Embed Size (px)
Citation preview
Network Security
V.T. Raja and James Coakley Oregon State University
Outline
• Introduction– Imperative need for secure communication
• Increasing # of security incidences• Cost of downtime• Customer privacy/satisfaction etc.
• Characteristics of a secure communication• Cryptography
Imperative Need for Secure CommunicationReported Security Incidents up to 1995
Source: CERT.ORGSlide provided by guest speaker Kris Rosenberg
Reported Security Incidents 1995 – 2003 Source: http://www.cert.org/present/cert-overview-trends/module-1.pdf
Slide provided by guest speaker Kris Rosenberg
What does CERT do?
Imperative Need for Secure CommunicationCost of downtime
Slide provided by guest speaker Kris Rosenberg
General example for today’s lecture
• Assume Bob and Alice are illicit lovers.
• Assume Trudy is Bob’s spouse
• Alice and Bob could represent:– a client and a server– 2 servers– 2 routers– 2 business partners in a B2B transaction– a bank and a customer
Secure Communication
• Characteristics of a secure communication– Confidentiality– Authentication– Message Integrity and non-repudiation– Availability and Access Control
Confidentiality
• Alice wants the following to be confidential:– The fact that she is communicating with Bob– Timing of communication– Frequency of communication
• Only Alice and Bob should be able to understand the contents of the transmitted message; Should not be understood by eavesdropper (Trudy).
Confidentiality Relies On Cryptography
• Confidentiality often relies on cryptographic techniques for encrypting/ decrypting data using one or more keys to encrypt/decrypt data
• We will learn some basics about cryptography in today’s lecture
Authentication
• Both sender and receiver should be able to confirm identity of other party involved in communication– Confirm that the other party is indeed
who/what they claim to be
• Authentication relies on authentication techniques, several of which rely on cryptographic techniques
Message Integrity and Non-Repudiation
• Content of communication is not altered maliciously or by accident
• Message integrity also relies on cryptographic techniques
• Non-repudiation = not denying what was communicated
Availability
• Can communication occur in first place?
Hackers preventing infrastructure from being used by legitimate users – e.g., viruses, DoS attacks
• Detect breaches and respond to attacks
Access Control
• Entities allowed to gain access to resources only if they have the appropriate access rights (e.g., login ID, passwords, biometric devices)
• Facilitated by firewalls, which provide access control based on a per-packet basis, and on a per-service basis.
• Provide a degree of isolation and protection from those outside of one’s network
Network Security – Part 2 Cryptography
• Symmetric Key Cryptography
• Public Key Cryptography
Symmetric Key Cryptography
• Symmetric Key Cryptography– Caesar Cipher– Monoalphabetic Cipher– Polyalphabetic Cipher– Data Encryption Standard (DES)– Triple DES (3DES)– Advanced Encryption Standard (AES)
• Trusted Intermediaries for symmetric key distribution– Key Distribution Center (KDC)– Kerberos
Basic Terminology
• Plain Text – Original data – not disguised
• Cipher (Encrypted) Text– Disguised data – looks unintelligible to intruder– Data disguised using encryption algorithm
• Key– A string of #s or characters used as input to
encryption algorithm to disguise plain text– Symmetric Key: Alice and Bob use same key to
encrypt and decrypt text
Symmetric Key Cryptography
• Caesar Cipher– Each letter in plaintext is substituted with letter that is
K letters later– Wrap around is allowed (i.e., z followed by letter a)– If K = 3, a in plaintext becomes d in cipher text
b in plaintext becomes e in cipher text– Example: Decrypt the following using a Caesar
Cipher of K =3; Assume ‘wrap around’ is allowed. “ere, l oryh brx. Dolfh”
Once it is known that Caesar cipher is being used, it is easy to break the code (only 25 possible key values).
Symmetric Key Cryptography
• Monoalphabetic Cipher– Improvement on Caesar Cipher– No regular pattern – any letter can be substituted for any other
letter, as long as each letter has a unique substitute letter, and vice versa. Example follows:
Plain Text: a b c d e f g h i j k l m n o p q r s t u v w x y z Cipher Text: m n b v c x z a s d f g h j k l p o i u y t r e w q Example: Find cipher text for “Bob, I love you. Alice” using above
monoalphabetic cipher.26! Possible pairings of letters – so breaking code is not as easy as
in the case of Caesar cipher. Usually statistical analysis of plain text language can help in breaking the code faster.
