NetworkSecurityNotes by harshi446

VIEWS: 1 PAGES: 59

More Info
									Notes on Network Security
Issues

   From security courses at:
   Stern School of Business, NYU
   Georgia Tech
Attacks

   An attack occurs when someone attempts to use
    a vulnerability
   Kinds of attacks
       Passive (e.g., eavesdropping)
       Active (e.g., password guessing)
       Denial of Service (DOS)
           Distributed DOS – using many endpoints
   A compromise occurs when an attack is
    successful
       Typically associated with taking over resources
Eavesdropping - Message Interception
(Attack on Confidentiality)
   Unauthorized access to information
   Packet sniffers and wiretappers
   Illicit copying of files and programs



            S                        R



                     Eavesdropper
Integrity Attack - Tampering With
Messages
   Stop the flow of the message
   Delay and optionally modify the message
   Release the message again



               S                      R



                       Perpetrator
Authenticity Attack - Fabrication
   Unauthorized assumption of other’s
    identity
   Generate and distribute objects under this
    identity


            S                              R



                     Masquerader: from S
Attack on Availability
   Destroy hardware (cutting fiber) or software
   Modify software in a subtle way (alias commands)
   Corrupt packets in transit



               S                               R


   Blatant denial of service (DoS):
       Crashing the server
       Overwhelm the server (use up its resource)
Trust

 Trust refers to the degree to
  which an entity is expected to behave
 A trust model describes, for a particular
  environment, who is trusted to do what?
 Note: you make trust decisions every day

People - the biggest security risk?
 A CompTIA study identified human error as a
  major underlying factor in 63% of security
  breaches
What is Authentication?

   Short answer: establishes identity
       Answers the question: To whom am I speaking?
   Long answer: evaluates the authenticity of
    identity proving credentials
       Credential – is proof of identity
       Evaluation – process that assesses the
        correctness of the association between credential
        and claimed identity
           for some purpose
           under some policy
What is Identity?

   That which gives you access … which is largely
    determined by context
       We all have lots of identities
       Pseudo-identities
   Really, determined by who is evaluating credential
       Driver’s License, Passport, SSN prove …
       Credit cards prove …
       Signature proves …
       Password proves …
       Voice proves …
Something you know …
   Passport number, mothers maiden name, last 4
    digits of your social security, credit card number
   Passwords and pass-phrases
       Note: passwords are generally pretty weak
           University of Michigan: 5% of passwords were goblue
            (followed by: love, beer)
           Passwords used in more than one place
           Not just because bad ones selected: If you can remember it,
            then a computer can guess it
               Computers can often guess very quickly
Something you have …

   Tokens (transponders, …)
       Speedpass, EZ-pass
   Smartcards




   Digital Certificates (used by Websites to
    authenticate themselves to customers)
Something you are …

   Biometrics
     Measures some physical characteristic

     Fingerprint, face recognition, retina scanners, voice, signature,

       DNA
     Can be extremely accurate and fast

     Active biometrics authenticate, passive biometrics recognize

   What is the fundamental problem?
     Revocation – lost fingerprint?

     Great for physical security, generally not feasible for on-line

       systems
Encryption algorithm

   Algorithm used to make content unreadable by
    all but the intended receivers

                   E(plaintext,key) = ciphertext
                   D(ciphertext,key) = plaintext

   Algorithm is public, key is private
   Block vs. Stream Ciphers
       Block: input is fixed blocks of same length
       Stream: stream of input
Symmetric key cryptography

   Traditional use of cryptography
   Symmetric keys, where A single key is used is
    used for E and D

                      D( E(p,k1), k1 ) = p

   All (intended) receivers have access to key
   Note: Management of keys determines who
    has access encrypted data
       E.g., password encrypted email
    Data Encryption Standard (DES)
   Introduced by the US NBS
    (now NIST) in 1972
   Signaled the beginning of
    the modern area of
    cryptography
   Block cipher
       Fixed sized input
   8-byte input and a 8-byte
    key (56-bits+8 parity bits)
DES Top View
                                         56-bit Key
   64-bit Input
    48-bit K1
                                        Generate keys
   Permutation    Initial Permutation
                  48-bit K1
     Round 1
                   48-bit K2
     Round 2
     …...          48-bit K16
    Round 16

