Transcript Security
Security
Reported Security Incidents 1995 – 2003
Source: http://www.cert.org/present/cert-overview-trends/module-1.pdf
Imperative Need for Secure Communication
Cost of downtime
Secure Communication
Characteristics
of a secure
communication
Confidentiality
Authentication
Message
Integrity and non-repudiation
Availability and Access Control
Confidentiality
The
communicator wants the following to be
confidential:
The
fact that the communication is occurring
Timing of communication
Frequency of communication
Confidentiality
often relies on cryptographic
techniques for encrypting/ decrypting data
using one or more keys to encrypt/decrypt data
Authentication
Both
sender and receiver should be able to
confirm identity of other party involved in
communication
Confirm
that the other party is indeed who/what
they claim to be
Authentication
relies on authentication
techniques, several of which rely on
cryptographic techniques
Message Integrity and
Non-Repudiation
Message integrity
Content
of communication is not altered
maliciously or by accident
Relies on cryptographic techniques
Non-repudiation
Not
denying what was communicated
Availability
Can
communication occur in first place?
Hackers
preventing infrastructure from being used
by legitimate users – e.g., viruses, DoS attacks
Detect
breaches and respond to attacks
Access Control
Entities
allowed to gain access to resources
only if they have the appropriate access rights
(e.g., login ID, passwords, biometric devices)
Facilitated
by firewalls, which provide access
control based on a per-packet basis, and on a perservice basis.
Provide a degree of isolation and protection from
those outside of one’s network
Cryptography
Symmetric
Key Cryptography
Public Key Cryptography
Symmetric Key Cryptography
Symmetric
Key Cryptography
Caesar Cipher
Monoalphabetic Cipher
Polyalphabetic Cipher
Data Encryption Standard (DES)
Triple DES (3DES)
Advanced Encryption Standard (AES)
Trusted
Intermediaries for symmetric key
distribution
Key Distribution Center (KDC)
Kerberos
Basic Terminology
Plain
Text
Original data – not disguised
Cipher
(Encrypted) Text
Disguised data – looks unintelligible to intruder
Data disguised using encryption algorithm
Key
A string of #s or characters used as input to encryption
algorithm to disguise plain text
Symmetric Key: Both parties use same key to encrypt
and decrypt text
Symmetric Key Cryptography
Caesar
Cipher
Each letter in plaintext is substituted with letter that is K
letters later
Wrap around is allowed (i.e., z followed by letter a)
If K = 3, a in plaintext becomes d in cipher text
b in plaintext becomes e in cipher text
Example:
Decrypt the following using a Caesar
Cipher of K =3; Assume ‘wrap around’ is allowed.
“L JP J JHHN”
Symmetric Key Cryptography
Data
Encryption Standard (DES)
Published
in 1977, and updated in 1993
For commercial and non-classified U.S. Govt. use
Encodes plaintext using 56-bit key
Objective: Scramble data and key so that every bit
of the cipher text depends on every bit of the data
and every bit of the key
Algorithm: Complex (beyond the scope of the
course); Decryption works by reversing the
algorithm’s operations.
How well does DES work?
DES
challenge contest
Launched in 1997 by RSA Data Security Inc. -- A
network security company
Encrypted “strong cryptography makes the world a safer
place” using a 56-bit DES.
Winning
team took 4 months to decode.
Used volunteers throughout the Internet to systematically
explore key space.
Claimed $10K cash prize after testing only a quarter of
the key space (about 18 quadrillion keys)
How well does DES work?
In
1999, RSA launched another DES
challenge.
Message
was decrypted in little over 22 hours by
a network of volunteers and a special purpose
computer called “Deep Crack”.
Claimed $250 K cash prize.
Symmetric Key Cryptography
Triple
If
DES (3 DES)
56-bit DES is considered to be insecure, one
can simply run the algorithm multiple times,
using a different key each time
DES run three times (with a different 56-bit key
each time DES is run).
Symmetric Key Cryptography
Advanced
NIST
Encryption Standard (AES)
– in Nov 2001 announced successor to
DES.
