Transcript Security

Security
Reported Security Incidents 1995 – 2003
Source: http://www.cert.org/present/cert-overview-trends/module-1.pdf
Imperative Need for Secure Communication
Cost of downtime
Secure Communication
 Characteristics
of a secure
communication
 Confidentiality
 Authentication
 Message
Integrity and non-repudiation
 Availability and Access Control
Confidentiality
 The
communicator wants the following to be
confidential:
 The
fact that the communication is occurring
 Timing of communication
 Frequency of communication
 Confidentiality
often relies on cryptographic
techniques for encrypting/ decrypting data
using one or more keys to encrypt/decrypt data
Authentication
 Both
sender and receiver should be able to
confirm identity of other party involved in
communication
 Confirm
that the other party is indeed who/what
they claim to be
 Authentication
relies on authentication
techniques, several of which rely on
cryptographic techniques
Message Integrity and
Non-Repudiation
 Message integrity
 Content
of communication is not altered
maliciously or by accident
 Relies on cryptographic techniques
 Non-repudiation
 Not
denying what was communicated
Availability
 Can
communication occur in first place?
 Hackers
preventing infrastructure from being used
by legitimate users – e.g., viruses, DoS attacks
 Detect
breaches and respond to attacks
Access Control
 Entities
allowed to gain access to resources
only if they have the appropriate access rights
(e.g., login ID, passwords, biometric devices)
 Facilitated
by firewalls, which provide access
control based on a per-packet basis, and on a perservice basis.
 Provide a degree of isolation and protection from
those outside of one’s network
Cryptography
 Symmetric
Key Cryptography
 Public Key Cryptography
Symmetric Key Cryptography
 Symmetric
Key Cryptography
Caesar Cipher
 Monoalphabetic Cipher
 Polyalphabetic Cipher
 Data Encryption Standard (DES)
 Triple DES (3DES)
 Advanced Encryption Standard (AES)

 Trusted
Intermediaries for symmetric key
distribution
Key Distribution Center (KDC)
 Kerberos

Basic Terminology
 Plain

Text
Original data – not disguised
 Cipher
(Encrypted) Text
Disguised data – looks unintelligible to intruder
 Data disguised using encryption algorithm

 Key
A string of #s or characters used as input to encryption
algorithm to disguise plain text
 Symmetric Key: Both parties use same key to encrypt
and decrypt text

Symmetric Key Cryptography
 Caesar
Cipher
Each letter in plaintext is substituted with letter that is K
letters later
 Wrap around is allowed (i.e., z followed by letter a)
 If K = 3, a in plaintext becomes d in cipher text
b in plaintext becomes e in cipher text

 Example:
Decrypt the following using a Caesar
Cipher of K =3; Assume ‘wrap around’ is allowed.
“L JP J JHHN”
Symmetric Key Cryptography
 Data
Encryption Standard (DES)
 Published
in 1977, and updated in 1993
 For commercial and non-classified U.S. Govt. use
 Encodes plaintext using 56-bit key
 Objective: Scramble data and key so that every bit
of the cipher text depends on every bit of the data
and every bit of the key
 Algorithm: Complex (beyond the scope of the
course); Decryption works by reversing the
algorithm’s operations.
How well does DES work?
 DES
challenge contest
Launched in 1997 by RSA Data Security Inc. -- A
network security company
 Encrypted “strong cryptography makes the world a safer
place” using a 56-bit DES.

 Winning
team took 4 months to decode.
Used volunteers throughout the Internet to systematically
explore key space.
 Claimed $10K cash prize after testing only a quarter of
the key space (about 18 quadrillion keys)