Symmetric Key Cryptography
• Polyalphabetic Encryption– Use multiple monoalphabetic/Caesar ciphers– Use a specific monoalphabetic/Caesar cipher to
encode a letter in a specific position in the plain text message
– This implies that same letter appearing in different positions in the plaintext might be encoded differently.
Example: 2 Caesar ciphers; K = 5, K = 19For every 5 bits in the plain text use the 2 Caesar
ciphers in the following pattern: C1, C2, C2, C1, C2Example: Using K= 5 and K =19, find cipher text for
“Bob, I love you.”
Symmetric Key Cryptography
• Data Encryption Standard (DES)– Published in 1977, and updated in 1993– For commercial and non-classified U.S. Govt. use– Encodes plaintext using 56-bit key
Objective: Scramble data and key so that every bit of the cipher text depends on every bit of the data and every bit of the key
– Algorithm: Complex (beyond the scope of the course); Decryption works by reversing the algorithm’s operations.
How well does DES work?
• In 1997 RSA Data Security Inc., ( A network security company) launched a DES challenge contest to crack a short phrase (“strong cryptography makes the world a safer place”) it had encrypted using a 56-bit DES.
• Winning team took 4 months to decode. It had volunteers throughout the Internet to systematically explore key space. Claimed 10K cash prize after testing only a quarter of the key space (about 18 quadrillion keys)
• In 1999, RSA launched another DES challenge. • Message was decrypted in little over 22 hours by a
network of volunteers and a special purpose computer called “Deep Crack”. Claimed 250 K cash prize. Not bad for a day’s work?
Symmetric Key Cryptography
• Triple DES (3 DES)– If 56-bit DES is considered to be insecure, one can
simply run the algorithm multiple times, using a different key each time
– DES run three times (with a different 56-bit key at beginning of each time DES is run).
• Advanced Encryption Standard (AES)– NIST – in Nov 2001 announced successor to DES. – AES is also a symmetric key algorithm that processes
data in 128-bit blocks– AES can operate with 128-bit keys, 192-bit keys, and
256-bit keys
Trusted Intermediaries
• Disadvantage of Symmetric Key Cryptography: – 2 communicating parties have to agree upon their
secret key ahead of time in a secure manner.
• Since sender and receiver do not meet face to face in the networking world , they need a trusted intermediary– Trusted Intermediaries:
• Key Distribution Center• Kerberos
Key Distribution Center (KDC)
• A server that shares a different secret symmetric key with each registered user.
• KDC knows the secret key of each user, and each user can communicate securely with KDC using this key.
• Assume Alice and Bob use KDC for their communication. – Assume Alice’s secret key known to Alice and KDC is
KA-KDC
– Assume Bob’s secret key known to Bob and KDC is KB-KDC.
Example: Alice and BOB using KDC
1. Using her key, Alice sends a message to KDC saying that she (A) wants to communicate with Bob (B). We denote this message as KA-KDC(A, B).
2. a. KDC decrypts KA-KDC(A, B).
b. KDC generates a random number R1, which is to be used as symmetric key by Alice and Bob during their communication.
Example: Alice and BOB using KDC
2 c. KDC sends Alice R1, and a pair of values A and R1 encrypted using Bob’s key. We denote this message sent to Alice by KDC as:
KA-KDC(R1, KB-KDC(A, R1)).
3. Alice decrypts message and extracts symmetric key R1. Alice extracts and forwards (although she cannot decrypt)
KB-KDC(A, R1) to Bob.
4. Bob decrypts and understands that he is to use R1 as symmetric key to converse with person A (Alice).
5. Bob and Alice communicate using symmetric key R1
Kerberos
• Developed by MIT
• Very similar to KDC
• Has additional functions such as:– Time stamp for validity of “nonce” R1.
– Has info about which users have access privileges to which services on which network servers.
Public Key Cryptography
• Public keys and Private keys
• RSA Algorithm
• Authentication• Authentication Protocol (ap)
– ap 1.0, 2.0, 3.0, 3.1, 4.0, 5.0– Exchanging Public Keys
» Man (Woman) in the middle-attack
Introduction - Public Key Cryptography
• Is it possible for two parties to communicate using encryption/decryption without using a shared secret key? – Yes. Using public key cryptography
• A radically different and marvelously elegant approach towards encryption/decryption
• Public key cryptography is useful not only for encryption/decryption, but also for authentication and digital signatures as well.
Basic Idea of Public Key Cryptography
• Each participant has a private key (known only to the participant) and a public key.
