L9-Net Security_Attacks and IDS_new

Download Report

Transcript L9-Net Security_Attacks and IDS_new

Network Security
Valentina Casola
Outline of the lecture
• History of computer security
• Security attacks:
– types of attacks
– proactive measures
– reactive measures
• Firewalls
• Intrusion detection systems
• Designing secure infrastructures
Network Security Problems
 Wide area networks allow attacks from anywhere, often via several compromised
intermediary machines, being international laws enforcement difficult
 Commonly used protocols not designed for hostile environment:
authentication missing or based on source address, cleartext password, or
integrity of remote host
missing protection against denial-of-service attacks
 Use of broadcast technologies, promiscuous-mode network interfaces
 Vulnerable protocol implementations
 Distributed denial-of-service attacks
Why is it so bad?
• Home Users increase vulnerabilities;
• Today most homes are connected, particularly with the advent
of DSL and cable modems
• Most home users:
– are unaware of vulnerabilities
– don’t use firewalls
– think they have nothing to hide or don’t care if others get
their data
– don’t realize their systems can serve as jump off points for
other attacks (zombies)
Why is it so bad?
• Computer security is reactive
- usually reacting to latest attack
- offense is easier than defense
• Security is expensive (in dollars and in time)
• There is not now, and never will be, a system with perfect
security
Attacks: classification
Network attacks:
-DoS
-Spoofing,
-……
Host attacks:
-Virus,
-Worms,
-Buffer overflows,
-…..
Application attacks:
-SQL injection,
-Input tampering,
-Spam,
-…..
Applications
Host
Network
Examples of common attacks
- password guessing/cracking
- denial of service
- spoofing/masquerading
- system break-in
- eavesdropping
- viruses, trojan horses
Password attacks (1)
•
social engineering and user mistakes:
– an employee accidentally revealing confidential data by sending the
wrong email
– An employee reveals confidential data to just met people
•
guessing weak passwords:
– name of partner, child, pet, favourite movie, book title, band name,
birthdays, …
– guesses based on known previous passwords
– keyboard sequences
•
Password crack:
– attempts to reverse the password computation process
Password attacks (2)
•
dictionary attacks (UNIX Crack, L0pht Crack for Windows NT)
s6gbs84hNd6gY
original password
hash function
•
…
hndz7HndUndp8
s6gbs84hNd6gY
7/Vbjsopdf9.K
…
cached passwords in cleartext:
– storing cleartext passwords in temporary files
– caching passwords on servers
– weak XOR encryption
Denial of service (DOS)
Flood of maliciously generated
packets “swamp” receiver
Countermeasures:
filter out flooded packets (e.g.,
SYN) before reaaching host:
throw out good with bad
traceback to source of floods
(most likely an innocent,
compromised machine)
Distributed DOS
Distributed DOS (DDOS):
multiple coordinated sources
(compromised hosts) swamp
receiver
The Attacker controls and activates an
attack;
The Masters are compromised hosts that
control Agents;
The Agents are compromised hosts that
effectively perform the attack.
Distributed DOS: phases
DDoS phases:
1.Scan thousands of hosts looking for known vulnerabilities.
2.Exploit vulnerabilities to compromise hosts and get access.
3.Install tools for the DDoS on compromised hosts:
1. The tools allow hosts to scan and exploit vulnerabilities
of other hosts, too.
4.Once a large number of hosts is compromised, the attack can begin
and it is activated by a remote client.
Spoofing
•
•
•
•
inserting false source IP address
obscures real source of attack
possible session hijacking
two-way communication with spoofing must employ
redirection of replies
Ways to gain unauthorised access
•
•
•
•
•
poor or no authentication
weak, sniffed or stolen passwords
“forgotten” services
server buffer overruns
backdoors, trojan horses and poor
implementation of OS code and services
• spoofing trusted hosts
Sniffer
• listens to all traffic on a local network
• privileged access needed on UNIX systems (Windows 95/98:
every user is a “privileged” users)
• specialised sniffers grab and log passwords in nice humanreadable form
• generally undetectable over network
Examples of TCP/IP vulnerabilities
• Implementations have predictable start sequence numbers, so even without having access to
reply packets sent from D to S, an attacker can:
• impersonate S by performing the entire handshake without receiving the second message
(“sequence number attack”)
• disrupt an ongoing communication by inserting data packets with the right sequence numbers
(“session hijacking”)
• The connectionless User Datagram Protocol (UDP) has no sequence numbers and is therefore
more vulnerable to address spoofing.
