ppt - Computer Science Division

Download Report

Transcript ppt - Computer Science Division

Welcome to CS 395/495
Internet Security: A
Measurement-based Approach
Why Internet Security
• Internet attacks are increasing in frequency,
severity and sophistication
• Denial of service (DoS) attacks
– Cost $1.2 billion in 2000
– 1999 CSI/FBI survey 32% of respondents detected
DoS attacks directed to their systems
– Thousands of attacks per week in 2001
– Yahoo, Amazon, eBay, Microsoft, White House, etc.,
attacked
Why Internet Security (cont’d)
• Virus and worms
– Melissa, Nimda, Code Red, Code Red II, Slammer …
– Cause over $28 billion in economic losses in 2003,
growing to over $75 billion in economic losses by 2007.
– Code Red (2001): 13 hours infected >360K machines $2.4 billion loss
– Slammer (2003): 10 minutes infected > 75K machines $1 billion loss
• ……
• Security has become one of the hottest jobs even
with downturn of economy
Overview
• Course Administrative Trivia
• What is Internet security?
• Principles of cryptography
• Authentication
Some slides are in courtesy of J. Kurose and K. Ross
Logistics
• Instructor
Yan Chen ([email protected]),
Office Hours: Wed. 2-4pm or by appointment,
Rm 330, 1890 Maple Ave.
• TA
Jason A. Skicewicz
([email protected])
Office Hours: Tu. and Th. 3:30-4:30pm, Rm 321,
Maple Ave.
Course Overview
• Seminar class: paper reading + a big project
• Start with the basic concepts of security
– Cryptography, access control and protection
• First half focus on large-scale Internet attacks
– Mobile Malcode (virus/worm): characterization,
technologies, history and current defense
– Denial of service (DoS) attacks
– Firewall technologies
– Intrusion detection systems (IDS)
Course Overview (cont’d)
• Many new unknown attacks/anomalies remaining
• Second half: Internet anomaly detection
– High-speed network measurement and monitoring
– Network fault diagnostics and root cause analysis
– BGP/routing anomalies
– Network topology discovery
– Measurement-based inference
– Peer-to-peer system measurement and monitoring
Prerequisites and Course Materials
• Required: CS340 (Intro to computer networking)
• Highly Recommended: OS or having some familiarity with
Unix systems programming
• No required textbook – paper reading!
• Recommended (see webpage for a complete list)
o Firewalls and Internet Security: Repelling the Wily Hacker, 2nd
edition, by William R. Cheswick, Steven M. Bellovin, and Aviel D.
Rubin
o Computer Networking: A Top-Down Approach Featuring the
Internet, [KR], Second Edition, James Kurose and Keith Ross,
Addison Wesley, 2002
Grading
• No exams for this class
• Class participation and discussion 10%
• Paper reading summary 10%
• In class paper presentation 15%
• Project 65%
– Proposal and survey 5%
– Design document 5%
– Weekly report and meeting 5%
– Project presentation 25%
– Final report 25%
Paper Reading
• Write a very brief summary of each paper, to be
emailed to the TA before the class
• Summary should include:
– Paper title and its author(s)
– Brief one-line summary
– A paragraph of the one or two most significant new
insight(s) you took away from the paper
– A paragraph of the one or two most significant flaw(s)
of the paper
– A last paragraph where you state the relevance of the
ideas today, potential future research suggested by
the article
Class Format
• Introduction of the basic problems, ideas and
solutions (10 minutes)
• Student presentations of the two papers
– 20 minutes for presentation, and 10 minutes for
discussion
• Summarize with the last 10 minutes
• Take turns for presentation (~30 papers, 4
papers/student)
Format of the Presentation
• Presentation should include the following
– Motivation
– Classification of related work/background
– Main ideas
– Evaluation and results
– Open issues
• Send the slides to the TA and me for review at
least 24 hours ahead of the class
• Guidelines online
Projects
• The most important part of class
– Group of 2+ people
• Project list will be online soon
• Proposal – April 8
– 3-4 pages with another 1-2 pages references.
• Design Document – April 15
– 4-5 pages with a detailed description of the software design, load
distribution among group members.
• Weekly Meeting and Progress Report – 4/13-5/25
– Each team will schedule a weekly meeting (30 minutes) with me. A
work-in-progress report (except the 4/13 week) of 1-2 pages is due
24 hours ahead of the meeting.
