security in networks (part 2) cpsc 363 computer networks ellen walker hiram college (includes...
TRANSCRIPT
Security in Networks (Part 2)
CPSC 363 Computer Networks
Ellen Walker
Hiram College
(Includes figures from Computer Networking by Kurose & Ross, © Addison Wesley 2002)
Trusted Intermediaries
• How do 2 entities establish shared keys?– Trusted key distribution center– Gives appropriate one-time session key to each entity when
a conversation is established– No entity knows another’s secret key (except for a specific
conversation)
• How do I know the public key Alice sent me is really Alice’s public key?– Trusted Certification Authority keeps list of all public keys;
issues certificates with ID & public key (encrypted with CA’s private key, so nonforgeable)
Key Distribution Center
Aliceknows
R1
Bob knows to use R1 to communicate with Alice
Alice and Bob communicate: using R1 as session key for shared symmetric
encryption
KDC generate
s R1
KB-KDC(A,R1)
KA-KDC(A,B)
KA-KDC(R1, KB-KDC(A,R1) )
Certification Authority
• Binds key to entity E (host or router)• Generates digitally-signed certificate after
receiving appropriate proof of identity and payment
Bob’s public
key K B+
Bob’s identifying informatio
n
digitalsignature(encrypt)
CA private
key K CA-
K B+
certificate for Bob’s public
key, signed by CA
Firewall• Analogy: brick wall between apartments to
contain a fire• In networking, isolates internal net from larger
Internet, hopefully containing attacks
administerednetwork
publicInternet
firewall
What Can Firewall Prevent?
• Denial of service attacks– SYN flooding establishes bogus TCP connections,
preventing “real users” from establishing them
• Illegal access / modification of internal data• Access by unauthorized users/hosts
Types of Firewall
• Packet sniffing– Each packet examined and allowed to pass (or
not) based on a set of rules
• Application level– All messages for a given application pass through
a “gateway”– Information such as username available at
application level, but not packet
Packet Filtering Rules
• Packets can be determined to pass or not based on:– Source, Destination IP address– TCP / UDP source & destination port numbers– ICMP message type– TCP SYN and ACK bits
• E.g. TCP ACK=0 is new message originating from outside
• Ordering of rules is important (and can get complex) - see Table 8.5
Application Gateway
• Filters packets on application data (e.g. user) – E.g. only certain users can telnet
host-to-gatewaytelnet session
gateway-to-remote host telnet session
applicationgateway
router and filter
– Telnet connections through gateway allowed (authentication at gateway)
– All other (direct) telnet connections blocked
Limitations of Firewalls and Gateways
• IP spoofing - fake “return address” to get through
• Client needs to know how to access application gateway (e.g. proxy server address configured in browser)
• Tradeoff: more communication vs. more risk• Even highly protected sites suffer attacks• ‘Arms race’ mentality (hacker vs. netadmins)
Attacks
• Mapping– Ping, port sniffing, etc.
• Packet Sniffing– Interfaces in “promiscuous mode” look at every
packet
• Spoofing– “From” IP does not match IP of device
• Denial of service & Hijacking (next slides)
Countermeasures
• Mapping– Record & analyze traffic, react to suspicious patterns (e.g.
update firewall rules)
• Packet Sniffing– Watch for hosts in promiscuous mode– Avoid broadcast media (e.g. use switch, not hub)
• Spoofing– Stop bogus packet at outgoing router (if not from that
network) but we can’t control everyone else’s router
• Denial of service & Hijacking (next slides)
Denial of Service Attacks
• SYN flooding– Starts the TCP handshake, but does not complete– Server allocates data structures for “partial
connections” until space runs out
• SMURF attack– Convince many innocent hosts to send ICMP
packets (traceroute) back to attacked host
• DDoS (Distributed Denial of Service)– Many hosts act as “slaves” for the attacker due to
prior compromise
Denial of Service Countermeasures
• Filter out flooded packets at firewall (loss of good packets, too)
• Traceback to source of floods– Probably an innocent machine that has been
compromised!
Hijacking Attack
• Bob is connected to Alice, Trudy listening in– Trudy gets seq num, ack num, etc from packets
• Trudy eliminates Alice’s host– DoS attack, e.g.
• Trudy continues the conversation– Spoof’s Alice’s host– All header info is correct– Data can be whatever Trudy wants!
Hijacking Countermeasures
• Application level– Authentication protocols– Encryption– Trusted intermediaries– Digital signatures
• Packet level– Encryption of broadcast media (e.g. wireless)– Protect physical media from tapping
Security Across Layers
• Application Layer– Secure e-mail
• Transport Layer– Secure sockets layer (SSL)– Transport Layer security (TLS)
• Network Layer– IPsec (IP security)
• Authentication Header Protocol (AH)• Encapsulation Security Payload Protocol (ESP)
• Data Link Layer– Wired Equivalence Privacy (WEP) on 802.11
What Security Provides (review)
• Confidentiality• Message integrity• Authentication
– Sender– Receiver
Secure Email: Confidentiality
• Encryption options– Private key (key exchange problem)– Public key (inefficient for long email)
• Best of both worlds– Alice chooses “random” session key– Alice encrypts message using session key– Alice encrypts session key using Bob’s public key
• Recipient authentication as well as confidentiality (why?)