• Network services are usually configured with alphanumeric names mapped by the Domain
Name System (DNS), which features its own set of vulnerabilities:
• DNS implementations cache query results, and many older versions even cache unsolicited
ones, allowing an attacker to fill the cache with desired name/address mappings before
launching an impersonation attack.
Virus and Worms
Internet Viruses
• Self-replicating code and data
• Typically requires human interaction before exploiting an application vulnerability
– Running an e-mail attachment
– Clicking on a link in an e-mail
– Inserting/connecting “infected” media to a PC
• Then search for files to infect or sends out e-mail with an infected file
Internet Worms
• Self-replicating, self-propagating code and data
• Use network to find potential victims
• Typically exploit vulnerabilities in an application running on a machine or the
machine’s operating system to gain a foothold
• Then search the network for new victims
Recent Worms
• Code Red 1 and 2
• Code Blu
• Nimda
• SQL Slammer
• Nachi/Welchia
•Few minutes to:
•Scan millions of IP addresses,
•Bandwidth saturation,
•Infect thousands of hosts
•Propagate by exploiting applicationa and operating system vulnerabilities
Trojan horses
• trojan horses are programs disguised as useful tools
• platform/OS specific
• Trojans: BackOrifice, BO2k, NetBus, DeepThroat, Girlfriend
– target MS Windows systems
– install as a service at boot time
– accepts network connections (some encrypt
their traffic)
– allow full access to the system (specialised
commands for grabbing dial-up passwords)
Detection and prevention
• Use clean tools (commands on the system can be replaced
by attacker);
• use intrusion detection systems and firewalls;
• use session encryption (e.g. Secure Shell);
• use one-time passwords (e.g. S/Key);
• use antiviral tools (with regular updates);
• user education:
– problems with downloads from untrusted sites
– be careful with received executable content
Proactive measures
• Establish security policies (for all security requirements)
• install latest versions of software and apply recommended
patches
connect the
• strip down default services
system to your
network
• design your network and restrict access to hosts
(segmentation, DMZ, private IP classes,…)
• stay current with new security issues
• apply OS and server patches immediately
• do regular backups
• monitor system activity and integrity
• implement firewalls and IDS
Site security policy
• who is authorised to use specific services from where (and
when)?
• who is given privileged access?
• plan division of your network to
public and private segments
• inform users of risks
• seek approval of your policy
Security policy development
Step 1: Security requirements analysis
-Identify assets and their value
-Identify vulnerabilities, threats and risk priorities
-Identify legal and contractual requirements
Step 2: Work out a suitable security policy
The security requirements identified can be complex and may have to be abstracted first into a high-level
security policy, a set of rules that clarifies which are or are not authorised, required, and prohibited activities,
states and information flows.
Step 3: Security policy document
Once a good understanding exists of what exactly security means for an organisation and what needs to be
protected or enforced, the highlevel security policy should be documented as a reference for anyone involved
in implementing controls. It should clearly lay out the overall objectives, principles and the underlying threat
model that are to guide the choice of mechanisms in the next step.
Step 4: Selection and implementation of controls
Issues addressed in a typical low-level organisational security policy:
-General (affecting everyone) and specific responsibilities for security
-Names manager who “owns” the overall policy and is in charge of its
continued enforcement, maintenance, review, and evaluation of effectiveness
-Names individual managers who “own” individual information assets and are
responsible for their day-to-day security
-Reporting responsibilities for security incidents, vulnerabilities, software
malfunctions
Step 4 (cont.)
-Mechanisms for learning from incidents
-User training, documentation and revision of procedures
-Personnel security (depending on sensitivity of job)
-Regulation of third-party access
-Physical security (Definition of security perimeters, locating facilities to minimise traffic across
perimeters, entrance controls, handling of visitors and public access, visible identification, location
of backup equipment at safe distance, redundant power supplies, access to cabling, clear
desk/screen policy, etc.)
