Transcript Data Modeling - Hiram College

Security in Networks (Part 2)
CPSC 363 Computer Networks
Ellen Walker
Hiram College
(Includes figures from Computer Networking by Kurose & Ross, © Addison Wesley
2002)
Trusted Intermediaries
• How do 2 entities establish shared keys?
– Trusted key distribution center
– Gives appropriate one-time session key to each entity when
a conversation is established
– No entity knows another’s secret key (except for a specific
conversation)
• How do I know the public key Alice sent me is really
Alice’s public key?
– Trusted Certification Authority keeps list of all public keys;
issues certificates with ID & public key (encrypted with CA’s
private key, so nonforgeable)
Key Distribution Center
KDC
generates
R1
KA-KDC(A,B)
Alice
knows
R1
KA-KDC(R1, KB-KDC(A,R1) )
KB-KDC(A,R1)
Bob knows to
use R1 to
communicate
with Alice
Alice and Bob communicate: using R1 as
session key for shared symmetric encryption
Certification Authority
• Binds key to entity E (host or router)
• Generates digitally-signed certificate after
receiving appropriate proof of identity and
payment
Bob’s
public
key
Bob’s
identifying
information
+
KB
digital
signature
(encrypt)
CA
private
key
K-
CA
+
KB
certificate for
Bob’s public key,
signed by CA
Firewall
• Analogy: brick wall between apartments to
contain a fire
• In networking, isolates internal net from larger
Internet, hopefully containing attacks
public
Internet
administered
network
firewall
What Can Firewall Prevent?
• Denial of service attacks
– SYN flooding establishes bogus TCP connections,
preventing “real users” from establishing them
• Illegal access / modification of internal data
• Access by unauthorized users/hosts
Types of Firewall
• Packet sniffing
– Each packet examined and allowed to pass (or
not) based on a set of rules
• Application level
– All messages for a given application pass through
a “gateway”
– Information such as username available at
application level, but not packet
Packet Filtering Rules
• Packets can be determined to pass or not
based on:
–
–
–
–
Source, Destination IP address
TCP / UDP source & destination port numbers
ICMP message type
TCP SYN and ACK bits
• E.g. TCP ACK=0 is new message originating from
outside
• Ordering of rules is important (and can get
complex) - see Table 8.5
Application Gateway
• Filters packets on application data
(e.g. user)
– E.g. only certain users can telnet
– Telnet connections through
gateway allowed (authentication
at gateway)
– All other (direct) telnet
connections blocked
host-to-gateway
telnet session
application
gateway
gateway-to-remote
host telnet session
router and filter
Limitations of Firewalls and
Gateways
• IP spoofing - fake “return address” to get
through
• Client needs to know how to access
application gateway (e.g. proxy server
address configured in browser)
• Tradeoff: more communication vs. more risk
• Even highly protected sites suffer attacks
• ‘Arms race’ mentality (hacker vs. netadmins)
Attacks
• Mapping
– Ping, port sniffing, etc.
• Packet Sniffing
– Interfaces in “promiscuous mode” look at every
packet
• Spoofing
– “From” IP does not match IP of device
• Denial of service & Hijacking (next slides)
Countermeasures
• Mapping
– Record & analyze traffic, react to suspicious patterns (e.g.
update firewall rules)
• Packet Sniffing
– Watch for hosts in promiscuous mode
– Avoid broadcast media (e.g. use switch, not hub)
• Spoofing
– Stop bogus packet at outgoing router (if not from that
network) but we can’t control everyone else’s router
• Denial of service & Hijacking (next slides)
Denial of Service Attacks
• SYN flooding
– Starts the TCP handshake, but does not complete
– Server allocates data structures for “partial
connections” until space runs out
• SMURF attack
– Convince many innocent hosts to send ICMP
packets (traceroute) back to attacked host
• DDoS (Distributed Denial of Service)
– Many hosts act as “slaves” for the attacker due to
prior compromise
Denial of Service Countermeasures
• Filter out flooded packets at firewall (loss of
good packets, too)
• Traceback to source of floods
– Probably an innocent machine that has been
compromised!
Hijacking Attack
• Bob is connected to Alice, Trudy listening in
– Trudy gets seq num, ack num, etc from packets
• Trudy eliminates Alice’s host
– DoS attack, e.g.
• Trudy continues the conversation
– Spoof’s Alice’s host
– All header info is correct
– Data can be whatever Trudy wants!
Hijacking Countermeasures
• Application level
–
–
–
–
Authentication protocols
Encryption
Trusted intermediaries
Digital signatures
• Packet level
– Encryption of broadcast media (e.g. wireless)
– Protect physical media from tapping
Security Across Layers
• Application Layer
– Secure e-mail
• Transport Layer
– Secure sockets layer (SSL)
– Transport Layer security (TLS)
• Network Layer
– IPsec (IP security)
• Authentication Header Protocol (AH)
• Encapsulation Security Payload Protocol (ESP)
• Data Link Layer
– Wired Equivalence Privacy (WEP) on 802.11
What Security Provides (review)
• Confidentiality
• Message integrity
• Authentication
– Sender
– Receiver
Secure Email: Confidentiality
• Encryption options
– Private key (key exchange problem)
– Public key (inefficient for long email)
• Best of both worlds
– Alice chooses “random” session key
– Alice encrypts message using session key
– Alice encrypts session key using Bob’s public key
• Recipient authentication as well as
confidentiality (why?)
