View
214
Download
0
Tags:
Embed Size (px)
Citation preview
NETWORK
Authors
Hari Thiruvengada
Varun Lalchandani
SECURITY...
Contents
• Introduction.
• Encryption and Protocols.
• Kerberos.
• Network Security Issues and Protocols.
• Intrusion Detection
• Web Security.
• Digital Identification Techniques.
• Cryptography and web Security.
• Firewalls.
• References.
Security and its breaches…
Security • a system is secure if it is
– Security goals are achieved.
– Components behaves as expected on it.
Breaches• Interruption - System asset lost , unavailable or unusable.
• Interception - Unauthorized party gains access to asset.
• Modification - Tampering with the asset.
• Fabrication - counterfeit objects on computing system.
Security Goals and Vulnerabilities
Security Goals• Confidentiality - assets of a computing system
accessible only by authorized user.Read only type of access like viewing, printing helps in privacy.
• Integrity - modification only by authorized parties.
Precise, accurate, consistent assets.
• Availability - assets are accessible to authorized parties.Timely response, fair allocation, fault tolerance, usability, controlled concurrency. (Denial of service attacks.)
The people involved…
• Amateurs - fresh players of the game , disgruntled over a -ve work situation.
• Crackers - breaking into unauthorized territory without malicious intent.
• Hackers - breaking into unauthorized territory with malicious intent.
• Career Criminals - people in the game for money and have predefined targets.
Basic Encryption and Decryption
• Encryption - process of encoding a message so that its meaning is not obvious.
• Decryption - process of decoding the encrypted message.
• Cryptography - Hidden writing, which conceals meaningful text.
• Cryptanalyst - studies encryption and finds hidden messages.
• Cryptanalysis – attempt to break a single message.– Recognize patterns in encrypted messages to break into subproblems
by straightforward decryption algorithm.– Find weakness in encryption algorithms.
Contd…
Encryption with Keys
EncryptionEncryption DecryptionDecryptionPlain Text Cipher Text Original Text
Encryption Key (Ke)
(Asymmetric Cryptosystem)
Decryption Key (Kd)
Encryption with Keys
EncryptionEncryption DecryptionDecryptionPlain Text Cipher Text Original Text
Key
(Symmetric Cryptosystem)
EncryptionEncryption DecryptionDecryptionPlain Text Cipher Text Original Text
Encryption
Encryption• Substitutions - one letter x-changed for other.
– Monoalphabetic Ciphers.• Caesar Cipher
Example: Plaintext:ABCDEFGHIJKLMNOPQRSTUVWXYZ
Cipher :DEFGHIJKLMNOPQRSTUVWXYZABC
– Polyalphabetic Ciphers.
• Frequency distribution reflects the underlying letters. Table for Odd Positions
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A D G J M P S V Y B E H K N Q T W Z C F I L O R U XA D G J M P S V Y B E H K N Q T W Z C F I L O R U X
Table for Even Positions
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z N S X C H M R W B G L Q V A F K P U Z E J O T Y D IN S X C H M R W B G L Q V A F K P U Z E J O T Y D I
Contd…
Example:
F1(x) = (3 * x)mod 26.
F2(x) = ((5 * x) +13) mod 26.
Encryption for :
TREAT YIMPO SSIBL E
would be
FUMNF DYVTF CZYSH H
Contd…• Transposition - letters of message rearranged.
– GOAL - Diffusion
Example:
C1 C2 C3 C4 C5
C6 C7 C8 C9 C10
C11 C12 etc.
The resulting cipher text will be
C1 C2 C3 C4 C5
C6 C7 C8 C9 C10
C11 C12 etc.
Encryption Protocols…
ArbiterAA
BB
Arbitrated Protocol
Adjudicated Protocol
Self-Enforcing Protocol
AA
AA
BB
BB Adjudicator
You are cheating
A acted fairly
Symmetric Key X-change W/out Server
• Small no. of messages.
• Less risk of intrusion.
• Each user have a copy of symmetric secret encryption key K.
