2001) symmetric-key NIST
standard, replacing DES
processes data in 128 bit blocks
128, 192, or 256 bit keys
brute force decryption (try each key) taking
1 sec on DES, takes 149 trillion years for AES
ccm4300
37
Public Key Cryptography
symmetric key crypto
requires sender,
receiver know
shared secret key
Q: how to agree on
key in first place
(particularly if never
“met”)?
public key cryptography
radically different
approach [DiffieHellman76, RSA78]
sender, receiver do not
share secret key
public encryption key
known to all
private decryption key
known only to receiver
ccm4300
38
Public key cryptography
Bob’s public
B key
K
K
plaintext
message, m
encryption ciphertext
algorithm
+
K (m)
B
- Bob’s private
B key
decryption plaintext
algorithm message
+
m = K B(K (m))
B
ccm4300
39
Public key encryption algorithms
Requirements:
1 need
that
+
KB ( ) and KB ( )
- +
K (K (m)) = m
B B
.
.
2 given public key
such
+
KB ,
it
should be impossible to
compute private key KB
RSA: Rivest, Shamir, Adelson algorithm (1978)
ccm4300
40
RSA: Choosing keys
1. Choose two large prime numbers p, q.
(e.g., 1024 bits each)
2. Compute n = pq, z = (p-1)(q-1)
3. Choose e (with e<n) that has no common factors
with z. (e, z are “relatively prime”).
4. Choose d such that ed-1 is exactly divisible by z.
(in other words: ed mod z = 1 ).
5. Public key is (n,e). Private key is (n,d).
-
+
KB
KB
ccm4300
41
RSA: Encryption, decryption
0. Given (n,e) and (n,d) as computed above
1. To encrypt bit pattern, m, compute
e
e
c = m mod n (i.e., remainder when m is divided by n)
2. To decrypt received bit pattern, c, compute
d
m = c d mod n (i.e., remainder when c is divided by n)
Magic
d
m = (m e mod n) mod n
happens!
c
ccm4300
42
RSA example:
Bob chooses p=5, q=7. Then n=35, z=24.
e=5 (so e, z relatively prime).
d=29 (so ed-1 exactly divisible by z.
encrypt:
decrypt:
letter
m
me
L
12
248832
c
17
d
c
481968572106750915091411825223071697
ccm4300
c = me mod n
17
m = cd mod n letter
12
l
43
RSA: Why is that
m = (m e mod n)
d
mod n
Useful number theory result: If p,q prime and
n = pq, then:
y
y mod (p-1)(q-1)
x mod n = x
mod n
e
(m mod n) d mod n = medmod n
= m
ed mod (p-1)(q-1)
mod n
(using number theory result above)
1
= m mod n
(since we chose ed to be divisible by
(p-1)(q-1) with remainder 1 )
= m
ccm4300
44
RSA: another important property
The following property will be very useful later:
-
+
B
B
K (K (m))
+ = m = K (K (m))
B B
use public key
first, followed
by private key
use private key
first, followed
by public key
Result is the same!
ccm4300
45
Where are we?
What is network security?
Principles of cryptography
Authentication
Integrity
Key Distribution and certification
Access control: firewalls
Attacks and counter measures
Security in many layers
ccm4300
46
Authentication
Goal: Bob wants Alice to “prove” her
identity to him
Protocol ap1.0: Alice says “I am Alice”
“I am Alice”
Failure scenario??
ccm4300
47
Authentication
Goal: Bob wants Alice to “prove” her
identity to him
Protocol ap1.0: Alice says “I am Alice”
“I am Alice”
in a network,
Bob can not “see”
Alice, so Trudy simply
declares herself to be
Alice
ccm4300
48
Authentication: another try
Protocol ap2.0: Alice says “I am Alice” in an IP packet
containing her source IP address
Alice’s
“I am Alice”
IP address
Failure scenario??
ccm4300
49
Authentication: another try
Protocol ap2.0: Alice says “I am Alice” in an IP packet
containing her source IP address
Alice’s
“I am Alice”
IP address
ccm4300
50
Authentication: another try
Protocol ap3.0: Alice says “I am Alice” and sends her
secret password to “prove” it.