-Segregation of duties
-Audit trails (What activities are logged, how are log files protected from manipulation)
-Separation of development and operational facilities
-Protection against unauthorised and malicious software
-Organising backup and rehearsing restoration
-File/document access control, sensitivity labeling of documents and media
-Disposal of media
-Network and software configuration management
-Line and file encryption, authentication, key and password management
-Duress alarms, terminal timeouts, clock synchronisation, . . .
Stay informed and updated…..
• subscribe to mailing lists
• check for new exploits
• advisories often offer links to vendor patches
• if those are absent, consider a temporary service
restriction
Firewall and Gateways
Introduction
• everyone want to be on the Internet and to
interconnect networks
• has persistent security concerns
– can’t easily secure a system
• typically use Firewalls and IDS to provide
perimeter defence as part of comprehensive
security strategy
27
The Role of the Firewall
• A hardware or software solution which restricts access between
your network and an outside network.
• Firewall can be uni-directional or bi-directional
• Usually at perimeter (where the two networks meet)
• Firewalls restrict access to services you don't want to make
available to the outside
• This includes services and machines that you don't know about (Web
servers on desktops, laptops using public ports, etc)
• Firewalls scale well and centralize management
• As the number of hosts increases, the ability to fully secure and monitor
each host decreases. Firewalls help solve this problem by allowing some
amount of centralization.
• It can not protect against everything!!!
What is a Firewall?
• a choke point of control and monitoring
• interconnects networks with differing trust
• imposes restrictions on network services
– only authorized traffic is allowed
• auditing and controlling access
– can implement alarms for abnormal behavior
• provide NAT & usage monitoring
• implement VPNs using IPSec
29
Firewall Limitations
• cannot protect from attacks bypassing it
– E.g., sneaker net, utility modems, trusted
organisations, trusted services (eg SSL/SSH)
• cannot protect against internal threats
– eg disgruntled or colluding employees
• cannot protect against transfer of all virus
infected programs or files
– because of huge range of O/S & file types
• cannot protect from natural disasters
30
Firewalls: taxonomy
1. Traditional packet filters
– filters often combined with router, creating a
firewall
2. Stateful filters
3. Application gateways
Firewalls – Packet Filters
• simplest, fastest firewall component
• foundation of any firewall system
• examine each IP packet (no context)
and permit or deny according to rules
• hence restrict access to services (ports)
• possible default policies
– that not expressly
permitted is prohibited
– that not expressly
prohibited is permitted
32
Traditional packet filters
Analyzes each datagram going through it;
makes drop decision based on:
•
•
•
•
•
source IP address
destination IP address
source port
destination port
TCP flag bits
– SYN bit set: datagram for
connection initiation
– ACK bit set: part of
established connection
• TCP or UDP or ICMP
– Firewalls often
configured to block all
UDP
• direction
– Is the datagram leaving
or entering the internal
network?
• router interface
– decisions can be different
for different interfaces
Filtering Rules - Examples
Policy
Firewall Setting
No outside Web access.
Drop all outgoing packets to
any IP address, port 80
External connections to
public Web server only.
Drop all incoming TCP SYN
packets to any IP except
222.22.44.203, port 80
Prevent IPTV from eating
up the available bandwidth.
Drop all incoming UDP packets
- except DNS and router
broadcasts.
Prevent your network from Drop all ICMP packets going to
being used for a Smurf DoS a “broadcast” address (eg
222.22.255.255).
attack.
Prevent your network from
being tracerouted
Drop all outgoing ICMP
Each router/firewall interface can have its own ACL
Access control lists
Apply rules from top to bottom:
source
address
dest
address
allow
222.22/16
outside of
222.22/16
allow
outside of
222.22/16
allow
222.22/16
allow
outside of
222.22/16
222.22/16
deny
all
all
action
protocol
source
port
dest
port
flag
bit
any
TCP
> 1023
80
TCP
80
> 1023
ACK
UDP
> 1023
53
---
UDP
53
> 1023
----
all
all
all
all
222.22/16
outside of
222.22/16
Advantages and disadvantages of traditional
packet filters
• Advantages
– One screening router can protect entire
network
– Can be efficient if filtering rules are kept
simple
– Widely available. Almost any router, even
Linux boxes
• Disadvantages
– Can possibly be penetrated
– Cannot enforce some policies. For example,
permit certain users.