How well does DES work?
 In
1999, RSA launched another DES
challenge.
 Message
was decrypted in little over 22 hours by
a network of volunteers and a special purpose
computer called “Deep Crack”.
 Claimed $250 K cash prize.
Symmetric Key Cryptography
 Triple
 If
DES (3 DES)
56-bit DES is considered to be insecure, one
can simply run the algorithm multiple times,
using a different key each time
 DES run three times (with a different 56-bit key
each time DES is run).
Symmetric Key Cryptography
 Advanced
 NIST
Encryption Standard (AES)
– in Nov 2001 announced successor to
DES.
 AES is also a symmetric key algorithm that
processes data in 128-bit blocks
 AES can operate with 128-bit keys, 192-bit keys,
and 256-bit keys
Trusted Intermediaries
 Disadvantage
of Symmetric Key
Cryptography:
2
communicating parties have to agree upon their
secret key ahead of time in a secure manner.
 Since sender and receiver do not meet face to face
in the networking world , they need a trusted
intermediary
 Trusted
 Key
Intermediaries:
Distribution Center
 Kerberos
Key Distribution Center (KDC)
A server that shares a different secret
symmetric key with each registered user.
 KDC knows the secret key of each user, and
each user can communicate securely with
KDC using this key.

Example: Using KDC
 Assume
Sender (S) and Recipient (R) use
KDC for their communication.
 Assume
S’s secret key known to S and KDC is
KS-KDC
 Assume R’s secret key known to R and KDC is
KR-KDC.
Example: Using KDC
 Using
key, S sends a message to KDC saying
that S wants to communicate with R. We
denote this message as MS-KDC(S, R).
 KDC
decrypts MS-KDC(S, R)
 KDC generates a random number key KSR, which
is to be used as symmetric key by S and R during
their communication.
Example: Using KDC – cont’d
 KDC
sends S the key KSR, and a pair of values X
and KSR encrypted using R’s key. We denote this
message sent back to S by KDC as:

MKDC-S(KSR, MKDC-R(X, KSR)).
S
decrypts message and extracts symmetric key KSR.
S extracts and forwards MKDC-R(X, KSR) to R

R
Note that S cannot decrypt MKDC-R(X, KSR)
decrypts MKDC-R(X, KSR) and uses KSR as
symmetric key to converse with S
 R and S communicate using symmetric key KSR
Kerberos
 Developed
by MIT
 Very similar to KDC
 Has additional functions such as:
 Time
stamp for validity of “nonce” KSR.
 Has information about which users have access
privileges to which services on which network
servers.
Public Key Cryptography
Overview
 Define
concept of Public and Private keys
 Demonstrate RSA Algorithm
 Review Authentication Protocols (ap)
 Exchanging Public Keys
 Person
in the middle-attack
Introduction - Public Key Cryptography
 Use
public key cryptography so that two
parties can communicate using
encryption/decryption without using a shared
secret key.
 Key
 Public
maintenance is difficult
key cryptography:
 A radically
different and marvelously elegant
approach towards encryption/decryption
 Also used for authentication and digital signatures
Basic Idea of Public Key Cryptography
 Each
participant has a private key (known
only to the participant) and a public key.
 Public
key is made available to others
 Could
be posted even on a website which is accessible
by the rest of the world.
 Public key of recipient is used by sender to encrypt
message.
 Recipient
decrypts message using recipient’s
private key.
Public Key Cryptography
 Example:
 Sender
(S) wishes to send a message to Recipient
(R)
 S fetches R’s public key.
 S uses R’s public key to encrypt message
 S sends encrypted message to R.
 R decrypts cipher text with R’s private key.
RSA Algorithm
 Named
after its founders, Ron Rivest, Adi
Shamir, and Leonard Adleman
 Has become almost synonymous with public
key cryptography
Using the RSA Algorithm
 R’s
public key is denoted as KR+ and the
private key is denoted as KR-.
 These keys are chosen such that:
KR- (KR+ (m)) = KR+ (KR- (m)) = m
S
will encrypt a plain text message, m, using
public key KR+ and send it to R
Using the RSA Algorithm
 To
encrypt the message, S uses R’s public key
and determines the cipher text, c as:

c = me mod n
 To decrypt the message, R uses R’s private key
and determines the plain text, m as:

m = cd mod n
Using the RSA Algorithm
Create R’s Keys
Choose two large prime numbers, p and q.





The larger the values, the more difficult it is to break
RSA, and the longer it takes to encode/decode.
It is recommended that the product of p and q be on the
order of 1024 bits for corporate use and 768 bits for
use with “less valuable information”.
For a discussion on how to find large prime numbers,
see http://www.utm.edu/research/primes/prove/).
For example, choose p = 5 and q = 7
Using the RSA Algorithm
Create R’s Keys
Compute n = pq =35
Compute z = (p-1)(q-1) = (4)(6) = 24
Choose a number, e, less than n, which has no
common factors (other than 1) with z.