      Swap         Swap 32-bit halves

   Permutation    Final Permutation

  64-bit Output
    Cryptanalysis of DES
   DES has an effective 56-bit key length
       Wiener: 1,000,000$ - 3.5 hours (never built)
       July 17, 1998, the EFF DES Cracker, which was built
        for less than $250,000 < 3 days
       January 19, 1999, Distributed.Net (w/EFF), 22 hours
        and 15 minutes (over many machines)
       We all assume that NSA and agencies like it around
        the world can crack (recover key) DES in seconds
   What now? Give up on DES? Try variants
    Triple DES etc.
    Diffie-Hellman Key Exchange
 g and p known to both
Alice                       Bob
pick secret Sa randomly     pick secret Sb
  randomly
compute TA=gSa mod p        compute TB=gSb mod p
send TA to Bob              send TB to Alice
compute TBSa mod p          compute TASb mod p
Alice and Bob reached the same secret gSaSb mod
  p, which is then used as the shared key.
Diffie-Hellman Scheme
   Security factors
       Discrete logarithm very difficult.
       Shared key (the secret) itself never
        transmitted.
   Disadvantages:
       Expensive exponential operation
            DoS possible.
       The scheme itself cannot be used to encrypt
        anything – it is for secret key establishment.
       No authentication, so you can not sign
        anything …
Bucket Brigade Attack...Man In The
Middle Attack
Alice            Trudy            Bob
gSa=123           gSx =654         gSb =255
     123 -->           654 -->
                   <--654           <--255
      654Sa=123Sx          255Sx=654Sb
   Trudy plays Bob to Alice and Alice to Bob
Public Key Cryptography
   Public Key cryptography
       Each key pair consists of a public and private
        component: k+ (public key), k- (private key)
                      D( E(p, k+), k- ) = p
                      D( E(p, k-), k+ ) = p
   Public keys are distributed (typically) through
    public key certificates
       Anyone can communicate secretly with you if they
        have your certificate
       E.g., SSL-base web commerce
RSA (Rivest, Shamir, Adelman)

   A dominant public key algorithm
       The algorithm itself is conceptually simple
       Why it is secure is very deep (number thoery)
       Use properties of exponentiation modulo a product of
        large primes
   "A method for obtaining Digital Signatures and
    Public Key Cryptosystems“, Communications of
    the ACM, Feb., 1978 21(2) pages 120-126.
The symmetric/asymmetric key tradeoff

   Symmetric (shared) key systems
       Efficient (Many MB/sec throughput)
       Difficult key management
           Kerberos
           Key agreement protocols
   Asymmetric (public) key systems
       Slow algorithms (so far …)
       Easy key management
           PKI - public key infrastructures
           Webs of trust (PGP)
Hash Algorithms

   Hash algorithm
       Compression of data into a hash value
       E.g., h(d) = parity(d)
       Such algorithms are generally useful in programs
   … as used in cryptosystems
       One-way - (computationally) hard to invert h() , i.e.,
        compute h-1(y), where y=h(d)
       Collision resistant hard to find two data x1 and x2 such
        that h(x1) == h(x2)
   Q: What can you do with these constructs?
Message Digest 5 (MD5)
                          512-bit message chunks (16 words)


Initial
128-bit vector




                 128-bit result
Hashed Message Authentication Code

   HMAC
       Authenticates/integrity for data d
       Uses some key k and hash algorithm h
       To simplify,
                     hmac(k,d) = h( k+d )
   Why does this provide authenticity?
       Can not produce hmac(k,d) unless you know k
        and d
       If you could, then can invert h
   Used in protocols to authenticate content
Digital Signatures
   Models physical signatures in digital world
       Association between private key and document
       … and indirectly identity and document.
       Asserts that document is authentic and non-reputable
   To sign a document
       Given document d, private key k-
       Signature S(d) = E( k-, h(d) )
   Validation
       Given document d, signature S(d), public key k+
       Validate D(k+, S(d)) = H(d)
   Q: Are Digital Signatures Legally binding?
Web security: the high bits
   The largest distributed system in existence
       threats are as diverse as applications and users
       But need to be thought out carefully …
   The stakeholders are …
       Consumers (users, businesses, agents, …)
       Providers (web-servers, IM services, …)
   Another way of seeing web security is
       Securing the web infrastructure such that the integrity,
        confidentiality, and availability of content and user
        information is maintained
Web Authentication

   Authentication is a bi-directional process
       Client
       Server
       Mutual authentication
   Several standard authentication tools
       Basic (client)
       Digest (server)
       Secure Socket Layer (server, mutual)
       Cookies (indirect, persistent)
Basic Authentication Problems
   Passwords easy to intercept
   Passwords easy to guess
   Passwords easy to share
   No server authentication
       Easy to fool client into sending password to
        malicious server
   One intercepted password gives
    eavesdropper access to many documents
Challenge and Response
   Challenge (“nonce”): any changing string
       e.g. Random   Number, Timestamp etc
   Response: challenge encrypted with hashed
    password

   Server-specific implementation options
       One-time nonces
       Time-stamped nonces
       Method authentication digests
Advantages of Digest over Basic
   Cleartext password never transmitted across
    network
   Cleartext password never stored on server
   Replay attacks difficult
   Intercepted response only valid for a single URL
   Shared disadvantages
       Vulnerable to man-in-the-middle attacks
       Document itself can be sniffed
What is a Digital Certificate?