– Rules can get complicated and difficult to test
Attacks on Packet Filters
• IP address spoofing
– fake source address
– authenticate
• source routing attacks
– attacker sets a route other than default
– block source routed packets
• tiny fragment attacks
– split header info over several tiny packets
– either discard or reassemble before check
37
Firewalls – Stateful Packet Filters
• traditional packet filters do not examine higher layer context
– i.e., matching return packets with outgoing flow
• stateful packet filters address this need
• they examine each IP packet in context
– keep track of client-server sessions
– check each packet validly belongs to one
• stateful filter: Adds more intelligence to the filter decisionmaking process
– Stateful = remember past packets
• they are better able to detect bogus packets out of context
38
Stateful filters: example
• Log each TCP connection initiated through firewall: SYN segment
• Timeout entries which see no activity for, say, 60 seconds
source
address
dest
address
source
port
dest
port
222.22.1.7
37.96.87.123
12699
80
199.1.205.23
37654
80
203.77.240.43
48712
80
222.22.93.2
222.22.65.143
If rule table indicates that stateful table must be checked:
check to see if there is already a connection in stateful table
Stateful filters can also remember outgoing UDP segments
Stateful example
1) Packet arrives from outside: SA=37.96.87.123, SP=80,
DA=222.22.1.7, DP=12699, SYN=0, ACK=1
2) Check filter table ➜ check stateful table
action
source
address
dest
address
proto
source
port
dest
port
allow
222.22/16
outside of
222.22/16
TCP
> 1023
80
allow
outside of
222.22/16
TCP
80
> 1023
ACK
allow
222.22/16
UDP
> 1023
53
---
allow
outside of
222.22/16
222.22/16
UDP
53
> 1023
----
deny
all
all
all
all
all
all
222.22/16
outside of
222.22/16
flag
bit
check
conxion
any
3) Connection is listed in connection table ➜ let packet through
x
x
Firewalls - Application Level Gateway
(or Proxy)
• have application specific gateway
/ proxy
• has full access to protocol
– user requests service from
proxy
– proxy validates request as
legal
– then actions request and
returns result to user
– can log / audit traffic at
application level
• need separate proxies for each
service
– some services naturally
support proxying
– others are more problematic
HTTP
SMTP
FTP
TELNE
T
41
Advantages and disadvantages of proxy gateways
• Advantages
– Proxy can log all connections, activity in connections
– Proxy can provide caching
– Proxy can do intelligent filtering based on content
– Proxy can perform user-level authentication
• Disadvantages
– Not all services have proxied versions
– May need different proxy server for each service
– Requires modification of client
– Performance
Intrusion Detection System
Architectures
IDS goals
• IDS most general goals are:
– Response: capability to recognize an
activity as an attack and then tacking
action to block it.
– Accountability: capability to link a given
event back to the responsible.
IDS Architecture: logical
components
• Different IDS are characterized by different monitoring
and analysis approaches but all can be described in
terms of 3 logical components:
• INFORMATION SOURCES:
• Network-based
• Host-based
• Application-based
• ANALYSIS COMPONENT to decide when an event
indicates that intrusions are occurring:
• Misuse detection
• Anomaly detection
• RESPONSE COMPONENT: determines the set of
actions that the system takes once it detects intrusion:
• Passive
• Active
Information sources:
Network-based IDS (NIDS)
A NIDS detects attacks by:
a) capturing
b) analyzing network packets of a LAN
segment
NIDS Ads and Cons
Advantages:
Disadvantages:
• A single NIDS can monitor a • It is difficult to process all
packets in a busy network
wide subnet
• The impact on the system is
very little, it is a passive
device which just listens
• It is not pervasive
• It cannot analyze encrypted
information
• It can only discern whether
an attack was initiated not if
it was successful
Information sources:
Host -based IDS (HIDS)
An HIDS operates on information collected from a
single device to analyze activities and determine
which processes are involved in a particular attack;
it can utilize both system logs and OS audit trails
and system variables.
HIDS Ads and Cons
• Monitor host local events
(reveals attacks not
detectable by NIDS)
• It is harder to manage and
must be configured for each
different host;
• Work well even if traffic is
encrypted;
• May be disabled under
attack;
• When it works on OS audit
trails it can reveal Trojan
Horse or other attacks to
SW integrity.
