Notes on Network Security Issues

From security courses at:

Stern School of Business, NYU

Georgia Tech

Attacks

An attack occurs when someone attempts to use a vulnerability

Kinds of attacks Passive (e.g., eavesdropping) Active (e.g., password guessing) Denial of Service (DOS)

Distributed DOS – using many endpoints

A compromise occurs when an attack is successful Typically associated with taking over resources

Eavesdropping - Message Interception (Attack on Confidentiality) Unauthorized access to information Packet sniffers and wiretappers Illicit copying of files and programs

S R

Eavesdropper

Integrity Attack - Tampering With Messages Stop the flow of the message Delay and optionally modify the message Release the message again

S R

Perpetrator

Authenticity Attack - Fabrication Unauthorized assumption of other’s identity Generate and distribute objects under this

identity

S R

Masquerader: from S

Attack on Availability Destroy hardware (cutting fiber) or software Modify software in a subtle way (alias commands) Corrupt packets in transit

Blatant denial of service (DoS): Crashing the server Overwhelm the server (use up its resource)

S R

Trust

Trust refers to the degree to

which an entity is expected to behave A trust model describes, for a particular

environment, who is trusted to do what? Note: you make trust decisions every day

People - the biggest security risk? A CompTIA study identified human error as a

major underlying factor in 63% of security breaches

What is Authentication?

Short answer: establishes identity Answers the question: To whom am I speaking?

Long answer: evaluates the authenticity of identity proving credentials Credential – is proof of identity Evaluation – process that assesses the

correctness of the association between credential and claimed identity for some purpose under some policy

What is Identity?

That which gives you access … which is largely determined by context We all have lots of identities Pseudo-identities

Really, determined by who is evaluating credential Driver’s License, Passport, SSN prove … Credit cards prove … Signature proves … Password proves … Voice proves …

Something you know … Passport number, mothers maiden name, last 4

digits of your social security, credit card number Passwords and pass-phrases

Note: passwords are generally pretty weak University of Michigan: 5% of passwords were goblue

(followed by: love, beer) Passwords used in more than one place Not just because bad ones selected: If you can remember it,

then a computer can guess it Computers can often guess very quickly

Something you have …

Tokens (transponders, …) Speedpass, EZ-pass

Smartcards

Digital Certificates (used by Websites to authenticate themselves to customers)

Something you are …

Biometrics Measures some physical characteristic Fingerprint, face recognition, retina scanners, voice, signature,

DNA Can be extremely accurate and fast Active biometrics authenticate, passive biometrics recognize

What is the fundamental problem? Revocation – lost fingerprint? Great for physical security, generally not feasible for on-line

systems

Encryption algorithm

Algorithm used to make content unreadable by all but the intended receivers

E(plaintext,key) = ciphertextD(ciphertext,key) = plaintext

Algorithm is public, key is private Block vs. Stream Ciphers

Block: input is fixed blocks of same length Stream: stream of input

Symmetric key cryptography

Traditional use of cryptography Symmetric keys, where A single key is used is

used for E and D

D( E(p,k1), k1 ) = p

All (intended) receivers have access to key Note: Management of keys determines who

has access encrypted data E.g., password encrypted email

Data Encryption Standard (DES) Introduced by the US NBS (now NIST) in 1972

Signaled the beginning of the modern area of cryptography

Block cipher Fixed sized input

8-byte input and a 8-byte key (56-bits+8 parity bits)

DES Top View

Permutation

Permutation

Swap

Round 1

Round 2

Round 16

Generate keysInitial Permutation

48-bit K1

48-bit K2

48-bit K16

Swap 32-bit halves

Final Permutation

64-bit Output

48-bit K164-bit Input56-bit Key

…...

Cryptanalysis of DES DES has an effective 56-bit key length

Wiener: 1,000,000$ - 3.5 hours (never built) July 17, 1998, the EFF DES Cracker, which was

built for less than $250,000 < 3 days January 19, 1999, Distributed.Net (w/EFF), 22

hours and 15 minutes (over many machines) We all assume that NSA and agencies like it

around the world can crack (recover key) DES in seconds

What now? Give up on DES? Try variants Triple DES etc.