   A certificate …
       … makes an association between a user
        identity/job/attribute and a private key
       … contains public key information {e,n}
       … has a validity period
       … is signed by some certificate authority (CA)
   Issued by CA for some purpose
       Verisign is in the business of issuing certificates
       People trust Verisign to vet identity
    What is a Public Key Infrastructure?

   Rooted tree of CAs                      Root
   Cascading issuance
       Any CA can issue cert
                                     CA1         CA2       CA3
       Parent CAs issue certs
        for child CAs

                      CA11    CA12 … CA1n       CA21 …     CA22 …



           Cert11a Cert11b Cert11c    …     …          …         …
Secure Socket LAYER

   Used to authenticate servers
       Uses certificates, “root” CAs
   Can authenticate clients            HTTP

   Inclusive security protocol
                                        SSL
   Security at the socket layer
       Transport Layer Security
                                        TCP


                                         IP
SSL Operation

       Phase 1: the SSL Handshake
           Establishes algorithms used throughout
           Authenticates parties
           Establishes master secret
                Used to create other secrets
            1.      Encryption Key (client-server)
            2.      Encryption Key (server- client)
            3.      Authentication Key (client-server)
            4.      Authentication Key (server-client)
Advantages of SSL

   Confidential session
   Server authentication*
   GUI clues for users
   Built into every browser
   Easy to configure on the server
   Protocol has been analyzed like crazy
   Seems like you are getting security “for free”
Secure Electronic Transaction
   An open encryption and security
    specification for credit card transaction on
    the Internet
   Main requirements
       Confidentiality of payment and ordering
        information
       Integrity of all transmitted data
       Authentication of cardholder
       Authentication of merchant
Basic Workflow


 buyer      5 ship order                 payment
                                         gateway
           3 OI + PI
         2 order form        6 payment req
 1 browse
                       merchant
                                     4 auth req
Network security: the high bits
   The network is …
       … a collection of interconnected computers
       … with resources that must be protected
       … from unwanted inspection or modification
       … while maintaining adequate quality of service.
   Another way of seeing network security is
       Securing the network infrastructure such that the
        integrity, confidentiality, and availability of the
        resources is maintained.
       Q: How do we do this?
    Filtering: the threats

   Adversary 1: some external
    network entity attempting to gain access to
    internal resources
   Adversary 2: some internal, but malicious
    entity (or software) trying to expose sensitive
    data
   Adversary 3: some internal or external entity
    that is preventing access to internal resource
    (DOS)
What is a firewall?

•   Device that provides secure connectivity between networks
    (internal/external; varying levels of trust)
•   Used to implement and enforce a security policy for
    communication between networks

                                                 Untrusted Networks
    Trusted Networks   Firewall                  & Servers
                                                                      Untrusted Users

                                                       Internet
                                   Router
      Intranet

                       DMZ        Public Accessible
                                  Servers & Networks
                                                                      Trusted Users
Firewall Policies
   Specifies what traffic is (not) allowed
       Maps attributes to address and ports
       Example: HTTP should be allowed to any external host, but
        inbound only to web-server


               Source          Destination
                                              Protocol   Flags   Actions
        Address     Port    Address    Port

           *            *   1.1.1.1     80      TCP      SYN     Accept

        1.1.1.*         *      *        80      TCP      SYN     Accept

           *            *      *        80      TCP              Accept

           *            *      *         *      TCP               Deny
Packet Filters / Application Gateways

   Decisions made on a         Relay for connections
    per-packet basis            Client  Proxy  Server
   No state information        Recognizes application
    saved                        protocol such as HTTP
   Processing intensive        Can implement
   Lower level monitoring       authentication and
                                 access rules on per
                                 protocol basis
Communications Security

   A host wants to establish a secure channel to
    remote hosts over an untrusted network
       Not Login – end-users may not even be aware that
        protections in place
       Remote hosts may be internal or external
   The protection service must …
       Authenticate the end-points (each other)
       Negotiate what security is necessary (and how)
       Establish a secure channel
       Process the traffic between the end points
IPsec (not IPSec!)

