An introduction - comp

Download Report

Transcript An introduction - comp

Introduction
Rocky K. C. Chang
16 January 2007
The Internet is inherently insecure.






Internet backbone infrastructure: DoS, worm
Routing protocols (BGP): route hijacking
DNS: poisoning, DoS
Core Internet protocols (e.g., IP, TCP/UDP, HTTP):
eavesdropping, modification, authentication
LAN security: eavesdropping, modification,
authentication
Host security (e.g., Web servers, database): DoS,
authentication, phishing, malicious software
implant, identity and data theft, data exfiltration,
etc.
2
Rocky K. C. Chang
Internet security is inherently complex.


A packet goes through many hops and links.
Involve from the physical layer and up.





Complexity in software and protocols







Physical layer security
Network security
System security
Application security
Software ages
Some protocol fields are never tested.
The weakest link
The human factor
The success of Internet makes things worse.
Security verses privacy (anonymity)
How to measure security?
3
Rocky K. C. Chang
Internet security is more than cryptography.
Cryptography is not the solution to many
security problems, e.g., software exploit,
DoS.
 The vulnerability could come from the
implementations of the cryptographic
algorithms.
 Cryptography affects performance.
 Ease of use

4
Rocky K. C. Chang
Security involves


Threats: potential violation of security
Policies





Security policies: trust and access control
Confidentiality policies: The Bell-LaPadula model
Integrity policies: Clark-Wilson integrity model
Hybrid policies: Chinese Wall models
Design and implementation



Identity representation, access control lists, information
flow, etc
Encryption and key management
Authentication (human, user account, machine, service)
5
Rocky K. C. Chang
Security involves

How to ascertain how well a system meets
its security goals?


Assurance, system evaluation (TCSEC)
Miscellaneous, e.g.,






Viruses, worms, software security
Auditing
Intrusion detection
System security
Network security
User security
6
Rocky K. C. Chang
This course is not about
Cryptography, the art of secret writing,
 Writing computer viruses and worms,
 Special techniques of attacking and defending,
 The lower layer security measures,
 System security,
 Biometrics,
 Application-specific security
…

7
Rocky K. C. Chang
This course is about
Understand the 3 fundamental cryptographic
functions used in network security.
 Understand the issues involved when applying
the cryptographic functions to the network
protocols.
 Understand the main elements in securing
today’s Internet infrastructure.
 Exposed to some current Internet security
problems.

8
Rocky K. C. Chang
Purposes of network security





Confidentiality (or secrecy): Prevent others from reading
information shared between two participants.
Authentication: Verify someone’s or something’s identity.
Message integrity: Assure that the message received
has not be altered since it was generated by a legitimate
source.
Nonrepudiation: A sender should not be able to falsely
deny later that he sent a message.
Legitimate (and authorized) usage: Ensure that the
network and system resources are properly utilized.
9
Rocky K. C. Chang
Possible threats

Obtaining information for …


Modifying information for …


Legitimate usage, message integrity
Contracted for …


Legitimate usage, message integrity
Testing for …


Secrecy, legitimate usage, message integrity
Revenge for …


Nonrepudiation
Backmail for …


Secrecy, authentication, legitimate usage
Lying electronically for …


Authentication, message integrity
Stealing information for …


Secrecy, authentication
Secrecy, authentication, legitimate usage, message integrity
Fun for …

Secrecy, authentication, legitimate usage, message integrity
10
Rocky K. C. Chang
The goals of security

Prevention:



Detection:



Message authentication, nonrepudiation, and legitimate
usage
Active and passive countermeasures
Recovery:



Confidentiality, source authentication, nonrepudiation, and
legitimate usage
Active countermeasures
Legitimate usage
Rely on the detection.
Traceback:

Locate the actual attack source(s).
11
Rocky K. C. Chang
Scope of considerations

Two cases



The secrecy, message integrity, authentication, and
nonrepudiation services are provided by some
cryptographic functions.
Denial-of-service, worms, viruses, etc
Scope:


Concern mainly communication between two parties
(group communication security is another important
topic).
Concern attacks against protocols, not those against
cryptographic algorithms or cryptographic techniques
used to implement the algorithms.
12
Rocky K. C. Chang
Cryptography
Plaintext  (encryption)  ciphertext
 Ciphertext  (decryption)  plaintext
 What is the secret?