• For greater security one can generate a fresh key called KNEW.
• Send E(KNEW,K).
Symmetric Key X-change With Server
DISTRIBUTION CENTER(DC)
Renee Pablo
1.Give me a key
(P, R, Ip )
2.Here is the key and E(Ip ,R,KPR,,E((KPR ,P), KR)), KP)
3. DC gave me key for Private Communication
E((KPR ,P), KR )
2. E((KPR ,P), KR )
Asymmetric Key X-change W/out Server
1. EP(DR (K))
Renee sends new key
2. S (n,K)
Pablo sends encrypted random number
3. S (n+1,K)
Renee returns successor of Random Number
ReneePablo
Asymmetric Key X-change With Server
DISTRIBUTION CENTER(DC)
Renee Pablo
1.Give me a Renee’s key (P,R)
2.Here is the Renee’s
Key (DD(ER,R))
3. I’ am Pablo, let’s Talk. ER(P, IP)
6. Renee here , What’s up ? EP(R, IR )
7. Reply with ER(M, IR)
5. Here’s Pablo’s
Key (DD(EP ,P))
4. Please give me Pablo’s public key (R ,P)
Authentication in Distributed Systems
• Kerberos
UserUserUU
Kerberos Kerberos ServerServer
Ticket Granting Ticket Granting ServerServer
1. U’s Identity
Session keySG
Ticket TG
2. Encrypted under Password
Session key SG
2. Encrypted underKS-TGS Key
Initiating a Kerberos Session
Contd..
Obtaining a ticket to access a file
UserUserUU
Ticket Granting Ticket Granting ServerServer
1. Request to AccessFile F
2.Encrypted under TGS - F Key + SF
Ticket to File Serverto access File F + SF
How Kerberos withstand Attacks?
• No passwords communicated on Network.
• Cryptographic protection.
• Limited period of validity.
• Mutual authentication.
Why Kerberos is not the perfect Answer?
• Kerberos requires the availability of continuous trusted
“Ticket Granting Server ”.
• Trusted relationship required between TGS and every server.
• Requires timely transactions.
• Subverted workstation can save and later replay user
passwords.
• Password guessing works.
• Does not scale well.
NETWORK SECURITY ISSUES
• Sharing.
• Complexity of system.
• Unknown Perimeter.
• Many points of attack.
• Anonymity.
• Unknown path.
Threats
• Wiretapping.
• Impersonation.
• Message Confidentiality Violations.
• Message Integrity Violations.
• Hacking.
• Code Integrity Violation.
• Denial of Service.
Wire tapping
AA
BB
CC
Packet Sniffer
Inductance
Microwave link
Network Security Protocols
• Link Encryption.
Message encryptedMessage encrypted Message in plain text.Message in plain text.
sendersender ReceiverReceiver
Intermediate RouterIntermediate Router
ProtocolProtocol
LayersLayers
Contd...
• End to End Encryption.
Message encryptedMessage encrypted Message in plain text.Message in plain text.
sendersender ReceiverReceiver
Intermediate RouterIntermediate Router
ProtocolProtocol
LayersLayers
Comparisons
1.Message X-posed in sending host / intermediate routers.2.Applied by sending host.3.Invisible to user process.4.Host maintains encryption.5.can be done in H/w.6.All / No message encrypted.7.One key per host pair.
1.Message encrypted in sending host / intermediate routers.2.Applied by sending process.3.User selects algorithm.4.User selects encryption.5.S/w implementation.6.User chooses to Encrypt / Not.7.One key per user pair.
Link Encryption End to End Encryption
Intrusion Detection• Intrusion - set of actions attempts to compromise
integrity,confidentiality or availability of resources.
• IDS based on Data source-host based : audit data from single host.-multi host based : audit data from multiple host.-network based : network traffic data along with audit
data from one or many host.
• IDS based on Model of Intrusion.-Misuse detection system: look for the exploitations of
known weak points.
-Anomaly Detection System: detect changes in the pattern of utilization or behavior of system.