• The public key is created with one’s private key. • Public key is made available to others and could
be posted even on a website which is accessible by the rest of the world.
• Public key of recipient is used by sender to encrypt message.
• Recipient decrypts message using recipient’s private key.
Public Key Cryptography
• Example: – Alice wishes to send a message to Bob.– Alice fetches Bob’s public key. – Alice uses Bob’s public key to encrypt
message – Alice sends encrypted message to Bob. – Bob decrypts cipher text with Bob’s private
key.
Notation and Choice of Keys
• Assume Alice’s plain text message, (which has to be encrypted and then sent to Bob) is denoted as m.
• Assume Bob’s public key is denoted as KB+ and
his private key is denoted as KB-.
• These keys are chosen such that: KB
- (KB+ (m)) = KB
+ (KB- (m)) = m
RSA algorithm (named after its founders, Ron Rivest, Adi Shamir, and Leonard Adleman) has become almost synonymous with public key cryptography.
RSA and DES/AES
• RSA is a complex algorithm and uses concepts from number theory.
• DES is at least 100 times faster than RSA. • In practice, RSA is often used in combination
with DES or AES. – Message is encrypted using DES key– Alice encrypts DES key with Bob’s public key– Bob decrypts and obtains DES key with his private
key. – Message is decrypted using DES key
Authentication
• ap 1.0– Alice announces to Bob, “I am Alice.”
• Trudy could have sent this message.
• ap 2.0– Alice announces to Bob, “I am Alice”, and
asks Bob to authenticate her by matching source IP (in IP header) with Alice’s IP.
• Trudy could have sent this message if she had done IP spoofing.
Authentication
• ap 3.0– Alice announces to Bob, “I am Alice”, and asks Bob to
authenticate her by verifying her plaintext password. • Trudy may have already eavesdropped earlier, and have stolen
Alice’s plaintext password during an earlier conversation between Alice and Bob. Now, Trudy could send the message, “I am Alice” by using Alice’s plaintext password.
• ap 3.1– Alice announces to Bob, “I am Alice”, and asks Bob to
authenticate her by verifying her encrypted password, which is kept the same for different communication sessions between Bob and Alice.
• Same disadvantage mentioned in ap 3.0 still exists. Note that Trudy need not decrypt the password. She could still eavesdrop, steal encrypted password, and then perform a “playback attack” on Bob.
Authentication
• ap 4.0– Alice announces to Bob, “I am Alice.” – Bob sends a plaintext nonce (= r) to Alice.
• Note that nonce is a one time value that is specific to that communication session. It is not repeated again in another session. So “playback attack” is not possible.
– Alice resends same nonce back to Bob but this time nonce is encrypted with symmetric key used by Alice and Bob.
– Bob decrypts nonce using symmetric key. If decrypted nonce equals the nonce he sent Alice earlier (i.e. decrypted nonce = r) , then Alice is authenticated.
– However, this implies that Alice and Bob must have decided upon and exchanged their symmetric key.
Authentication
• ap 5.0– Alice announces to Bob, “I am Alice.” – Bob sends a plaintext nonce (= r) to Alice.
• Since nonce is a one-time value, “playback attack” is not possible.
– Alice resends same nonce back to Bob but this time nonce is encrypted with Alice’s private key.
– Bob decrypts nonce using Alice’s public key. If decrypted nonce equals the nonce he sent Alice earlier (i.e. decrypted nonce = r) , then Alice is authenticated.
Exchanging Public Keys
• Why should public key be publicly available?
• Wouldn’t it be better for Alice and Bob to exchange their respective public keys via e-mail, after authenticating each other?– Due to possibility of “man (woman) in the
middle attack.”
Man (Woman) in the Middle Attack
• Alice transmits, “I am Alice.”• Trudy eavesdrops. • Bob sends a nonce = r. • Trudy intercepts nonce, and
sends Bob encrypted nonce (encrypted using her private key).
• Bob sends a message to Alice asking her for a public key.
• Trudy intercepts message, and sends Bob Trudy’s public key.
• Bob decrypts nonce with Trudy’s public key (thinking that he is using Alice’s public key), and inadvertently authenticates Trudy.
• While Bob is encrypting new data using Trudy’s public key, Trudy is busy posing as Bob to Alice. In particular, – Trudy transmits Bob’s nonce
to Alice– Alice transmits encrypted
nonce (encrypted using Alice’s private key).
– Trudy intercepts encrypted nonce, and asks Alice for her public key.