AES is also a symmetric key algorithm that
processes data in 128-bit blocks
AES can operate with 128-bit keys, 192-bit keys,
and 256-bit keys
Trusted Intermediaries
Disadvantage
of Symmetric Key
Cryptography:
2
communicating parties have to agree upon their
secret key ahead of time in a secure manner.
Since sender and receiver do not meet face to face
in the networking world , they need a trusted
intermediary
Trusted
Key
Intermediaries:
Distribution Center
Kerberos
Key Distribution Center (KDC)
A server that shares a different secret
symmetric key with each registered user.
KDC knows the secret key of each user, and
each user can communicate securely with
KDC using this key.
Example: Using KDC
Assume
Sender (S) and Recipient (R) use
KDC for their communication.
Assume
S’s secret key known to S and KDC is
KS-KDC
Assume R’s secret key known to R and KDC is
KR-KDC.
Example: Using KDC
Using
key, S sends a message to KDC saying
that S wants to communicate with R. We
denote this message as MS-KDC(S, R).
KDC
decrypts MS-KDC(S, R)
KDC generates a random number key KSR, which
is to be used as symmetric key by S and R during
their communication.
Example: Using KDC – cont’d
KDC
sends S the key KSR, and a pair of values X
and KSR encrypted using R’s key. We denote this
message sent back to S by KDC as:
MKDC-S(KSR, MKDC-R(X, KSR)).
S
decrypts message and extracts symmetric key KSR.
S extracts and forwards MKDC-R(X, KSR) to R
R
Note that S cannot decrypt MKDC-R(X, KSR)
decrypts MKDC-R(X, KSR) and uses KSR as
symmetric key to converse with S
R and S communicate using symmetric key KSR
Kerberos
Developed
by MIT
Very similar to KDC
Has additional functions such as:
Time
stamp for validity of “nonce” KSR.
Has information about which users have access
privileges to which services on which network
servers.
Public Key Cryptography
Overview
Define
concept of Public and Private keys
Demonstrate RSA Algorithm
Review Authentication Protocols (ap)
Exchanging Public Keys
Person
in the middle-attack
Introduction - Public Key Cryptography
Use
public key cryptography so that two
parties can communicate using
encryption/decryption without using a shared
secret key.
Key
Public
maintenance is difficult
key cryptography:
A radically
different and marvelously elegant
approach towards encryption/decryption
Also used for authentication and digital signatures
Basic Idea of Public Key Cryptography
Each
participant has a private key (known
only to the participant) and a public key.
Public
key is made available to others
Could
be posted even on a website which is accessible
by the rest of the world.
Public key of recipient is used by sender to encrypt
message.
Recipient
decrypts message using recipient’s
private key.
Public Key Cryptography
Example:
Sender
(S) wishes to send a message to Recipient
(R)
S fetches R’s public key.
S uses R’s public key to encrypt message
S sends encrypted message to R.
R decrypts cipher text with R’s private key.
RSA Algorithm
Named
after its founders, Ron Rivest, Adi
Shamir, and Leonard Adleman
Has become almost synonymous with public
key cryptography
Using the RSA Algorithm
R’s
public key is denoted as KR+ and the
private key is denoted as KR-.
These keys are chosen such that:
KR- (KR+ (m)) = KR+ (KR- (m)) = m
S
will encrypt a plain text message, m, using
public key KR+ and send it to R
Using the RSA Algorithm
To
encrypt the message, S uses R’s public key
and determines the cipher text, c as:
c = me mod n
To decrypt the message, R uses R’s private key
and determines the plain text, m as:
m = cd mod n
Using the RSA Algorithm
Create R’s Keys
Choose two large prime numbers, p and q.
The larger the values, the more difficult it is to break
RSA, and the longer it takes to encode/decode.
It is recommended that the product of p and q be on the
order of 1024 bits for corporate use and 768 bits for
use with “less valuable information”.
For a discussion on how to find large prime numbers,
see http://www.utm.edu/research/primes/prove/).