Desirable Characteristic of ID
• Must run continually.• Must be fault tolerant.• Must resist subversion.• Must impose minimal overhead.• Must be able to adapt changes in the behavior of user
and system.• Must be scalable.• Must provide graceful degradation.• Must allow dynamic reconfiguration.
Limitations of Existing ID
• Central Analyzer is single point of failure.
• Scalability is limited.
• Difficult to add capability or reconfigure.
• Analysis of Network data can be flawed.
Intrusion Types
• Attempted Break-in.
• Masquerade attack.
• Penetration of security control system.
• Leakage.
• Denial of service.
• Malicious use.
ARCHITECTURE TO GENERATE THE STD. FORMAT
LOG FILTERLOG GENERATOR
LOG GENERATOR LOG FILTER
LO
G P
RO
CE
SS
OR
AN
AL
YIS
EN
GIN
E
STANDARD AUDIT TRAIL FORMAT
• Must satisfy two basic properties:Extensibility: Neither the names nor the number of fields of
the log record are fixed.
Portability : The log can be processed on any system.
• SUMMARY OF THE STD. LOG FORMAT #S# start log record. #Fc# change field separator to c.#E# end log record. #Cc# change nonprinting delimiter to c.
#N# next log record. #I# ignore next field.
# default field sep. \ default nonprinting delimiter.
The standard log contains fields.
Each field is associated with an attribute.
SunOS MLS Logs
• A simplified example of a SunOS MLS log record is given as:
header, 120, AUE_UNLINK, Wed Sep 18 11:35:28 1999, +57000ms
process, bishop, root, root, daemon, 1234,
label, confidential, nuclear, crypto
pathname, /, / usr / holly,…/ matt / tmp / junkfile
return, Error 0, 5trailer, 120
• Put into the standard log format , this looks like:#S#event=AUE_UNLINK#date=09181999@113528#usedtime=57000#I##logid=bishop#ruid=root#euid=root#rgid=daeon#procid=1234#I##seclevel=confidential#class=nuclear#class=crypto#I##rootdr=/#cwd=/usr/holly#pathname=../matt/tmp/junkfile#I##errno=0#retval=5#E#
Typical Anomaly Detection System
Audit Data System Profile
statistically
deviant
Update profile
Generates new profile
Attack State
Anomaly ID(Statistical Approach)
• Let S1, S2, S3 … Sn, represent abnormality values of profile
measures M1, M2, M3 … Mn respectively.
• Higher value of Si indicates greater abnormality.
• A combining function of individual S values will be,
a1S12 + a2S2
2 + a3S32 + … + anSn
2 , a i > 0.
Pros and Cons of Anomaly ID.
• Statistical techniques have applicability here.
• Statistical patterns could be used to capture patterns unique to the
user.
Types of Measure.
• Activity Intensity Measure – measures the rate at which activity is progressing. E.g. no. of audit
records processed per minute.
• Audit record distribution measure – measures the all activity types in recent audit records.E.g. I/O
activities.
• Categorical Measure – measures the distribution of particular activity over categories. E.g.
relative frequency of logins,relative usage of compiler, shells,editor etc.
• Ordinal Measure – measure activity whose output is in numeric value. E.g. CPU usage.
Typical Misuse Detection System
Audit Data System ProfileSystem ProfileAttack
stateRulematch
Modify existing rule
Add new ruleTiming Info
Misuse ID• Detection of intrusions by precisely defining them well ahead of
time and watching for their occurrence.• Intrusion signatures are sequence of events and conditions that
lead to a break-in.• Abstract high quality patterns from attack scenarios.• Should be simple enough to keep the matching tractable and
should be compared.• If pattern matches then issue an alarm warning.
Pros and Cons of Misuse ID
• Looks only for known vulnerabilities, comparison is finite.• Little use to detect little known future intrusion patterns.
Continues…
Model based Intrusion DetectionA Pattern Matching approach
• Consider an initial set of 100 measures as potentially relevant to predicting intrusions.
