COM347J1 Networks and Data Communications L1

Download Report

Transcript COM347J1 Networks and Data Communications L1

COM342
Networks and Data Communications
Lecture 10B: Security; authentication and
encryption
Ian McCrum
Room 5B18
Tel: 90 366364 voice mail on 6th ring
Email: [email protected]
Web site: http://www.eej.ulst.ac.uk
07/11/2012
www.eej.ulst.ac.uk/~ian/modules/COM342/COM342_L10B.ppt
L10B/1/40
Keypoints
• War driving, what is it.
• Brief knowledge of common key (symmetric
cryptography) and private/public key encryption
(asymmetric cryptography)
• Public Key repositories; certificates.
• Authentication and encryption,
• SSH how it is used (no need to know detailed protocol)
• Tunnelling
07/11/2012
www.eej.ulst.ac.uk/~ian/modules/COM342/COM342_L10B.ppt
L10B/2/40
Security Issues
•
•
•
•
•
War Driving / Sniffing (Parking Lot attack)
Rogue Access Points
MAC Address
SSID
WEP
• SSH
• Tunnels and secure IP links
• Keys; private and public, trusted key repositories
07/11/2012
www.eej.ulst.ac.uk/~ian/modules/COM342/COM342_L10B.ppt
L10B/3/40
War Driving
• War driving is one of the latest hacker fads
– http://www.wardriving.com/
• Involves driving around and scanning in search of
unprotected 802.11 wireless networks
• Several War Driving tools are available
–
–
–
–
–
NetStumbler
AiroPeek
MobileManager
Sniffer Wireless
THC-WarDrive
07/11/2012
www.eej.ulst.ac.uk/~ian/modules/COM342/COM342_L10B.ppt
L10B/4/40
Net Stumbler
•The MAC address of the access point
•The network name
•SSID
•Manufacturer
07/11/2012
•Channel that it was heard on
•WEP Enabled (Yes or No)
•Signal strength
•Signal to Noise Ratio
www.eej.ulst.ac.uk/~ian/modules/COM342/COM342_L10B.ppt
L10B/5/40
War Driving Example
07/11/2012
www.eej.ulst.ac.uk/~ian/modules/COM342/COM342_L10B.ppt
L10B/6/40
Parking Lot Attack
07/11/2012
www.eej.ulst.ac.uk/~ian/modules/COM342/COM342_L10B.ppt
L10B/7/40
War Chalking
07/11/2012
www.eej.ulst.ac.uk/~ian/modules/COM342/COM342_L10B.ppt
L10B/8/40
Unauthorized Access Points
• Install access points without permission
(Sack ‘em!)
• Security is NOT enabled
• The whole Network becomes vulnerable
to war driving/sniffing attacks
07/11/2012
www.eej.ulst.ac.uk/~ian/modules/COM342/COM342_L10B.ppt
L10B/9/40
Using MAC Address
• Control access by allowing only valid
MAC addresses to access the network
• Complicated and difficult to maintain list of valid MAC
addresses
• Using software, MAC addresses can be spoofed
07/11/2012
www.eej.ulst.ac.uk/~ian/modules/COM342/COM342_L10B.ppt
L10B/10/40
07/11/2012
www.eej.ulst.ac.uk/~ian/modules/COM342/COM342_L10B.ppt
L10B/11/40
Modern Cryptography
• Two broad classes
– 1. Shared-key cryptography
– 2. Public-key cryptography
• There are many others, one time cipher etc., Also various
algorithms.
• RSA , DES, RC4, etc.,
• A good read (good Christmas Present!) is “The Code
Book” by Simon Singh 1999 ISBN 1-85702-879-1. It
contains a £10,000 cipher challenge!