R chooses e = 5
Find a number, d, such that ed-1 is exactly
divisible (that is, with no remainder) by z.




d = 29;
Note (ed-1) = (5x29 -1) = (145-1) = 144
144 is exactly divisible by z = 24
Using the RSA Algorithm
Create R’s Keys
Recap: p = 5, q = 7, n = 35, z = 24, e = 5, d = 29


R’s public key is given by


KR+ = (n, e) = (35, 5);
R’s private key is given by

KR- = (n, d) = (35, 29)
Example



Interpret each letter in the English alphabet as a
number between 1 and 26. That is, a = 1, b = 2, …, z =
26.
S will send message “love” to R
Using the RSA Algorithm
Encrypt Message using KR+ = (n, e) = (35, 5);
Plaintext m (numeric representation)
me
c = me mod n
letter
l
12
248832
17
o
v
e
S
15
22
5
759375
5153632
3125
will send 17152210 to R
15
22
10
Using the RSA Algorithm
Encrypt Message using KR- = (n, d) = (35, 29);
Cipher
text
17
15
22
10
cd
481968572106750915091411825223071697
12783403948858939111232757568359375
851643319086537701956194499721106030592
100000000000000000000000000000
m = cd msg
mod n
12
l
15
22
5
o
v
e
RSA and DES/AES
 RSA is
a complex algorithm and uses concepts from
number theory.
 DES is at least 100 times faster than RSA.
 In practice, RSA is often used in combination with
DES or AES.
Message is encrypted using DES key
 S encrypts DES key with R’s public key
 R decrypts and obtains DES key with R’s private key.
 Message is decrypted using DES key

Authentication
 ap
4.0 (symmetric)
S announces to R, “I am S”
 R sends a plaintext nonce (= n) to S.


Note nonce is a one time value that is specific to that
communication session
S resends same nonce back to R but this time nonce is
encrypted with symmetric key used by S and R.
 R decrypts nonce using symmetric key. If decrypted
nonce equals the nonce sent to S earlier (i.e. decrypted
nonce = n) , then S is authenticated.
 However, this implies that S and R must have decided
upon and exchanged their symmetric key.

Authentication
 ap
5.0 (public/private)
S announces to R, “I am S”
 R sends a plaintext nonce (= n) to S
 S resends same nonce back to R but this time nonce is
encrypted with S’s private key.
 R decrypts nonce using S’s public key. If decrypted
nonce equals the nonce sent to S earlier (i.e. decrypted
nonce = n) , then S is authenticated.

Exchanging Public Keys
 Why
should public key be publicly available?
 Wouldn’t it be better for S and R to exchange
their respective public keys via e-mail, after
authenticating each other?
 Possibility
of “person in the middle attack.”
Person in the Middle Attack







S transmits, “I am S”
T eavesdrops.
R sends a nonce = n.
T intercepts nonce, and sends R
encrypted nonce (encrypted
using T’s private key).
R sends a message to S asking
for S’s public key.
T intercepts message, and sends
T’s public key to R.
R decrypts nonce with T’s
public key (thinking that he is
using S’s public key), and
inadvertently authenticates T.

While R is encrypting new data
using T’s public key, T is busy
posing as R to S. In particular:




T transmits R’s nonce to S
S transmits encrypted nonce
(encrypted using S’s private
key).
T intercepts encrypted
nonce, and asks S for her
public key.
S sends her public key
Person in the Middle Attack – cont’d
R
sends encrypted data (encrypted using T’s public
key)
 T decrypts using her private key, and finds out R’s
plain text.
 T encrypts R’s plain text using S’s public key.
 T transmits encrypted text to S.
 S decrypts using her private key, and finds out R’s
plain text.
 S and R presume that they have had a secure
communication. They are ignorant of the fact that T
has intercepted and decrypted all messages.
Availability and Access Control
 Examples
 Firewalls
of common attacks
Examples of some attacks
 Denial
of Service attacks
Hacker attempts to disrupt the network by flooding the
network with messages so that the network cannot
process messages from legitimate users
 Examples