• Project Presentation – June 1 and 3
• Final Report – June 9
Communication and Policies
• Web page:
http://www.cs.nwu.edu/~ychen/classes/cs495/
• Newsgroup (cs.netsec) is available
• Send emails to instructor and TA for questions
inappropriate in newsgroup
• No late handins! Will be ignored
• Work division
– Each team member should do similar amount of work
– Survey on work division at the end of quarter
– More contribution, better grade!
Overview
• Course Administrative Trivia
• What is Internet security?
• Principles of cryptography
• Authentication
Some slides are in courtesy of J. Kurose and K. Ross
What is network security?
Confidentiality: only sender, intended receiver should
“understand” message contents
– sender encrypts message
– receiver decrypts message
Authentication: sender, receiver want to confirm
identity of each other
Message Integrity: sender, receiver want to ensure
message not altered (in transit, or afterwards)
without detection
Access and Availability: services must be accessible and
available to users
Friends and enemies: Alice, Bob, Trudy
• well-known in network security world
• Bob, Alice (lovers!) want to communicate “securely”
• Trudy (intruder) may intercept, delete, add messages
Alice
data
channel
secure
sender
Bob
data, control
messages
secure
receiver
Trudy
data
Who might Bob, Alice be?
• … well, real-life Bobs and Alices!
• Web browser/server for electronic
transactions (e.g., on-line purchases)
• on-line banking client/server
• DNS servers
• routers exchanging routing table updates
• other examples?
There are bad guys (and girls) out there!
Q: What can a “bad guy” do?
A: a lot!
– eavesdrop: intercept messages
– actively insert messages into connection
– impersonation: can fake (spoof) source address
in packet (or any field in packet)
– hijacking: “take over” ongoing connection by
removing sender or receiver, inserting himself
in place
– denial of service: prevent service from being
used by others (e.g., by overloading resources)
Overview
• Course Administrative Trivia
• What is Internet security?
• Principles of cryptography
• Authentication
Some slides are in courtesy of J. Kurose and K. Ross
The language of cryptography
Alice’s
K encryption
A
key
plaintext
encryption
algorithm
ciphertext
Bob’s
K decryption
B key
decryption plaintext
algorithm
symmetric key crypto: sender, receiver keys identical
public-key crypto: encryption key public, decryption key
secret (private)
Symmetric key cryptography
substitution cipher: substituting one thing for another
– monoalphabetic cipher: substitute one letter for another
plaintext:
abcdefghijklmnopqrstuvwxyz
ciphertext:
mnbvcxzasdfghjklpoiuytrewq
E.g.:
Plaintext: bob. i love you. alice
ciphertext: nkn. s gktc wky. mgsbc
Symmetric key cryptography
KA-B
KA-B
plaintext
message, m
encryption ciphertext
algorithm
K (m)
A-B
decryption plaintext
algorithm
m = K ( KA-B(m) )
A-B
symmetric key crypto: Bob and Alice share know same
(symmetric) key: K
A-B
• e.g., key is knowing substitution pattern in mono
alphabetic substitution cipher
• Q: how do Bob and Alice agree on key value?
Symmetric key crypto: DES and AES
DES: Data Encryption Standard
• US encryption standard [NIST 1993]
• 56-bit symmetric key, 64-bit plaintext input
• How secure is DES?
– DES Challenge: 56-bit-key-encrypted phrase (“Strong
cryptography makes the world a safer place”) decrypted (brute
force) in 4 months. Most recent record – 22 hours.
AES: Advanced Encryption Standard
• new (Nov. 2001) symmetric-key NIST standard,
replacing DES
• processes data in 128 bit blocks
• brute force decryption (try each key) taking 1 sec on
DES, takes 149 trillion years for AES
Public Key Cryptography
symmetric key crypto
public key cryptography
• requires sender,
receiver know shared
secret key
• radically different
approach [DiffieHellman76, RSA78]
• Q: how to agree on key
in first place
(particularly if never
“met”)?
• sender, receiver do
not share secret key
• public encryption key
known to all
• private decryption
key known only to
receiver
Public key cryptography
+ Bob’s public
B key
K
K
plaintext
message, m
encryption ciphertext
algorithm
+
K (m)
B
- Bob’s private
B key
decryption plaintext
algorithm message
+
m = K B(K (m))
B
Public key encryption algorithms
Requirements:
1
2
+
need K ( ) and K - ( ) such that
B
B
- +
K (K (m)) = m
B B
.
.
+
given public key KB , it should be
impossible to compute
private key KB
RSA: Rivest, Shamir, Adelson algorithm
RSA: Choosing keys
1. Choose two large prime numbers p, q.
(e.g., 1024 bits each)
2. Compute n = pq, z = (p-1)(q-1)
3. Choose e (with e<n) that has no common factors
with z. (e, z are “relatively prime”).
