Upload
melvin-morris-holmes
View
227
Download
0
Tags:
Embed Size (px)
Citation preview
Information and Network Information and Network SecuritySecurity
Rudra DuttaCSC 401- Fall 2011, Section 001
Network SecurityNetwork Security Based on concepts of information security
– Complementary to: physical security of networks and endpoints
– Also related to: human security
Comparatively recent concern with security in networks
Various “attackers” or “malcontents” at various levels of seriousness, frequency, ability
Overarching goal – no single place (many vulnerabilities)
No such thing as 100% security2Copyright Rudra Dutta, NCSU, Fall 2011
Components of StudyComponents of Study Basic concerns
– Confidentiality, authentication, non-repudiation, integrity
– Availability, authorization
Fundamental tools– Cryptography
Building blocks– Signatures, certifications, …
Protocols / architectures– IPSec, firewall, VPN, PGP, SSL, Shibboleth …
Emerging trend: trust managementCopyright Rudra Dutta, NCSU, Fall 2011 3
Security ConcernsSecurity Concerns Confidentiality (Secrecy, Privacy)
– Nobody but intended recipient should know content– “Person-in-the-middle” possibility in networks
Authentication– Confidence in recognizing trusted or known entity
Non-repudiation– Inability to claim innocence of past action
Integrity– Message received same as message sent
Availability– Infrastructure / resource available to genuine use
Authorization– Policy form of confidentiality
Copyright Rudra Dutta, NCSU, Fall 2011 4
CryptographyCryptography
DK ( EK ( P ) ) = P (symmetric-key)
“Algorithm is public, only keys are secret” Attacks: (i) ciphertext-only, (ii) known-plaintext,
(iii) chosen-plaintextCopyright Rudra Dutta, NCSU, Fall 2011 5
Ciphers as TransformationCiphers as Transformation
6Copyright Rudra Dutta, NCSU, Fall 2011
Simple substitution cipher– More advanced ones possible
Fundamental principles:– Messages must contain some redundancy– Some method is needed to foil replay attacks
The first implies that plaintext “space” must be large and sparsely used – can use cryptographic hashes
The second shows the need of timestamp or equivalent Ciphering (even efficiently) is only useful if these
conditions are first met
Data Encryption StandardData Encryption Standard
7Copyright Rudra Dutta, NCSU, Fall 2011
A comparatively older and simpler symmetric key cipher
Each stage uses a different 48-bit key derived from the main 56-bit key
Li-1 is transformed to 48 bits, bit-XOR’d with key, mapped back into 32 bits
Other CiphersOther Ciphers
Some common symmetric-key cryptographic algorithms
8Copyright Rudra Dutta, NCSU, Fall 2011
Public Key CryptographyPublic Key Cryptography Weak point: key distribution
– Keys have to be distributed, yet kept secret– Once a key is compromised, worse than useless
Solution: asymmetric keys– Encryption and decryption use different keys which are not
trivially related to each other– Diffie-Hellman, 1976
D ( E ( P )) = P Exceedingly difficult to deduce D from E E cannot be broken by chosen-plaintext attack
E(.) can be made public – D(.) is never distributed “public key cryptography”
Copyright Rudra Dutta, NCSU, Fall 2011 9
RSA (RSA (RRivest, ivest, SShamir, hamir, AAdleman)dleman)1. Choose two large primes, p and q (e.g. 3 and 11)
2. Compute n = p × q and z = ( p − 1) × (q − 1)
3. Choose number relatively prime to z – call it d (7)
4. Find e such that e × d = 1 mod z (3)
E(.) : C = Pe (mod n) D(.) : P = Cd (mod n)
10Copyright Rudra Dutta, NCSU, Fall 2011
Tools: Digital SignaturesTools: Digital Signatures
Required Conditions:1. Receiver can verify claimed identity of sender.
2. Sender cannot later repudiate contents of message.
3. Receiver cannot have concocted message himself.
11Copyright Rudra Dutta, NCSU, Fall 2011
Message Digests (Cryptographic Hash)Message Digests (Cryptographic Hash)
Message Digest (e.g. MD5) propertiesl Given P, easy to compute MD(P).l Given MD(P), effectively impossible to find P.l Given P no one can find P′ such that MD(P′) =
MD(P).l Change to input of even 1 bit produces very
different output.
