8: Network Security8-1Chapter 8Network SecurityA note on the use of these ppt slides:We’re making these slides freely available to all (faculty, students, readers). They’re in PowerPoint form so you can add, modify, and delete slides (including this one) and slide content to suit your needs. They obviously represent a lotof work on our part. In return for use, we only ask the following:If you use these slides (e.g., in a class) in substantially unaltered form, that you mention their source (after all, we’d like people to use our book!)If you post any slides in substantially unaltered form on a www site, that you note that they are adapted from (or perhaps identical to) our slides, and note our copyright of this material.Thanks and enjoy! JFK/KWRAll material copyright 1996-2007J.F Kurose and K.W. Ross, All Rights ReservedComputer Networking: A Top Down Approach ,4thedition. Jim Kurose, Keith RossAddison-Wesley, July 2007. 8: Network Security8-2Chapter 8: Network SecurityChapter goals:understand principles of network security:cryptography and its manyuses beyond “confidentiality”authenticationmessage integritysecurity in practice:firewalls and intrusion detection systemssecurity in application, transport, network, link layers8: Network Security8-3Chapter 8 roadmap8.1 What is network security?8.2Principles of cryptography8.3Message integrity8.4End point authentication8.5Securing e-mail8.6Securing TCP connections: SSL8.7Network layer security: IPsec8.8Securing wireless LANs8.9Operational security: firewalls and IDS8: Network Security8-4What is network security?Confidentiality:only sender, intended receiver should “understand” message contentssender encrypts messagereceiver decrypts messageAuthentication:sender, receiver want to confirm identity of each other Message integrity:sender, receiver want to ensure message not altered (in transit, or afterwards) without detectionAccess and availability:services must be accessible and available to users8: Network Security8-5Friends and enemies: Alice, Bob, Trudywell-known in network security worldBob, Alice (lovers!) want to communicate “securely”Trudy (intruder) may intercept, delete, add messagessecuresendersecurereceiverchanneldata, control messagesdatadataAliceBobTrudy8: Network Security8-6Who might Bob, Alice be?… well, real-lifeBobs and Alices!Web browser/server for electronic transactions (e.g., on-line purchases)on-line banking client/serverDNS serversrouters exchanging routing table updatesother examples?8: Network Security8-7There are bad guys (and girls) out there!Q:What can a “bad guy” do?A:a lot!eavesdrop:intercept messagesactively insertmessages into connectionimpersonation:can fake (spoof) source address in packet (or any field in packet)hijacking:“take over” ongoing connection by removing sender or receiver, inserting himself in placedenial of service: prevent service from being used by others (e.g., by overloading resources)more on this later ……8: Network Security8-8Chapter 8 roadmap8.1 What is network security?8.2 Principles of cryptography8.3Message integrity8.4End point authentication8.5Securing e-mail8.6Securing TCP connections: SSL8.7Network layer security: IPsec8.8Securing wireless LANs8.9Operational security: firewalls and IDS8: Network Security8-9The language of cryptographysymmetric keycrypto: sender, receiver keys identicalpublic-keycrypto: encryption key public, decryption key secret (private)plaintextplaintextciphertextKAencryptionalgorithmdecryption algorithmAlice’s encryptionkeyBob’s decryptionkeyKB8: Network Security8-10Symmetric key cryptographysubstitution cipher:substituting one thing for anothermonoalphabetic cipher: substitute one letter for anotherplaintext: abcdefghijklmnopqrstuvwxyzciphertext: mnbvcxzasdfghjklpoiuytrewqPlaintext: bob. i love you. aliceciphertext: nkn. s gktc wky. mgsbcE.g.:Q:How hard to break this simple cipher?:brute force (how hard?)other?8: Network Security8-11Symmetric key cryptographysymmetric keycrypto: Bob and Alice share know same (symmetric) key: Ke.g., key is knowing substitution pattern in mono alphabetic substitution cipherQ:how do Bob and Alice agree on key value?plaintextciphertextKA-Bencryptionalgorithmdecryption algorithmA-BKA-Bplaintextmessage, mK (m)A-BK (m)A-Bm = K ()A-B8: Network Security8-12Symmetric key crypto: DESDES: Data Encryption StandardUS encryption standard [NIST 1993]56-bit symmetric key, 64-bit plaintext inputHow secure is DES?DES Challenge: 56-bit-key-encrypted phrase (“Strong cryptography makes the world a safer place”) decrypted (brute force) in 4 monthsno known “backdoor” decryption approachmaking DES more secure:use three keys sequentially (3-DES) on each datumuse cipher-block chaining8: Network Security8-13Symmetric key crypto: DESinitial permutation 16 identical “rounds” of function application, each using different 48 bits of keyfinal permutationDES operation8: Network Security8-14AES: Advanced Encryption Standardnew (Nov. 2001) symmetric-key NIST standard, replacing DESprocesses data in 128 bit blocks128, 192, or 256 bit keysbrute force decryption (try each key) taking 1 sec on DES, takes 149 trillion years for AES8: Network Security8-15Block Cipherone pass through: one input bit affects eight output bits64-bit inputT18bits8 bits8bits8 bits8bits8 bits8bits8 bits8bits8 bits8bits8 bits8bits8 bits8bits8 bits64-bit scrambler64-bit outputloop for n roundsT2T3T4T6T5T7T8multiple passes: each input bit afects all output bits block ciphers: DES, 3DES, AES8: Network Security8-16Cipher Block Chainingcipher block: if input block repeated, will produce same cipher text:t=1m(1)= “HTTP/1.1”blockcipherc(1)= “k329aM02”…cipher block chaining:XOR ith input block, m(i), with previous block of cipher text, c(i-1)c(0) transmitted to receiver in clearwhat happens in “HTTP/1.1” scenario from above?+m(i)c(i)t=17m(17)= “HTTP/1.1”blockcipherc(17)= “k329aM02”blockcipherc(i-1)8: Network Security8-17Public key cryptographysymmetrickey cryptorequires sender, receiver know shared secret keyQ: how to agree on key in first place (particularly if never “met”)?publickey cryptographyradically different approach [Diffie-Hellman76, RSA78]sender, receiver do notshare secret keypublic encryption key known toallprivatedecryption key known only to receiver8: Network Security8-18Public key cryptographyplaintextmessage, mciphertextencryptionalgorithmdecryption algorithmBob’s publickey plaintextmessageK (m)B+K B+Bob’s privatekey K B-m = K (K (m))B+B-8: Network Security8-19Public key encryption algorithmsneed K ( ) and K ( ) such thatBB..given public key K , it should be impossible to compute private key K BBRequirements:12RSA:Rivest, Shamir, Adleman algorithm+-K (K (m)) = mBB-++-8: Network Security8-20RSA: Choosing keys1.Choose two large prime numbers p, q.(e.g., 1024 bits each)2.Compute n= pq, z = (p-1)(q-1)3.Choose e(withe
Alice data encryption keyEA: Alice->Bob data encryption keyMB: Bob->Alice MAC keyMA: Alice->Bob MAC keyencryption and MAC algorithms negotiable between Bob, Alicewhy 4 keys?8: Network Security8-61SSL: three phases3. Data transferH( ).MBb1b2b3… bnddH(d)dH(d)H( ).EBTCP byte streamblock n bytes togethercompute MACencrypt d, MAC, SSL seq. #SSL seq. #dH(d)Type Ver LenSSL record formatencrypted using EBunencrypted8: Network Security8-62Chapter 8 roadmap8.1What is network security?8.2Principles of cryptography8.3 Message integrity8.4End point authentication8.5Securing e-mail8.6Securing TCP connections: SSL8.7 Network layer security: