Security 2 - Eastern Illinois University

Download Report

Transcript Security 2 - Eastern Illinois University

School of Business
Eastern Illinois University
Security (Part 2)
(Week 13, Thursday 4/5/2007)
© Abdou Illia, Spring 2007
Learning Objectives

Discuss security goals

Discuss defense systems against
–
–
–
Intercepting confidential messages
DoS attacks
Malware attacks
2
Security Goals
 If eavesdropping and message alteration attacks
succeed, in which of the following ways the
victims could be affected?
a)
b)
c)
d)
Data files stored on hard drives might be deleted
Data files stored on hard drives might be altered
Data being transmitted could be altered
Data being transmitted could be intercepted and used
by the attacker
e) Users might not be able to get network services for a
certain period of time
f) The network might slow down
Confidentiality = Main goal of implementing defense
systems against eavesdropping and message alteration.
3
Security Goals
 If a malware attack succeeds, in which of the
following ways the victims could be affected?
a)
b)
c)
d)
Data files stored on hard drives might be deleted
Data files stored on hard drives might be altered
Data being transmitted could be altered
Data being transmitted could be intercepted and used
by the attacker
e) Users might not be able to get network services for a
certain period of time
f) The network might slow down
Integrity = Main goal of implementing defense systems
against malware attacks.
4
Security Goals
 If a DoS attack succeeds, in which of the
following ways the victims could be affected?
a)
b)
c)
d)
Data files stored on hard drive might be deleted
Data files stored on hard drives might be altered
Data being transmitted could be altered
Data being transmitted could be intercepted and used
by the attacker
e) Users might not be able to get network services for a
certain period of time
f) The network might slow down
Availability = Main goal of implementing defense
systems against DoS attacks.
5
Security Goals
 CIA is
6
the key word in implementing
security
– Confidentiality of communications
– Integrity of data
– Availability of network services and
resources
7
Encryption-Decryption techniques

Cryptography is the study of creating and using
encryption and decryption techniques.
Plaintext is the data before
any encryption has been
performed
Ciphertext is the data
after encryption has
been performed
The key is the unique piece of
information that is used to create
ciphertext and decrypt the
ciphertext back into plaintext
8
Encryption-Decryption techniques

Key = COMPUTER SCIENCE

Plaintext = this is the account number you have requested

Algorithm based on Vigenere matrix
9
Encryption-Decryption techniques
COMPUTERSCIENCECOMPUTERSCIENCECOMPUTERSCIENCE
Thisistheaccountnumberyouhaverequested
1)
Look at the first letter in the plaintext (T)
2)
Look at the corresponding key character immediately above it (C)
3)
C tells us to use row C of Vigenere matrix to perform alphabetic substitution for plaintext character T
4)
Go to column T in row C and find the cipher character V
5)
Repeat Steps 1 through 4 for every character of the plaintext.
10
Encryption and Decryption techniques

Encryption algorithm cannot be kept secret

Key must be kept secret
Plaintext
Encryption
Ciphertext
Original
Message
Algorithm
Key
Transmitted
Decryption
Plaintext
Algorithm
Key
Original
Message
Encryption: Key Length

Key can be “guessed” by exhaustive search
–
–

11
Try all possible keys
See which one decrypts the message
Long keys make exhaustive search difficult
–
If length is n bits, 2n tries may be needed
–
If key length is 8 bits, only 256 tries maximum
–
Usually, Key Length ≥ 56 bits
Assume a key is 56 bits. If it takes 0.00024 seconds to try each key, how
long will it take to try all possible keys? What if 10000 computers are
working together to try all key combinations?
Encryption-Decryption methods

Symmetric key encryption method
–
–

Use a single key for Encryption-Decryption
Examples: Data Encryption Standard (DES), 3DES
Public/Private key encryption method
–
–
Use different keys for Encryption-Decryption
Examples: RSA, Elliptical curve cryptosystem
12
13
Symmetric Encryption-Decryption

Symmetric key must be distributed secretly between partners

When Partner A sends to Partner B


Partner A encrypts with the key, partner B decrypts with the key
When Partner B send to Partner A

Plaintext
Transfer
$5,000
Partner B encrypts with the key, partner A decrypts with the key
Encryption
Ciphertext
1010010101
Decryption
Plaintext
Transfer
$5,000
14
Symmetric Encryption-Decryption

Advantages:



Simple enough for fast Encryption-Decryption
Fast enough for long messages
Disadvantages:


Plaintext
Transfer
$5,000
Need a different Symmetric key for each partner (or other
partners could read messages)
If N partners, need N*(N-1)/2 keys.
Encryption
Ciphertext
1010010101
Decryption
Plaintext
Transfer
$5,000
Public/Private key EncryptionDecryption
15