12Copyright Rudra Dutta, NCSU, Fall 2011
Message digests can form Digital signatures(However, vulnerable to birthday attack)
Management of Public KeysManagement of Public Keys
Trudy can subvert public-key encryption: need certification
13Copyright Rudra Dutta, NCSU, Fall 2011
Achieving Security in NetworksAchieving Security in Networks IPSec – Security in IP layer between endpoints Firewalls – policing at gateways VPNs – Multipoint-to-multipoint secure
community over insecure Internet Kerberos etc. – authentication over insecure
Internet PGP etc. – Security between application
endpoints DNSSec – Securing DNS transactions TLS / SSL – API to encapsulate process-to-
process (client-server) securityCopyright Rudra Dutta, NCSU, Fall 2011 14
IP Security IP Security Multiple services, separate
– Secrecy, Integrity, Replay protection– Based on symmetric keys– Pluggable algorithm modules
Security Association– End-to-end context, unidirectional, security identifier– Allows use of IPSec at different granularities
Transport mode– IPSec header Inserted after IP header– Integrity, authentication, replay attacks with AH– Origin (integrity, authentication), secrecy, replay with ESP
Tunnel mode– IP packet encapsulated in new IP packet, ESP– Integrity, authentication, secrecy, replay
Copyright Rudra Dutta, NCSU, Fall 2011 15
Key ManagementKey Management Shared keys Distribution (sharing) of keys outside SA ISAKMP framework
– Manual pre-configuration– Internet Key Exchange v2 protocol– DNS as key distributor– Others …
When two IP endpoints want to setup a SA, they already have a shared key / have a way to share a key
Copyright Rudra Dutta, NCSU, Fall 2011 16
IPsec AHIPsec AH
Transport mode only – Authentication Header– In IPv6, used as extension header
In IP header, Protocol is 51 for IPSec
Identifier
Detect replay attacks
Hashed Message Authentication CodeSignature computed using shared key
17Copyright Rudra Dutta, NCSU, Fall 2011
IPsec ESPIPsec ESP
Header contains security identifier and sequence number
Originally, secrecy only (not integrity) Later extended by adding authentication signature Eventually likely to phase out AH
18Copyright Rudra Dutta, NCSU, Fall 2011
FirewallsFirewalls
Packet filtering gateways– Can filter by ports, or any other field
DMZ or Perimeter Networks can complement Stateless, stateful, application-level gateways Should form component of overall security picture
19Copyright Rudra Dutta, NCSU, Fall 2011
Virtual Private NetworksVirtual Private Networks
Create virtual circuits between gateways of each physical network of an organization
– Actually, not virtual circuits but SA tunnels– Firewalls as well as gateways
Intermediate routers can transport but not compromise– May provide MPLS tunnels (with bandwidth provisions)
20Copyright Rudra Dutta, NCSU, Fall 2011
KerberosKerberos
“Three-headed” scheme Separate user authentication from service authorization Password not transmitted, on public workstation briefly
Copyright Rudra Dutta, NCSU, Fall 2011 21
KS: Session key
KAB: Service session key
Ticket granting ticket
Service ticket
Pretty Good PrivacyPretty Good Privacy
RSA used to encrypt small, random words IDEA (much faster) encrypts larger message
Bob confident of P, Alice
Random input by Alice
Like DES
Only Bob can get KM
22Copyright Rudra Dutta, NCSU, Fall 2011
PGP MessagePGP Message
23Copyright Rudra Dutta, NCSU, Fall 2011
DNSDNS
Copyright Rudra Dutta, NCSU, Fall 2011 24
DNS SpoofingDNS Spoofing
25Copyright Rudra Dutta, NCSU, Fall 2011
Poisoning DNSPoisoning DNS
Basically – force DNS server to query, and send false answer right behind the query
Need to first know sequence number – register bogus domain
26Copyright Rudra Dutta, NCSU, Fall 2011
DNSSecDNSSec DNSSec attempts to provide:
– Proof of where the data originated– Public key distribution– Transaction and request authentication
DNS replies are Resource Records– Grouped into sets – RRSets
Each DNS zone has public/private key pair– RRSet to be delivered is cryptographically hashed– Hash is signed by zone’s private key
New RR types to store key, hash, specify algorithm (and others such as validity period)
Hashing and signing is offline – at zone Signatures also protect query-response between servers
27Copyright Rudra Dutta, NCSU, Fall 2011
SSL / TLSSSL / TLS Encapsulate security for application programs Original SSL proposed by Netscape, later TLS standardized by
IETF– TLS is incompatible with SSL– Falls back on SSL, but not earlier than SSL 3.0
Newly generated key to sign and encrypt data for each connection
Copyright Rudra Dutta, NCSU, Fall 2011 28
SummarySummary Cryptography and privacy/secrecy of keys used
to assure security goals Network security largely still in the stage of
shoring up known exploits Understanding of vulnerabilities are still on a
case-by-case basis “Encrypt everything” may be both overkill and
underkill Significant growth area
Copyright Rudra Dutta, NCSU, Fall 2011 29