presentation

Download Report

Transcript presentation

NETWORK
SECURITY...
Authors
Hari Thiruvengada
Varun Lalchandani
Contents
•
•
•
•
•
•
•
•
•
•
Introduction.
Encryption and Protocols.
Kerberos.
Network Security Issues and Protocols.
Intrusion Detection
Web Security.
Digital Identification Techniques.
Cryptography and web Security.
Firewalls.
References.
Security and its breaches…
Security
• a system is secure if it is
– Security goals are achieved.
– Components behaves as expected on it.
Breaches
•
•
•
•
Interruption - System asset lost , unavailable or unusable.
Interception - Unauthorized party gains access to asset.
Modification - Tampering with the asset.
Fabrication - counterfeit objects on computing system.
Security Goals and Vulnerabilities
Security Goals
• Confidentiality - assets of a computing system
accessible only by authorized user.Read only type of
access like viewing, printing helps in privacy.
• Integrity - modification only by authorized parties.
Precise, accurate, consistent assets.
• Availability -
assets are accessible to authorized
parties.Timely response, fair allocation, fault tolerance,
usability, controlled concurrency. (Denial of service
attacks.)
The people involved…
• Amateurs - fresh players of the game ,
disgruntled over a -ve work situation.
• Crackers - breaking into unauthorized
territory without malicious intent.
• Hackers - breaking into unauthorized
territory with malicious intent.
• Career Criminals - people in the game
for money and have predefined targets.
Basic Encryption and Decryption
• Encryption - process of encoding a message so that its
meaning is not obvious.
• Decryption - process of decoding the encrypted message.
• Cryptography - Hidden writing, which conceals meaningful
text.
• Cryptanalyst - studies encryption and finds hidden messages.
• Cryptanalysis
– attempt to break a single message.
– Recognize patterns in encrypted messages to break into subproblems
by straightforward decryption algorithm.
– Find weakness in encryption algorithms.
Contd…
Encryption
Plain Text
Original Text
Cipher Text
Encryption
Encryption with Keys
Decryption
(Symmetric Cryptosystem)
Key
Plain Text
Original Text
Cipher Text
Encryption
Encryption with Keys
Encryption Key (Ke)
Plain Text
Decryption
(Asymmetric Cryptosystem)
Decryption Key (Kd)
Original Text
Cipher Text
Encryption
Decryption
Encryption
• Substitutions - one letter x-changed for other.
– Monoalphabetic Ciphers.
• Caesar Cipher
Example: Plaintext:ABCDEFGHIJKLMNOPQRSTUVWXYZ
Cipher :DEFGHIJKLMNOPQRSTUVWXYZABC
– Polyalphabetic Ciphers.
• Frequency distribution reflects the underlying letters.
Table for Odd Positions
ABCDEFGHIJKLMNOPQRSTUVWXYZ
ADGJMPSVYBEHKNQTWZCFILORUX
Table for Even Positions
ABCDEFGHIJKLMNOPQRSTUVWXYZ
N S X C H M R WB G LQ VAF K PU Z E J O TYD I
Contd…
Example:
F1(x) = (3 * x)mod 26.
F2(x) = ((5 * x) +13) mod 26.
Encryption for :
TREAT YIMPO SSIBL E
would be
FUMNF DYVTF CZYSH H
Contd…
• Transposition - letters of message rearranged.
– GOAL - Diffusion
Example:
C1
C2
C6
C7
C11
C12
C3
C8
C4
C9
C5
C10
C4
C9
C5
C10
etc.
The resulting cipher text will be
C1
C6
C11
C2
C7
C12
C3
C8
etc.
Encryption Protocols…
Arbitrated Protocol
B
Arbiter
A
A acted
fairly
Adjudicated Protocol
A
B
Adjudicator
You are
cheating
Self-Enforcing Protocol
A
B
Symmetric Key X-change W/out
Server
• Small no. of messages.
• Less risk of intrusion.
• Each user have a copy of symmetric secret
encryption key K.
• For greater security one can generate a fresh
key called KNEW.
• Send E(KNEW,K).