IPsec8.8Securing wireless LANs8.9Operational security: firewalls and IDS8: Network Security8-63IPsec: Network Layer Securitynetwork-layer secrecy:sending host encrypts the data in IP datagramTCP and UDP segments; ICMP and SNMP messages.network-layer authenticationdestination host can authenticate source IP addresstwo principal protocols:authentication header (AH) protocolencapsulation security payload (ESP) protocolfor both AH and ESP, source, destination handshake:create network-layer logical channel called a security association (SA)each SA unidirectional.uniquely determined by:security protocol (AH or ESP)source IP address32-bit connection ID8: Network Security8-64Authentication Header (AH) Protocolprovides source authentication, data integrity, no confidentialityAH header inserted between IP header, data field.protocol field: 51intermediate routers process datagrams as usualAH header includes:connection identifierauthentication data: source-signed message digest calculated over original IP datagram.next header field: specifies type of data (e.g., TCP, UDP,ICMP)IP headerdata (e.g., TCP, UDP segment)AH header8: Network Security8-65ESP Protocolprovides secrecy, host authentication, data integrity.data, ESP trailer encrypted.next header field is in ESP trailer.ESP authentication field is similar to AH authentication field.Protocol = 50. IP headerTCP/UDP segmentESPheaderESPtrailerESPauthent.encryptedauthenticated8: Network Security8-66Chapter 8 roadmap8.1What is network security?8.2Principles of cryptography8.3 Message integrity8.4End point authentication8.5Securing e-mail8.6Securing TCP connections: SSL8.7Network layer security: IPsec8.8 Securing wireless LANs8.9Operational security: firewalls and IDS8: Network Security8-67IEEE 802.11 securitywar-driving:drive around Bay area, see what 802.11 networks available?More than 9000 accessible from public roadways85% use no encryption/authenticationpacket-sniffing and various attacks easy!securing 802.11encryption, authenticationfirst attempt at 802.11 security: Wired Equivalent Privacy (WEP): a failurecurrent attempt: 802.11i8: Network Security8-68Wired Equivalent Privacy (WEP): authentication as in protocol ap4.0host requests authentication from access pointaccess point sends 128 bit noncehost encrypts nonce using shared symmetric keyaccess point decrypts nonce, authenticates hostno key distribution mechanismauthentication: knowing the shared key is enough8: Network Security8-69WEP data encryptionhost/AP share 40 bit symmetric key (semi-permanent)host appends 24-bit initialization vector (IV) to create 64-bit key64 bit key used to generate stream of keys, kiIVkiIV used to encrypt ith byte, di, in frame:ci= diXORkiIVIV and encrypted bytes, ci sent in frame8: Network Security8-70802.11 WEP encryption IV (per frame) KS: 40-bit secret symmetric key k1IV k2IV k3IV … kNIV kN+1IV… kN+1IV d1 d2 d3 … dN CRC1 … CRC4 c1 c2 c3 … cN cN+1 … cN+4 plaintext frame data plus CRC key sequence generator ( for given KS, IV) 802.11 header IV WEP-encrypted data plus CRC Figure 7.8-new1: 802.11 WEP protocol Sender-side WEP encryption8: Network Security8-71Breaking 802.11 WEP encryptionsecurity hole: 24-bit IV, one IV per frame, -> IV’s eventually reusedIV transmitted in plaintext -> IV reuse detectedattack:Trudy causes Alice to encrypt known plaintext d1d2d3d4… Trudy sees: ci= diXORkiIVTrudy knows cidi, so can compute kiIVTrudy knows encrypting key sequence k1IV k2IV k3IV …Next time IV is used, Trudy can decrypt!8: Network Security8-72802.11i: improved securitynumerous (stronger) forms of encryption possibleprovides key distributionuses authentication server separate from access point8: Network Security8-73AP: access pointAS:AuthenticationserverwirednetworkSTA:client