Transcript EECS 700: Network Security

ITIS 6167/8167: Network and
Information Security
Weichao Wang
Security overview
• Before the class starts, are you really surprised to learn
that the government is monitoring our communication?
• Risks
– Computers have controlled our lives
• Medical, ATM, banking, business
• Air traffic control
– Why there are risks
• Adversaries
– Smart and dedicated
– Many of them, Hiding in the dark
– From fun to profit (worm self-changing  botnet)
2
Examples in real life
• Attack on Twitter
– Hack into the victim’s email account
– DDoS to paralyze Twitter, facebook, etc
• Data mining attacks on public database
– In Tenn, a newspaper generates a database
about all residents that have CCW permits.
– In CA, there is a webpage listing all people
that donate to Proposition 8 ballot measure
– Myedu.com
3
Security overview
• Physical security is not enough (can you
be sure that your physical security
methods are sound and enough? Slot
machine, ATM, network card)
• Networked computers can be accessed
remotely
4
Security overview
• Defending methods
– Prevention
•
•
•
•
Prevent (password, salt, private salt, searching)
Deter: raising the bar (password guessing, login slow)
Deflect: making other target more attractive
Diversify (memory randomness)
– Detection
• Monitoring (who, what, and how)
• Intrusion detection (signature based, anomaly based)
• IP telephony track
5
Security Overview
• Recovery
– Recover data (check point)
– Identify the damage
– Forensics
– Containment
• Tolerance
– Maintain a decent service quality
– Automatically degrade video quality while
reserving bandwidth for voice
6
Security overview
• How prevention works
– Policies
– Encryption
• Digital cash, time-stamp, secure multiparty
computation, e-voting, e-bidding
– Access control and authorization
• Hardware control (interaction free authentication)
• Software control (RFID credit card)
• Information disclosure (write prevention)
7
Security overview
• What can go wrong with prevention
– Design, implement, configuration
– Mal-code transfer (enterprise level security)
– Attackers are smart and dedicated
– Uncle Tom wants it to be safe against
terrorists, but not to him
8
Security overview
• Some additional methods to improve
security
– Least privilege
– Writing good code
– Security testing
– Embed security from beginning instead of as
a patch
9
10
Network security overview
• The features causing security problems
– Sharing: access control for a single system is
not enough
– Complexity of systems
– Undefined boundary: one host may be on
multiple networks
– Multiple-node path before data reaches you:
anonymity of attacker and hard to traceback:
the South Bell example
11
• A typical NFS operation and its security
features:
– A read from B: confidentiality
– A write to B: Integrity and confidentiality
– Forge communication from A to B: integrity
– Block traffic b/w A and B: availability
– Impersonation
12
• Security problems in network protocols:
– ARP: cache poisoning
– IP: spoofing, fragmentation
– ICMP:
– UDP:
– TCP: session hijacking, SYN flood, DoS
– DNS systems
– Buffer overflow
13
• Security methods
–
–
–
–
–
–
–
–
–
Hiding: OS configuration, port,
Encryption: IPSec
Port protection: telnet, ftp, etc
Authentication
Data integrity: digital signature, checksum
Firewall: block unwanted traffic
IDS
Forensics
Proof of possession
14
15
Review of networks
• Network consists of
– Hosts
– Network devices
– Links
– Software
• The view of Internet
– Users’ view
– Real topology
16
• How routers work
– Look at the destination address of the packet
– Look up in the local routing table
– Determine the exit interface
– The next router will do the same
– Default router
– Route based on sub-network instead of IP
address
17
• IP address classes
– Class A to C
– Class A can have: 16.78 million addresses
– Class B can have: 65536 addresses
– Class C can have: 256 address
– A decent cooperation needs one to many
class B addresses (Purdue’s joke)
18
• Special address:
– 255.255.255.255: local broadcast
– 0.0.0.0: this host
– 127.-.-.-: loopback
– CIDR: classless inter-domain routing
• What about IPv6
– About 1% of internet traffic now
– With multicast design in mind
– Simplified processing at routers
19
20
Review of Cryptography
• Two kinds of cryptographic algorithms
– Keep the method secret
• Good: safe for low security requirement
• Bad: update, proof of correctness, how to
communicate with outsider
– Make the algorithm public but keep the key
secret
• Safety depends on the key only
• Good: safety analysis can be conducted
21
Introduction (cnt’d)
• Symmetric algorithms
– The encryption and decryption key can be
calculated from each other easily (most of the
time the same).
– Block algorithms and stream algorithms
• Cipher text is same or longer in length: Why??
– Good: efficient and fast, easy to deploy
– Bad: key distribution, scalability, broadcast or
multicast
22
Introduction (cnt’d)
• Public-key encryption
–
–
–
–
First appear in 1970’s
Two keys: public key and private key
Private key cannot be derived from public key
Everyone can send a packet to Alice
EPub A (message)
– Only Alice has the private key to recover the packet
– If Alice uses the private key to encrypt a message,
can be viewed as digital signature
– Strong, scalable, easy for broadcast and multicast,
but very slow
23
Introduction (cnt’d)
• Attack to encryption system
– Cipher-text only attack
• The amount of traffic matters
– Known plaintext attack
– Chosen plaintext attack
• Key point
– Keep the cost to break the system higher than
the gain of the information
24
Introduction (cnt’d)
• Can you always break an encryption
system?
– One time pad
– Brute-force attack: Try every possible key
• New progress in crypto
25
Introduction (cnt’d)
• Several old fashion encryption algorithms
– Substitution ciphers
• Replace a character in the plaintext with another character
• Example: Caesar cipher
– Transposition ciphers
• Shuffle the order of characters
• The frequency of characters does not change
– XOR and one-time pad:
• If the random bits repeat in cycle, it is bad
• Synchronization at both side is always a problem
26
27
One way functions
• One way function is easy to calculate in
one direction, but not the other.
– Given x, easy to get f(x)
– Given f(x), even f() is known, still not easy to
get a x
• Trap door one way function
– Given x, easy to calculate f(x)
– Given f(x), difficult to get x
– Given f(x) and a secret y, easy to get x
28
One way hash function
• Map a variable-length input string to a fixed
length string: fingerprint the file
– Easy to get Hash(x) when giving x
– Almost impossible to find a x that satisfies Hash(x)
– Almost impossible to find two files x and x’ to have the
same hash value
– Minor change in x, large changes in Hash(x)
• Since the hash value is shorter, we have conflict:
– We can easily rule out files, but not guarantee this is
the origin file
– Still good enough in courts, like DNA tests
29
One way hash function
• Usage of hash function
– Timestamp a file and prove that you are the
creator (can be used to timestamp the
homework)
– Verify the integrity of the files in a file system
• Security problems: how and where to save the
hash values
• Hash(x, k) to prevent change on the computer
30