Alice’s
Alice’s
“I’m Alice”
IP addr password
Alice’s
IP addr
OK
playback attack: Trudy
records Alice’s packet
and later
plays it back to Bob
Alice’s
Alice’s
“I’m Alice”
IP addr password
ccm4300
51
Authentication: yet another try
Protocol ap3.1: Alice says “I am Alice” and sends her
encrypted secret password to “prove” it.
Alice’s encrypted
“I’m Alice”
IP addr password
Alice’s
IP addr
Failure scenario??
OK
ccm4300
52
Authentication: yet another try
Goal: avoid playback attack
Nonce: number (R) used only once –in-a-lifetime
ap4.0: to prove Alice “live”, Bob sends Alice nonce, R. Alice
must return R, encrypted with shared secret key
“I am Alice”
R
KA-B(R)
ccm4300
Alice is live, and
only Alice knows
key to encrypt
nonce, so it must
be Alice!
53
Authentication: ap5.0
ap4.0 requires shared symmetric key can we
authenticate using public key techniques?
ap5.0: use nonce, public key cryptography
“I am Alice”
R
Bob computes
+ -
-
K A (R)
“send me your public key”
+
KA
ccm4300
KA(KA (R)) = R
and knows only Alice
could have the private
key, that encrypted R
such that
+ K (K (R)) = R
A A
54
ap5.0: security hole
Man (woman) in the middle attack: Trudy
poses as Alice (to Bob) and as Bob (to Alice)
I am Alice
R
I am Alice
R
K (R)
T
Send me your public key
K (R)
A
+
K
T
Send me your public key
+
K
A
- +
m = K (K (m))
A A
+
K (m)
A
Trudy gets
- +
m = K (K (m))
T Alice
sends T
m to
+
K (m)
T
encrypted with
Alice’s public key
ccm4300
55
ap5.0: security hole
Man (woman) in the middle attack: Trudy
poses as Alice (to Bob) and as Bob (to Alice)
Difficult to detect:
Bob receives everything that Alice sends, and vice
versa. (e.g., so Bob, Alice can meet one week later and
recall conversation)
problem is that Trudy receives all messages as well!
ccm4300
56
Where are we?
What is network security?
Principles of cryptography
Authentication
Message integrity
Key Distribution and certification
Access control: firewalls
Attacks and counter measures
Security in many layers
ccm4300
57
Digital Signatures
Cryptographic technique analogous to
hand-written signatures.
sender (Bob) digitally signs document,
establishing he is document owner/creator.
verifiable, nonforgeable: recipient (Alice) can
prove to someone that Bob, and no one else
(including Alice), must have signed document
ccm4300
58
Digital Signatures
Simple digital signature for message m:
Bob
signs m by encrypting with
- his private
key KB, creating “signed” message, KB(m)
Bob’s message, m
Dear Alice
Oh, how I have missed
you. I think of you all the
time! …(blah blah blah)
Bob
K B Bob’s private
key
Public key
encryption
algorithm
ccm4300
-
K B(m)
Bob’s message,
m, signed
(encrypted) with
his private key
59
Digital Signatures (more)
Suppose Alice receives msg m, digital signature KB(m)
Alice verifies m signed by Bob by applying Bob’s public key
KB to KB(m) then checks KB(KB(m) ) = m.
If KB(KB(m) ) = m, whoever signed m must have used Bob’s
private key.
Alice thus verifies that:
Bob signed m.
No one else signed m.
Bob signed m and not m’.
Non-repudiation:
Alice can take m, and signature KB(m) to court
and prove that Bob signed m.
ccm4300
60
Message Digests
large
message
m
H: Hash
Function
Computationally
expensive to publickey-encrypt long
H(m)
Hash function properties:
messages
many-to-1
Goal: fixed-length,
produces fixed-size msg
easy- to-compute
digest (fingerprint)
digital “fingerprint”
given message digest x,
apply hash function
computationally infeasible
H to m, get fixed size
to find m such that x =
H(m)
message digest,
H(m).
ccm4300
61
Internet checksum: poor crypto hash function
Internet checksum has some properties of hash
function:
produces fixed length digest (16-bit sum) of message
is many-to-one
message
I O U 1
0 0 . 9
9 B O B
message
I O U 9
0 0 . 1
9 B O B
ASCII format
49 4F 55 31
30 30 2E 39
39 42 D2 42
B2 C1 D2 AC
ASCII format
49 4F 55 39
30 30 2E 31
39 42 D2 42
B2 C1 D2 AC
different messages
but identical checksums!
ccm4300
62
Digital signature = signed message digest
Bob sends digitally signed
message:
large
message
m
H: Hash
function
Bob’s
private
key
+
KB
Alice verifies signature and
integrity of digitally
signed message:
encrypted
msg digest
H(m)
digital
signature
(encrypt)
large
message
m
H: Hash
function
encrypted
msg digest
KB(H(m))
KB(H(m))
Bob’s
public
key
+
KB
H(m)
H(m)
ccm4300
digital
signature
(decrypt)
equal
?
