Part I: Introduction
Download
Report
Transcript Part I: Introduction
21:
Network Security Basics
Last Modified:
4/7/2016 12:39:40 AM
Some slides based on notes from cs515 at UMass
7: Network Security
1
Importance of Network
Security?
Think about…
The most private, embarrassing or valuable
piece of information you’ve ever stored on a
computer
How much you rely on computer systems to be
available when you need them
The degree to which you question whether a
piece of email really came from the person
listed in the From field
How convenient it is to be able to access
private information online (e.g. buy without
entering all data, look up your transcript
without requesting a copy,…)
7: Network Security
2
Importance of Network
Security
Society is becoming increasingly reliant on
the correct and secure functioning of
computer systems
Medical records, financial transactions, etc.
It is our jobs as professional computer
scientists:
To evaluate the systems we use to understand
their weaknesses
To educate ourselves and others to be wise
network consumers
To design networked systems that are secure
7: Network Security
3
Acceptable Use
In this section of the course, we will discuss the
weaknesses of the protocol stack we have just
learned
In the homework, you will examine a trace of some
security exploits
This trace was taken in network that was
completely disconnected from the Internet. We
had root privileges on all machines. The
experiments were conducted with the full
knowledge and consent of all participants.
This is the only acceptable environment in which to
experiment with security exploits. Doing so on any
production network is unacceptable.
7: Network Security
4
Taxonomy of Attacks (1)
Process based model to classify methods of attack
Passive:
Interception: attacks confidentiality.
a.k.a., eavesdropping, “man-in-the-middle” attacks.
Traffic Analysis: attacks confidentiality, or anonymity.
Can include traceback on a network, CRT radiation.
Active:
Interruption: attacks availability.
(a.k.a., denial-of-service attacks
Modification: attacks integrity.
Fabrication: attacks authenticity.
7: Network Security
5
Taxonomy of Attacks (2)
‘Result of the attack’ taxonomy
Increased Access the quest for root
Disclosure of Information credit card numbers
Corruption of Information changing grades, etc
Denial of Service self explanatory
Theft of Resources stealing accounts, bandwidth
7: Network Security
6
Fundamentals of Defense
Cryptography
Restricted Access
Restrict physical access, close network ports,
isolate from the Internet, firewalls, NAT
gateways, switched networks
Monitoring
Know what normal is and watch for deviations
Heterogeneity/Randomness
Variety of Implementations, Random sequence
numbers, Random port numbers
7: Network Security
7
Fundamentals of Defense
Cryptography: the study of
mathematical techniques related to
information security that have the
following objectives:
Integrity
Non-repudiation
Confidentiality
Authentication
7: Network Security
8
Objectives of Cryptography
Integrity : ensuring information has not
been altered by unauthorized or unknown
means
Integrity makes it difficult for a third party to
substitute one message for another.
It allows the recipient of a message to verify it
has not been modified in transit.
Nonrepudiation : preventing the denial of
previous commitments or actions
makes it difficult for the originator of a
message to falsely deny later that they were
the party that sent the message.
E.g., your signature on a document. 7: Network Security
9
Objectives of Cryptography
Secrecy/Confidentiality : ensuring
information is accessible only by
authorized persons
Traditionally, the primary objective of cryptography.
E.g. encrypting a message
Authentication : corroboration of the
identity of an entity
allows receivers of a message to identify its origin
makes it difficult for third parties to masquerade as
someone else
e.g., your driver’s license and photo authenticates your
image to a name, address, and birth date.
7: Network Security
10
Security Services
Authorization
Access Control
Availability
Anonymity
Privacy
Certification
Revocation
7: Network Security
11
Security Services
Authorization: conveyance of official sanction to
do or be something to another entity.
Allows only entities that have been authenticated and
who appear on an access list to utilize a service.
E.g., your date of birth on your driver’s license
authorizes you to drink as someone who is over 21.
Access Control: restricting access to resources to
privileged entities.
ensures that specific entities may perform specific
operations on a secure object.
E.g. Unix access control for files (read, write, execute
for owner, group, world)
7: Network Security
12
Security Services
Availability: ensuring a system is available
to authorized entities when needed
ensures that a service or information is
available to an (authorized) user upon demand
and without delay.
Denial-of-service attacks seek to interrupt a
service or make some information unavailable to
legitimate users.
7: Network Security
13
Security Services
Anonymity : concealing the identity of an
entity involved in some process
Concealing the originator of a message within a
set of possible entities.
• The degree of anonymity of an entity is the sum
chance that everyone else in the set is the originator
of the message.
• Anonymity is a technical means to privacy.