“Ping” attacks
 Smurf attack
 SYN flood attack

 Distributed
Denial of Service attacks
Ping Packets
 Packets
that ask a computer to respond with an
acknowledgement
 Used
to see if a computer is still operational in a
network
 Ping by computer name
 Ping
 Ping
bus.orst.edu
by IP address
 Ping
128.193.76.73
TCP header: Packet #s (Sequence #s)
 Assume
a file has 500,000 bytes
 Assume TCP breaks this file into packets, where
each packet size is 1000 bytes
 Each packet is given a packet #
 The packet # for a packet is the number of the first
byte in that packet.
The packet # of first packet would be 1
 The packet # of next packet would be 1001
 The packet # of third packet would be 2002 and so on

TCP: Acknowledgement #
 Assume
S transmits to R
 R acknowledges receipt of S’s message, by
specifying an acknowledgment #.
 The ACK
# sent by R is the packet # of the next
packet that R is expecting from S.
 Example:
 After
S sends first packet, R sends an
acknowledgment to S by specifying ACK# 1001.
 After S sends second packet, R acknowledges by
specifying ACK# 2001.
SYN Flood Attack
 Nature
of attack
Attacker (client) sends a TCP SYN (Synchronize
Sequence/Packet Number) request to server.
 The server responds by sending a TCP SYN/ACK
packet.
 The attacker does not respond – resulting in half-open
session using up server resources.
 The attacker sends a flood of such TCP SYN requests
without responding.
 Requests from other legitimate clients are unable to reach
the server due to multiple half-open sessions

Distributed DoS (DDos) attack
 In
a DDoS attack, a hacker first gains control
of hundreds/thousands of computers (slaves).
 Plants
software referred to as DDoS agent on each
of the slaves
 Hacker
then uses software referred to as DDoS
handler (master) to control the agents (slaves)
 Attacker launches attacks from all the slaves
and it is difficult to trace hacker
High Profile Victims of DDoS
 Yahoo,
eBay, Amazon, Microsoft and eTrade
websites have been rendered inaccessible to
legitimate visitors after being flooded with
traffic from hundreds of hijacked system
 www.msn.com; www.expedia.com;
www.carpoint.com sites were flooded with
DDoS attack for almost one day
 DDoS attack high-level DNS servers on the
Internet
Firewalls
 Firewalls
are used to prevent intruders on the
Internet from making unauthorized access and
denial of service attacks to your network.
 Examines
packets flowing into and out of the
organization’s network (usually via the Internet or
corporate Intranet), restricting access to that
network.
 Two main types of firewalls are packet level
firewalls and application-level firewalls.
Packet-level Firewall
 Examines
the source and destination address
of packets that pass through it
 Only
allowing packets that have acceptable
addresses to pass.
 Since each packet is examined separately, the
firewall can’t understand what the sender’s goal
is.
 Does not monitor the contents of the packets or
why they are being transmitted and typically does
not log the packets for later analysis.
Packet-level Firewall – cont’d

In general, addresses are typically examined at the transport
layer (TCP Port ID) and network layer (IP address)



May be vulnerable to IP spoofing


Example 1: Don’t allow Telnet (Dest. Port ID = 23 not allowed)
Example 2: Don’t allow packets from Internet on an Intranet
(Source IP has to be that of a device in the intranet)
Accomplished by changing the source address on incoming
packets from their real address to an address inside the
organization’s network.
Packet-level firewalls have strengthened their security since
the first cases of IP spoofing (Dec 1994).

Example: Some firewalls automatically delete any packets arriving
from the Internet that have internal source addresses
Application-Level Firewalls
Acts as an intermediate host computer, separating a private
network from the rest of the Internet, but it works on
specific applications, such as Web site access.
 Application gateway acts as an intermediary between the
outside client making the request and the destination server
responding to that request, hiding individual computers on
the network behind the firewall.
 Because of the increased complexity of what they do,
application level firewalls require more processing power
than packet filters which can impact network performance.