The cryptographic algorithm (restricted algorithm)
The cryptographic algorithm is not a secret, but the
key is.
Level of security  the length of the key  the
time of discovering the key using brute force
 The security problem is reduced to the securing
of the key.

13
Rocky K. C. Chang
Types of attacks

Passive attacks (eavesdropping), e.g.,

ciphertext-only attacks (recognizable plaintext attacks)


known-plaintext attacks


Fred has obtained some <plaintext, ciphertext> pairs.
chosen-plaintext attacks


Fred has seen some ciphertext.
Fred can choose any plaintext he wants.
Active attacks, e.g.,





pretend to be someone else
introduce new messages in the protocol
delete existing messages
substituting one message for another
replay old messages
14
Rocky K. C. Chang
Three cryptographic functions



Hash functions: require 0 key
Secret key functions: require 1 key
Public key functions: require 2 keys
Secret key
functions
Secrecy
service
Public key
functions
Authentication
service
Hash
functions
Message
integrity service
Nonrepudiation
service
15
Rocky K. C. Chang
Secret key (symmetric) cryptography

Given:



Encryption and decryption using the key.



Alice and Bob agree on a secret key cryptosystem.
Alice and Bob agree on a key (secret) K.
Alice encrypts M with K: K{M}
Bob decrypts K{M} with K  M
Problems:



Keys must be distributed in secret.
Compromising keys means compromising all aspects of security.
The number of keys is not scalable to the user population size.
16
Rocky K. C. Chang
Usages of the secret key cryptography



Transmitting over an insecure channel
Secure storage on insecure media
Authentication:

Challenge-response authentication with shared secret
Alice
Bob
rA
rA encrypted with K
rB
rB encrypted with K

Message integrity check
17
Rocky K. C. Chang
Public key (asymmetric) cryptography

Given:



Encryption using the public key and decryption
using the private key.



Alice and Bob agree on a public key cryptosystem.
Alice owns a pair of public key and private key, and
Bob knows Alice’s public key, which is not a secret.
Alice encrypts M with Bob’s public key: {M}Bob
Bob decrypts {M}Bob with its private key  M
Generate a digital signature on a message:


Alice signs M with its private key: [M]Alice.
Bob verifies Alice’s signature on [M]Alice with Alice’s
public key.
18
Rocky K. C. Chang
Usages of the public key cryptography

Problems:



Public-key algorithms are slow. Secret key algorithms are at
least 1,000 times faster.
Obtain the public key reliably.
Usages:



Transmitting over an insecure channel
Secure storage on insecure media (difference as compared
with the secret key cryptography?)
Authentication:
Alice
r encrypted with Bob’s public key
Bob
decrypted with Bob’s private key

Nonrepudiation with the digital signatures.
19
Rocky K. C. Chang
Hash functions
A hash (message digest or one-way function)
produces a short, fixed-sized output h(m) for a
message m.
 Properties:




One-way functions are relatively easy to compute,
i.e., given x and compute h(x).
However, given h(x), it is significantly harder to
compute x.
It is computationally infeasible to find two inputs that
hash to the same value.
20
Rocky K. C. Chang
Usages of hash functions
Password hashing
 Message integrity


Keyed hash: compute h(message | key) and send the
result with the message.
Message fingerprinting
 Downline load security
 Digital signature efficiency

21
Rocky K. C. Chang
Securing the Internet
IP Security (IPSec)
 TCP and UDP insecurity
 SSL/TLS
 DNS security
 Firewalls
 DoS attacks and the countermeasures
 Buffer overflow attacks and the
countermeasures
 Wireless LAN security

22
Rocky K. C. Chang
Acknowledgments

This set of notes is based on




C. Kaufman, R. Perlman, and M. Speciner, Network
Security: Private Communication in Public World,
Second Edition, Prentice Hall PTR, 2002.
L. Peterson and B. Davie, Computer Networks: A
Systems Approach, Morgan Kaufmann, 2000.
B. Schneier. Applied Cryptography, Second Edition,
Wiley, 1996.
M. Bishop, Introduction to Computer Security,
Addison Wesley, 2005.
23
Rocky K. C. Chang