• It is not suitable for
revealing preamble attacks
which usually scan the
network
• It uses the resources of the
host, very pervasive
Information sources:
Application -based IDS (AIDS)
An AIDS is a special subset of HIDS, it
analyzes the events occurring within an
application; the analysis engine includes
domain and application specific knowledge to
detect suspicious behaviors in the interaction
between the users, the data and the
application.
AIDS Ads and Cons
• Can monitor the
interaction between
user and application
(trace unauthorized
activity to individual
users);
• At end-point level all
data are not
encrypted
• Are more vulnerable
than IDS (application
logs are not well
protected);
• Monitor events at the
user-level cannot
detect sw tampering
intrusion;
• It’s advisable to use it
with an HIDS and/or
NIDS
IDS Analysis Component (1)
• Misuse (or signature-based)
detection: analyze system activity
looking for events or sets of events
that match a predefined pattern of
events that describe a known attack
(called signature);
IDS Analysis Component (2)
• Anomaly detection: look for
abnormal patterns of activity; to
identify unusual behaviour on a
host/network, they construct profiles
representing normal behaviour of
users, host or network connections
(statistical and/or historical approach)
IDS Analysis comparison (1)
Misuse detection:
- don’t generate a lot of false alarms;
- It is easy to account the type of attack
acting;
- It is possible to detect only Known attacks
(signature DB must be continuously
updated)
- It is not able to detect little variants.
IDS Analysis comparison (2)
Anomaly detection:
- it is able to detect symtoms of attacks;
- Produces information that can be used to
define new signatures;
- Generates a large number of false alarms;
- Requires extensive training set of system
event records.
Response Component
After gathering and analyzing events, IDS should generate two
kind of response
Passive Response
Active Response
•
Alarm and notifications
•
SNMP: generate e-mail
message with alarms
•Include automatic actions, for
example:
•Collect other info to be sure;
•Block the attacker (close the
connection, reconfigure the
firewall,..)
•Take action against the
attacker (ATT: this could be
illegal)
SNORT Architecture (1)
network
Packet decoder
Detection Engine
Logging/alerting
subsystem
Main Features:
• NIDS to monitor small
TCP/IP networks and
detect a wide variety
of suspicious network
traffic;
• It has a rules-based
traffic collection
engine to perform
content pattern
matching;
SNORT Architecture (2)
• It is especially suited to detect attacks
like: buffer overflow, stealth port
scans, SMB probes and more;
• furthermore it is very simple to add
new rules to detect new form of
attacks.
• It has 3 basic action directives when a
packet matches a rule: pass, log, alert
Putting all togheter
Security in many layers
Security in many layers
• To guarantee the infrastructure security,
we need to enforce different strategies and
mechanisms at different architectural
levels:
– Network level
– System level
– Application level
– User Level
Network Security Level
• Data and functions need to be protected in
different ways and we can enforce proper
security policies to both components.
• A network infrastructure should be designed
including the following subsystems:
–
–
–
–
–
Internet,
Outer firewall,
DMZ and public servers,
Inner firewall,
Intranet and internal servers.
A secure network design
Web
server
Firewall
Mail
Server
DNS
Server
Internet
DMZ
Develop
subnet
IN
Firewall
Internal
servers
Intranet
DMZ (demilitarized zone)
• DEF: A DMZ is a network segment that divide the internal
network from the external one.
• The components adopted for such separation are
FIREWALLS that avoid external attacks and avoid that inner
data are improperly disclosed
• All services that should be available form the external internet
are put in the DMZ, for example:
• WWW, DNS, Mail, Log servers.
• FIREWALLS:
• The external firewall controls access to public server by
filtering the traffic;
• The external firewall controls access to the intranet and avoid
data outcome.
Filtering methods
Address filtering:
– analysis of the source address in the IP packet;
– analysis of the destination address in the IP packet;
Service filtering:
– analysis of the transport protocol;
– analysis of the port;
– analysis of ACK signals;
Secure intranet:
- Internal address should be not visible (use of a private class
as 10.x.y.z and a Network Address Translation (NAT) to map
internal host address to external addresses;
IDS
• We need more IDS within the different
segments, with different features
Security in the other layers
•
Reasons:
1. Network security is able to protect data by
encrypting all data in the datagrams and
cannot provide user-level security;
2. It is easier to deploy new Internet services at
the higher layers of the stack; application
developers introduce in their application
many security features.