Diffie-Hellman Key Exchange

g and p known to both

Alice Bob

pick secret Sa randomly pick secret Sb randomly

compute TA=gSa mod p compute TB=gSb mod p

send TA to Bob send TB to Alice

compute TBSa mod p compute TA

Sb mod p

Alice and Bob reached the same secret gSaSb mod p, which is then used as the shared key.

Diffie-Hellman Scheme Security factors

Discrete logarithm very difficult. Shared key (the secret) itself never

transmitted. Disadvantages:

Expensive exponential operation DoS possible.

The scheme itself cannot be used to encrypt anything – it is for secret key establishment.

No authentication, so you can not sign anything …

Bucket Brigade Attack...Man In The Middle AttackAlice Trudy Bob

gSa=123 gSx =654 gSb =255

123 --> 654 -->

<--654 <--255

654Sa=123Sx 255Sx=654Sb

Trudy plays Bob to Alice and Alice to Bob

Public Key Cryptography Public Key cryptography

Each key pair consists of a public and private component: k+ (public key), k- (private key)

D( E(p, k+), k- ) = p

D( E(p, k-), k+ ) = p Public keys are distributed (typically) through

public key certificates Anyone can communicate secretly with you if they

have your certificate E.g., SSL-base web commerce

RSA (Rivest, Shamir, Adelman)

A dominant public key algorithm The algorithm itself is conceptually simple Why it is secure is very deep (number thoery) Use properties of exponentiation modulo a product of

large primes "A method for obtaining Digital Signatures and

Public Key Cryptosystems“, Communications of the ACM, Feb., 1978 21(2) pages 120-126.

The symmetric/asymmetric key tradeoff Symmetric (shared) key systems

Efficient (Many MB/sec throughput) Difficult key management

Kerberos Key agreement protocols

Asymmetric (public) key systems Slow algorithms (so far …) Easy key management

PKI - public key infrastructures Webs of trust (PGP)

Hash Algorithms

Hash algorithm Compression of data into a hash value E.g., h(d) = parity(d) Such algorithms are generally useful in programs

… as used in cryptosystems One-way - (computationally) hard to invert h() , i.e.,

compute h-1(y), where y=h(d) Collision resistant hard to find two data x1 and x2 such

that h(x1) == h(x2) Q: What can you do with these constructs?

Message Digest 5 (MD5)

Initial 128-bit vector

512-bit message chunks (16 words)

128-bit result

Hashed Message Authentication Code HMAC

Authenticates/integrity for data d Uses some key k and hash algorithm h To simplify,

hmac(k,d) = h( k+d ) Why does this provide authenticity?

Can not produce hmac(k,d) unless you know k and d

If you could, then can invert h Used in protocols to authenticate content

Digital Signatures

Models physical signatures in digital world Association between private key and document … and indirectly identity and document. Asserts that document is authentic and non-reputable

To sign a document Given document d, private key k- Signature S(d) = E( k-, h(d) )

Validation Given document d, signature S(d), public key k+ Validate D(k+, S(d)) = H(d)

Q: Are Digital Signatures Legally binding?

Web security: the high bits The largest distributed system in existence

threats are as diverse as applications and users But need to be thought out carefully …

The stakeholders are … Consumers (users, businesses, agents, …) Providers (web-servers, IM services, …)

Another way of seeing web security is Securing the web infrastructure such that the integrity,

confidentiality, and availability of content and user information is maintained

Web Authentication

Authentication is a bi-directional process Client Server Mutual authentication

Several standard authentication tools Basic (client) Digest (server) Secure Socket Layer (server, mutual) Cookies (indirect, persistent)

Basic Authentication Problems Passwords easy to intercept Passwords easy to guess Passwords easy to share No server authentication

Easy to fool client into sending password to malicious server

One intercepted password gives eavesdropper access to many documents

Challenge and Response Challenge (“nonce”): any changing string

e.g. Random Number, Timestamp etc Response: challenge encrypted with hashed

password

Server-specific implementation options One-time nonces Time-stamped nonces Method authentication digests

Advantages of Digest over Basic Cleartext password never transmitted across

network Cleartext password never stored on server Replay attacks difficult Intercepted response only valid for a single URL Shared disadvantages

Vulnerable to man-in-the-middle attacks Document itself can be sniffed

What is a Digital Certificate?

