Transcript Security - Rudra Dutta

Information and Network
Security
Rudra Dutta
CSC 401- Fall 2011, Section 001
Network Security

Based on concepts of information security
–
–
Complementary to: physical security of networks and
endpoints
Also related to: human security

Comparatively recent concern with security in
networks
 Various “attackers” or “malcontents” at various
levels of seriousness, frequency, ability
 Overarching goal – no single place (many
vulnerabilities)
 No such thing as 100% security
Copyright Rudra Dutta, NCSU, Fall 2011
2
Components of Study

Basic concerns
–
–

Fundamental tools
–

Signatures, certifications, …
Protocols / architectures
–

Cryptography
Building blocks
–

Confidentiality, authentication, non-repudiation,
integrity
Availability, authorization
IPSec, firewall, VPN, PGP, SSL, Shibboleth …
Emerging trend: trust management
Copyright Rudra Dutta, NCSU, Fall 2011
3
Security Concerns

Confidentiality (Secrecy, Privacy)
–
–

Authentication
–

Message received same as message sent
Availability
–

Inability to claim innocence of past action
Integrity
–

Confidence in recognizing trusted or known entity
Non-repudiation
–

Nobody but intended recipient should know content
“Person-in-the-middle” possibility in networks
Infrastructure / resource available to genuine use
Authorization
–
Policy form of confidentiality
Copyright Rudra Dutta, NCSU, Fall 2011
4
Cryptography



DK ( EK ( P ) ) = P (symmetric-key)
“Algorithm is public, only keys are secret”
Attacks: (i) ciphertext-only, (ii) known-plaintext,
(iii) chosen-plaintext
Copyright Rudra Dutta, NCSU, Fall 2011
5
Ciphers as Transformation

Simple substitution cipher
–

Fundamental principles:
–
–



More advanced ones possible
Messages must contain some redundancy
Some method is needed to foil replay attacks
The first implies that plaintext “space” must be large and
sparsely used – can use cryptographic hashes
The second shows the need of timestamp or equivalent
Ciphering (even efficiently) is only useful if these
conditions are first met
Copyright Rudra Dutta, NCSU, Fall 2011
6
Data Encryption Standard



Copyright Rudra Dutta, NCSU, Fall 2011
A comparatively
older and simpler
symmetric key
cipher
Each stage uses a
different 48-bit key
derived from the
main 56-bit key
Li-1 is transformed
to 48 bits, bitXOR’d with key,
mapped back into
32 bits
7
Other Ciphers
Some common symmetric-key cryptographic
algorithms
Copyright Rudra Dutta, NCSU, Fall 2011
8
Public Key Cryptography

Weak point: key distribution
–
–

Keys have to be distributed, yet kept secret
Once a key is compromised, worse than useless
Solution: asymmetric keys
–
–
Encryption and decryption use different keys which are not
trivially related to each other
Diffie-Hellman, 1976

D ( E ( P )) = P
 Exceedingly difficult to deduce D from E
 E cannot be broken by chosen-plaintext attack


E(.) can be made public – D(.) is never distributed
“public key cryptography”
Copyright Rudra Dutta, NCSU, Fall 2011
9
RSA (Rivest, Shamir, Adleman)
Choose two large primes, p and q (e.g. 3 and 11)
2. Compute n = p × q and z = ( p − 1) × (q − 1)
3. Choose number relatively prime to z – call it d (7)
4. Find e such that e × d = 1 mod z (3)
E(.) : C = Pe (mod n)
D(.) : P = Cd (mod n)
1.
Copyright Rudra Dutta, NCSU, Fall 2011
10
Tools: Digital Signatures
Required Conditions:
Receiver can verify claimed identity of sender.
2. Sender cannot later repudiate contents of message.
3. Receiver cannot have concocted message himself.
1.
Copyright Rudra Dutta, NCSU, Fall 2011
11
Message Digests (Cryptographic Hash)
Message Digest (e.g. MD5) properties
1. Given P, easy to compute MD(P).
2. Given MD(P), effectively impossible to find P.
3. Given P no one can find P′ such that MD(P′) =
MD(P).
4. Change to input of even 1 bit produces very
different output.
Message digests can form
Digital signatures
(However, vulnerable to
birthday attack)
Copyright Rudra Dutta, NCSU, Fall 2011
12
Management of Public Keys
Trudy can subvert public-key encryption: need certification
Copyright Rudra Dutta, NCSU, Fall 2011
13
Achieving Security in Networks