For example, choose p = 5 and q = 7
Using the RSA Algorithm
Create R’s Keys
Compute n = pq =35
Compute z = (p-1)(q-1) = (4)(6) = 24
Choose a number, e, less than n, which has no
common factors (other than 1) with z.
R chooses e = 5
Find a number, d, such that ed-1 is exactly
divisible (that is, with no remainder) by z.
d = 29;
Note (ed-1) = (5x29 -1) = (145-1) = 144
144 is exactly divisible by z = 24
Using the RSA Algorithm
Create R’s Keys
Recap: p = 5, q = 7, n = 35, z = 24, e = 5, d = 29
R’s public key is given by
KR+ = (n, e) = (35, 5);
R’s private key is given by
KR- = (n, d) = (35, 29)
Example
Interpret each letter in the English alphabet as a
number between 1 and 26. That is, a = 1, b = 2, …, z =
26.
S will send message “love” to R
Using the RSA Algorithm
Encrypt Message using KR+ = (n, e) = (35, 5);
Plaintext m (numeric representation)
me
c = me mod n
letter
l
12
248832
17
o
v
e
S
15
22
5
759375
5153632
3125
will send 17152210 to R
15
22
10
Using the RSA Algorithm
Encrypt Message using KR- = (n, d) = (35, 29);
Cipher
text
17
15
22
10
cd
481968572106750915091411825223071697
12783403948858939111232757568359375
851643319086537701956194499721106030592
100000000000000000000000000000
m = cd msg
mod n
12
l
15
22
5
o
v
e
RSA and DES/AES
RSA is
a complex algorithm and uses concepts from
number theory.
DES is at least 100 times faster than RSA.
In practice, RSA is often used in combination with
DES or AES.
Message is encrypted using DES key
S encrypts DES key with R’s public key
R decrypts and obtains DES key with R’s private key.
Message is decrypted using DES key
Authentication
ap
4.0 (symmetric)
S announces to R, “I am S”
R sends a plaintext nonce (= n) to S.
Note nonce is a one time value that is specific to that
communication session
S resends same nonce back to R but this time nonce is
encrypted with symmetric key used by S and R.
R decrypts nonce using symmetric key. If decrypted
nonce equals the nonce sent to S earlier (i.e. decrypted
nonce = n) , then S is authenticated.
However, this implies that S and R must have decided
upon and exchanged their symmetric key.
Authentication
ap
5.0 (public/private)
S announces to R, “I am S”
R sends a plaintext nonce (= n) to S
S resends same nonce back to R but this time nonce is
encrypted with S’s private key.
R decrypts nonce using S’s public key. If decrypted
nonce equals the nonce sent to S earlier (i.e. decrypted
nonce = n) , then S is authenticated.
Exchanging Public Keys
Why
should public key be publicly available?
Wouldn’t it be better for S and R to exchange
their respective public keys via e-mail, after
authenticating each other?
Possibility
of “person in the middle attack.”
Person in the Middle Attack
S transmits, “I am S”
T eavesdrops.
R sends a nonce = n.
T intercepts nonce, and sends R
encrypted nonce (encrypted
using T’s private key).
R sends a message to S asking
for S’s public key.
T intercepts message, and sends
T’s public key to R.
R decrypts nonce with T’s
public key (thinking that he is
using S’s public key), and
inadvertently authenticates T.
While R is encrypting new data
using T’s public key, T is busy
posing as R to S. In particular:
T transmits R’s nonce to S
S transmits encrypted nonce
(encrypted using S’s private
key).
T intercepts encrypted
nonce, and asks S for her
public key.
S sends her public key
Person in the Middle Attack – cont’d
R
sends encrypted data (encrypted using T’s public
key)
T decrypts using her private key, and finds out R’s
plain text.
T encrypts R’s plain text using S’s public key.
T transmits encrypted text to S.
S decrypts using her private key, and finds out R’s
plain text.
S and R presume that they have had a secure
communication. They are ignorant of the fact that T
has intercepted and decrypted all messages.