A certificate … … makes an association between a user

identity/job/attribute and a private key … contains public key information {e,n} … has a validity period … is signed by some certificate authority (CA)

Issued by CA for some purpose Verisign is in the business of issuing certificates People trust Verisign to vet identity

What is a Public Key Infrastructure?

Rooted tree of CAs Cascading issuance

Any CA can issue cert Parent CAs issue certs

for child CAs

… … …

Root

CA1 CA2 CA3

CA11 CA12 CA21 CA22CA1n

Cert11a Cert11b Cert11c … … … …

Secure Socket LAYER

Used to authenticate servers Uses certificates, “root” CAs

Can authenticate clients Inclusive security protocol Security at the socket layer

Transport Layer SecurityTCP

IP

SSL

HTTP

SSL Operation

Phase 1: the SSL Handshake Establishes algorithms used throughout Authenticates parties Establishes master secret

Used to create other secrets1. Encryption Key (client-server)

2. Encryption Key (server- client)

3. Authentication Key (client-server)

4. Authentication Key (server-client)

Advantages of SSL

Confidential session Server authentication* GUI clues for users Built into every browser Easy to configure on the server Protocol has been analyzed like crazy Seems like you are getting security “for free”

Secure Electronic Transaction An open encryption and security

specification for credit card transaction on the Internet

Main requirements Confidentiality of payment and ordering

information Integrity of all transmitted data Authentication of cardholder Authentication of merchant

Basic Workflow

buyer

merchant

payment gateway

1 browse

2 order form

3 OI + PI

5 ship order

4 auth req

6 payment req

Network security: the high bits The network is …

… a collection of interconnected computers … with resources that must be protected … from unwanted inspection or modification … while maintaining adequate quality of service.

Another way of seeing network security is Securing the network infrastructure such that the

integrity, confidentiality, and availability of the resources is maintained.

Q: How do we do this?

Filtering: the threats

Adversary 1: some external

network entity attempting to gain access to internal resources

Adversary 2: some internal, but malicious entity (or software) trying to expose sensitive data

Adversary 3: some internal or external entity that is preventing access to internal resource (DOS)

What is a firewall?

• Device that provides secure connectivity between networks (internal/external; varying levels of trust)

• Used to implement and enforce a security policy for communication between networks

Trusted Networks

Untrusted Networks & ServersFirewall

Router

Internet

Intranet

DMZ Public Accessible Servers & Networks

Trusted Users

Untrusted Users

Firewall Policies Specifies what traffic is (not) allowed

Maps attributes to address and ports Example: HTTP should be allowed to any external host, but

inbound only to web-server

Source DestinationProtocol Flags Actions

Address PortAddress Port

* * 1.1.1.1 80 TCP SYN Accept

* * * 80 TCP Accept

* * * * TCP Deny

1.1.1.* * * 80 TCP SYN Accept

Packet Filters / Application Gateways Decisions made on a

per-packet basis No state information

saved Processing intensive Lower level monitoring

Relay for connections Client Proxy Server Recognizes application

protocol such as HTTP Can implement

authentication and access rules on per protocol basis

Communications Security

A host wants to establish a secure channel to remote hosts over an untrusted network Not Login – end-users may not even be aware that

protections in place Remote hosts may be internal or external

The protection service must … Authenticate the end-points (each other) Negotiate what security is necessary (and how) Establish a secure channel Process the traffic between the end points

IPsec (not IPSec!)

Host level protection service IP-layer security (below TCP/UDP) De-facto standard for host level security Developed by the IETF (over many years) Now available in most operating systems

E.g., Available in XP, OS X, Linux, BSD*, … Implements a wide range of protocols and cryptographic

algorithms Provides ….