station1 Discovery ofsecurity capabilities3STA and AS mutually authenticate, togethergenerate Master Key (MK). AP servers as “pass through”23STA derivesPairwise Master Key (PMK)AS derivessame PMK, sends to AP4STA, AP use PMK to derive Temporal Key (TK) used for message encryption, integrity 802.11i: four phases of operation8: Network Security8-74wirednetworkEAP TLSEAP EAP over LAN (EAPoL) IEEE 802.11 RADIUSUDP/IPEAP: extensible authentication protocolEAP: end-end client (mobile) to authentication server protocolEAP sent over separate “links”mobile-to-AP (EAP over LAN)AP to authentication server (RADIUS over UDP)8: Network Security8-75Chapter 8 roadmap8.1What is network security?8.2Principles of cryptography8.3 Message integrity8.4End point authentication8.5Securing e-mail8.6Securing TCP connections: SSL8.7Network layer security: IPsec8.8Securing wireless LANs8.9 Operational security: firewalls and IDS8: Network Security8-76Firewallsisolates organization’s internal net from larger Internet, allowing some packets to pass, blocking others.firewalladministerednetworkpublicInternetfirewall8: Network Security8-77Firewalls: Whyprevent denial of service attacks:SYN flooding: attacker establishes many bogus TCP connections, no resources left for “real” connectionsprevent illegal modification/access of internal data.e.g., attacker replaces CIA’s homepage with something elseallow only authorized access to inside network (set of authenticated users/hosts)three types of firewalls:stateless packet filtersstateful packet filtersapplication gateways8: Network Security8-78Stateless packet filteringinternal network connected to Internet viarouter firewallrouter filters packet-by-packet, decision to forward/drop packet based on:source IP address, destination IP addressTCP/UDP source and destination port numbersICMP message typeTCP SYN and ACK bitsShould arriving packet be allowed in? Departing packet let out?8: Network Security8-79Stateless packet filtering: exampleexample 1: block incoming and outgoing datagrams with IP protocol field = 17 and with either source or dest port = 23.all incoming, outgoing UDP flows and telnet connections are blocked.example 2: Block inbound TCP segments with ACK=0.prevents external clients from making TCP connections with internal clients, but allows internal clients to connect to outside.8: Network Security8-80PolicyFirewall SettingNo outside Web access.Drop all outgoing packets to any IP address, port 80No incoming TCP connections, except those for institution’s public Web server only.Drop all incoming TCP SYN packets to any IP except 130.207.244.203, port 80Prevent Web-radios from eating up the available bandwidth.Drop all incoming UDP packets -except DNS and router broadcasts.Prevent your network from being used for a smurf DoS attack.Drop all ICMP packets going to a “broadcast” address (eg 130.207.255.255).Prevent your network from being traceroutedDrop all outgoing ICMP TTL expired trafficStateless packet filtering: more examples8: Network Security8-81actionsourceaddressdestaddressprotocolsourceportdestportflagbitallow222.22/16outside of222.22/16TCP> 102380anyallowoutside of222.22/16222.22/16TCP80> 1023ACKallow222.22/16outside of222.22/16UDP> 102353---allowoutside of222.22/16222.22/16UDP53> 1023----denyallallallallallallAccess Control ListsACL:table of rules, applied top to bottom to incoming packets: (action, condition) pairs8: Network Security8-82Stateful packet filteringstateless packet filter: heavy handed tooladmits packets that “make no sense,” e.g., dest port = 80, ACK bit set, even though no TCP connection established:actionsourceaddressdestaddressprotocolsourceportdestportflagbitallowoutside of222.22/16222.22/16TCP80> 1023ACKstateful