Availability and Access Control
Examples
Firewalls
of common attacks
Examples of some attacks
Denial
of Service attacks
Hacker attempts to disrupt the network by flooding the
network with messages so that the network cannot
process messages from legitimate users
Examples
“Ping” attacks
Smurf attack
SYN flood attack
Distributed
Denial of Service attacks
Ping Packets
Packets
that ask a computer to respond with an
acknowledgement
Used
to see if a computer is still operational in a
network
Ping by computer name
Ping
Ping
bus.orst.edu
by IP address
Ping
128.193.76.73
TCP header: Packet #s (Sequence #s)
Assume
a file has 500,000 bytes
Assume TCP breaks this file into packets, where
each packet size is 1000 bytes
Each packet is given a packet #
The packet # for a packet is the number of the first
byte in that packet.
The packet # of first packet would be 1
The packet # of next packet would be 1001
The packet # of third packet would be 2002 and so on
TCP: Acknowledgement #
Assume
S transmits to R
R acknowledges receipt of S’s message, by
specifying an acknowledgment #.
The ACK
# sent by R is the packet # of the next
packet that R is expecting from S.
Example:
After
S sends first packet, R sends an
acknowledgment to S by specifying ACK# 1001.
After S sends second packet, R acknowledges by
specifying ACK# 2001.
SYN Flood Attack
Nature
of attack
Attacker (client) sends a TCP SYN (Synchronize
Sequence/Packet Number) request to server.
The server responds by sending a TCP SYN/ACK
packet.
The attacker does not respond – resulting in half-open
session using up server resources.
The attacker sends a flood of such TCP SYN requests
without responding.
Requests from other legitimate clients are unable to reach
the server due to multiple half-open sessions
Distributed DoS (DDos) attack
In
a DDoS attack, a hacker first gains control
of hundreds/thousands of computers (slaves).
Plants
software referred to as DDoS agent on each
of the slaves
Hacker
then uses software referred to as DDoS
handler (master) to control the agents (slaves)
Attacker launches attacks from all the slaves
and it is difficult to trace hacker
High Profile Victims of DDoS
Yahoo,
eBay, Amazon, Microsoft and eTrade
websites have been rendered inaccessible to
legitimate visitors after being flooded with
traffic from hundreds of hijacked system
www.msn.com; www.expedia.com;
www.carpoint.com sites were flooded with
DDoS attack for almost one day
DDoS attack high-level DNS servers on the
Internet
Firewalls
Firewalls
are used to prevent intruders on the
Internet from making unauthorized access and
denial of service attacks to your network.
Examines
packets flowing into and out of the
organization’s network (usually via the Internet or
corporate Intranet), restricting access to that
network.
Two main types of firewalls are packet level
firewalls and application-level firewalls.
Packet-level Firewall
Examines
the source and destination address
of packets that pass through it
Only
allowing packets that have acceptable
addresses to pass.
Since each packet is examined separately, the
firewall can’t understand what the sender’s goal
is.
Does not monitor the contents of the packets or
why they are being transmitted and typically does
not log the packets for later analysis.
Packet-level Firewall – cont’d
In general, addresses are typically examined at the transport
layer (TCP Port ID) and network layer (IP address)
May be vulnerable to IP spoofing
Example 1: Don’t allow Telnet (Dest. Port ID = 23 not allowed)
Example 2: Don’t allow packets from Internet on an Intranet
(Source IP has to be that of a device in the intranet)
Accomplished by changing the source address on incoming
packets from their real address to an address inside the
organization’s network.
Packet-level firewalls have strengthened their security since
the first cases of IP spoofing (Dec 1994).
Example: Some firewalls automatically delete any packets arriving
from the Internet that have internal source addresses
Application-Level Firewalls
Acts as an intermediate host computer, separating a private
network from the rest of the Internet, but it works on
specific applications, such as Web site access.
Application gateway acts as an intermediary between the
outside client making the request and the destination server
responding to that request, hiding individual computers on
the network behind the firewall.
Because of the increased complexity of what they do,
application level firewalls require more processing power
than packet filters which can impact network performance.
Network Address Translation (NAT)
Used
to shield a private network from outside
interference.
An NAT proxy server uses an address table,
translating network addresses inside the organization
into aliases for use on the Internet. So, internal IP
addresses remain hidden.
