Upload
jerome-robbins
View
217
Download
0
Embed Size (px)
Citation preview
Reported Security Incidents 1995 – 2003 Source: http://www.cert.org/present/cert-overview-trends/module-1.pdf
Secure Communication
Characteristics of a secure communication Confidentiality Authentication Message Integrity and non-repudiation Availability and Access Control
ConfidentialityThe communicator wants the following to be
confidential: The fact that the communication is occurring Timing of communication Frequency of communication
Confidentiality often relies on cryptographic techniques for encrypting/ decrypting data using one or more keys to encrypt/decrypt data
AuthenticationBoth sender and receiver should be able to
confirm identity of other party involved in communication Confirm that the other party is indeed who/what
they claim to beAuthentication relies on authentication
techniques, several of which rely on cryptographic techniques
Message Integrity and Non-Repudiation
Message integrity Content of communication is not altered
maliciously or by accident Relies on cryptographic techniques
Non-repudiation Not denying what was communicated
AvailabilityCan communication occur in first place?
Hackers preventing infrastructure from being used by legitimate users – e.g., viruses, DoS attacks
Detect breaches and respond to attacks
Access ControlEntities allowed to gain access to resources
only if they have the appropriate access rights (e.g., login ID, passwords, biometric devices) Facilitated by firewalls, which provide access
control based on a per-packet basis, and on a per-service basis.
Provide a degree of isolation and protection from those outside of one’s network
Symmetric Key Cryptography Symmetric Key Cryptography
Caesar Cipher Monoalphabetic Cipher Polyalphabetic Cipher Data Encryption Standard (DES) Triple DES (3DES) Advanced Encryption Standard (AES)
Trusted Intermediaries for symmetric key distribution Key Distribution Center (KDC) Kerberos
Basic Terminology Plain Text
Original data – not disguised Cipher (Encrypted) Text
Disguised data – looks unintelligible to intruder Data disguised using encryption algorithm
Key A string of #s or characters used as input to encryption
algorithm to disguise plain text Symmetric Key: Both parties use same key to encrypt
and decrypt text
Symmetric Key Cryptography Caesar Cipher
Each letter in plaintext is substituted with letter that is K letters later
Wrap around is allowed (i.e., z followed by letter a) If K = 3, a in plaintext becomes d in cipher text
b in plaintext becomes e in cipher text Example: Decrypt the following using a Caesar
Cipher of K =3; Assume ‘wrap around’ is allowed. “L JP J JHHN”
Symmetric Key CryptographyData Encryption Standard (DES)
Published in 1977, and updated in 1993 For commercial and non-classified U.S. Govt. use Encodes plaintext using 56-bit key Objective: Scramble data and key so that every
bit of the cipher text depends on every bit of the data and every bit of the key
Algorithm: Complex (beyond the scope of the course); Decryption works by reversing the algorithm’s operations.
How well does DES work? DES challenge contest
Launched in 1997 by RSA Data Security Inc. -- A network security company
Encrypted “strong cryptography makes the world a safer place” using a 56-bit DES.
Winning team took 4 months to decode. Used volunteers throughout the Internet to systematically
explore key space. Claimed $10K cash prize after testing only a quarter of
the key space (about 18 quadrillion keys)
How well does DES work?In 1999, RSA launched another DES
challenge. Message was decrypted in little over 22 hours by
a network of volunteers and a special purpose computer called “Deep Crack”.
Claimed $250 K cash prize.
Symmetric Key CryptographyTriple DES (3 DES)
If 56-bit DES is considered to be insecure, one can simply run the algorithm multiple times, using a different key each time
DES run three times (with a different 56-bit key each time DES is run).
Symmetric Key CryptographyAdvanced Encryption Standard (AES)
NIST – in Nov 2001 announced successor to DES.
AES is also a symmetric key algorithm that processes data in 128-bit blocks
AES can operate with 128-bit keys, 192-bit keys, and 256-bit keys
Trusted IntermediariesDisadvantage of Symmetric Key
Cryptography: 2 communicating parties have to agree upon their
secret key ahead of time in a secure manner. Since sender and receiver do not meet face to face
in the networking world , they need a trusted intermediary
Trusted Intermediaries: Key Distribution Center Kerberos
Key Distribution Center (KDC) A server that shares a different secret
symmetric key with each registered user.KDC knows the secret key of each user, and
each user can communicate securely with KDC using this key.
Example: Using KDCAssume Sender (S) and Recipient (R) use
KDC for their communication. Assume S’s secret key known to S and KDC is
KS-KDC
Assume R’s secret key known to R and KDC is KR-KDC.
Example: Using KDCUsing key, S sends a message to KDC saying
that S wants to communicate with R. We denote this message as MS-KDC(S, R).
KDC decrypts MS-KDC(S, R) KDC generates a random number key KSR, which
is to be used as symmetric key by S and R during their communication.
