network security notes
TRANSCRIPT
Notes on Network Security Issues
From security courses at:
Stern School of Business, NYU
Georgia Tech
Attacks
An attack occurs when someone attempts to use a vulnerability
Kinds of attacks Passive (e.g., eavesdropping) Active (e.g., password guessing) Denial of Service (DOS)
Distributed DOS – using many endpoints
A compromise occurs when an attack is successful Typically associated with taking over resources
Eavesdropping - Message Interception (Attack on Confidentiality) Unauthorized access to information Packet sniffers and wiretappers Illicit copying of files and programs
S R
Eavesdropper
Integrity Attack - Tampering With Messages Stop the flow of the message Delay and optionally modify the message Release the message again
S R
Perpetrator
Authenticity Attack - Fabrication Unauthorized assumption of other’s identity Generate and distribute objects under this
identity
S R
Masquerader: from S
Attack on Availability Destroy hardware (cutting fiber) or software Modify software in a subtle way (alias commands) Corrupt packets in transit
Blatant denial of service (DoS): Crashing the server Overwhelm the server (use up its resource)
S R
Trust
Trust refers to the degree to
which an entity is expected to behave A trust model describes, for a particular
environment, who is trusted to do what? Note: you make trust decisions every day
People - the biggest security risk? A CompTIA study identified human error as a
major underlying factor in 63% of security breaches
What is Authentication?
Short answer: establishes identity Answers the question: To whom am I speaking?
Long answer: evaluates the authenticity of identity proving credentials Credential – is proof of identity Evaluation – process that assesses the
correctness of the association between credential and claimed identity for some purpose under some policy
What is Identity?
That which gives you access … which is largely determined by context We all have lots of identities Pseudo-identities
Really, determined by who is evaluating credential Driver’s License, Passport, SSN prove … Credit cards prove … Signature proves … Password proves … Voice proves …
Something you know … Passport number, mothers maiden name, last 4
digits of your social security, credit card number Passwords and pass-phrases
Note: passwords are generally pretty weak University of Michigan: 5% of passwords were goblue
(followed by: love, beer) Passwords used in more than one place Not just because bad ones selected: If you can remember it,
then a computer can guess it Computers can often guess very quickly
Something you have …
Tokens (transponders, …) Speedpass, EZ-pass
Smartcards
Digital Certificates (used by Websites to authenticate themselves to customers)
Something you are …
Biometrics Measures some physical characteristic Fingerprint, face recognition, retina scanners, voice, signature,
DNA Can be extremely accurate and fast Active biometrics authenticate, passive biometrics recognize
What is the fundamental problem? Revocation – lost fingerprint? Great for physical security, generally not feasible for on-line
systems
Encryption algorithm
Algorithm used to make content unreadable by all but the intended receivers
E(plaintext,key) = ciphertextD(ciphertext,key) = plaintext
Algorithm is public, key is private Block vs. Stream Ciphers
Block: input is fixed blocks of same length Stream: stream of input
Symmetric key cryptography
Traditional use of cryptography Symmetric keys, where A single key is used is
used for E and D
D( E(p,k1), k1 ) = p
All (intended) receivers have access to key Note: Management of keys determines who
has access encrypted data E.g., password encrypted email
Data Encryption Standard (DES) Introduced by the US NBS (now NIST) in 1972
Signaled the beginning of the modern area of cryptography
Block cipher Fixed sized input
8-byte input and a 8-byte key (56-bits+8 parity bits)
DES Top View
Permutation
Permutation
Swap
Round 1
Round 2
Round 16
Generate keysInitial Permutation
48-bit K1
48-bit K2
48-bit K16
Swap 32-bit halves
Final Permutation
64-bit Output
48-bit K164-bit Input56-bit Key
…...
Cryptanalysis of DES DES has an effective 56-bit key length
Wiener: 1,000,000$ - 3.5 hours (never built) July 17, 1998, the EFF DES Cracker, which was
built for less than $250,000 < 3 days January 19, 1999, Distributed.Net (w/EFF), 22
hours and 15 minutes (over many machines) We all assume that NSA and agencies like it
around the world can crack (recover key) DES in seconds
What now? Give up on DES? Try variants Triple DES etc.