• Resultant is a set of 2100 possible measures.• Appropriate set of measures depend on the types of measures being
detected, so highly intractable to search this large space X - haustively.
• A Learning Classifier Scheme generates initial set of measures.• Refined using “Rule Evaluation” techniques like mutation and
crossover.• Highly predictable sets of intrusions are combined and then
searched, while lower predictable ones are weeded out.
… Continued
• Combined Belief in I is
P ( I | A1, A2... An) = P (A1, A2... An | I ) x P ( I )
P(A1, A2... An )
• Each Ai depends only on I and is independent of the other measures of Ai , j = i, then
P (A1, A2... An | I ) = P(Ai | I )
P (A1, A2... An | ~I ) = P(Ai | ~I ) , and then
P ( I | A1, A2... An) P( I ) x P(Ai | I )
P ( ~I | A1, A2... An) P(~ I ) x P(Ai |~ I )
n
i=1n
i=1n
i=1n
i=1
Inference
• Determine odds of an intrusion given,– Values of various anomaly measure from the
prior odds of intrusion,
likelihood of each measure being anomalous is presence of INTRUSION !!
A Trivial Bayesian Belief Network modeling Network Intrusion activity
INTRUSION
DISK I/O
Too many users
Fragmentation
Trashing
Newly available program on
the net
Net I/OCPU
Too many CPU Intensive
jobsToo many Disk Intensive
jobs
Conditional Probability
• If we wish to detect P( Intrusion | Event Pattern)
By Baye’s Law,
P( Intrusion | Event Pattern) = P(Event Pattern | Intrusion ) x P(Intrusion)
P(Event Pattern)
P(Event Sequence) = (P( ES | I ) P( ES | ~I)) x P( I ) + P( ES | ~I)
where,
ES - Event Sequence,
I - Intrusion.
Web Security...
• IN A NUTSHELL– A set of procedures, practices, and technology to protect web
severs,web users and the surrounding Organizations.
– Internet is a two way network.
– Used by everybody.
– Potential security flaws exist.
– If subverted can be used by bad guys for malicious operations.
– Unsophisticated users are the major population.
– More expensive and time-consuming.
Why worry about web security ?
• Publicity - successful attack is a public event.
• Commerce - Money is involved as transactions.
• Proprietary Info - used to distributed information to
internal members and external partners. • Network Access - used by people both inside and
outside an organization.
• Others - like server X-tensibility, Browser X-tensibility, disruption of service, complicated support, etc.,
The Web Security Problem...
• Securing information in transit.– Digital Identification Techniques– Cryptography and Web security
• Securing the Web Server.– Host and site security. (Firewalls)
Digital Identification Techniques
• Digital Signatures,– a protocol that produces the same effect as real
signature.
– Only the sender can mark it.
– Easily identifiable by others as one from the sender.
– Used to confirm agreement to a message.
– Similar to biometrics such as image of a person’s face , fingerprints, Hand shape and size, DNA patterns, Voice prints, pattern of blood vessels in Retina, etc.
Contd..
Digital Signatures must be– Authentic : Person B receives the pair [M, S(A,M)]
from A, B can check if it came from A, and also this is firmly attached to M.
– Unforgeable: Person A signs message M with sign S(A, M) , it is impossible for others to produce a pair S[M, S(A,M)].
AuthenticationProtects B
UnforgeableProtects A
BBAA
CC
Impostor ADigital Signature
Symmetric Key Digital Signatureswith Arbiter
– Private key encryption system guarantees authenticity of message as well as its secrecy.
KR
SS MKs M
MKs M
Sender
1. S sends sealed M to Arbiter ArbiterArbiter retrieves Plain text M from S
Recipient 3. Arbiter seals [S’s sealed M, identity of S,and copy of plain text M and sends all to R]
Symmetric Key Digital Signature with Arbiter
Asymmetric Key Digital Signature
SS RRMM
For authenticity,
unforgeability
D:KSDecrypts M
Saves a copy to answer future disputes.