07/11/2012
www.eej.ulst.ac.uk/~ian/modules/COM342/COM342_L10B.ppt
L10B/12/40
History of Cryptography
Symmetric Cryptography - The Only Solution Prior To 1975
Central Key Generation
Key Distribution & Management
Clear
Text
Crypto
Engine
Encryption
07/11/2012
Cipher
Text
Crypto
Engine
Clear
Text
Decryption
www.eej.ulst.ac.uk/~ian/modules/COM342/COM342_L10B.ppt
L10B/13/40
Symmetric Key Encryption
Plain-text input
“The quick
brown fox
jumps over
the lazy
dog”
Cipher-text
Plain-text output
“AxCv;5bmEseTfid3)
fGsmWe#4^,sdgfMwi
r3:dkJeTsY8R\s@!q3
%”
“The quick
brown fox
jumps over
the lazy
dog”
Encryption
Decryption
Same key
(shared secret)
07/11/2012
www.eej.ulst.ac.uk/~ian/modules/COM342/COM342_L10B.ppt
L10B/14/40
History of Cryptography
Asymmetric Cryptography - Publicly Introduced In 1975(1)
Key Pair Generation
Key Distribution & Management
“Private”
Key
“Public” Key
Clear
Text
Pub Key
Crypto
Engine
Encryption
Cipher
Text
Pub Key
Crypto
Engine
Clear
Text
Decryption
L10B/15/40
07/11/2012
(1) Whitfield
Diffie and Martin Helman, “Newwww.eej.ulst.ac.uk/~ian/modules/COM342/COM342_L10B.ppt
Directions In Cryptography”, IEEE Transactions On Information Theory, v.IT-22 n.6, 6 Nov 1976, pp 644-654
Public Key Encryption
Clear-text input
“The quick
brown fox
jumps over
the lazy
dog”
Cipher-text
Clear-text output
“Py75c%bn&*)9|fDe^
bDFaq#xzjFr@g5=&n
mdFg$5knvMd’rkveg
Ms”
“The quick
brown fox
jumps over
the lazy
dog”
Encryption
public
Decryption
Different keys
private
Recipient’s
public key
07/11/2012
Recipient’s
private key
www.eej.ulst.ac.uk/~ian/modules/COM342/COM342_L10B.ppt
L10B/16/40
What are the PKI Keys?
Public Key
Private Key
PIN 5638
12429
Bill
•
•
•
•
Protected by owner
Used to sign messages
Used to decrypt messages
Kept in physical possession of owner
07/11/2012
•
•
•
•
Distributed freely and openly
Used to verify signatures
Used to encrypt messages
Kept in public certificate key
directory servers
www.eej.ulst.ac.uk/~ian/modules/COM342/COM342_L10B.ppt
L10B/17/40
Public Key Cryptography
• Public/private key pair
• Only the owner knows the private key, but everyone
knows the public key
• If the message is encrypted with the private key, then
everyone with the public key can recover the message,
but only the owner can generate the encrypted message
07/11/2012
www.eej.ulst.ac.uk/~ian/modules/COM342/COM342_L10B.ppt
L10B/18/40
Continued
• If the message is encrypted with the public key, only the
owner can decrypted it using its private key
• The first property can be used for signature and the
second property can be used for encryption.
• It is computationally intensive so one popular practical
encryption system SSH, uses private and public keys to
initially authenticate each end of a link and then switches
to a common “one-time” key to speed things up
• SSH is a modern replacement for telnet but it can also
tunnel other ports…
07/11/2012
www.eej.ulst.ac.uk/~ian/modules/COM342/COM342_L10B.ppt
L10B/19/40
Public Key Pairs
public
private
Public and private keys are always
generated as a matched pair
Keys are mathematically related but it is
computationally infeasible to deduce a
private key from its public key
private
Private keys are kept secret - preferably by
being stored in a tamper-resistant chip
SMART
CARD
123 89 3486
M
Public keys are just that - public!
07/11/2012
www.eej.ulst.ac.uk/~ian/modules/COM342/COM342_L10B.ppt
L10B/20/40
Key Management
•
Ideally, every person has two key pairs:
– Key-exchange key pair
– Signature key pair
– Key pairs are distinct
•
•
•
•
Public and private keys are always generated as a pair
at the user’s machine
Public key can be openly shared
Private key is always kept private (it never leaves the
machine where it was generated)
A complex protocol passes data back and forth to
ensure each is who they say there are.
07/11/2012
www.eej.ulst.ac.uk/~ian/modules/COM342/COM342_L10B.ppt
L10B/21/40
No Protection
Transmitted “in the clear”
TO:BOB
‘Postcard’
Bob receives Alice’s
mail without any
assurance of
originator,
confidentiality
or integrity of contents
Alice knows
Bob’s address
07/11/2012
www.eej.ulst.ac.uk/~ian/modules/COM342/COM342_L10B.ppt
L10B/22/40
Digital Signature
“Token”
Contains Private
Key material
PIN 5556
Record with digital
signature transmitted
electronically
Bob verifies Alice was
sender from Alice’s
Public Key at certificate
repository
FROM:
ALICE
10011011..
TO: BOB
Alice
Alice signs
record
using
Private Key
07/11/2012
33728
Obtains
Alice’s
Public Key
www.eej.ulst.ac.uk/~ian/modules/COM342/COM342_L10B.ppt
33728 Alice
L10B/23/40
Encryption
Alice gets Bob’s
Public Key from
certificate
repository
Encrypts
transmission
using Bob’s
Public Key
“Token”
Contains Private
Key material
Sends to Bob
wascdfee
944
x./,ca
TO: BOB
fvza/qf
11011010..
aservbrsr
trt
999081 Bob
Certificate
Repository
07/11/2012
www.eej.ulst.ac.uk/~ian/modules/COM342/COM342_L10B.ppt
Bob
decrypts
using his
Private Key
L10B/24/40
Digital Signature & Encryption
Alice digitally
signs record
using her
Private Key
Bob decrypts
using his
“Token”
Contains Private Private Key
“Token”
Contains Private
Key material
Encrypts transmission
using Bob’s Public
Key
wascdfee
944
999081
Bob
PIN 5556
10011011...