– Alice sends her public key
Man (Woman) in the Middle Attack
• Bob sends encrypted data (encrypted using Trudy’s public key)
• Trudy decrypts using her private key, and finds out Bob’s plain text.
• Trudy encrypts Bob’s plain text using Alice’s public key. • Trudy transmits encrypted text to Alice. • Alice decrypts using her private key, and finds out Bob’s
plain text. • Alice and Bob are happy that they have had a secure
communication. They are ignorant of the fact that Trudy has intercepted and decrypted Bob’s message to Alice.
Digital Signatures and Message Digests
• Assume Bob wants to digitally sign a “document,” m.
• Bob’s digital signature could be KB- (m)
• Due to complexity of RSA, digital signatures are applied to “fingerprints” instead of being applied to message m.
• Fingerprint – H(m) – where H denotes a “hash algorithm”
• Bob’s digital signature is KB- (H(m))
Message Digests
• Message Digest (Hash) algorithms:– MD5– SHA-1
• Secure Hash Algorithm is a U.S. federal standard• Required for use whenever a secure message digest
algorithm is required for federal applications• Produces a 160-bit message digest.• Longer the output length, the more secure SHA-1• SHA-224, SHA-256, SHA-384, and SHA-512, which despite
the similarity of names, are actually fairly different algorithms to SHA-1 and have much wider safety margins.
Public Key Certification
• PK cryptography – possible for two entities to exchange secret messages without having to exchange secret keys.
• Communicating entities have to exchange public keys (without being subject to “man in the middle attack”).
• Binding a public key to a particular entity is typically done by a Certification Authority (CA).
Certification Authority
• A CA verifies that an entity is who it claims to be. • After verification, CA creates a certificate that
binds the public key of the entity to the identity. • Certificate
– includes a public key– includes globally unique identifying information about
owner of the public key– Is digitally signed by CA
(Internet Explorer – Tools, Internet Options, Content, Certificates)
Availability and Access Control
• Some attacks
• Firewalls
Examples of some attacks
• Denial of Service attacks– “Ping” attacks– SYN flood attack
• Distributed Denial of Service attacks
Terminology• Terminology
– IP Spoofing– Ping– TCP
• Packet Numbers (also known as Sequence#s)• Acknowledgement Numbers • Port IDs (Port Scanning, mapping)
– Telnet• Denial of Service (DoS) Attack
– Smurf Attack– SYN Flood Attack– Half-open telnet sessions
• Distributed DoS Attack• Firewalls
– Packet level firewall– Application level firewall
• Network Address Translation– NAT Server
Ping Packets
• Ping packets– Packets that ask a computer to respond with
an acknowledgement – Used to see if a computer is still operational in
a network• e.g., Ping by computer name
» Ping bus.orst.edu
Ping by IP address» Ping 128.193.76.73
Denial of Service (DoS) Attack• Hacker attempts to disrupt the network by flooding the network with
messages so that the network cannot process messages from legitimate users
• Examples:1. Hacker’s program continuously pings target computer.– Consequence: – Solution: 2. Hacker’s program continuously send “ping” requests to the target that list the
target as the sender– Consequence: – Solution: 3. Smurf attack:
What is a smurf attack? What is the consequence of a smurf attack?
4. SYN Flood attack:What is a SYN flood attack?What is the consequence of such an attack?
TCP SYN for a simple Telnet application
• TCP stands for: Transmission Control Protocol
• SYN stands for: Synchronize Sequence Numbers
SYN Flood Attack
• Attacker (client) sends a TCP SYN (Synchronize Sequence/Packet Number) request to server.
• The server responds by sending a TCP SYN/ACK packet.
• The attacker does not respond – resulting in half-open session using up server resources.
• The attacker sends a flood of such TCP SYN requests without responding.
• Requests from other legitimate clients are unable to reach the server due to multiple half-open sessions
Distributed DoS (DDos) attack
• In A DDoS attack, a hacker first gains control of hundreds/thousands of computers (slaves).
• Plants software referred to as DDoS agent on each of the slaves
• Hacker then uses software referred to as DDoS handler (master) to control the agents (slaves)
• Attacker launches attacks from all the slaves and it is difficult to trace hacker
High Profile Victims of DDoS
• Yahoo, eBay, Amazon, Microsoft and eTrade websites have been rendered inaccessible to legitimate visitors after being flooded with traffic from hundreds of hijacked system
• www.msn.com; www.expedia.com; www.carpoint.com sites were flooded with DDoS attack for almost one day
• DDoS attack high-level DNS servers on the Internet
