Secure Communications - Computer Science & Engineering
Download
Report
Transcript Secure Communications - Computer Science & Engineering
Lecture 24
Secure Communications
CS 450/650
Fundamentals of
Integrated Computer Security
Slides are modified from Ian Goldberg
Who Attacks Networks
• Hackers break into organizations from the
outside
– Challenge
– Fame
– Money & Espionage
– Ideology
• However, most security breaches are internal,
by employees and ex-employees
CS 450/650 – Lecture 24: Secure Communications
2
Threat Precursors
• Port Scan
• Social Engineering
– Reconnaissance
– Bulletin Board / Chat
– Docs
• Packet Sniffers (telnet/ftp in cleartext)
CS 450/650 – Lecture 24: Secure Communications
3
Network Security Threats
• Interception
– If interceptor cannot read, have confidentiality
(privacy)
– If cannot modify without detection, have message
integrity
CS 450/650 – Lecture 24: Secure Communications
4
Network Security Threats
• Impostors (Spoofing/ Masquerade)
– Claim to be someone else
– Need to authenticate the sender--prove that they
are who they claim to be
True
Person
Impostor
CS 450/650 – Lecture 24: Secure Communications
5
Network Security Threats
• Remotely Log in as Root User
– Requires cracking the root login password
– Then control the machine
– Read and/or steal information
– Damage data (erase hard disk)
– Create backdoor user account that will let them in
easily later
Root Login Command
CS 450/650 – Lecture 24: Secure Communications
6
Security Threats
• Content Threats
– Application layer content may cause problems
• Viruses
• In many ways, most severe security problem in
corporations today
• Must examine application messages
CS 450/650 – Lecture 24: Secure Communications
7
Replay Attack
• First, attacker intercepts a message
– Not difficult to do
CS 450/650 – Lecture 24: Secure Communications
8
Replay Attack
• Later, attacker retransmits (replays) the
message to the original destination host
– Does not have to be able to read a message to
replay it
CS 450/650 – Lecture 24: Secure Communications
9
Replay Attack
• Why replay attacks?
– To gain access to resources by replaying an
authentication message
– In a denial-of-service attack, to confuse the
destination host
CS 450/650 – Lecture 24: Secure Communications
10
Thwarting Replay Attacks
• Put a time stamp in each message to ensure
that the message is “fresh”
– Do not accept a message that is too old
• Place a sequence number in each message
– Do not accept a duplicated message
Message
Time
Stamp
CS 450/650 – Lecture 24: Secure Communications
Sequence
Number
11
Thwarting Replay Attacks
• In request-response applications,
– Sender of request generates a nonce (random
number)
– Places the nonce in the request
– Server places the nonce in the response
– Neither party accepts duplicate nonces
Request
Nonce
CS 450/650 – Lecture 24: Secure Communications
Response
Nonce
12
Network Security Threats
• Denial of Service (DOS) Attacks
– Overload system with a flood of messages
– Or, send a single message that crashes the
machine
CS 450/650 – Lecture 24: Secure Communications
13
Denial of Service (DOS) Attacks
• Transmission Failure
• Connection Flooding
– Echo-Chargen
– Ping of Death
– Smurf
– Syn Flood
– Traffic Redirection
– DNS Attacks
• Distributed Denial of Service
CS 450/650 – Lecture 24: Secure Communications
14
SSL Integrated Security System
• SSL
– Secure Sockets Layer
– Developed by Netscape
• TLS (now)
– Netscape gave IETF control over SSL
– IETF renamed it TLS (Transport Layer Security)
– Usually still called SSL
CS 450/650 – Lecture 24: Secure Communications
15
Location of SSL
• Below the Application Layer
– IETF views it at the transport layer
– Protects all application exchanges
– Not limited to any single application
• WWW transactions, e-mail, etc.
E-Mail
WWW
SSL
CS 450/650 – Lecture 24: Secure Communications
E-Mail
WWW
SSL
16
SSL Operation
• Browser & Webserver Software Implement
SSL
– User can be unaware
CS 450/650 – Lecture 24: Secure Communications
17
SSL Operation
• SSL ISS Process
– Two sides negotiate security parameters
– Webserver authenticates itself
– Browser may authenticate itself but rarely does
– Browser selects a symmetric session key, sends to
webserver
– Adds a digital signature and encrypts all messages
with the symmetric key
CS 450/650 – Lecture 24: Secure Communications
18
Importance of SSL
• Supported by Almost All Browsers
– De facto standard for Internet application security
• Problems
– Relatively weak security
– Does not involve security on merchant server
– Does not validate credit card numbers
– Viewed as an available but temporary approach to
consumer security
CS 450/650 – Lecture 24: Secure Communications
19
Other ISSs
• SSL is merely an example integrated security
system
• Many other ISSs exist
– IPsec
– PPP and PPTP
– Etc.