Symmetric Key X-change With
Server
DISTRIBUTION CENTER(DC)
1.Give me a key
2. E((KPR ,P), KR )
(P, R, Ip )
2.Here is the key and
E(Ip ,R,KPR,,E((KPR ,P), KR)), KP)
Renee
3. DC gave me key for Private
Communication
E((KPR ,P), KR )
Pablo
Asymmetric Key X-change
W/out Server
1. EP(DR (K))
Renee sends new key
2. S (n,K)
Pablo sends encrypted random number
Renee
3. S (n+1,K)
Renee returns successor of Random Number
Pablo
Asymmetric Key X-change With
Server
DISTRIBUTION CENTER(DC)
4. Please give me Pablo’s
public key (R ,P)
5. Here’s Pablo’s
Key (DD(EP ,P))
1.Give me a
Renee’s key (P,R)
2.Here is the Renee’s
Key (DD(ER,R))
3. I’ am Pablo, let’s Talk. ER(P, IP)
6. Renee here , What’s up ? EP(R, IR )
7. Reply with ER(M, IR)
Renee
Pablo
Authentication in Distributed
Systems
• Kerberos
Initiating a Kerberos Session
User
U
1. U’s Identity
2. Encrypted under
Password
Session key
SG
Ticket TG
Kerberos
Server
Ticket Granting
Server
2. Encrypted under
KS-TGS Key
Session
key SG
Contd..
Obtaining a ticket to access a file
1. Request to Access
File F
User
U
Ticket Granting
Server
Ticket to File Server
to access File F + SF
2.Encrypted under
TGS - F Key + SF
How Kerberos withstand Attacks?
• No passwords communicated on
Network.
• Cryptographic protection.
• Limited period of validity.
• Mutual authentication.
Why Kerberos is not the perfect
Answer?
• Kerberos requires the availability of continuous trusted
“Ticket Granting Server ”.
• Trusted relationship required between TGS and every
server.
•
Requires timely transactions.
• Subverted workstation can save and later replay user
passwords.
• Password guessing works.
• Does not scale well.
NETWORK SECURITY ISSUES
•
•
•
•
•
•
Sharing.
Complexity of system.
Unknown Perimeter.
Many points of attack.
Anonymity.
Unknown path.
Threats
•
•
•
•
•
•
•
Wiretapping.
Impersonation.
Message Confidentiality Violations.
Message Integrity Violations.
Hacking.
Code Integrity Violation.
Denial of Service.
Wire tapping
C
Microwave link
A
Inductance
Packet Sniffer
B
Network Security Protocols
• Link Encryption.
sender
Receiver
Intermediate Router
Protocol
Layers
Message encrypted
Message in plain text.
Contd...
• End to End Encryption.
sender
Receiver
Intermediate Router
Protocol
Layers
Message encrypted
Message in plain text.
Comparisons
Link Encryption
End to End Encryption
1.Message X-posed in sending
host / intermediate routers.
2.Applied by sending host.
3.Invisible to user process.
4.Host maintains encryption.
5.can be done in H/w.
6.All / No message encrypted.
7.One key per host pair.
1.Message encrypted in sending
host / intermediate routers.
2.Applied by sending process.
3.User selects algorithm.
4.User selects encryption.
5.S/w implementation.
6.User chooses to Encrypt / Not.
7.One key per user pair.
Intrusion Detection
• Intrusion - set of actions attempts to compromise
integrity,confidentiality or availability of resources.
• IDS based on Data source
-host based : audit data from single host.
-multi host based : audit data from multiple host.
-network based : network traffic data along with audit
data from one or many host.
• IDS based on Model of Intrusion.
-Misuse detection system: look for the exploitations of
known weak points.
-Anomaly Detection System: detect changes in the
pattern of utilization or behavior of system.
Desirable Characteristic of ID
•
•
•
•
•
Must run continually.
Must be fault tolerant.
Must resist subversion.
Must impose minimal overhead.
Must be able to adapt changes in the behavior of
user and system.
• Must be scalable.
• Must provide graceful degradation.