Network Address Translation (NAT)
 Used
to shield a private network from outside
interference.
 An NAT proxy server uses an address table,
translating network addresses inside the organization
into aliases for use on the Internet. So, internal IP
addresses remain hidden.
 Many organizations combine NAT proxy servers,
packet filters and application gateways, maintaining
their online resources in a “DMZ network”
Typical network design using firewalls.
Security in many layers
5
– layer model:
 Application
Layer
 Transport Layer
 Network Layer
 Data Link Layer
 Physical Layer
 Each
layer can have its own security protocols.
Security at Application Layer
 Secure

E-mail
PGP (Pretty Good Privacy)
e-mail encryption scheme that has become a de facto standard.
 Uses MD5 or SHA for message digest/fingerprints.
 Uses CAST, 3DES, IDEA for symmetric key cryptography
 Uses RSA for public key cryptography

S/MIME (Secure Multipurpose Internet Mail
Extensions)
 PEM (Privacy Enhanced Mail)

 Secure-HTTP or
S-HTTP
Secure E-mail using PGP
 When
PGP is installed, software creates a private
key and public key for user.
Public key is posted on the website.
 Private key is protected using a password.

 Password
has to be entered every time user accesses
private key.
Security at Application Layer
 SET
(Secure Electronic Transactions)
 Developed
by MasterCard and VISA in 1997
 Developed to provide protection from electronic
payment fraud.
 SET uses DES for Symmetric Key Cryptography
and RSA for key exchange.
Security at Transport Layer
SSL – Secure Socket Layer

Developed to provide data encryption and authentication
between a Web client and a Web server.




Client and server perform handshake and negotiate cryptographic
technique to be used.
Client and server authenticate each other
Encrypted session progresses after handshake is completed.
SSL is typically applied at the transport layer

Implies that SSL is not limited to one application

Can be applied to Web, e-mail, HTTP applications etc.
SSL (Continued)
 SSL
was not developed for payment transactions.
Assume Bob makes a purchase from ABC Incorporated
over SSL
 ABC’s certificate issued by CA does not indicate whether
ABC Incorporated is authorized to accept payment card
purchases nor if the company is a reliable merchant.
 Similarly, ABC Incorporated has no assurance that Bob is
authorized to make a payment card purchase
 May result in stolen credit card transactions, customer
repudiation of purchased goods.

Network Layer Security
IPSecurity – IPSec
 IPSec
is a suite of protocols that provide
security at the network layer.
 Complex
suite of protocols
 IPSec would encrypt all parts of the packet
including user data at application layer, TCP
header and IP header.
 Implies that all data sent by hosts – e-mail, Web
pages etc., would be hidden from Intruder.
IPSec (Continued)
2
key protocols in the IPSec suite are:
 Authentication
Header (AH) protocol
 provides
source authentication and data integrity but
not confidentiality
 Encapsulation
 provides
Security Payload (ESP) protocol
authentication, data integrity and
confidentiality.
IPSec (Continued)
 Before
sending secure packets, source and
destination handshake and create a one-way
(simplex) network-layer logical connection –
known as Security Association (SA).
 SA is uniquely identified by:
 Security
protocol (AH or ESP) identifier
 Source IP address for simplex connection
 A 32-bit connection identifier called the Security
Parameter Index (SPI)
SA and Key Management
 IKE
(Internet Key Exchange) algorithm is the
default key management protocol for IPsec.
 ISKMP (Internet Security Association and Key
Management Protocol) defines procedures for
establishing and tearing down SAs.
Security in IEEE 802.11
Wireless Network
 Security
Standards are not as advanced in
wireless environment
 Since Fall 2004, mobile phones are being
attacked
in Phillipines – and has reached U.S.
 Virus drains your phone battery
 Started
Wireless Security
 WEP
(Wired Equivalent Privacy) protocol
provides
 Authentication
 Encryption
between a host and a wireless access
point (WAP)
 Using
symmetric key approach
 No key management algorithm
 Authentication
carried out using ap4.0
Wireless Security
 However
WEP has security holes
 Updates
(as of Feb 22, 2005) on wireless security
– check out
 http://msnbc.msn.com/id/6998751/
 http://www.nature.com/news/2005/050221/full/05022
1-6.html
 http://www.iss.net/wireless/
 http://www.practicallynetworked.com/tools/wireless_a
rticles_security.htm
 http://www.research.ibm.com/gsal/wsa/