Diffie-Hellman Key Exchange
g and p known to both
Alice Bob
pick secret Sa randomly pick secret Sb randomly
compute TA=gSa mod p compute TB=gSb mod p
send TA to Bob send TB to Alice
compute TBSa mod p compute TA
Sb mod p
Alice and Bob reached the same secret gSaSb mod p, which is then used as the shared key.
Diffie-Hellman Scheme Security factors
Discrete logarithm very difficult. Shared key (the secret) itself never
transmitted. Disadvantages:
Expensive exponential operation DoS possible.
The scheme itself cannot be used to encrypt anything – it is for secret key establishment.
No authentication, so you can not sign anything …
Bucket Brigade Attack...Man In The Middle AttackAlice Trudy Bob
gSa=123 gSx =654 gSb =255
123 --> 654 -->
<--654 <--255
654Sa=123Sx 255Sx=654Sb
Trudy plays Bob to Alice and Alice to Bob
Public Key Cryptography Public Key cryptography
Each key pair consists of a public and private component: k+ (public key), k- (private key)
D( E(p, k+), k- ) = p
D( E(p, k-), k+ ) = p Public keys are distributed (typically) through
public key certificates Anyone can communicate secretly with you if they
have your certificate E.g., SSL-base web commerce
RSA (Rivest, Shamir, Adelman)
A dominant public key algorithm The algorithm itself is conceptually simple Why it is secure is very deep (number thoery) Use properties of exponentiation modulo a product of
large primes "A method for obtaining Digital Signatures and
Public Key Cryptosystems“, Communications of the ACM, Feb., 1978 21(2) pages 120-126.
The symmetric/asymmetric key tradeoff Symmetric (shared) key systems
Efficient (Many MB/sec throughput) Difficult key management
Kerberos Key agreement protocols
Asymmetric (public) key systems Slow algorithms (so far …) Easy key management
PKI - public key infrastructures Webs of trust (PGP)
Hash Algorithms
Hash algorithm Compression of data into a hash value E.g., h(d) = parity(d) Such algorithms are generally useful in programs
… as used in cryptosystems One-way - (computationally) hard to invert h() , i.e.,
compute h-1(y), where y=h(d) Collision resistant hard to find two data x1 and x2 such
that h(x1) == h(x2) Q: What can you do with these constructs?
Message Digest 5 (MD5)
Initial 128-bit vector
512-bit message chunks (16 words)
128-bit result
Hashed Message Authentication Code HMAC
Authenticates/integrity for data d Uses some key k and hash algorithm h To simplify,
hmac(k,d) = h( k+d ) Why does this provide authenticity?
Can not produce hmac(k,d) unless you know k and d
If you could, then can invert h Used in protocols to authenticate content
Digital Signatures
Models physical signatures in digital world Association between private key and document … and indirectly identity and document. Asserts that document is authentic and non-reputable
To sign a document Given document d, private key k- Signature S(d) = E( k-, h(d) )
Validation Given document d, signature S(d), public key k+ Validate D(k+, S(d)) = H(d)
Q: Are Digital Signatures Legally binding?
Web security: the high bits The largest distributed system in existence
threats are as diverse as applications and users But need to be thought out carefully …
The stakeholders are … Consumers (users, businesses, agents, …) Providers (web-servers, IM services, …)
Another way of seeing web security is Securing the web infrastructure such that the integrity,
confidentiality, and availability of content and user information is maintained
Web Authentication
Authentication is a bi-directional process Client Server Mutual authentication
Several standard authentication tools Basic (client) Digest (server) Secure Socket Layer (server, mutual) Cookies (indirect, persistent)
Basic Authentication Problems Passwords easy to intercept Passwords easy to guess Passwords easy to share No server authentication
Easy to fool client into sending password to malicious server
One intercepted password gives eavesdropper access to many documents
Challenge and Response Challenge (“nonce”): any changing string
e.g. Random Number, Timestamp etc Response: challenge encrypted with hashed
password
Server-specific implementation options One-time nonces Time-stamped nonces Method authentication digests
Advantages of Digest over Basic Cleartext password never transmitted across
network Cleartext password never stored on server Replay attacks difficult Intercepted response only valid for a single URL Shared disadvantages
Vulnerable to man-in-the-middle attacks Document itself can be sniffed
What is a Digital Certificate?