• Must allow dynamic reconfiguration.
Limitations of Existing ID
• Central Analyzer is single point of
failure.
• Scalability is limited.
• Difficult to add capability or
reconfigure.
• Analysis of Network data can be
flawed.
Intrusion Types
•
•
•
•
•
•
Attempted Break-in.
Masquerade attack.
Penetration of security control system.
Leakage.
Denial of service.
Malicious use.
ARCHITECTURE TO GENERATE THE STD.
FORMAT
LOG GENERATOR
LOG FILTER
LOG FILTER
ANALYIS ENGINE
LOG PROCESSOR
LOG GENERATOR
STANDARD AUDIT TRAIL FORMAT
• Must satisfy two basic properties:
Extensibility: Neither the names nor the number of fields of
the log record are fixed.
Portability : The log can be processed on any system.
• SUMMARY OF THE STD. LOG FORMAT
#S#
start log record.
#Fc# change field separator to c.
#E#
#N#
#
end log record.
next log record.
default field sep.
#Cc# change nonprinting delimiter to c.
#I#
ignore next field.
\
default nonprinting delimiter.
The standard log contains fields.
Each field is associated with an attribute.
SunOS MLS Logs
• A simplified example of a SunOS MLS log record is given
as:
header, 120, AUE_UNLINK, Wed Sep 18 11:35:28 1999,
process, bishop, root, root, daemon, 1234,
label, confidential, nuclear, crypto
pathname, /, / usr / holly,…/ matt / tmp / junkfile
return, Error 0, 5
trailer, 120
+57000ms
• Put into the standard log format , this looks like:
#S#event=AUE_UNLINK#date=09181999@113528#usedtime=57000#I#
#logid=bishop#ruid=root#euid=root#rgid=daeon#procid=1234#I#
#seclevel=confidential#class=nuclear#class=crypto#I#
#rootdr=/#cwd=/usr/holly#pathname=../matt/tmp/junkfile#I#
#errno=0#retval=5#E#
Typical Anomaly Detection
System
Update profile
statistically
Audit Data
Attack
State
System Profile
deviant
Generates new profile
Anomaly ID
(Statistical Approach)
• Let S1, S2, S3 … Sn, represent abnormality values of
profile measures M1, M2, M3 … Mn respectively.
• Higher value of Si indicates greater abnormality.
• A combining function of individual S values will be,
a1S12
+ a2S22 + a3S32 + … + anSn2 ,
a i > 0.
Pros and Cons of Anomaly ID.
• Statistical techniques have applicability here.
• Statistical patterns could be used to capture patterns unique
to the user.
Types of Measure.
• Activity Intensity Measure
– measures the rate at which activity is progressing. E.g. no. of audit
records processed per minute.
• Audit record distribution measure
– measures the all activity types in recent audit records.E.g. I/O
activities.
• Categorical Measure
– measures the distribution of particular activity over categories. E.g.
relative frequency of logins,relative usage of compiler, shells,editor
etc.
• Ordinal Measure
– measure activity whose output is in numeric value. E.g. CPU
Typical Misuse Detection System
Modify existing rule
Audit Data
Rule
System Profile match
Add new rule
Timing Info
Attack
state
Misuse ID
• Detection of intrusions by precisely defining them well
ahead of time and watching for their occurrence.
• Intrusion signatures are sequence of events and conditions
that lead to a break-in.
• Abstract high quality patterns from attack scenarios.
• Should be simple enough to keep the matching tractable
and should be compared.
• If pattern matches then issue an alarm warning.
Pros and Cons of Misuse ID
• Looks only for known vulnerabilities, comparison is finite.
• Little use to detect little known future intrusion patterns.
Continues…
Model based Intrusion Detection
A Pattern Matching approach
• Consider an initial set of 100 measures as potentially relevant
to predicting intrusions.
• Resultant is a set of 2100 possible measures.
• Appropriate set of measures depend on the types of measures
being detected, so highly intractable to search this large space
X - haustively.
• A Learning Classifier Scheme generates initial set of
measures.
• Refined using “Rule Evaluation” techniques like mutation
and crossover.