63
Hash Function Algorithms
MD5 hash function widely used (RFC 1321)
computes 128-bit message digest in 4-step
process.
arbitrary 128-bit string x, appears difficult to
construct msg m whose MD5 hash is equal to x.
SHA-1 is also used.
US standard [NIST, FIPS PUB 180-1]
160-bit message digest
ccm4300
64
Where are we?
What is network security?
Principles of cryptography
Authentication
Integrity
Key distribution and certification
Access control: firewalls
Attacks and counter measures
Security in many layers
ccm4300
65
Trusted Intermediaries
Symmetric key
problem:
Public key problem:
How do two entities
establish shared secret
key over network?
Solution:
trusted key distribution
center (KDC) acting as
intermediary between
entities
When Alice obtains
Bob’s public key
(from web site, email, diskette), how
does she know it is
Bob’s public key, not
Trudy’s?
Solution:
ccm4300
trusted certification
authority (CA)
66
Key Distribution Center (KDC)
Alice, Bob need shared symmetric key.
KDC: server shares different secret key with
each registered user (many users)
Alice, Bob know own symmetric keys, KA-KDC KBKDC , for communicating with KDC.
ccm4300
67
Key Distribution Center (KDC)
Q: How does KDC allow Bob, Alice to determine shared
symmetric secret key to communicate with each other?
Ks= R1
KDC
generates
R1
KA-KDC(A,B)
Alice
knows
R1
KA-KDC(R1, KB-KDC(A,R1) )
KB-KDC(A,R1)
Bob knows
how to use
R1 to
communicate
with Alice
Alice and Bob communicate: using R1 as a
session key for shared symmetric encryption
ccm4300
68
Certification Authorities
Certification authority (CA): binds public key to
particular entity, E.
E (person, router) registers its public key with CA.
E provides “proof of identity” to CA.
CA creates certificate binding E to its public key.
certificate containing E’s public key digitally signed by
CA – CA says “this is E’s public key”
Bob’s
public
key
Bob’s
identifying
information
+
KB
digital
signature
(encrypt)
CA
private
key
ccm4300
K-
CA
+
KB
certificate for
Bob’s public key,
signed by CA
69
Certification Authorities
When Alice wants Bob’s public key:
gets Bob’s certificate (Bob or elsewhere).
apply CA’s public key to Bob’s certificate,
get Bob’s public key
+
KB
digital
signature
(decrypt)
CA
public
key
Bob’s
public
+
key
KB
+
K CA
ccm4300
70
Firewalls
firewall
isolates organisation’s internal
net from larger Internet,
allowing some packets to pass,
blocking others.
Two firewall types:
packet filter
application gateways
To prevent denial of service
attacks:
SYN flooding: attacker
establishes many bogus
TCP connections.
Attacked host alloc’s TCP
buffers for bogus
connections, none left for
“real” connections.
To prevent illegal
modification of internal data.
e.g., attacker replaces
CIA’s homepage with
something else
To prevent intruders from
obtaining secret info.
71
Internet security threats
Packet sniffing:
broadcast media
promiscuous NIC reads all packets passing by
can read all unencrypted data (e.g. passwords)
e.g.: C sniffs B’s packets
C
A
src:B dest:A
payload
B
72
Internet security threats
IP Spoofing:
can generate “raw” IP packets directly from
application, putting any value into IP source
address field
receiver can’t tell if source is spoofed
e.g.: C pretends to be B
C
A
Possible solutions:
1. Filter out flooded
packets
2. Traceback source
src:B dest:A
payload
B
73
Internet security threats
Denial of service (DoS):
flood of maliciously generated packets
“swamp” receiver
Distributed DoS (DDoS): multiple coordinated
sources swamp receiver
e.g., C and remote host SYN-attack A
C
A
SYN
SYN
SYN
SYN
SYN
B
SYN
SYN
74
Firewalls...