Many organizations combine NAT proxy servers,
packet filters and application gateways, maintaining
their online resources in a “DMZ network”
Typical network design using firewalls.
Security in many layers
5
– layer model:
Application
Layer
Transport Layer
Network Layer
Data Link Layer
Physical Layer
Each
layer can have its own security protocols.
Security at Application Layer
Secure
E-mail
PGP (Pretty Good Privacy)
e-mail encryption scheme that has become a de facto standard.
Uses MD5 or SHA for message digest/fingerprints.
Uses CAST, 3DES, IDEA for symmetric key cryptography
Uses RSA for public key cryptography
S/MIME (Secure Multipurpose Internet Mail
Extensions)
PEM (Privacy Enhanced Mail)
Secure-HTTP or
S-HTTP
Secure E-mail using PGP
When
PGP is installed, software creates a private
key and public key for user.
Public key is posted on the website.
Private key is protected using a password.
Password
has to be entered every time user accesses
private key.
Security at Application Layer
SET
(Secure Electronic Transactions)
Developed
by MasterCard and VISA in 1997
Developed to provide protection from electronic
payment fraud.
SET uses DES for Symmetric Key Cryptography
and RSA for key exchange.
Security at Transport Layer
SSL – Secure Socket Layer
Developed to provide data encryption and authentication
between a Web client and a Web server.
Client and server perform handshake and negotiate cryptographic
technique to be used.
Client and server authenticate each other
Encrypted session progresses after handshake is completed.
SSL is typically applied at the transport layer
Implies that SSL is not limited to one application
Can be applied to Web, e-mail, HTTP applications etc.
SSL (Continued)
SSL
was not developed for payment transactions.
Assume Bob makes a purchase from ABC Incorporated
over SSL
ABC’s certificate issued by CA does not indicate whether
ABC Incorporated is authorized to accept payment card
purchases nor if the company is a reliable merchant.
Similarly, ABC Incorporated has no assurance that Bob is
authorized to make a payment card purchase
May result in stolen credit card transactions, customer
repudiation of purchased goods.
Network Layer Security
IPSecurity – IPSec
IPSec
is a suite of protocols that provide
security at the network layer.
Complex
suite of protocols
IPSec would encrypt all parts of the packet
including user data at application layer, TCP
header and IP header.
Implies that all data sent by hosts – e-mail, Web
pages etc., would be hidden from Intruder.
IPSec (Continued)
2
key protocols in the IPSec suite are:
Authentication
Header (AH) protocol
provides
source authentication and data integrity but
not confidentiality
Encapsulation
provides
Security Payload (ESP) protocol
authentication, data integrity and
confidentiality.
IPSec (Continued)
Before
sending secure packets, source and
destination handshake and create a one-way
(simplex) network-layer logical connection –
known as Security Association (SA).
SA is uniquely identified by:
Security
protocol (AH or ESP) identifier
Source IP address for simplex connection
A 32-bit connection identifier called the Security
Parameter Index (SPI)
SA and Key Management
IKE
(Internet Key Exchange) algorithm is the
default key management protocol for IPsec.
ISKMP (Internet Security Association and Key
Management Protocol) defines procedures for
establishing and tearing down SAs.
Security in IEEE 802.11
Wireless Network
Security
Standards are not as advanced in
wireless environment
Since Fall 2004, mobile phones are being
attacked
in Phillipines – and has reached U.S.
Virus drains your phone battery
Started
Wireless Security
WEP
(Wired Equivalent Privacy) protocol
provides
Authentication
Encryption
between a host and a wireless access
point (WAP)
Using
symmetric key approach
No key management algorithm
Authentication
carried out using ap4.0
Wireless Security
However
WEP has security holes
Updates
(as of Feb 22, 2005) on wireless security
– check out
http://msnbc.msn.com/id/6998751/
http://www.nature.com/news/2005/050221/full/05022
1-6.html
http://www.iss.net/wireless/
http://www.practicallynetworked.com/tools/wireless_a
rticles_security.htm
http://www.research.ibm.com/gsal/wsa/