A certificate … … makes an association between a user
identity/job/attribute and a private key … contains public key information {e,n} … has a validity period … is signed by some certificate authority (CA)
Issued by CA for some purpose Verisign is in the business of issuing certificates People trust Verisign to vet identity
What is a Public Key Infrastructure?
Rooted tree of CAs Cascading issuance
Any CA can issue cert Parent CAs issue certs
for child CAs
… … …
Root
CA1 CA2 CA3
CA11 CA12 CA21 CA22CA1n
Cert11a Cert11b Cert11c … … … …
Secure Socket LAYER
Used to authenticate servers Uses certificates, “root” CAs
Can authenticate clients Inclusive security protocol Security at the socket layer
Transport Layer SecurityTCP
IP
SSL
HTTP
SSL Operation
Phase 1: the SSL Handshake Establishes algorithms used throughout Authenticates parties Establishes master secret
Used to create other secrets1. Encryption Key (client-server)
2. Encryption Key (server- client)
3. Authentication Key (client-server)
4. Authentication Key (server-client)
Advantages of SSL
Confidential session Server authentication* GUI clues for users Built into every browser Easy to configure on the server Protocol has been analyzed like crazy Seems like you are getting security “for free”
Secure Electronic Transaction An open encryption and security
specification for credit card transaction on the Internet
Main requirements Confidentiality of payment and ordering
information Integrity of all transmitted data Authentication of cardholder Authentication of merchant
Basic Workflow
buyer
merchant
payment gateway
1 browse
2 order form
3 OI + PI
5 ship order
4 auth req
6 payment req
Network security: the high bits The network is …
… a collection of interconnected computers … with resources that must be protected … from unwanted inspection or modification … while maintaining adequate quality of service.
Another way of seeing network security is Securing the network infrastructure such that the
integrity, confidentiality, and availability of the resources is maintained.
Q: How do we do this?
Filtering: the threats
Adversary 1: some external
network entity attempting to gain access to internal resources
Adversary 2: some internal, but malicious entity (or software) trying to expose sensitive data
Adversary 3: some internal or external entity that is preventing access to internal resource (DOS)
What is a firewall?
• Device that provides secure connectivity between networks (internal/external; varying levels of trust)
• Used to implement and enforce a security policy for communication between networks
Trusted Networks
Untrusted Networks & ServersFirewall
Router
Internet
Intranet
DMZ Public Accessible Servers & Networks
Trusted Users
Untrusted Users
Firewall Policies Specifies what traffic is (not) allowed
Maps attributes to address and ports Example: HTTP should be allowed to any external host, but
inbound only to web-server
Source DestinationProtocol Flags Actions
Address PortAddress Port
* * 1.1.1.1 80 TCP SYN Accept
* * * 80 TCP Accept
* * * * TCP Deny
1.1.1.* * * 80 TCP SYN Accept
Packet Filters / Application Gateways Decisions made on a
per-packet basis No state information
saved Processing intensive Lower level monitoring
Relay for connections Client Proxy Server Recognizes application
protocol such as HTTP Can implement
authentication and access rules on per protocol basis
Communications Security
A host wants to establish a secure channel to remote hosts over an untrusted network Not Login – end-users may not even be aware that
protections in place Remote hosts may be internal or external
The protection service must … Authenticate the end-points (each other) Negotiate what security is necessary (and how) Establish a secure channel Process the traffic between the end points
IPsec (not IPSec!)
Host level protection service IP-layer security (below TCP/UDP) De-facto standard for host level security Developed by the IETF (over many years) Now available in most operating systems
E.g., Available in XP, OS X, Linux, BSD*, … Implements a wide range of protocols and cryptographic
algorithms Provides ….