Privacy: concealing personal information, a
form of confidentiality.
7: Network Security
14
Security Services
Certification: endorsement of information
by a trusted entity.
Revocation: retraction of certification or
authorization
Certification and Revocation
Just as important as certifying an entity, we
need to be able to take those rights away, in
case the system is compromised, we change
policy, or the safety that comes from a
“refresh”.
7: Network Security
15
Cryptography
The most widely used tool for securing
information and services is cryptography.
Cryptography relies on ciphers: mathematical
functions used for encryption and decryption of a
message.
Encryption: the process of disguising a message in such a
way as to hide its substance.
Ciphertext: an encrypted message
Decryption: the process of returning an encrypted
message back into plaintext.
Plaintext
Encryption
Ciphertext
Decryption
Original
Plaintext
7: Network Security
16
Ciphers
The security of a cipher may rest in the secrecy
of its restricted algorithm .
Whenever a user leaves a group, the algorithm must
change.
Can’t be scrutinized by people smarter than you.
But, secrecy is a popular approach :(
Modern cryptography relies on keys, a selected
value from a large set (a keyspace), e.g., a 1024bit number. 21024 values!
Security is based on secrecy of the key, not the details
of the algorithm.
Change of authorized participants requires only a change
in key.
7: Network Security
17
Friends and enemies: Alice, Bob, Trudy
Figure 7.1 goes here
well-known in network security world
Bob, Alice want to communicate “securely”
Trudy, the “intruder” may intercept, delete, add
messages
7: Network Security
18
The language of cryptography
plaintext
K
K
B
A
plaintext
ciphertext
Figure 7.3 goes here
7: Network Security
19
What makes a good cipher?
substitution cipher: substituting one thing for another
monoalphabetic cipher: substitute one letter for another
plaintext:
abcdefghijklmnopqrstuvwxyz
ciphertext:
mnbvcxzasdfghjklpoiuytrewq
E.g.:
Plaintext: bob. i love you. alice
ciphertext: nkn. s gktc wky. mgsbc
Q: How hard to break this simple cipher?:
•brute force (how hard?)
•other?
7: Network Security
20
Symmetric vs Assymetric Key
The most common cryptographic tools are
Symmetric key ciphers
•
•
•
•
DES, 3DES, AES, Blowfish, Twofish, IDEA
Fast and simple (based on addition, masks, and shifts)
One key shared and kept secret
Typical key lengths are 40, 128, 256, 512
Asymmetric key ciphers
•
•
•
•
RSA, El Gamal
two keys
Slow, but versatile (usually requires exponentiation)
Typical key lengths are 512, 1024, 2048
7: Network Security
21
Keys
Symmetric key (private key) algorithms have a
separate key for each pair of entities sharing a
key.
Public-Key algorithms use a public-key and privatekey pair over a message.
Only the public-key can decrypt a message encrypted
with the private key.
Similarly, only the private key can decrypt a message
decrypted with the public key.
Often, a symmetric session key is generated by
one of participants and encrypted with the other’s
public key.
Further communication occurs with the symmetric key.
7: Network Security
22
Symmetric key crypto: DES
DES: Data Encryption Standard
US encryption standard [NIST 1993]
56-bit symmetric key, 64 bit plaintext input
initial permutation
16 identical “rounds” of function application, each using
different 48 bits of key
final permutation
How secure is DES?
DES Challenge: 56-bit-key-encrypted phrase decrypted
(brute force) in 4 months
no known “backdoor” decryption approach
making DES more secure
use three keys sequentially (3-DES) on each datum
use cipher-block chaining
7: Network Security
23
Public key cryptography
7: Network Security
24
Public key encryption algorithms
Two inter-related requirements:
1
.
.
need a decryption function dB ( ) and an
encrption function eB ( ) such that
d (e (m)) = m
2
B B
need public and private keys
for dB ( ) and eB ( )
.
.
7: Network Security
25
RSA
Rivest, Shamir, Adelson
Want a function eB that is easy to do, but
hard to undo without a special decryption
key
Based on the difficulty of factoring large
numbers (especially ones that have only
large prime factors)
7: Network Security
26
RSA: Choosing keys
1. Choose two large prime numbers p, q.
(e.g., 1024 bits each)
2. Compute n = pq, z = (p-1)(q-1)
3. Choose e (with e<n) that has no common factors
with z. (e, z are “relatively prime”).
4. Choose d such that ed-1 is exactly divisible by z.
(in other words: ed mod z = 1 ).