4. Choose d such that ed-1 is exactly divisible by z.
(in other words: ed mod z = 1 ).
5. Public key is (n,e). Private key is (n,d).
+
KB
-
KB
RSA: Encryption, decryption
0. Given (n,e) and (n,d) as computed above
1. To encrypt bit pattern, m, compute
e
e
(i.e.,
remainder
when
m
is divided by n)
c = m mod n
2. To decrypt received bit pattern, c, compute
d is divided by n)
d
(i.e.,
remainder
when
c
m = c mod n
Magic
d
m = (m e mod n) mod n
happens!
c
Why secure? No quick factorizing algorithm
RSA example:
Bob chooses p=5, q=7. Then n=35, z=24.
e=5 (so e, z relatively prime).
d=29 (so ed-1 exactly divisible by z.
encrypt:
decrypt:
letter
m
me
l
12
1524832
c
17
d
c
481968572106750915091411825223071697
c = me mod n
17
m = cd mod n letter
12
l
RSA: another important property
-
+
B
B
K (K (m))
+ = m = K (K (m))
B B
use public key
first, followed
by private key
use private key
first, followed
by public key
Result is the same!
Symmetric (DES) vs. Public Key (RSA)
• Exponentiation of RSA is expensive !
• AES and DES are much faster
– 100 times faster in software
– 1,000 to 10,000 times faster in hardware
• RSA often used in combination in AES and DES
– Pass the session key with RSA
Overview
• Course Administrative Trivia
• What is Internet security?
• Principles of cryptography
• Authentication
Some slides are in courtesy of J. Kurose and K. Ross
Authentication
Goal: Bob wants Alice to “prove” her identity to
him
Protocol ap1.0: Alice says “I am Alice”
“I am Alice”
Failure scenario??
Authentication
Goal: Bob wants Alice to “prove” her identity to
him
Protocol ap1.0: Alice says “I am Alice”
“I am Alice”
in a network,
Bob can not “see”
Alice, so Trudy simply
declares
herself to be Alice
Authentication: another try
Protocol ap2.0: Alice says “I am Alice” in an IP packet
containing her source IP address
Alice’s
“I am Alice”
IP address
Failure scenario??
Authentication: another try
Protocol ap2.0: Alice says “I am Alice” in an IP packet
containing her source IP address
Alice’s
IP address
Trudy can create
a packet
“spoofing”
“I am Alice”
Alice’s address
Authentication: another try
Protocol ap3.0: Alice says “I am Alice” and sends her
secret password to “prove” it.
Alice’s
Alice’s
“I’m Alice”
IP addr password
Alice’s
IP addr
OK
Failure scenario??
Authentication: another try
Protocol ap3.0: Alice says “I am Alice” and sends her
secret password to “prove” it.
Alice’s
Alice’s
“I’m Alice”
IP addr password
Alice’s
IP addr
OK
playback attack: Trudy
records Alice’s packet
and later
plays it back to Bob
Alice’s
Alice’s
“I’m Alice”
IP addr password
Authentication: yet another try
Protocol ap3.1: Alice says “I am Alice” and sends her
encrypted secret password to “prove” it.
Alice’s encrypted
“I’m Alice”
IP addr password
Alice’s
IP addr
OK
Failure scenario??
Authentication: another try
Protocol ap3.1: Alice says “I am Alice” and sends her
encrypted secret password to “prove” it.
Alice’s encryppted
“I’m Alice”
IP addr password
Alice’s
IP addr
OK
Alice’s encrypted
“I’m Alice”
IP addr password
record
and
playback
still works!
Authentication: yet another try
Goal: avoid playback attack
Nonce: number (R) used only once –in-a-lifetime
ap4.0: to prove Alice “live”, Bob sends Alice nonce, R. Alice
must return R, encrypted with shared secret key
“I am Alice”
R
KA-B(R)
Failures, drawbacks?
Alice is live, and
only Alice knows
key to encrypt
nonce, so it must
be Alice!
Authentication: ap5.0
ap4.0 requires shared symmetric key
• can we authenticate using public key techniques?
ap5.0: use nonce, public key cryptography
“I am Alice”
R
Bob computes
+ -
-
K A (R)
“send me your public key”
+
KA
KA(KA (R)) = R
and knows only Alice
could have the private
key, that encrypted R
such that
+ K (K (R)) = R
A A