MM
D:KS
E(D(M, KS), KR)
Certification Authorities(CA’s)
– An organization that issues public key certificates(Digital Signature).
– Certificates are synonymous to cryptographically signed index cards.
– Signed by certification authority’s own private keys, contains name of the person, person’s public key, a serial number, and other info.,
– Example: verisign corp.
Types of CA• Internal CA
– can operate to certify its own employees– used to control access to internal resources
• Outsourced Employee and Customer CA– leases trusted outsiders to certify employees and
potential customers respectively.
• Trusted Third Party CA– no prior relationship can establish and engage in
legal transactions and business.
Different kinds of certificates
• Certification authorities Certificates– contain public key of CAs and name of service
– this can in turn be signed by other certification authorities.
• Server Certificates– contain public key of SSL server,
– name of the organization running the server, Internet hostname, server’s public key.
Contd...
• Personal Certificates– contains individual’s name and public key.
– other information is also allowed.
• Software Publisher Certificates– certificates used to sign the distributed software.
Cryptography and Web Security• Functions,
– Confidentiality, • Encryption is used to scramble the message.
– Authentication, • Digital Signatures are used for verification.
– Integrity,• methods used to verify whether the message has been
modified on transit.
• Digital Signed message codes are used.
– Nonrepudiation• author of a message can’t deny sending a message.
What cryptography can’t do ?
• Protect unencrypted documents.
• Protect against stolen encryption keys.
• Against denial-of-service attacks.
• Against the record of a note that a message was sent.
• Against a traitor or a mistake.
Working Encryption Systems
• Programs– PGP(Pretty Good Privacy).– S/MIME.
• Protocols– SSL(Secure Socket Layer).– PCT(Private Communications Technology).– S-HTTP(Secure HTTP).– Cybercash.
Contd…
– SET(used in web shopping).• “Electronic Wallet” with User.
• Server that runs on Merchant’s web site.
• SET payment server runs in merchant’s bank.
– DNSSEC(Domain Name System Security).– IPSec and IPv6.
• IPsec works with IPv4 and standard version used today works for IPv6 and includes IPsec.
– Kerberos.
Network Layer Security Protocol(IPsec)
• IP Security protocol - a suite of protocols that provides security at the network layer.
• Network layer must provide – Secrecy - hide message from any third party that is "wire tapping" the
network.– Source authentication -IP datagram with a particular IP source address, it
might authenticate the source.• there are two principal protocols:
– the Authentication Header (AH) protocol.
provides source authentication and data integrity but not secrecy.– the Encapsulation Security Payload (ESP) protocol.
provides data integrity and secrecy.
Security Agreement (SA) - the source and network hosts handshake and create a network layer logical connection
Authentication Header Protocol (AH)
• SA is set up • source can send secured datagrams, that include the AH header.• Value of 51 in IP header means a AH Header has been included.
• AH Headers have the following fields, – Next Header field, same as the protocol field for an ordinary datagram.– Security Parameter Index (SPI) field, an arbitrary 32-bit value that, in combination with the destination
IP address and the security protocol, uniquely identifies the SA for the datagram. – Sequence Number field, a 32-bit field containing a sequence number– Authentication Data field, a variable-length field containing signed message digest (i.e., a digital
signature) for this packet.
Encapsulation Security Payload Protocol (ESP)
• SA is set up.
• source can send secured datagrams, that include the AH header.
• a secured datagram is created by surrounding the original IP datagram data with header and trailer fields,
• value 50 is used to indicate that the datagram includes an ESP header and trailer.
• ESP header consists of a 32-bit field for the SPI and 32-bit field for the sequence number, which have exactly the same role as in the AH protocol.
• trailer includes the Next Header field.
What is SSL ?• Exists between raw TCP/IP and Application Layer.• Features added to streams by SSL
– Authentication and Nonrepudiation of Server, using Digital Signatures.– Authentication and Nonrepudiation of Client, using Digital Signatures.– Data confidentiality through Encryption.– Data Integrity through the use of message authentication codes.