Confidentiality, integrity, authenticity, replay protection, DOS protection

IPsec Protocol Suite

(IKE)(IKE)Internet KeyInternet Key

ExchangeExchange

(IKE)(IKE)Internet KeyInternet Key

ExchangeExchange

(AH)(AH)AuthenticationAuthentication

HeaderHeader

(AH)(AH)AuthenticationAuthentication

HeaderHeader

(ESP)(ESP)EncapsulatingEncapsulating

Security PayloadSecurity Payload

(ESP)(ESP)EncapsulatingEncapsulating

Security PayloadSecurity Payload

(SPS)(SPS)Security PolicySecurity Policy

SystemSystem

(SPS)(SPS)Security PolicySecurity Policy

SystemSystemManualManualManualManual

Policy/Configuration

ManagentKey Management Packet Processing

A B

Encrypted Tunnel

Gateway Gateway

New IP Header

AH or ESP Header

TCP DataOrig IP Header

Encrypted

Unencrypted Unencrypted

IPsec in Tunnel Mode

Network Isolation: VPNs

Idea: I want to create a collection of hosts which operate in a coordinated way E.g., a virtual security perimeter over physical network Hosts work as if they are isolated from malicious hosts

Solution: Virtual Private Networks Create virtual network topology over physical network Use communications security protocol suites to secure virtual

links “tunneling” Manage networks as if they are physically separate Hosts can route traffic to regular networks (split-tunneling)

Intrusion Detection System IDS systems claim to detect adversary when they

are in the act of attack Monitor operation Trigger mitigation technique on detection Monitor: Network, Host, or Application events

IDS systems really refer to three kinds of detection technologies Anomaly Detection Misuse Detection Intrusion Detection

QuickTime™ and a TIFF (Uncompressed) decompressor are needed to see this picture.

Anomaly Detection

Compares profile of normal systems operation to monitored state Hypothesis: any attack causes enough deviation from

profile (generally true?) Q: How do you derive normal operation?

AI: learn operational behavior from training data Constructive: construct profile from domain knowledge

Q: Will a profile from one environment be good for others?

ReadWrite Write Send Send

Read Write SendAttack Profile

Event Stream

Misuse Detection Profile signatures of known attacks

Monitor operational state for signature Hypothesis: attacks of the same kind has enough

similarity to distinguish from normal behavior Q: Where do these signatures come from?

Record: recorded progression of known attacks Comprise: domain knowledge AI: Learn by negative and positive feedback

Intrusion Detection

Monitor for illegal or inappropriate access or use of resources Reading, writing, or forwarding of data DOS Hypothesis: resources are not adequately protected by

infrastructure Often less effective at detecting attacks

Buttress existing infrastructure with checks Validating/debugging policy Detects inadvertent, often catastrophic, human errors

“rm -rf /” issue Q: Who is the intruder?

Denial of Service

Intentional prevention of access to valued resource CPU, memory, disk (system resources) DNS, print queues, NIS (services) Web server, database, media server

(applications) This is an attack on availability Note: launching DOS attacks is easy Note: preventing DOS attacks is hard

Mitagation the path most frequently traveled

Distributed denial of service

DDOS: Network oriented attacks aimed at preventing access to some network, host or service Saturate the target’s network with traffic Consume all network equipment resources Overload a service with requests

Use “expensive” requests (e.g., “sign this data”) Can be extremely costly (e.g, Amazon)

Result: service/host/network is unavailable Frequently distributed via other attack

Time to Think About Building Secure Software

Common mistakes Forget to make the software secure Adding security as an afterthought

Why these mistakes Security is boring Security gets in the way Security is difficult to measure Security is not the primary skill or interest of

designers and developers

Security Principles to Live By Establish a security process Define the product security goals Consider security as a product feature Learn from mistakes Use defense in depth Assume external systems are insecure

Security Design by Threat Modeling Use a taxonomy of threats, e.g., STRIDE:

Spoofing identity Tampering with data Repudiation Information disclosure Denial of service Elevation of privilege

Consider target, chance, criticality, attack techniques, mitigation techniques, etc.