•A firewall is a router that controls access as well as
routs
•Some packets are passed, some are discarded
•Firewall controls all access between the network
and internet
•A filter uses rules to decide what passes and what
doesn’t
•blocks inward access/ blocks outward access
Corporate
network
Packet Application Packet
To
filtering gateway
filtering outside
router
router
network
75
Firewalls: continues…..
•Network level security
•IP address filtering
•not possible with, e.g., ftp
•Proxy applications
•Have to be installed in order to enable the
internal users to use services like telnet or ftp
•Application level filters
•watch for viruses or Java applets (slow!)
•No end-to-end security
76
Packet Filtering: examples
Internal network is
connected to Internet
through a router.
Router manufacturer
provides options for filtering
packets, based on:
source IP address
destination IP address
TCP/UDP source and
destination port numbers
ICMP message type
TCP SYN and ACK bits
Example 1: block incoming
and outgoing datagrams with
IP protocol field = 17 and
with either source or dest
port = 23.
All incoming and outgoing
UDP flows and telnet
connections are blocked.
Example 2: Block inbound
TCP segments with ACK=0.
Prevents external clients
from making TCP
connections with internal
clients, but allows
internal clients to connect
to outside.
77
Application gateways
Filters packets on
application data as well as
on IP/TCP/UDP fields.
Example: allow select
internal users to telnet
outside.
host-to-gateway
telnet session
application
gateway
gateway-to-remote
host telnet session
router and filter
1. Require all telnet users to telnet through gateway.
2. For authorised users, gateway sets up telnet connection to
destination host. Gateway relays data between 2 connections
3. Router filter blocks all telnet connections not originating from
gateway.
78
Limitations of firewalls and gateways
IP spoofing: router can’t
know if data “really”
comes from the claimed
source
If multiple app’s. need
special treatment, each
has own app. gateway.
Client software must
know how to contact
gateway.
e.g., must set IP
address of proxy in
Web browser
Filters often use all or
nothing policy for UDP.
Tradeoff: degree of
communication with
outside world, level of
security
Many highly protected
sites still suffer from
attacks.
79
Virtual Private Networks
Gateways-to-gateway encryption is most valuable for building
private virtual networks across an untrusted backbone
VPN
Trusted
subnetwork
host
Security gateway
Trusted
subnetwork
host
Untrusted backbone
80
Intrusion Detection System - IDS
•What is IDS: An Intrusion Detection Systems are either
software or hardware products
•To detect attacks, preferably, in real-time
•To monitor the events occurring in a computer
system or network
•To analyse the events for signs of intrusions,
•To protect the confidentiality, integrity, availability of
the system
81
Intrusion Detection: the Concept
Dorothy Denning
(1987),
82
Detection Models
There are two types of detection models:
1. Misuse detection:
accurately and efficiently detect known attacks
2. Anomaly detection
based on the assumption that misuse or
intrusive behaviour deviates from historical
norms.
83
Frequency of detection
• Real time analysis: useful option from the perspective
of detecting attacks as they occur.
•But consume resources (high cost)
•Interval based analysis: overcomes the problem of
resources, but increases the RISK
84
Intrusion Detection Architecture
Sensors (Collectors)
collect and forward this information to the
analyser in order to determine whether an
intrusion has taken place.
Analysers
Analysis data received sensors to determine if an
intrusion has occurred/or is taking place
User interface
enables a user to view output from the system or
to control the behaviour of the system. This may
reside at the client, at the server side, or at both
parts.
85
Pefrormability Evaluation Security Mechanisms
•The proposed approach involves temporary interruption to
link/server access.
•Due to the Kerberos’ delay decryption properties and
being a timed authentication protocol, it is proven that in
terms of attack prevention this protocol is successful
despite of strong intruder connection attempts.
•This has implications in terms of performance
degradation.
•An analytical method is used to evaluate the cost in terms
of the degradation of system performance.
86
Pefrormability Evaluation Security Mechanisms
Figure 2. The MQL as a function of for various values
Figure 3. q(1,1) as a function of for various
87
Summary
•Firewalls protect systems from external attacks
•To prevent denial of service attacks
•To prevent illegal modification of internal data.
•IDSs protect systems from internal attacks
•IDSs can be viewed as a second line of defence
•IDS offer the opportunity to detect and halt
attacks in real time
88