Secure e-mail

Alice wants to send confidential e-mail, m, to Bob.
KS
m
K (.)
S
+
KS
+
.
K B( )
+
KS(m )
KS(m )
+
KB(KS )
-
Internet
+
KB(KS )
KB
Alice:




.
KS( )
generates random symmetric private key, KS.
encrypts message with KS (for efficiency)
also encrypts KS with Bob’s public key.
sends both KS(m) and KB(KS) to Bob.
KS
-
.
K B( )
-
KB
m
Secure e-mail

Alice wants to send confidential e-mail, m, to Bob.
KS
m
K (.)
S
+
KS
+
.
K B( )
+
KS(m )
KS(m )
+
KB(KS )
-
Internet
+
KB(KS )
KB
Bob:
.
KS( )
 uses his private key to decrypt and recover KS
 uses KS to decrypt KS(m) to recover m
KS
-
.
K B( )
-
KB
m
Secure e-mail (continued)
• Alice wants to provide sender authentication
message integrity.
+
-
KA
m
H(.)
-
.
KA( )
-
-
KA(H(m))
KA(H(m))
+
Internet
m
• Alice digitally signs message.
KA
+
.
KA( )
m
H(m )
compare
.
H( )
H(m )
• sends both message (in the clear) and digital signature.
Secure e-mail (continued)
• Alice wants to provide secrecy, sender authentication,
message integrity.
-
KA
m
.
H( )
-
.
KA( )
-
KA(H(m))
+
KS
.
KS( )
+
m
KS
+
.
K B( )
+
Internet
+
KB(KS )
KB
Alice uses three keys: her private key, Bob’s public
key, newly created symmetric key
Pretty good privacy (PGP)
A PGP signed message:
• Internet e-mail encryption
scheme, de-facto standard.
• uses symmetric key
cryptography, public key
cryptography, hash
function, and digital
signature as described.
• provides secrecy, sender
authentication, integrity.
• inventor, Phil Zimmerman.
---BEGIN PGP SIGNED MESSAGE--Hash: SHA1
Bob:My husband is out of town
tonight.Passionately yours,
Alice
---BEGIN PGP SIGNATURE--Version: PGP 5.0
Charset: noconv
yhHJRHhGJGhgg/12EpJ+lo8gE4vB3mqJ
hFEvZP9t6n7G6m5Gw2
---END PGP SIGNATURE---
PGP
•
•
•
PGP combines the best available cryptographic algorithms
to achieve secure e-mail communication.
It is assumed that all users are using public key
cryptography (with RSA digital signatures) and have
generated a private/public key pair.
All users also use a symmetric key system such as triple
DES.
PGP Authentication
This is a digital signature scheme with hashing.
1.
Alice has (private/public) key pair (Ad/Ae) and she wants to send a digitally signed
message m to Bob.
2.
Alice hashes the message using SHA-1 to obtain
SHA(m).
3.
Alice encrypts the hash using her private key Ad to obtain ciphertext c given by
c=pk.encryptAd(SHA(m))
4.
Alice sends Bob the pair (m,c)
5.
Bob receives (m,c) and decrypts c using Alice's public key Ae to obtain signature s
s=pk.decryptAe(c)
He computes the hash of m using SHA-1 and if this hash value is equal to s then the
message is authenticated.
6.
Bob is sure that the message is correct and that is does come from Alice. Furthermore Alice
cannot later deny sending the message since only Alice has access to her private key Ad
which works in conjunction with the public key Ae.
PGP Confidentiality
1.
2.
3.
Alice wishes to send Bob a confidential message m.
Alice generates a random session key k for a symmetric cryptosystem.
Alice encrypts k using Bob’s public key Be to get
k’ = pk.encryptBe(k)
4.
Alice encrypts the message m with the session key k to get ciphertext c
c=sk.encryptk(m)
5.
6.
Alice sends Bob the values (k’,c)
Bob receives the values (k’,c) and decrypts k’ using his private key Bd to obtain k
k=pk.decryptBd(k’)
Bob uses the session key k to decrypt the ciphertext c and recover the message m
m=sk.decryptk(c)
7.