• Highly predictable sets of intrusions are combined and then
searched, while lower predictable ones are weeded out.
… Continued
• Combined Belief in I is
P ( I | A1, A2... An) = P (A1, A2... An | I ) x P ( I )
P(A1, A2... An )
• Each Ai depends only on I and is independent of the other
measures of Ai , j = i, then
n
P (A1, A2... An | I ) =
i=1P(Ai | I )
P (A1, A2... An | ~I ) =
n
P(Ai | ~I ) , and then
i=1
P ( I | A1, A2... An)
P( I ) x
P ( ~I | A1, A2... An)
P(~ I ) x
n
P(Ai | I )
i=1
n P(A |~ I )
i
i=1
Inference
• Determine odds of an intrusion given,
– Values of various anomaly measure from the prior
odds of intrusion,
likelihood of each measure being anomalous
is presence of INTRUSION !!
A Trivial Bayesian Belief Network modeling
Network Intrusion activity
INTRUSION
Too many
users
Too many
CPU Intensive
jobs
Too many
Disk Intensive
jobs
Trashing
DISK I/O
CPU
Fragmentation
Newly available
program on
the net
Net I/O
Conditional Probability
• If we wish to detect
P( Intrusion | Event Pattern)
By Baye’s Law,
P( Intrusion | Event Pattern) = P(Event Pattern | Intrusion )
x P(Intrusion)
P(Event Pattern)
P(Event Sequence) = (P( ES | I )
where,
ES - Event Sequence,
I - Intrusion.
P( ES | ~I)) x P( I ) + P( ES | ~I)
Web Security...
• IN A NUTSHELL
– A set of procedures, practices, and technology to protect web
severs,web users and the surrounding Organizations.
– Internet is a two way network.
– Used by everybody.
– Potential security flaws exist.
– If subverted can be used by bad guys for malicious operations.
– Unsophisticated users are the major population.
– More expensive and time-consuming.
Why worry about web security ?
• Publicity - successful attack is a public event.
• Commerce - Money is involved as transactions.
• Proprietary Info - used to distributed information to
internal members and external partners.
• Network Access - used by people both inside and
outside an organization.
• Others - like server X-tensibility, Browser X-tensibility,
disruption of service, complicated support, etc.,
The Web Security Problem...
• Securing information in transit.
– Digital Identification Techniques
– Cryptography and Web security
• Securing the Web Server.
– Host and site security. (Firewalls)
Digital Identification Techniques
• Digital Signatures,
– a protocol that produces the same effect as real
signature.
– Only the sender can mark it.
– Easily identifiable by others as one from the sender.
– Used to confirm agreement to a message.
– Similar to biometrics such as image of a person’s face ,
fingerprints, Hand shape and size, DNA patterns, Voice
prints, pattern of blood vessels in Retina, etc.
Contd..
Digital Signatures must be
– Authentic : Person B receives the pair [M, S(A,M)]
from A, B can check if it came from A, and also this is
firmly attached to M.
– Unforgeable: Person A signs message M with sign
S(A, M) , it is impossible for others to produce a pair
S[M, S(A,M)].
Impostor A
A
Authentication
Protects B
Digital Signature
C
B
Unforgeable
Protects A
Symmetric Key Digital Signatures
with Arbiter
– Private key encryption system guarantees
authenticity of message as well as its secrecy.
1. S sends sealed M to Arbiter
Arbiter
Arbiter retrieves
M
Plain text M from S
Ks M
Sender
Ks M
S M
Symmetric Key Digital
Signature with Arbiter
KR
Recipient
3. Arbiter seals [S’s sealed M, identity of S,
and copy of plain text M and sends all to R]
Asymmetric Key Digital Signature
E(D(M, KS), KR)
D:KS
M
S
Decrypts M
For authenticity,
D:KS
unforgeability
R
Saves a copy to
answer future
disputes.
M
Certification Authorities(CA’s)
– An organization that issues public key
certificates(Digital Signature).
– Certificates are synonymous to cryptographically
signed index cards.