Confidential Email
KS( ).
KB( ).+
+ -
KS(m
)
KB(KS )+
m
KS
KS
KB+
Internet
KS( ).
KB( ).-
KB-
KS
mKS(m
)
KB(KS )+
Ks = session key, Kb+ and Kb- are Bob’s public and private keys
Secure Email: Message Integrity
• Use a hash function to compress the message: H(m)
• Encrypt the hash using Alice’s private key (KA- (H(m))– This is the signature
• Send m + (KA- (H(m)) together• Bob computes H(m), compares to KA+(Alice’s sig)
– If they’re equal, message is valid
• Also provides sender authentication (why?)
Pretty Good Privacy
• Provides all 4 aspects of security– Note 3 keys!
H( ). KA( ).-
+
KA(H(m))-
m
KA-
m
KS( ).
KB( ).+
+
KB(KS )+
KS
KB+
Internet
KS
Security for Internet Commerce
• Protect consumer from having credit card info stolen “in transit”
• Protect consumer from providing credit card (etc) information to “spoofed site”
Secure Sockets Layer
• Data Encryption and Authentication• Handshake
– Negotiate encryption algorithm and session keys– Authenticate server to the client
• Transaction– All data is encrypted using negotiated algorithm
and session keys
How It Works (Almost-SSL)
• Client & Server exchange TCP handshake– SYN, SYN+ACK, ACK
• Client establishes server’s identity– SSL hello, certificate
• “Master Secret” (to generate keys) exchanged– Client creates MS, sends K+(MS) – K+ is public key from certificate
How It Works (Almost SSL)
• From MS, we generate 4 keys– Eb = session encryption key for Bob->Alice– Mb = session MAC key for Bob->Alice– Ea, Ma from Alice->Bob
• Encryption keys encrypt data• MAC keys verify data integrity
– Record data + M key are hashed & encrypted with E key.
– Recipient decrypts and checks
Real SSL adds…
• Negotiate & agree on cryptographic algorithms
• Nonces sent during handshake– Used in creation of MS for E and M session keys
• MAC of handshakes sent both ways at end (to protect the handshake itself)
SSL Not Just for Web
• “Secure Sockets” can be used by other applications– ssh (secure telnet)– scp (secure file transfer)– IMAP (secure email)
• Application -> SSL -> TCP (& vice versa)
SSL Authentication
• Browser has list of trusted Certification Authorities & their public keys
• Browser obtains certificate with server’s public key (digitally signed by CA)
• Server also has access to client certificates from CA– Client authentication is optional
SSL Confidentiality
• All data is encrypted using info determined during handshake (authentication is included, too):– Browser sends its SSL version # and preferences– Server sends its SSL version #, preferences, and certificate
(contains public key, signed by CA)– Browser checks validity of certificate– Browser generates session key, encrypts with server’s
public key & sends– Browser sends encrypted “handshake done” message– Server sends encrypted “handshake done” message
IP Security (IPSec)
• Confidentiality – Message contents are encrypted– TCP / UDP headers are encrypted too
• This protects control and management messages as well as data
• Source Authentication– IP cannot be spoofed– Based on signature
IPSec Protocols
• Authentication Header Protocol (AH)– Source authentication – Data integrity
• Encapsulation Security Protocol (ESP)– Surce Authentication– Data Integrity– Confidentiality
• Both are based on Security Association– Logical connection established by handshake– Security protocol ID , source IP and Security Parameter
Index (SPI) = unique 32-bit connection ID
IEEE 802.11 (WiFi) Security
• “War Driving” - drive around a city, see what open networks are available– Generally find many unprotected networks
available from the street
• Securing 802.11– WEP (failed)– 802.11i (improved, ratified June 2004)
Wireless Equivalent Privacy
• Based on symmetric key (no key exchange protocol specified)– Request connection, receive nonce, encrypt nonce, if correct,
connection accepted
• Encryption based on symmetric key plus Initialization Vector (IV) and XOR
• Algorithm, RC4, changes IV (in a pattern) for every transmission, and transmits
• Problems– Not enough unique IV’s (only a few seconds’ worth)– IV transmitted in plaintext!– If Trudy knows content and sees encrypted files, keys can be
extracted.
IEEE 802.11i - Four phasesAP: access point AS:
Authentication server
wirednetwork
STA:client station
1 Discovery ofsecurity capabilities
3
STA and AS mutually authenticate, togethergenerate Master Key (MK). AP servers as “pass through”
2
3 STA derivesPairwise Master
Key (PMK)
AS derivessame PMK, sends to AP
4 STA, AP use PMK to derive Temporal Key (TK) used for message
encryption, integrity
Advantages of 802.11i
• Explicit key distribution protocol, using concept of “trusted host”, in this case the authentication server
• Multiple available forms of encryption, including AES based encryption and other stronger than WEP
• Separates authentication server from Access Point (centralizing important decisions)