Public and symmetric key cryptosystems are combined in this way to provide security for key
exchange and then efficiency for encryption. The session key k is used only to encrypt
message m and is not stored for any length of time.
PGP Authenticaton and
Confidentiality
The schemes for authentication and confidentiality can be combined so that Alice can sign a
confidential message which is encrypted before transmission. The steps required are as
follows:
•
Alice generates a signature c for her message m as in the Authentication scheme
c=pk.encryptAd(SHA(m))
•
Alice generates a random session key k and encrypts the message m and the signature c
using a symmetric cryptosystem to obtain ciphertext C
C=sk.encryptk(m,c)
•
She encrypts the session key k using Bob’s public key
k’ = pk.encryptBe(k)
•
Alice sends Bob the values (k’,C)
•
Bob recieves k’ and C and decrypts k’ using his private key Bd to obtain the session key k
k=pk.decryptBd(k’)
•
•
Bob decrypts the ciphertext C using the session key k to obtain m and c
(m,c) = sk.decryptk(C)
Bob now has the message m. To authenticate it he uses Alice’s public key Ae to decrypt
the signature c and hashes the message m using SHA-1.
If SHA(m) = pk.decryptAe(C) Then the message is authenticated.
Secure Sockets Layer (SSL)
• transport layer security
to any TCP-based app
using SSL services.
• used between Web
browsers, servers for ecommerce (https).
• security services:
– server authentication
– data encryption
– client authentication
(optional)
• server authentication:
– SSL-enabled browser
includes public keys for
trusted CAs.
– Browser requests server
certificate, issued by
trusted CA.
– Browser uses CA’s public
key to extract server’s
public key from certificate.
• check your browser’s
security menu to see its
trusted CAs.
SSL (continued)
Encrypted SSL session:
•
•
•
Browser generates symmetric
session key, encrypts it with
server’s public key, sends
encrypted key to server.
Using private key, server decrypts
session key.
Browser, server know session key
– All data sent into TCP socket
(by client or server) encrypted
with session key.
•
•
•
SSL: basis of IETF Transport
Layer Security (TLS).
SSL can be used for non-Web
applications, e.g., IMAP.
Client authentication can be
done with client certificates.
SSL Architecture
SSL
SSL Change
Handshake Cipher Spec
Protocol
Protocol
SSL
Alert
Protocol
SSL Record Protocol
TCP
IP
applications
(e.g., HTTP)
SSL Handshake Protocol – overview
client_hello
server_hello
Phase 1: Negotiation of the session ID, key exchange
algorithm, MAC algorithm, encryption algorithm, and
exchange of initial random numbers
certificate
server_key_exchange
certificate_request
Phase 2: Server may send its certificate and key
exchange message, and it may request the client
to send a certificate. Server signals end of hello
phase.
server_hello_done
certificate
client_key_exchange
certificate_verify
Phase 3: Client sends certificate if requested and may
send an explicit certificate verification message.
Client always sends its key exchange message.
change_cipher_spec
finished
change_cipher_spec
finished
Phase 4: Change cipher spec and finish handshake
IPsec: Network Layer Security
• Network-layer secrecy:
– sending host encrypts the
data in IP datagram
• Network-layer authentication
– destination host can
authenticate source IP
address
• Two principle protocols:
– authentication header (AH)
protocol
– encapsulation security
payload (ESP) protocol
• For both AH and ESP, source,
destination handshake:
– create network-layer logical
channel called a security
association (SA)
• Each SA unidirectional.
• Uniquely determined by:
– security protocol (AH or
ESP)
– source IP address
– 32-bit connection ID
Example: Oracle Access Controls
and DMZ
Web Server
Handler
Resources
HTTP(s)
Single Sign-On
to Applications
Web Server
Handler
HTTP(s)
Access
Server
Users
Secure
Protocol over SSL
User Identities for
Authentication
and Authorization
LDAP
over SSL
Firewall
DMZ
Firewall
Security Policies
for Authentication
and Authorization
Example: a reliable three-tiers system
Client
Web Server
Client
Access Control is only a
small piece of security….
App
App
gemella
Dati
How to guarantee
Business Continuity
In case of system damage?
How to guarantee
Data access
In case of DB damage?
Dati
Back up
It is of foundamental
importance to define:
back up Policy,
Recovery Strategies
Service Level Agreements