– Signed by certification authority’s own private
keys, contains name of the person, person’s
public key, a serial number, and other info.,
– Example: verisign corp.
Types of CA
• Internal CA
– can operate to certify its own employees
– used to control access to internal resources
• Outsourced Employee and Customer CA
– leases trusted outsiders to certify employees and
potential customers respectively.
• Trusted Third Party CA
– no prior relationship can establish and engage in
legal transactions and business.
Different kinds of certificates
• Certification authorities Certificates
– contain public key of CAs and name of service
– this can in turn be signed by other certification
authorities.
• Server Certificates
– contain public key of SSL server,
– name of the organization running the server, Internet
hostname, server’s public key.
Contd...
• Personal Certificates
– contains individual’s name and public key.
– other information is also allowed.
• Software Publisher Certificates
– certificates used to sign the distributed software.
Cryptography and Web Security
• Functions,
– Confidentiality,
• Encryption is used to scramble the message.
– Authentication,
• Digital Signatures are used for verification.
– Integrity,
• methods used to verify whether the message has
been modified on transit.
• Digital Signed message codes are used.
– Nonrepudiation
• author of a message can’t deny sending a message.
What cryptography can’t do ?
•
•
•
•
Protect unencrypted documents.
Protect against stolen encryption keys.
Against denial-of-service attacks.
Against the record of a note that a message
was sent.
• Against a traitor or a mistake.
Working Encryption Systems
• Programs
– PGP(Pretty Good Privacy).
– S/MIME.
• Protocols
–
–
–
–
SSL(Secure Socket Layer).
PCT(Private Communications Technology).
S-HTTP(Secure HTTP).
Cybercash.
Contd…
– SET(used in web shopping).
• “Electronic Wallet” with User.
• Server that runs on Merchant’s web site.
• SET payment server runs in merchant’s bank.
– DNSSEC(Domain Name System Security).
– IPSec and IPv6.
• IPsec works with IPv4 and standard version used
today works for IPv6 and includes IPsec.
– Kerberos.
Network Layer Security Protocol
(IPsec)
• IP Security protocol - a suite of protocols that provides security at the
network layer.
• Network layer must provide
– Secrecy - hide message from any third party that is "wire tapping" the
network.
– Source authentication -IP datagram with a particular IP source address,
it might authenticate the source.
• there are two principal protocols:
– the Authentication Header (AH) protocol.
provides source authentication and data integrity but not secrecy.
– the Encapsulation Security Payload (ESP) protocol.
provides data integrity and secrecy.
Security Agreement (SA) - the source and network hosts handshake and create
a network layer logical connection
Authentication Header Protocol
(AH)
• SA is set up
• source can send secured datagrams, that include the AH header.
• Value of 51 in IP header means a AH Header has been included.
• AH Headers have the following fields,
– Next Header field, same as the protocol field for an ordinary datagram.
– Security Parameter Index (SPI) field, an arbitrary 32-bit value that, in
combination with the destination IP address and the security protocol,
uniquely identifies the SA for the datagram.
– Sequence Number field, a 32-bit field containing a sequence number
– Authentication Data field, a variable-length field containing signed message
digest (i.e., a digital signature) for this packet.
Encapsulation Security Payload
Protocol (ESP)
• SA is set up.
• source can send secured datagrams, that include the AH header.
• a secured datagram is created by surrounding the original IP datagram data with
header and trailer fields,
• value 50 is used to indicate that the datagram includes an ESP header and trailer.
• ESP header consists of a 32-bit field for the SPI and 32-bit field for the sequence
number, which have exactly the same role as in the AH protocol.
• trailer includes the Next Header field.
What is SSL ?
• Exists between raw TCP/IP and Application Layer.
• Features added to streams by SSL
–
–
–
–
Authentication and Nonrepudiation of Server, using Digital Signatures.
Authentication and Nonrepudiation of Client, using Digital Signatures.
Data confidentiality through Encryption.
Data Integrity through the use of message authentication codes.
• Functions
–
–
–
–
Separation of duties.
Efficiency.
Certification - based authentication
Protocol Agnostic.