   Host level protection service
       IP-layer security (below TCP/UDP)
       De-facto standard for host level security
       Developed by the IETF (over many years)
       Now available in most operating systems
           E.g., Available in XP, OS X, Linux, BSD*, …
       Implements a wide range of protocols and cryptographic
        algorithms
   Provides ….
       Confidentiality, integrity, authenticity, replay protection,
        DOS protection
IPsec Protocol Suite
   Policy/
Configuration     Key Management   Packet Processing
 Managent

    (SPS)                               (ESP)
Security Policy      Manual         Encapsulating
    System                         Security Payload



                      (IKE)             (AH)
                   Internet Key     Authentication
                    Exchange           Header
    IPsec in Tunnel Mode

              Encrypted Tunnel

      Gateway                      Gateway


                   Encrypted
A                                              B


    New IP   AH or ESP   Orig IP    TCP Data
    Header   Header      Header
Network Isolation: VPNs

   Idea: I want to create a collection of hosts which
    operate in a coordinated way
       E.g., a virtual security perimeter over physical network
       Hosts work as if they are isolated from malicious hosts
   Solution: Virtual Private Networks
       Create virtual network topology over physical network
       Use communications security protocol suites to secure virtual
        links “tunneling”
       Manage networks as if they are physically separate
       Hosts can route traffic to regular networks (split-tunneling)
Intrusion Detection System
   IDS systems claim to detect adversary when
    they are in the act of attack
       Monitor operation
       Trigger mitigation technique on detection
       Monitor: Network, Host, or Application events
   IDS systems really refer to three kinds of
    detection technologies
       Anomaly Detection
       Misuse Detection             Qui ckTi me™ and a T IFF (Un comp re ssed) decompresso r are ne ede d to see thi s pi cture.




       Intrusion Detection
Anomaly Detection

   Compares profile of normal systems operation to
    monitored state
       Hypothesis: any attack causes enough deviation from
        profile (generally true?)
   Q: How do you derive normal operation?
       AI: learn operational behavior from training data
       Constructive: construct profile from domain knowledge
   Q: Will a profile from one environment be good
    for others?
Misuse Detection
   Profile signatures of known attacks
       Monitor operational state for signature
       Hypothesis: attacks of the same kind has enough
        similarity to distinguish from normal behavior
   Q: Where do these signatures come from?
       Record: recorded progression of known attacks
       Comprise: domain knowledge
       AI: Learn by negative and positive feedback

    Event Stream     Write   Read   Write   Send   Send
    Attack Profile           Read   Write   Send
Intrusion Detection
   Monitor for illegal or inappropriate access or use of
    resources
       Reading, writing, or forwarding of data
       DOS
       Hypothesis: resources are not adequately protected by
        infrastructure
   Often less effective at detecting attacks
       Buttress existing infrastructure with checks
       Validating/debugging policy
       Detects inadvertent, often catastrophic, human errors
           “rm -rf /” issue
   Q: Who is the intruder?
Denial of Service

   Intentional prevention of access to valued
    resource
       CPU, memory, disk (system resources)
       DNS, print queues, NIS (services)
       Web server, database, media server
        (applications)
   This is an attack on availability
   Note: launching DOS attacks is easy
   Note: preventing DOS attacks is hard
       Mitagation the path most frequently traveled
Distributed denial of service

   DDOS: Network oriented attacks aimed at
    preventing access to some network, host or
    service
       Saturate the target’s network with traffic
       Consume all network equipment resources
       Overload a service with requests
           Use “expensive” requests (e.g., “sign this data”)
       Can be extremely costly (e.g, Amazon)
   Result: service/host/network is unavailable
   Frequently distributed via other attack
Time to Think About Building Secure
Software
   Common mistakes
       Forget to make the software secure
       Adding security as an afterthought
   Why these mistakes
       Security is boring
       Security gets in the way
       Security is difficult to measure
       Security is not the primary skill or interest of
        designers and developers
Security Principles to Live By

   Establish a security process
   Define the product security goals
   Consider security as a product feature
   Learn from mistakes
   Use defense in depth
   Assume external systems are insecure
Security Design by Threat Modeling

   Use a taxonomy of threats, e.g., STRIDE:
       Spoofing identity
       Tampering with data
       Repudiation
       Information disclosure
       Denial of service
       Elevation of privilege
   Consider target, chance, criticality, attack
    techniques, mitigation techniques, etc.

								
To top