5. Public key is (n,e). Private key is (n,d).
Why? (Will hint at)
How? (Won’t discuss)
7: Network Security
27
RSA: Encryption, decryption
0. Given (n,e) and (n,d) as computed above
1. To encrypt bit pattern (message), m, compute
e
e
c = m mod n (i.e., remainder when m is divided by n)
2. To decrypt received bit pattern, c, compute
d
m = c d mod n (i.e., remainder when c is divided by n)
Magic
d
m = (m e mod n) mod n
happens!
7: Network Security
28
RSA example:
Bob chooses p=5, q=7. Then n=35, z=24.
e=5 (so e, z relatively prime).
d=29 (so ed-1 exactly divisible by z.
encrypt:
decrypt:
letter
m
me
l
12
1524832
c
17
d
c
481968572106750915091411825223072000
c = me mod n
17
m = cd mod n letter
12
l
7: Network Security
29
RSA: Why:
m = (m e mod n)
d
mod n
Number theory result: If p,q prime, n = pq, then
y
y mod (p-1)(q-1)
x mod n = x
mod n
e
(m mod n) d mod n = medmod n
= m
ed mod (p-1)(q-1)
mod n
(using number theory result above)
1
= m mod n
(since we chose ed to be divisible by
(p-1)(q-1) with remainder 1 )
= m
7: Network Security
30
Using Cryptography
7: Network Security
31
Using Cryptography for:
Message Integrity: sender, receiver want to
ensure message not altered (in transit, or
afterwards) without detection
Authentication: sender, receiver want to
confirm identity of each other
Secrecy: only sender, intended receiver
should “understand” msg contents
sender encrypts msg
receiver decrypts msg
7: Network Security
32
Digital Signatures
Cryptographic technique
analogous to handwritten signatures.
Simple digital signature
for message m:
Sender (Bob) digitally signs
public key dB, creating
signed message, dB(m).
Bob sends m and dB(m) to
Alice.
document, establishing he
is document owner/creator.
Verifiable, nonforgeable:
recipient (Alice) can verify
that Bob, and no one else,
signed document.
Bob encrypts m with his
7: Network Security
33
Digital Signatures (more)
Suppose Alice receives Alice thus verifies that:
msg m, and digital
Bob signed m.
signature dB(m)
No one else signed m.
Alice verifies m signed
Bob signed m and not m’.
by Bob by applying
Non-repudiation:
Bob’s public key eB to
Alice can take m, and
dB(m) then checks
signature dB(m) to court
eB(dB(m) ) = m.
and prove that Bob
If eB(dB(m) ) = m,
signed m.
whoever signed m must
have used Bob’s
private key.
7: Network Security
34
Message Digests
Computationally expensive
to public-key-encrypt
long messages
Goal: fixed-length,easy to
compute digital
signature, “fingerprint”
apply hash function H
to m, get fixed size
message digest, H(m).
Hash function properties:
Many-to-1
Produces fixed-size msg
digest (fingerprint)
Given message digest x,
computationally infeasible
to find m such that x =
H(m)
computationally infeasible
to find any two messages m
and m’ such that H(m) =
H(m’).
7: Network Security
35
Digital signature = Signed message digest
Bob sends digitally signed
message:
Alice verifies signature and
integrity of digitally signed
message:
7: Network Security
36
Hash Function Algorithms
Internet checksum
would make a poor
message digest.
Too easy to find
two messages with
same checksum.
MD5 hash function widely
used.
Computes 128-bit
message digest in 4-step
process.
arbitrary 128-bit string
x, appears difficult to
construct msg m whose
MD5 hash is equal to x.
SHA-1 is also used.
US standard
160-bit message digest
7: Network Security
37
Authentication
Goal: Bob wants Alice to “prove” her identity
to him
Protocol ap1.0: Alice says “I am Alice”
Failure scenario??
7: Network Security
38
Authentication: another try
Protocol ap3.0: Alice says “I am Alice” and sends her
secret password to “prove” it.
Failure scenario?
7: Network Security
39
Authentication: yet another try
Protocol ap3.1: Alice says “I am Alice” and sends her
encrypted secret password to “prove” it.
I am Alice
encrypt(password)
Failure scenario?
7: Network Security
40
ap4.0: Authentication: yet another
try
Goal: avoid playback attack
Nonce: number (R) used onlyonce in a lifetime
ap4.0: to prove Alice “live”, Bob sends Alice nonce, R. Alice
must return R, encrypted with shared secret key
Figure 7.11 goes here
Failures, drawbacks?