PKIDSS1097.PPT
Alice gets Bob’s
Public Key from
certificate
repository
07/11/2012
Key material
Sends to
Bob
PIN 9086
11011010.
..
x./,ca
fvza/qf
aservbrs
rtrt
33728 Alice
999081 Bob
Certificate
Repository
www.eej.ulst.ac.uk/~ian/modules/COM342/COM342_L10B.ppt
Bob verifies Alice
was sender from
Alice’s Public Key
from certificate
repository
L10B/25/40
• RSA authentication uses the property that anything encrypted with the public key of
a key pair can be decrypted only with the private key. The reverse is also true. A
second property is that it is not possible to derive the private key from the public key
or vice versa.
• Thus a host generates a random string, and encrypts it with the public key of a
remote host. If the remote host correctly decrypts the string and returns it, it is
considered authenticated. By forcing both ends to verify their identity, ssh provides
protection against three common spoofing attacks: DNS, IP and routing spoofing.
• ssh encryption
In addition to authentication, ssh also provides several options for encryption.
IDEA is the default cipher for encryption, but DES, 3DES, and blowfish are also
available. ssh employs symmetric key encryption for the data transfer because public
key encryption is too computationally expensive. The client generates a random
string for use as the symmetric key and sends it to the server encrypted with the
server's public key, so someone eavesdropping can't get the key. The encryption is
automatic, end-to-end, and is started immediately after host authentication, but
before user authentication. This way, even if the user must enter her password, it is
sent over a secure channel. No configuration is necessary to enable encryption. In
fact, it can't be disabled, except at compile time.
07/11/2012
www.eej.ulst.ac.uk/~ian/modules/COM342/COM342_L10B.ppt
L10B/26/40
Practical SSH sessions
•
When you ssh to a host you've never talked to before, it sends you its public key. This
is possibly a security hole, since a fake host could get you to take its key instead at this
point.
a. Example
$ ssh somehost
The authenticity of host 'somehost (192.168.1.1)' can't be established. RSA key
fingerprint is 90:9c:46:ab:03:1d:30:2c:5c:87:c5:c7:d9:13:5d:75.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'somehost' (RSA) to the list of known hosts.
user@somehost's password: [not shown]
b. Explanation
ssh is warning you that it doesn't really know about this host yet. It shows you the
hostname and IP address, so you can be sure you're talking to the correct computer. It
also shows the fingerprint of the server's public key. If you know what the fingerprint
should be, you can check it and disallow it if it doesn't match.
07/11/2012
www.eej.ulst.ac.uk/~ian/modules/COM342/COM342_L10B.ppt
L10B/27/40
Practical SSH continued…
Reasonable paranoia
Most of the time, it's pretty safe to just accept host keys. At least within a controlled
environment such as UUJ, it's unlikely that someone could compromise the network
enough to have their computer masquerading as, say, one of the gl machines. In other
situations, it's up to you to decide whether to get key information from the server
admin before connecting.
Changed host key example
$ ssh somehost
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!
@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone
could be eavesdropping on you right now (man-in-the-middle attack)! It is also
possible that the RSA host key has just been changed. The fingerprint for the RSA key
sent by the remote host is 90:9c:46:ab:03:1d:30:2c:5c:87:c5:c7:d9:13:5d:75.
Please contact your system administrator. Add correct host key in
/home/user/.ssh/known_hosts to get rid of this message. Offending key in
/home/user/.ssh/known_hosts:1
07/11/2012
www.eej.ulst.ac.uk/~ian/modules/COM342/COM342_L10B.ppt
L10B/28/40
Using SSH
• Another convenient feature of ssh is the ability to forward
arbitrary TCP ports over the secure connection. ssh supports
forwarding client local ports to a second remote system via the
secure connection to the remote server, as well as forwarding ports
from the remote server to a second local system.
• ssh [email protected] -C –L 25025:remote.mc.com:110
• Now if I telnet to localhost –p 25025 It is as if I had telneted direct
to port 110 on the remote machine, except it actually went over the
SSH port-port link, encrypted!
• Localhost is 127.0.0.1, and is always the local machine, this is an
IP number that never goes onto the cable but is “looped back”
through the TCP/IP stack
07/11/2012
www.eej.ulst.ac.uk/~ian/modules/COM342/COM342_L10B.ppt
L10B/29/40
RSA encryption (from “The Code Book” by Simon Singh
•
•
•
•
•
•
•
•
•
•
“[
Alice picks two giant prime numbers p and q e.g (p=17, q=11)
Multiply these to get N=187. Now pick another number e.g e=7
e and (p-1).(q-1) should be relatively prime
Publish e and N in a directory. These numbers are needed for encryption.