Confidentiality, integrity, authenticity, replay protection, DOS protection
IPsec Protocol Suite
(IKE)(IKE)Internet KeyInternet Key
ExchangeExchange
(IKE)(IKE)Internet KeyInternet Key
ExchangeExchange
(AH)(AH)AuthenticationAuthentication
HeaderHeader
(AH)(AH)AuthenticationAuthentication
HeaderHeader
(ESP)(ESP)EncapsulatingEncapsulating
Security PayloadSecurity Payload
(ESP)(ESP)EncapsulatingEncapsulating
Security PayloadSecurity Payload
(SPS)(SPS)Security PolicySecurity Policy
SystemSystem
(SPS)(SPS)Security PolicySecurity Policy
SystemSystemManualManualManualManual
Policy/Configuration
ManagentKey Management Packet Processing
A B
Encrypted Tunnel
Gateway Gateway
New IP Header
AH or ESP Header
TCP DataOrig IP Header
Encrypted
Unencrypted Unencrypted
IPsec in Tunnel Mode
Network Isolation: VPNs
Idea: I want to create a collection of hosts which operate in a coordinated way E.g., a virtual security perimeter over physical network Hosts work as if they are isolated from malicious hosts
Solution: Virtual Private Networks Create virtual network topology over physical network Use communications security protocol suites to secure virtual
links “tunneling” Manage networks as if they are physically separate Hosts can route traffic to regular networks (split-tunneling)
Intrusion Detection System IDS systems claim to detect adversary when they
are in the act of attack Monitor operation Trigger mitigation technique on detection Monitor: Network, Host, or Application events
IDS systems really refer to three kinds of detection technologies Anomaly Detection Misuse Detection Intrusion Detection
QuickTime™ and a TIFF (Uncompressed) decompressor are needed to see this picture.
Anomaly Detection
Compares profile of normal systems operation to monitored state Hypothesis: any attack causes enough deviation from
profile (generally true?) Q: How do you derive normal operation?
AI: learn operational behavior from training data Constructive: construct profile from domain knowledge
Q: Will a profile from one environment be good for others?
ReadWrite Write Send Send
Read Write SendAttack Profile
Event Stream
Misuse Detection Profile signatures of known attacks
Monitor operational state for signature Hypothesis: attacks of the same kind has enough
similarity to distinguish from normal behavior Q: Where do these signatures come from?
Record: recorded progression of known attacks Comprise: domain knowledge AI: Learn by negative and positive feedback
Intrusion Detection
Monitor for illegal or inappropriate access or use of resources Reading, writing, or forwarding of data DOS Hypothesis: resources are not adequately protected by
infrastructure Often less effective at detecting attacks
Buttress existing infrastructure with checks Validating/debugging policy Detects inadvertent, often catastrophic, human errors
“rm -rf /” issue Q: Who is the intruder?
Denial of Service
Intentional prevention of access to valued resource CPU, memory, disk (system resources) DNS, print queues, NIS (services) Web server, database, media server
(applications) This is an attack on availability Note: launching DOS attacks is easy Note: preventing DOS attacks is hard
Mitagation the path most frequently traveled
Distributed denial of service
DDOS: Network oriented attacks aimed at preventing access to some network, host or service Saturate the target’s network with traffic Consume all network equipment resources Overload a service with requests
Use “expensive” requests (e.g., “sign this data”) Can be extremely costly (e.g, Amazon)
Result: service/host/network is unavailable Frequently distributed via other attack
Time to Think About Building Secure Software
Common mistakes Forget to make the software secure Adding security as an afterthought
Why these mistakes Security is boring Security gets in the way Security is difficult to measure Security is not the primary skill or interest of
designers and developers
Security Principles to Live By Establish a security process Define the product security goals Consider security as a product feature Learn from mistakes Use defense in depth Assume external systems are insecure
Security Design by Threat Modeling Use a taxonomy of threats, e.g., STRIDE:
Spoofing identity Tampering with data Repudiation Information disclosure Denial of service Elevation of privilege
Consider target, chance, criticality, attack techniques, mitigation techniques, etc.