• Transport Layer Security is being tried out.
Secure Web Server
• Implements cryptographic protocols.
• Safeguard any personal info received or collected.
• Resistant to a determined attack over the I-net.
SECURE WEB SERVER
Bad Guys
ATTACK
ATTACK
Bad Guys
ATTACK
Bad Guys
SERVER ACTIVE
AND PROVIDES
SERVICES TO
AUTHORIZED
PERSONEL
Web server Security
• Host Security
– Security of the computer on which web server is running.
• Problems are due to
– Security not viewed as a fundamental part of system setup and
design.
– Transmitting plain text and reusable password over networks.
– Failure to obtain software to monitor bugs.
– Failure to use security tools.
– Lack of adequate Logging.
– Lack of adequate backup procedures.
– Lack of adequate System and network monitoring.
– Failure to track security developments and take preventive action.
Firewalls
• Process that filters all traffic between a protected or
“inside ” network and a less trustworthy or an “outside”
network.
•
•
•
•
Special form reference monitor.
That which is not expressly forbidden is permitted.
That which is expressly forbidden is not permitted.
Challenge of protecting a network with a firewall is
determining the security policy that meets the need
of the installation.
Types of Firewalls
• Screening Router.
Address
144.27.5.3
Allow in only A.
Allow out only B , C.
C
A
Address
100.24.4.0
Address
192.19.33.0
B
Contd …
• Route Screening outside Addresses
100.50.25.3
100.50.25.x
100.50.25.1
100.50.25.2
Subnet 100.50.25.x
Screening
Router
Contd …
• Proxy Gateway
– Two headed piece of software.
– runs pseudo applications.
Logging
WWW Access
Address
Local Area Network
Remote Access
Remote File
Fetches
Contd …
• Guard
– sophisticated proxy firewall.
– Receives PDU’s interprets them passes the through same or
different PDU’s.
Proxy
Firewall
Address
Screening
Router
Comparisons of Firewall types
Screening Router
Proxy Gateway
Guard
1.Simplest.
2.Sees only address and
service protocol type.
3.Auditing difficult.
4.Screens based on
connection rules.
5.Complex addressing
rules can make
configuration tricky.
1.Somewhat complex.
2.Sees full text of
communication.
3.Can audit activity.
4.Screens based on
behavior of proxies.
5.Simple proxies can
substitute for complex
addressing rules
1.Most Complex.
2.Sees full text of
communication.
3.Can audit activity.
4.Screens based on
interpretation of
message content.
5.Complex guard
functionality can
limit assurance.
Encrypting Gateway
(Virtual Private Network)
• Internal encryption between offices for
further protection.
144.27.5.3
Cryptographic
Server
100.24.4.5
Address
Proxy
Gateway
100.24.4.0
192.19.33.0
Conclusions
• Risks are involved in Computing.
• Various techniques Encryption, Digital
Signatures, Firewalls, etc can be used to
provide security.
• Web security is not a “Win” or “Loose”
there is just a degree to which it can be
realized.
• No Solution is a complete solution !!!
References
•
•
•
•
Papers
– “Model based Intrusion Detection” - Dorothy E Denning.
– “Goal Oriented Auditing and Editing” - M.. Bishop.
– “An Introduction to Intrusion Detection” - Aurobindo Sundaram.
– “An application of Pattern Matching in Intrusion detection” - Sandeep Kumar and Eugene H
Spafford.
White Papers
– “CERT Advisory CA-2000-02 Malicious Tags Embedded in Client Web Requests.”
Books
– “Security in Computing” - Charles P. Pfleeger.
– “web Security and Commerce” - Simson Garfinkel and Gene Spafford.
Websites
– http://www.crypto.com/papers/
– http://www.awl.com/cseng/titles/0-201-63489-9/url_list.html
– http://www.datafellows.com/products/white-papers/
– http://www.cerias.purdue.edu/coast/coast-library.html
– http://www-net.cs.umass.edu/kurose/security/IPsec.htm
– http://www.ietf.org/html.charters/tls-charter.html
– http://www.counterpane.com
Questions and Comments ???