Together they are called the public-key N must be unique.
To encrypt: convert the message into a number, M and generate the ciphertext C
as C=Me(mod N).
E.g Bob wants to send Alice a “kiss” the letter X is 1011000=88
C=887(mod 187) (this is too big for calculators but it can be factored…the
answer is 11.
Alice can calculate a special number known as a decryption key d such that e.d
= 1( mod(p-1).(q-1)) hence d=23
To decrypt the message M=Cd(mod 187) = 1123 mod 187 = 88 in decimal
Of course working out 1123 is tricky, but it can be factored into parts
(111mod 187) . (112mod 187) . (114mod 187) . (1116mod 187) ] (mod 187 )”
07/11/2012
www.eej.ulst.ac.uk/~ian/modules/COM342/COM342_L10B.ppt
L10B/30/40
Proposed Solutions to Enhance Security
•
•
•
•
•
•
•
Virtual Private Network (VPN)
Secure LAN (SLAN)
Remote Authentication Dial In User Services (RADIUS)
ipsec
CIPe
802.1x
Proprietary WEP Implementations
07/11/2012
www.eej.ulst.ac.uk/~ian/modules/COM342/COM342_L10B.ppt
L10B/31/40
VPN
• Enables you to send data between two computers across
a shared or public network in a manner that emulates the
properties of a point-to-point private link
• Provides a scaleable authentication and encryption
solution
• Does require end user configuration and a strong
knowledge of VPN technology
• Users must re-authenticate if roaming between VPN
servers
07/11/2012
www.eej.ulst.ac.uk/~ian/modules/COM342/COM342_L10B.ppt
L10B/32/40
07/11/2012
www.eej.ulst.ac.uk/~ian/modules/COM342/COM342_L10B.ppt
L10B/33/40
Secure LAN (SLAN)
• A GPL open-source “VPN” System
• Provides server authentication, client authentication, data
privacy, and integrity using per session and per user
short life keys
• Simpler and more cost efficient than a VPN
• Support for Windows and Linux
• Website: http://slan.sourceforge.net/
07/11/2012
www.eej.ulst.ac.uk/~ian/modules/COM342/COM342_L10B.ppt
L10B/34/40
SLAN Architecture
07/11/2012
www.eej.ulst.ac.uk/~ian/modules/COM342/COM342_L10B.ppt
L10B/35/40
RADIUS
• Several 802.11 access points offer RADIUS
authentication
• Clients can gain access to the network by supplying a
username and password to a separate server
• This information is securely sent over the network
eliminating the possibility of passive snooping
07/11/2012
www.eej.ulst.ac.uk/~ian/modules/COM342/COM342_L10B.ppt
L10B/36/40
IPsec
• Provides encryption and authentication services at the IP level of the network
protocol stack
• Can be used to secure nearly any type of Internet traffic
• Legacy applications not implementing secure communications can be made
secure using IPsec
• Examples:
– Free S/WAN - http://www.freeswan.org/
IPsec - Disadvantages
•
•
•
•
IPsec authenticates machines, not users
IPsec does not stop Denial-of-Service attacks
IPsec is not true end-to-end security
IPsec cannot be secure if your system isn’t
07/11/2012
www.eej.ulst.ac.uk/~ian/modules/COM342/COM342_L10B.ppt
L10B/37/40
802.1x
• Provides enhanced security for users of 802.11b WLANs
• Provides port-level authentication for any wired or wireless Ethernet
client system
• 802.1x was originally designed as a standard for wired Ethernet, but is
applicable to WLANs
• It leverages many of the security features used with dial-up
networking (RADIUS)
• Also uses Extensible Authentication Protocol (EAP, RFC 2284)
• Built in support in Windows XP
07/11/2012
www.eej.ulst.ac.uk/~ian/modules/COM342/COM342_L10B.ppt
L10B/38/40
07/11/2012
www.eej.ulst.ac.uk/~ian/modules/COM342/COM342_L10B.ppt
L10B/39/40
Summary
You do not need to know very much about the preceding slides.
• War driving, what is it.
• Brief knowledge of common key (symmetric cryptography) and
private/public key encryption (asymmetric cryptography) Be able
to describe the difference between each.
• Public Key repositories; certificates.
• Authentication and encryption, describe what each is and why it is
needed
• SSH what is it (no need to know detailed protocol)
• Tunnelling,
07/11/2012
www.eej.ulst.ac.uk/~ian/modules/COM342/COM342_L10B.ppt
L10B/40/40