7: Network Security
41
Trusted Intermediaries
Problem:
Problem:
How do two entities
When Alice obtains
establish shared
Bob’s public key
secret key over
(from web site, enetwork?
mail, diskette), how
does she know it is
Solution:
Bob’s public key, not
trusted key
Trudy’s?
distribution center
Solution:
(KDC) acting as
intermediary
trusted certification
between entities
authority (CA)
7: Network Security
42
Key Distribution Center (KDC)
Alice,Bob need shared
symmetric key.
KDC: server shares
different secret key
with each registered
user.
Alice, Bob know own
symmetric keys, KA-KDC
KB-KDC , for
communicating with
KDC.
Alice communicates with
KDC, gets session key R1, and
KB-KDC(A,R1)
Alice sends Bob
KB-KDC(A,R1), Bob extracts R1
Alice, Bob now share the
symmetric key R1.
7: Network Security
43
Authentication: ap5.0
ap4.0 requires shared symmetric key
problem: how do Bob, Alice agree on key
can we authenticate using public key techniques?
ap5.0: use nonce, public key cryptography
Figure 7.12 goes here
7: Network Security
44
ap5.0: security hole
Man (woman) in the middle attack: Trudy poses
as Alice (to Bob) and as Bob (to Alice)
Figure 7.14 goes here
Need “certified” public
keys
7: Network Security
45
Certification Authorities
Certification authority
(CA) binds public key to
particular entity.
Entity (person, router,
etc.) can register its public
key with CA.
Entity provides “proof
of identity” to CA.
CA creates certificate
binding entity to public
key.
Certificate digitally
signed by CA.
Public key of CA can be
universally known (on
billboard, embedded in
software)
When Alice wants Bob’s public
key:
gets Bob’s certificate (Bob or
elsewhere).
Apply CA’s public key to Bob’s
certificate, get Bob’s public
key
7: Network Security
46
Administrators
Persons managing the security of a valued resource
consider five steps:
1.
Risk assessment: the value of a resource should determine
how much effort (or money) is spent protecting it.
•
•
2.
E.g., If you have nothing in your house of value do you need to
lock your doors other than to protect the house itself?
If you have an $16,000,000 artwork, you might consider a
security guard. (can you trust the guard?)
Policy: define the responsibilities of the organization, the
employees and management. It should also fix
responsibility for implementation, enforcement, audit and
review.
7: Network Security
47
Administrators
3.
Prevention: taking measures that prevent
damage.
• E.g., firewalls or one-time passwords (e.g., s/key)
4.
Detection: measures that allow detection of
when an asset has been damaged, altered, or
copied.
• E.g., intrusion detection, trip wire, network forensics
5.
Recovery/Response: restoring systems that
were compromised; patch holes.
7: Network Security
48
Physical Security
Are you sure someone can just walk into your
building and
Steal floppies or CD-ROMs that are lying around?
Bring in a laptop and plug into your dhcp-enable ethernet
jacks?
Reboot your computer into single user mode? (using a
bios password?)
Reboot your computer with a live CD-ROM and mount the
drives?
Sit down at an unlocked screen?
Can anyone sit down outside your building and get
on your DHCP-enable 802.11 network?
7: Network Security
49
Social Engineering
Using tricks and lies that take advantage of
people’s trust to gain access to an otherwise
guarded system.
Social Engineering by Phone: “Hi this is your visa credit
card company. We have a charge for $3500 that we
would like to verify. But, to be sure it’s you, please tell
me your social security number, pin, mother’s maiden
name, etc”
Dumpster Diving: collecting company info by searching
through trash.
Online: “hi this is Alice from my other email account on
yahoo. I believe someone broke into my account, can you
please change the password to “Sucker”?
Persuasion: Showing up in a FedEx or police uniform, etc.
Bribery/Threats
7: Network Security
50
The Security Process
Detection
Security is an on-going
process between these
three steps.
Moreover, most
security research can
be categorized within
these three topics.
Prevention
Response
Prevention: firewalls and filtering, secure
shell, anonymous protocols
Detection: intrusion detection, IP traceback
Response: dynamic firewall rule sets,
Network Security
51
employee education (post-its are 7:bad)
More 3-faceted views of
Security
Security of an organization consists of
Computer and Network Security
• Everything that we will learn about in this class
• Firewalls, IDS, virus protection, ssh, passwords, etc.
Process security
• Protected by good policy!
• No one should be able to get an account by phone: a form
should be filled out, an email/phone call sent to a manager,
and then the password picked up in person. Don’t send
notifications after accounts are set up!
• http://www.nstissc.gov/html/library.html
Physical security
• Protected by alarm systems, cameras, and mean dogs.
• Are you sure someone can’t just steal the hard drive?
7: Network Security
52