IPSec – Security in IP layer between endpoints
Firewalls – policing at gateways
VPNs – Multipoint-to-multipoint secure
community over insecure Internet
Kerberos etc. – authentication over insecure
Internet
PGP etc. – Security between application
endpoints
DNSSec – Securing DNS transactions
TLS / SSL – API to encapsulate process-toprocess (client-server) security
Copyright Rudra Dutta, NCSU, Fall 2011
14
IP Security

Multiple services, separate
–
–
–

Security Association
–
–

End-to-end context, unidirectional, security identifier
Allows use of IPSec at different granularities
Transport mode
–
–
–

Secrecy, Integrity, Replay protection
Based on symmetric keys
Pluggable algorithm modules
IPSec header Inserted after IP header
Integrity, authentication, replay attacks with AH
Origin (integrity, authentication), secrecy, replay with ESP
Tunnel mode
–
IP packet encapsulated in new IP packet, ESP
– Integrity, authentication, secrecy, replay
Copyright Rudra Dutta, NCSU, Fall 2011
15
Key Management

Shared keys
 Distribution (sharing) of keys outside SA
 ISAKMP framework
–
Manual pre-configuration
– Internet Key Exchange v2 protocol
– DNS as key distributor
– Others …

When two IP endpoints want to setup a SA, they
already have a shared key / have a way to
share a key
Copyright Rudra Dutta, NCSU, Fall 2011
16
IPsec AH
Identifier
Detect replay attacks
Hashed Message Authentication Code
Signature computed using shared key

Transport mode only – Authentication Header
–

In IPv6, used as extension header
In IP header, Protocol is 51 for IPSec
Copyright Rudra Dutta, NCSU, Fall 2011
17
IPsec ESP




Header contains security identifier and sequence
number
Originally, secrecy only (not integrity)
Later extended by adding authentication signature
Eventually likely to phase out AH
Copyright Rudra Dutta, NCSU, Fall 2011
18
Firewalls

Packet filtering gateways
–



Can filter by ports, or any other field
DMZ or Perimeter Networks can complement
Stateless, stateful, application-level gateways
Should form component of overall security picture
Copyright Rudra Dutta, NCSU, Fall 2011
19
Virtual Private Networks

Create virtual circuits between gateways of each
physical network of an organization
–
–

Actually, not virtual circuits but SA tunnels
Firewalls as well as gateways
Intermediate routers can transport but not compromise
–
May provide MPLS tunnels (with bandwidth provisions)
Copyright Rudra Dutta, NCSU, Fall 2011
20
Kerberos
KS: Session key
Ticket granting ticket
KAB: Service session key
Service ticket



“Three-headed” scheme
Separate user authentication from service authorization
Password not transmitted, on public workstation briefly
Copyright Rudra Dutta, NCSU, Fall 2011
21
Pretty Good Privacy
Random input by Alice
Bob confident of P, Alice
Only Bob can get KM
Like DES

RSA used to encrypt small, random words
 IDEA (much faster) encrypts larger message
Copyright Rudra Dutta, NCSU, Fall 2011
22
PGP Message
Copyright Rudra Dutta, NCSU, Fall 2011
23
DNS
Copyright Rudra Dutta, NCSU, Fall 2011
24
DNS Spoofing
Copyright Rudra Dutta, NCSU, Fall 2011
25
Poisoning DNS


Basically – force DNS server to query, and send false
answer right behind the query
Need to first know sequence number – register bogus
domain
Copyright Rudra Dutta, NCSU, Fall 2011
26
DNSSec

DNSSec attempts to provide:
–
–
–

DNS replies are Resource Records
–

–


Grouped into sets – RRSets
Each DNS zone has public/private key pair
–

Proof of where the data originated
Public key distribution
Transaction and request authentication
RRSet to be delivered is cryptographically hashed
Hash is signed by zone’s private key
New RR types to store key, hash, specify algorithm (and
others such as validity period)
Hashing and signing is offline – at zone
Signatures also protect query-response between servers
Copyright Rudra Dutta, NCSU, Fall 2011
27
SSL / TLS


Encapsulate security for application programs
Original SSL proposed by Netscape, later TLS standardized by
IETF
–
TLS is incompatible with SSL
– Falls back on SSL, but not earlier than SSL 3.0

Newly generated key to sign and encrypt data for each connection
Copyright Rudra Dutta, NCSU, Fall 2011
28
Summary





Cryptography and privacy/secrecy of keys used
to assure security goals
Network security largely still in the stage of
shoring up known exploits
Understanding of vulnerabilities are still on a
case-by-case basis
“Encrypt everything” may be both overkill and
underkill
Significant growth area
Copyright Rudra Dutta, NCSU, Fall 2011
29