CS 450/650 – Lecture 24: Secure Communications
20
Other ISSs
• All ISSs have the same general steps
– Negotiate security parameters
– Authenticate the partners
– Exchange a session key
– Communicate with message-by-message privacy,
authentication, and message integrity
CS 450/650 – Lecture 24: Secure Communications
21
VPNs
• IETF developing IPsec security standards
– IP security
– At the internet layer
– Protects all messages at the transport and
application layers
E-Mail, WWW, Database, etc.
TCP
UDP
IPsec
CS 450/650 – Lecture 24: Secure Communications
22
VPNs
• IPsec Transport Mode
– End-to-end security for hosts
Local
Network
Internet
Local
Network
Secure Communication
CS 450/650 – Lecture 24: Secure Communications
23
VPNs
• IPsec Tunnel Mode
– IPsec server at each site
– Secure communication between sites
Local
Network
Secure Communication
CS 450/650 – Lecture 24: Secure Communications
Internet
Local
Network
IPsec
Server
24
VPNs
• IPsec Modes Can be Combined
– End-to-end transport mode connection
– Within site-to-site tunnel connection
Local
Network
Tunnel Mode
CS 450/650 – Lecture 24: Secure Communications
Internet
Local
Network
Transport Mode
25
VPNs
• Another Security System for VPNs is the Pointto-Point Tunneling Protocol (PPTP)
– For dial-up connections, based on PPP
– Connects user with securely to a remote access
server at a site
Dial-Up
Connection
PPTP Connection
CS 450/650 – Lecture 24: Secure Communications
Internet
Local
Network
Remote Access Server
26
IPsec
• IPsec (IP security)
• Security for transmission over IP networks
– The Internet
– Internal corporate IP networks
– IP packets sent over public switched data
networks (PSDN)
Local
Network
CS 450/650 – Lecture 24: Secure Communications
Internet
Local
Network
27
IPsec
• Why do we need IPsec?
– IP has no security
– Add security to create a virtual private network
(VPN) to give secure communication over the
Internet or another IP network
Local
Network
CS 450/650 – Lecture 24: Secure Communications
Internet
Local
Network
28
IPsec
• Genesis
– Being created by the Internet Engineering Task
Force
– For both IP version 4 and IP version 6
CS 450/650 – Lecture 24: Secure Communications
29
IPsec
• Two Modes of operation
• Tunnel Mode
– IPsec server at each site
– Secures messages going through the Internet
Local
Network
Secure Communication
CS 450/650 – Lecture 24: Secure Communications
Internet
Local
Network
IPsec
Server
30
IPsec
• Tunnel Mode
– Hosts operate in their usual way
• Tunnel mode IPsec is transparent to the hosts
– No security within the site networks
Local
Network
Secure Communication
CS 450/650 – Lecture 24: Secure Communications
Internet
Local
Network
IPsec
Server
31
IPsec
• Two Modes of operation
• Transport Mode
– End-to-end security between the hosts
– Security within site networks as well
– Requires hosts to implement IPsec
Local
Network
Internet
Local
Network
Secure Communication
CS 450/650 – Lecture 24: Secure Communications
32
IPsec
• Transport Mode
– Adds a security header to IP packet
– After the main IP header
– Source and destination addresses of hosts can be
learned by interceptor
– Only the original data field is protected
Original
IP Header
CS 450/650 – Lecture 24: Secure Communications
Transport
Security
Header
Protected
Original Data Field
33
IPsec
• Tunnel Mode
– Adds a security header before the original IP
header
– Has IP addresses of the source and destination
IPsec servers only, not those of the source and
destination hosts
– Protects the main IP header
Tunnel
Security
Header
CS 450/650 – Lecture 24: Secure Communications
Protected
Original
IP Header
Protected
Original Data Field
34
IPsec
• Can combine the two modes
– Transport mode for end-to-end security
– Plus tunnel mode to hide the IP addresses of the
source and destination hosts during passage
through the Internet
Local
Network
Tunnel Mode
CS 450/650 – Lecture 24: Secure Communications
Internet
Local
Network
Transport Mode
35
IPsec
• Two forms of protection
• Encapsulating Security Protocol (ESP) security
provides confidentiality as well as
authentication
• Authentication Header (AH) security provides
authentication but not confidentiality
– Useful where encryption is forbidden by law
– Provides slightly better authentication by
providing authentication over a slightly larger part
of the message, but this is rarely decisive
CS 450/650 – Lecture 24: Secure Communications
36
IPsec
• Modes and protection methods can be
applied in any combination
Tunnel
Mode
Transport
Mode
ESP Supported Supported
AH
Supported Supported
CS 450/650 – Lecture 24: Secure Communications
37
IPsec
• Security Associations (SAs) are agreements
between two hosts or two IPsec servers,
depending on the mode
• “Contracts” for how security will be
performed
• Negotiated
• Governs subsequent transmissions
Host A
CS 450/650 – Lecture 24: Secure Communications
Negotiate
Security Association
Host B
38
IPsec
• Security Associations (SAs) can be
asymmetrical
– Different strengths in the two directions
– For instance, clients and servers may have
different security needs
SA for messages
From A to B
Host A
Host B
SA for messages
From B to A