Example: Using KDC – cont’d KDC sends S the key KSR, and a pair of values X
and KSR encrypted using R’s key. We denote this message sent back to S by KDC as: MKDC-S(KSR, MKDC-R(X, KSR)).
S decrypts message and extracts symmetric key KSR. S extracts and forwards MKDC-R(X, KSR) to R Note that S cannot decrypt MKDC-R(X, KSR)
R decrypts MKDC-R(X, KSR) and uses KSR as symmetric key to converse with S
R and S communicate using symmetric key KSR
KerberosDeveloped by MITVery similar to KDCHas additional functions such as:
Time stamp for validity of “nonce” KSR. Has information about which users have access
privileges to which services on which network servers.
Public Key CryptographyOverview
Define concept of Public and Private keysDemonstrate RSA AlgorithmReview Authentication Protocols (ap)Exchanging Public Keys
Person in the middle-attack
Introduction - Public Key CryptographyUse public key cryptography so that two
parties can communicate using encryption/decryption without using a shared secret key. Key maintenance is difficult
Public key cryptography: A radically different and marvelously elegant
approach towards encryption/decryption Also used for authentication and digital signatures
Basic Idea of Public Key CryptographyEach participant has a private key (known only
to the participant) and a public key. Public key is made available to others
Could be posted even on a website which is accessible by the rest of the world.
Public key of recipient is used by sender to encrypt message.
Recipient decrypts message using recipient’s private key.
Public Key CryptographyExample:
Sender (S) wishes to send a message to Recipient (R)
S fetches R’s public key. S uses R’s public key to encrypt message S sends encrypted message to R. R decrypts cipher text with R’s private key.
RSA AlgorithmNamed after its founders, Ron Rivest, Adi
Shamir, and Leonard AdlemanHas become almost synonymous with public
key cryptography
Using the RSA Algorithm
R’s public key is denoted as KR+ and the
private key is denoted as KR-.
These keys are chosen such that: KR
- (KR+ (m)) = KR
+ (KR- (m)) = m
S will encrypt a plain text message, m, using public key KR
+ and send it to R
Using the RSA AlgorithmTo encrypt the message, S uses R’s public key
and determines the cipher text, c as: c = me mod nTo decrypt the message, R uses R’s private
key and determines the plain text, m as: m = cd mod n
Using the RSA AlgorithmCreate R’s Keys
Choose two large prime numbers, p and q. The larger the values, the more difficult it is to break
RSA, and the longer it takes to encode/decode. It is recommended that the product of p and q be on the
order of 1024 bits for corporate use and 768 bits for use with “less valuable information”.
For a discussion on how to find large prime numbers, see http://www.utm.edu/research/primes/prove/).
For example, choose p = 5 and q = 7
Using the RSA AlgorithmCreate R’s Keys
Compute n = pq =35 Compute z = (p-1)(q-1) = (4)(6) = 24 Choose a number, e, less than n, which has no
common factors (other than 1) with z. R chooses e = 5
Find a number, d, such that ed-1 is exactly divisible (that is, with no remainder) by z.
d = 29; Note (ed-1) = (5x29 -1) = (145-1) = 144 144 is exactly divisible by z = 24
Using the RSA AlgorithmCreate R’s Keys
Recap: p = 5, q = 7, n = 35, z = 24, e = 5, d = 29 R’s public key is given by
KR+ = (n, e) = (35, 5);
R’s private key is given by KR
- = (n, d) = (35, 29)
Example Interpret each letter in the English alphabet as a
number between 1 and 26. That is, a = 1, b = 2, …, z = 26.
S will send message “love” to R
Using the RSA AlgorithmEncrypt Message using KR
+ = (n, e) = (35, 5);
Plaintext letter
m (numeric representation)
m e c = me mod n
l 12 248832 17
o 15 759375 15
v 22 5153632 22
e 5 3125 10
S will send 17152210 to R
Using the RSA AlgorithmEncrypt Message using KR
- = (n, d) = (35, 29);
Cipher text
cd m = cd mod n
msg
17 481968572106750915091411825223071697 12 l
15 12783403948858939111232757568359375 15 o
22 851643319086537701956194499721106030592 22 v
10 100000000000000000000000000000 5 e
RSA and DES/AES RSA is a complex algorithm and uses concepts from
number theory. DES is at least 100 times faster than RSA. In practice, RSA is often used in combination with
DES or AES. Message is encrypted using DES key S encrypts DES key with R’s public key R decrypts and obtains DES key with R’s private key. Message is decrypted using DES key
Authentication ap 4.0 (symmetric)
S announces to R, “I am S” R sends a plaintext nonce (= n) to S.
Note nonce is a one time value that is specific to that communication session
S resends same nonce back to R but this time nonce is encrypted with symmetric key used by S and R.