Each partner has a private key (kept secret) and a public key
(shared with everybody)

Sending



Partner A encrypts with the public key of Partner B
Partner B encrypts with the public key of Partner A
Receiving

Each receiver decrypt with its own private key
Encrypt with
Party B’s Public Key
Partner A
Decrypt with
Party B’s Private Key
Partner B
Public/Private key EncryptionDecryption

Advantages:



16
Once the message is encrypted, nobody can decrypted it except the
receiver
Simplicity of key exchange: No need to exchange public key securely
Disadvantages:


Complex: Requires many computer processing cycles to do Public
Encryption-Decryption
Can only be used to encrypt small messages
Encrypt with
Party B’s Public Key
Partner A
Decrypt with
Party B’s Private Key
Partner B
17
Summary Questions
3)
Jason sends a message to Kristin using public key encryption.
(a) What key will Jason use to encrypt the message? (b) What
key will Kristin use to decrypt the message? (c) What key will
Kristin use to encrypt the reply? (d) What key will Jason use
to decrypt the reply? (e) Can the message and reply be long
messages? Explain.
(a)
(b)
(c)
(d)
(e)
4)
Does public key encryption have a problem with secure key
exchange for the public key? Explain.
What is common to malware attacks?

Malware or content attack messages
–
Include illicit content in the data filed of the message
IP-H
TCP-H
Application Layer Message
IP-H
UDP-H
Application Layer Message
Defense systems for protecting against
malware attacks are designed to filter
Application layer messages. Are Anti-Virus
Programs or Application Firewalls.
18
What is common to DoS messages?

19
Most DoS messages
–
Include Heading fields that might hide false identity
IP-H
TCP-H
Application Layer Message
IP-H
UDP-H
Application Layer Message
Defense systems for protecting against DoS attacks are
designed to check message headers. Could be
Firewalls or Intrusion Detection Systems
Firewall?

A security system that implement an access control
policy between two networks
–

Usually between the corporate network and an external network.
A firewall limits

The types of messages that enters a network

The types of messages that leaves the network
20
Kinds of Firewall

All firewalls
–
–

Examine parts (fields) of incoming messages
Permit or deny access based on a list of rules
Based on the way they operate, there are
–
–
Packet Filter firewalls
Application (proxy) firewalls
21
22
Packet Filter Firewall
Corporate Network
The Internet
Permit
Packet
Filter
Firewall
Deny
IP-H
TCP-H Application Message
IP-H
UDP-H Application Message
IP-H
ICMP Message
Arriving Packets
Examines content of IP header, TCP
header, UDP header, and content of
ICMP supervisory messages
Packet Filter Firewall: Common rules

IP headers include IP addresses
–

23
A company could decide to block messages with specific IP
addresses. So, the firewall could be configured to do so.
TCP headers include port numbers that indicate which
application service is desired
–
–
A company could decide to block any outsider from trying to telnet
into the company. So, it could configure its firewall to stop all
incoming message requesting port 23
A company could decide to stop outgoing messages requesting
Usenet (port 119)
Example of rule for denying access
IF Interface = External
And Destination port = 23
And Destination IP address <> 172.16.x.x
THEN DENY
Typical TCP port numbers
Telnet (remote login): port 23
Usenet (newsgroup service): port 119
E-Mail (SMTP): port 25
Web browsing: port 80
Application (Proxy) Firewall

Application firewalls, also known as Proxy firewalls
–

24
Examine Application layer messages to check for illicit
content
Application firewalls and Packet filter firewalls are
complementary
–
In terms of what part of a message they examine.
IP-H
TCP-H
Application layer message
IP-H
UDP-H
Application layer message
Application (Proxy) Firewalls
25
Acts like a server program to a client program, and like a client program to
a server program
2. Examined
HTTP Request
1. HTTP Request
Browser
4. Examined
HTTP Response
FTP
Proxy
Client PC
3. HTTP
Response
HTTP
Proxy
Webserver
Application
SMTP
(E-Mail)
Proxy
Webserver
Application Firewall
Application (Proxy) Firewalls
26

Intercept messages from clients to a server and intercept
messages from a server to its clients

Read Application layer messages to scan for illicit content

IF illicit content detected, the message is discarded

Multiple types of application proxy programs because
–
Different application programs have different characteristics to
examine.
Intrusion Detection Systems

Software or hardware device that
–
–
Capture network activity data in log files
Generate alarms in case of suspicious activities
27
28
Summary Questions
1.
What are the three main security goals
Answer: See slide #6
2.
What parts of incoming messages do packet filter
firewalls examine? Answer:
See slide #22
3.
a) What parts of incoming messages do application
firewalls examine? b) What do they look for?
Answer: a) Application layer messages.
b) They look for illicit content.
4. What is an IDS? What it is used for?