CS 450/650 – Lecture 24: Secure Communications
39
IPsec
• Policies may limit what SAs can be negotiated
– To ensure that adequately strong SAs for the
organization’s threats
– Gives uniformity to negotiation decisions
Host A
CS 450/650 – Lecture 24: Secure Communications
Security Association
Negotiations Limited
By Policies
Host B
40
IPsec
• First, two parties negotiate IKE (Internet Key
Exchange) Security Associations
– IKE is not IPsec-specific
– Can be used in other security protocols
Host A
CS 450/650 – Lecture 24: Secure Communications
Communication
Governed by
IKE SA
Host B
41
IPsec
• Under the protection of communication
governed by this IKE SA, negotiate IPsecspecific security associations
Host A
Communication
Governed by
IKE SA
Host B
IPsec SA Negotiation
CS 450/650 – Lecture 24: Secure Communications
42
IPsec
• Process of Creating IKE SAs (and other SAs)
– Negotiate security parameters within policy
limitations
– Authenticate the parties using SA-agreed methods
– Exchange a symmetric session key using SA-agreed
method
– Communicate securely with confidentiality,
message-by-message authentication, and
message integrity using SA-agreed method
CS 450/650 – Lecture 24: Secure Communications
43
IPsec
• IPsec has mandatory security algorithms
– Uses them as defaults if no other algorithm is
negotiated
– Other algorithms may be negotiated
– But these mandatory algorithms MUST be
supported
CS 450/650 – Lecture 24: Secure Communications
44
PKIs
• To use public key methods, an organization
must establish a comprehensive Public Key
Infrastructure (PKI)
– A PKI automates most aspects of using public key
encryption and authentication
– Uses a PKI Server
PKI
Server
CS 450/650 – Lecture 24: Secure Communications
45
PKIs
• PKI Server Creates Public Key-Private Key Pairs
– Distributes private keys to applicants securely
– Often, private keys are embedded in delivered
software
Private Key
PKI
Server
CS 450/650 – Lecture 24: Secure Communications
46
PKIs
• PKI Server Provides CRL Checks
– Distributes digital certificates to verifiers
– Checks certificate revocation list before sending
digital certificates
Digital Certificate
PKI
Server
CS 450/650 – Lecture 24: Secure Communications
47
PKIs
• CRL (Certificate Revocation List) Checks
– If applicant gives verifier a digital certificate,
– The verifier must check the certificate revocation
list
CRL
PKI
Server
CS 450/650 – Lecture 24: Secure Communications
OK?
OK or Revoked
48
Integrated Security System
• When two parties communicate …
– Their software usually handles the details
– First, negotiate security methods
– Then, authenticate one another
– Then, exchange symmetric session key
– Then can communicate securely using symmetric
session key and message-by-message
authentication
CS 450/650 – Lecture 24: Secure Communications
49
Multi-Layer Security
• Security Can be Applied at Multiple Layers
Simultaneously
– Application layer security for database, e-mail, etc.
– Transport layer: SSL
– Internet layer: IPsec
– Data link layer: PPTP, L2TP
– Physical layer: locks
CS 450/650 – Lecture 24: Secure Communications
50
Multi-Layer Security
• Applying security at 2 or more layers is good
– If security is broken at one layer, the
communication will still be secure
• However,
– Security slows down processing
– Multi-Layer security slows down processing at
each layer
CS 450/650 – Lecture 24: Secure Communications
51
Total Security
• Network Security is Only Part
• Server Security
– Hackers can take down servers with denial-ofservice attack
– Hacker can log in as root user and take over the
server
– Steal data, lock out legitimate users, etc.
CS 450/650 – Lecture 24: Secure Communications
52
Total Security
• Server Security
– Occasionally, weakness are discovered in server
operating systems
– This knowledge is quickly disseminated
– Known security weaknesses
CS 450/650 – Lecture 24: Secure Communications
53
Total Security
• Server Security
– Server operating system (SOS) vendors create
patches
– Many firms do not download patches
– This makes them vulnerable to hackers, who
quickly develop tools to probe for and then exploit
known weaknesses
CS 450/650 – Lecture 24: Secure Communications
54
Total Security
• Client PC Security
– Known security weaknesses exist but patches are
rarely downloaded
– Users often have no passwords or weak
passwords on their computer
– Adversaries take over client PCs and can therefore
take over control over SSL, other secure
communication protocols
CS 450/650 – Lecture 24: Secure Communications
55
Total Security
• Application Software
– May contain viruses
• Must filter incoming messages
– Database and other applications can add their
own security with passwords and other
protections
CS 450/650 – Lecture 24: Secure Communications
56
Total Security
• Managing Users
– Often violate security procedures, making
technical security worthless
– Social engineering: attacker tricks user into
violating security procedures
CS 450/650 – Lecture 24: Secure Communications
57
Defense in Depth
•
•
•
•
Firewalls
Antivirus
Intrusion Detection Systems
Intrusion Protection Systems
CS 450/650 – Lecture 24: Secure Communications
58