• Functions– Separation of duties.– Efficiency. – Certification - based authentication– Protocol Agnostic.
• Transport Layer Security is being tried out.
Secure Web Server
• Implements cryptographic protocols.• Safeguard any personal info received or collected.• Resistant to a determined attack over the I-net.
Bad GuysBad Guys
Bad GuysBad Guys
Bad GuysBad Guys
SERVER ACTIVE AND PROVIDES SERVICES TO AUTHORIZED PERSONEL
SECURE WEB SERVER
ATTACK ATTACK
ATTACK
Web server Security• Host Security
– Security of the computer on which web server is running.
• Problems are due to– Security not viewed as a fundamental part of system setup and design.– Transmitting plain text and reusable password over networks.– Failure to obtain software to monitor bugs.– Failure to use security tools.– Lack of adequate Logging.– Lack of adequate backup procedures.– Lack of adequate System and network monitoring.– Failure to track security developments and take preventive action.
Firewalls
• Process that filters all traffic between a protected or “inside ” network and a less trustworthy or an “outside”
network. • Special form reference monitor.
• That which is not expressly forbidden is permitted.
• That which is expressly forbidden is not permitted.
• Challenge of protecting a network with a firewall is determining the security policy that meets the need of the installation.
Types of Firewalls• Screening Router.
Address192.19.33.0
Address144.27.5.3
Address100.24.4.0
Allow in only A.Allow out only B , C.
AA
BB
CC
Contd …
• Route Screening outside Addresses
ScreeningRouter
Subnet 100.50.25.x
100.50.25.1 100.50.25.2
100.50.25.x100.50.25.3
Contd … • Proxy Gateway
– Two headed piece of software.
– runs pseudo applications.
Local Area Network
Remote Access
WWW Access
Logging
Remote File Fetches
Address
Contd … • Guard
– sophisticated proxy firewall.– Receives PDU’s interprets them passes the through same or different PDU’s.
ScreeningRouter
ProxyFirewall
Address
Comparisons of Firewall types
Screening Router1.Simplest.2.Sees only address and service protocol type.3.Auditing difficult.4.Screens based on connection rules.5.Complex addressing rules can make configuration tricky.
Proxy Gateway1.Somewhat complex.2.Sees full text of communication.3.Can audit activity.4.Screens based on behavior of proxies.5.Simple proxies can substitute for complex addressing rules
Guard1.Most Complex.2.Sees full text of communication.3.Can audit activity.4.Screens based on interpretation of message content.5.Complex guard functionality can limit assurance.
Encrypting Gateway(Virtual Private Network)
• Internal encryption between offices for further protection.
Address
CryptographicServer
100.24.4.5
ProxyGateway
100.24.4.0
192.19.33.0
144.27.5.3
Conclusions
• Risks are involved in Computing.
• Various techniques Encryption, Digital Signatures, Firewalls, etc can be used to provide security.
• Web security is not a “Win” or “Loose” there is just a degree to which it can be realized.
• No Solution is a complete solution !!!
References• Papers
– “Model based Intrusion Detection” - Dorothy E Denning.– “Goal Oriented Auditing and Editing” - M.. Bishop.– “An Introduction to Intrusion Detection” - Aurobindo Sundaram.– “An application of Pattern Matching in Intrusion detection” - Sandeep Kumar and Eugene H Spafford.
• White Papers– “CERT Advisory CA-2000-02 Malicious Tags Embedded in Client Web Requests.”
• Books– “Security in Computing” - Charles P. Pfleeger.– “web Security and Commerce” - Simson Garfinkel and Gene Spafford.
• Websites– http://www.crypto.com/papers/– http://www.awl.com/cseng/titles/0-201-63489-9/url_list.html– http://www.datafellows.com/products/white-papers/– http://www.cerias.purdue.edu/coast/coast-library.html– http://www-net.cs.umass.edu/kurose/security/IPsec.htm– http://www.ietf.org/html.charters/tls-charter.html– http://www.counterpane.com
Questions and Comments ???