Confidential Email
KS
m
K (.)
S
+
KS
+
.
K B( )
+
KB
KS(m )
KS(m )
+
KB(KS )
.
KS( )
-
Internet
+
KB(KS )
m
KS
-
.
K B( )
-
KB
Ks = session key, Kb+ and Kb- are Bob’s public and private keys
Secure Email: Message Integrity
• Use a hash function to compress the message:
H(m)
• Encrypt the hash using Alice’s private key (KA(H(m))
– This is the signature
• Send m + (KA- (H(m)) together
• Bob computes H(m), compares to KA+(Alice’s sig)
– If they’re equal, message is valid
• Also provides sender authentication (why?)
Pretty Good Privacy
• Provides all 4 aspects of security
– Note 3 keys!
-
KA
m
.
H( )
-
.
KA( )
-
KA(H(m))
+
KS
.
KS( )
+
m
KS
+
.
K B( )
+
KB
+
KB(KS )
Internet
Security for Internet Commerce
• Protect consumer from having credit card info
stolen “in transit”
• Protect consumer from providing credit card
(etc) information to “spoofed site”
Secure Sockets Layer
• Data Encryption and Authentication
• Handshake
– Negotiate encryption algorithm and session keys
– Authenticate server to the client
• Transaction
– All data is encrypted using negotiated algorithm
and session keys
How It Works (Almost-SSL)
• Client & Server exchange TCP handshake
– SYN, SYN+ACK, ACK
• Client establishes server’s identity
– SSL hello, certificate
• “Master Secret” (to generate keys)
exchanged
– Client creates MS, sends K+(MS)
– K+ is public key from certificate
How It Works (Almost SSL)
• From MS, we generate 4 keys
– Eb = session encryption key for Bob->Alice
– Mb = session MAC key for Bob->Alice
– Ea, Ma from Alice->Bob
• Encryption keys encrypt data
• MAC keys verify data integrity
– Record data + M key are hashed & encrypted with
E key.
– Recipient decrypts and checks
Real SSL adds…
• Negotiate & agree on cryptographic
algorithms
• Nonces sent during handshake
– Used in creation of MS for E and M session keys
• MAC of handshakes sent both ways at end
(to protect the handshake itself)
SSL Not Just for Web
• “Secure Sockets” can be used by other
applications
– ssh (secure telnet)
– scp (secure file transfer)
– IMAP (secure email)
• Application -> SSL -> TCP (& vice versa)
SSL Authentication
• Browser has list of trusted Certification
Authorities & their public keys
• Browser obtains certificate with server’s
public key (digitally signed by CA)
• Server also has access to client certificates
from CA
– Client authentication is optional
SSL Confidentiality
• All data is encrypted using info determined during
handshake (authentication is included, too):
– Browser sends its SSL version # and preferences
– Server sends its SSL version #, preferences, and certificate
(contains public key, signed by CA)
– Browser checks validity of certificate
– Browser generates session key, encrypts with server’s public
key & sends
– Browser sends encrypted “handshake done” message
– Server sends encrypted “handshake done” message
IP Security (IPSec)
• Confidentiality
– Message contents are encrypted
– TCP / UDP headers are encrypted too
• This protects control and management messages as well
as data
• Source Authentication
– IP cannot be spoofed
– Based on signature
IPSec Protocols
• Authentication Header Protocol (AH)
– Source authentication
– Data integrity
• Encapsulation Security Protocol (ESP)
– Surce Authentication
– Data Integrity
– Confidentiality
• Both are based on Security Association
– Logical connection established by handshake
– Security protocol ID , source IP and Security Parameter
Index (SPI) = unique 32-bit connection ID
IEEE 802.11 (WiFi) Security
• “War Driving” - drive around a city, see what
open networks are available
– Generally find many unprotected networks
available from the street
• Securing 802.11
– WEP (failed)
– 802.11i (improved, ratified June 2004)
Wireless Equivalent Privacy
• Based on symmetric key (no key exchange protocol
specified)
– Request connection, receive nonce, encrypt nonce, if
correct, connection accepted
• Encryption based on symmetric key plus Initialization
Vector (IV) and XOR
• Algorithm, RC4, changes IV (in a pattern) for every
transmission, and transmits
• Problems
– Not enough unique IV’s (only a few seconds’ worth)
– IV transmitted in plaintext!
– If Trudy knows content and sees encrypted files, keys can
be extracted.
IEEE 802.11i - Four phases
STA:
client station
AP: access point
AS:
Authentication
server
wired
network
1 Discovery of
security capabilities
2 STA and AS mutually authenticate, together
generate Master Key (MK). AP servers as “pass through”
3 STA derives
Pairwise Master
Key (PMK)
4 STA, AP use PMK to derive
Temporal Key (TK) used for message
encryption, integrity
3 AS derives
same PMK,
sends to AP
Advantages of 802.11i
• Explicit key distribution protocol, using
concept of “trusted host”, in this case the
authentication server
• Multiple available forms of encryption,
including AES based encryption and other
stronger than WEP
• Separates authentication server from Access
Point (centralizing important decisions)