R decrypts nonce using symmetric key. If decrypted nonce equals the nonce sent to S earlier (i.e. decrypted nonce = n) , then S is authenticated.
However, this implies that S and R must have decided upon and exchanged their symmetric key.
Authentication ap 5.0 (public/private)
S announces to R, “I am S” R sends a plaintext nonce (= n) to S S resends same nonce back to R but this time nonce is
encrypted with S’s private key. R decrypts nonce using S’s public key. If decrypted
nonce equals the nonce sent to S earlier (i.e. decrypted nonce = n) , then S is authenticated.
Exchanging Public KeysWhy should public key be publicly available?Wouldn’t it be better for S and R to exchange
their respective public keys via e-mail, after authenticating each other? Possibility of “person in the middle attack.”
Person in the Middle Attack S transmits, “I am S” T eavesdrops. R sends a nonce = n. T intercepts nonce, and sends R
encrypted nonce (encrypted using T’s private key).
R sends a message to S asking for S’s public key.
T intercepts message, and sends T’s public key to R.
R decrypts nonce with T’s public key (thinking that he is using S’s public key), and inadvertently authenticates T.
While R is encrypting new data using T’s public key, T is busy posing as R to S. In particular: T transmits R’s nonce to S S transmits encrypted nonce
(encrypted using S’s private key).
T intercepts encrypted nonce, and asks S for her public key.
S sends her public key
Person in the Middle Attack – cont’d R sends encrypted data (encrypted using T’s public
key) T decrypts using her private key, and finds out R’s
plain text. T encrypts R’s plain text using S’s public key. T transmits encrypted text to S. S decrypts using her private key, and finds out R’s
plain text. S and R presume that they have had a secure
communication. They are ignorant of the fact that T has intercepted and decrypted all messages.
Examples of some attacks Denial of Service attacks
Hacker attempts to disrupt the network by flooding the network with messages so that the network cannot process messages from legitimate users
Examples“Ping” attacksSmurf attackSYN flood attack
Distributed Denial of Service attacks
Ping PacketsPackets that ask a computer to respond with an
acknowledgement Used to see if a computer is still operational in a
network Ping by computer name
Ping bus.orst.eduPing by IP address
Ping 128.193.76.73
TCP header: Packet #s (Sequence #s) Assume a file has 500,000 bytes Assume TCP breaks this file into packets, where
each packet size is 1000 bytes Each packet is given a packet # The packet # for a packet is the number of the first
byte in that packet. The packet # of first packet would be 1 The packet # of next packet would be 1001 The packet # of third packet would be 2002 and so on
TCP: Acknowledgement #Assume S transmits to RR acknowledges receipt of S’s message, by
specifying an acknowledgment #. The ACK # sent by R is the packet # of the next
packet that R is expecting from S. Example:
After S sends first packet, R sends an acknowledgment to S by specifying ACK# 1001.
After S sends second packet, R acknowledges by specifying ACK# 2001.
SYN Flood Attack Nature of attack
Attacker (client) sends a TCP SYN (Synchronize Sequence/Packet Number) request to server.
The server responds by sending a TCP SYN/ACK packet.
The attacker does not respond – resulting in half-open session using up server resources.
The attacker sends a flood of such TCP SYN requests without responding.
Requests from other legitimate clients are unable to reach the server due to multiple half-open sessions
Distributed DoS (DDos) attackIn a DDoS attack, a hacker first gains control
of hundreds/thousands of computers (slaves). Plants software referred to as DDoS agent on
each of the slavesHacker then uses software referred to as DDoS
handler (master) to control the agents (slaves)Attacker launches attacks from all the slaves
and it is difficult to trace hacker
High Profile Victims of DDoSYahoo, eBay, Amazon, Microsoft and eTrade
websites have been rendered inaccessible to legitimate visitors after being flooded with traffic from hundreds of hijacked system
www.msn.com; www.expedia.com; www.carpoint.com sites were flooded with DDoS attack for almost one day
DDoS attack high-level DNS servers on the Internet
FirewallsFirewalls are used to prevent intruders on the
Internet from making unauthorized access and denial of service attacks to your network. Examines packets flowing into and out of the
organization’s network (usually via the Internet or corporate Intranet), restricting access to that network.
Two main types of firewalls are packet level firewalls and application-level firewalls.
Packet-level Firewall Examines the source and destination address
of packets that pass through it Only allowing packets that have acceptable
addresses to pass. Since each packet is examined separately, the
firewall can’t understand what the sender’s goal is.
Does not monitor the contents of the packets or why they are being transmitted and typically does not log the packets for later analysis.