packet filter:track status of every TCP connectiontrack connection setup (SYN), teardown (FIN): can determine whether incoming, outgoing packets “makes sense”timeout inactive connections at firewall: no longer admit packets8: Network Security8-83actionsourceaddressdestaddressprotosourceportdestportflagbitcheck conxionallow222.22/16outside of222.22/16TCP> 102380anyallowoutside of222.22/16222.22/16TCP80> 1023ACKxallow222.22/16outside of222.22/16UDP> 102353---allowoutside of222.22/16222.22/16UDP53> 1023----xdenyallallallallallallStateful packet filteringACL augmented to indicate need to check connection state table before admitting packet8: Network Security8-84Application gatewaysfilters packets on application data as well as on IP/TCP/UDP fields.example:allow select internal users to telnet outside.host-to-gatewaytelnet sessiongateway-to-remote host telnet sessionapplicationgatewayrouter and filter1.require all telnet users to telnet through gateway.2.for authorized users, gateway sets up telnet connection to dest host. Gateway relays data between 2 connections3.router filter blocks all telnet connections not originating from gateway.8: Network Security8-85Limitations of firewalls and gatewaysIP spoofing:router can’t know if data “really” comes from claimed sourceif multiple app’s. need special treatment, each has own app. gateway.client software must know how to contact gateway.e.g., must set IP address of proxy in Web browserfilters often use all or nothing policy for UDP.tradeoff: degree of communication with outside world, level of securitymany highly protected sites still suffer from attacks.8: Network Security8-86Intrusion detection systemspacket filtering:operates on TCP/IP headers onlyno correlation check among sessions IDS: intrusion detection systemdeep packet inspection:look at packet contents (e.g., check character strings in packet against database of known virus, attack strings)examine correlationamong multiple packets•port scanning•network mapping•DoS attack8: Network Security8-87WebserverFTPserverDNSserverapplicationgatewayInternetdemilitarized zoneinternalnetworkfirewallIDS sensorsIntrusion detection systemsmultiple IDSs: different types of checking at different locations8: Network Security8-88Network Security (summary)Basic techniques…...cryptography (symmetric and public)message integrityend-point authentication…. used in many different security scenariossecure emailsecure transport (SSL)IP sec802.11Operational Security: firewalls and IDS
MissPowerPoint 2/29/2008 |
214 |
25 |
0 |
technology
MissPowerPoint 2/29/2008 |
174 |
20 |
0 |
technology
MissPowerPoint 2/29/2008 |
223 |
35 |
0 |
technology
MissPowerPoint 2/29/2008 |
243 |
29 |
0 |
technology
MissPowerPoint 2/29/2008 |
210 |
25 |
0 |
technology
MissPowerPoint 2/29/2008 |
402 |
36 |
0 |
technology
AnnualReports 2/12/2008 |
50 |
0 |
0 |
financial
jasonpatino 1/16/2008 |
236 |
8 |
0 |
technology
MissPowerPoint 2/29/2008 |
182 |
17 |
0 |
technology
MissPowerPoint 2/29/2008 |
183 |
9 |
0 |
technology
MissPowerPoint 2/29/2008 |
97 |
7 |
0 |
technology
SuePelechaty 2/14/2008 |
205 |
17 |
0 |
educational
Semaj1212 4/23/2008 |
65 |
2 |
0 |
technology
Semaj1212 4/23/2008 |
131 |
13 |
0 |
technology
Semaj1212 4/23/2008 |
70 |
3 |
0 |
technology
MissPowerPoint 7/7/2008 |
0 |
0 |
0 |
creative
MissPowerPoint 7/7/2008 |
0 |
0 |
0 |
creative
MissPowerPoint 7/7/2008 |
0 |
0 |
0 |
business
MissPowerPoint 7/7/2008 |
0 |
0 |
0 |
technology
MissPowerPoint 7/7/2008 |
2 |
0 |
0 |
business
MissPowerPoint 7/7/2008 |
2 |
0 |
0 |
business
MissPowerPoint 7/7/2008 |
1 |
0 |
0 |
technology
MissPowerPoint 7/7/2008 |
0 |
0 |
0 |
technology
MissPowerPoint 7/7/2008 |
0 |
0 |
0 |
technology
MissPowerPoint 7/7/2008 |
0 |
0 |
0 |
technology