Packet-level Firewall – cont’d In general, addresses are typically examined at the transport
layer (TCP Port ID) and network layer (IP address) Example 1: Don’t allow Telnet (Dest. Port ID = 23 not allowed) Example 2: Don’t allow packets from Internet on an Intranet
(Source IP has to be that of a device in the intranet) May be vulnerable to IP spoofing
Accomplished by changing the source address on incoming packets from their real address to an address inside the organization’s network.
Packet-level firewalls have strengthened their security since the first cases of IP spoofing (Dec 1994). Example: Some firewalls automatically delete any packets arriving
from the Internet that have internal source addresses
Application-Level Firewalls Acts as an intermediate host computer, separating a private
network from the rest of the Internet, but it works on specific applications, such as Web site access.
Application gateway acts as an intermediary between the outside client making the request and the destination server responding to that request, hiding individual computers on the network behind the firewall.
Because of the increased complexity of what they do, application level firewalls require more processing power than packet filters which can impact network performance.
Network Address Translation (NAT) Used to shield a private network from outside
interference. An NAT proxy server uses an address table,
translating network addresses inside the organization into aliases for use on the Internet. So, internal IP addresses remain hidden.
Many organizations combine NAT proxy servers, packet filters and application gateways, maintaining their online resources in a “DMZ network”
Security in many layers5 – layer model:
Application Layer Transport Layer Network Layer Data Link Layer Physical Layer
Each layer can have its own security protocols.
Security at Application Layer Secure E-mail
PGP (Pretty Good Privacy)e-mail encryption scheme that has become a de facto standard. Uses MD5 or SHA for message digest/fingerprints. Uses CAST, 3DES, IDEA for symmetric key cryptographyUses RSA for public key cryptography
S/MIME (Secure Multipurpose Internet Mail Extensions)
PEM (Privacy Enhanced Mail) Secure-HTTP or S-HTTP
Secure E-mail using PGP When PGP is installed, software creates a private
key and public key for user. Public key is posted on the website. Private key is protected using a password.
Password has to be entered every time user accesses private key.
Security at Application LayerSET (Secure Electronic Transactions)
Developed by MasterCard and VISA in 1997 Developed to provide protection from electronic
payment fraud. SET uses DES for Symmetric Key Cryptography
and RSA for key exchange.
Security at Transport LayerSSL – Secure Socket Layer
Developed to provide data encryption and authentication between a Web client and a Web server. Client and server perform handshake and negotiate cryptographic
technique to be used. Client and server authenticate each other Encrypted session progresses after handshake is completed.
SSL is typically applied at the transport layer Implies that SSL is not limited to one application
Can be applied to Web, e-mail, HTTP applications etc.
SSL (Continued) SSL was not developed for payment transactions.
Assume Bob makes a purchase from ABC Incorporated over SSL
ABC’s certificate issued by CA does not indicate whether ABC Incorporated is authorized to accept payment card purchases nor if the company is a reliable merchant.
Similarly, ABC Incorporated has no assurance that Bob is authorized to make a payment card purchase
May result in stolen credit card transactions, customer repudiation of purchased goods.
Network Layer SecurityIPSecurity – IPSec
IPSec is a suite of protocols that provide security at the network layer. Complex suite of protocols IPSec would encrypt all parts of the packet
including user data at application layer, TCP header and IP header.
Implies that all data sent by hosts – e-mail, Web pages etc., would be hidden from Intruder.
IPSec (Continued)2 key protocols in the IPSec suite are:
Authentication Header (AH) protocolprovides source authentication and data integrity but
not confidentiality Encapsulation Security Payload (ESP) protocol
provides authentication, data integrity and confidentiality.
IPSec (Continued)Before sending secure packets, source and
destination handshake and create a one-way (simplex) network-layer logical connection – known as Security Association (SA).
SA is uniquely identified by: Security protocol (AH or ESP) identifier Source IP address for simplex connection A 32-bit connection identifier called the Security
Parameter Index (SPI)
SA and Key ManagementIKE (Internet Key Exchange) algorithm is the
default key management protocol for IPsec. ISKMP (Internet Security Association and
Key Management Protocol) defines procedures for establishing and tearing down SAs.
Security in IEEE 802.11Wireless Network
Security Standards are not as advanced in wireless environment
Since Fall 2004, mobile phones are being attacked Started in Phillipines – and has reached U.S. Virus drains your phone battery
Wireless SecurityWEP (Wired Equivalent Privacy) protocol
provides Authentication Encryption between a host and a wireless access
point (WAP)Using symmetric key approachNo key management algorithm
Authentication carried out using ap4.0
Wireless SecurityHowever WEP has security holes
Updates (as of Feb 22, 2005) on wireless security – check outhttp://msnbc.msn.com/id/6998751/http://www.nature.com/news/2005/050221/full/05022
1-6.htmlhttp://www.iss.net/wireless/http://www.practicallynetworked.com/tools/wireless_
articles_security.htmhttp://www.research.ibm.com/gsal/wsa/