Upload
hung
View
32
Download
2
Tags:
Embed Size (px)
DESCRIPTION
Some Issues in Network Security Authentication, Fair Exchange and Intrusion Detection. Department of CSIE National Chiayi University Chia-Yi Taiwan R.O.C. Chih-Hung Wang. Agenda. Introduction Network Authentication Password Authentication Human Identification Fair Exchange/Payment - PowerPoint PPT Presentation
Citation preview
Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.
1
Some Issues in Network SecurityAuthentication, Fair Exchange and Intrusion Detection
Department of CSIE
National Chiayi University
Chia-Yi Taiwan R.O.C.
Chih-Hung Wang
Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.
2
Agenda
IntroductionNetwork Authentication
Password AuthenticationHuman Identification
Fair Exchange/PaymentPayment SystemsFair Exchange/Payment Protocols
Intrusion DetectionIDSA New Approach: Honeypot
Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.
3
Introduction —Authentication
AuthenticationMessage Authentication
Message Authentication Code (MAC)Digital Signature
User AuthenticationDirect
FingerprintVoiceRetina
IndirectPasswordHuman Identification SchemeKey Distribution Protocol
Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.
4
Introduction—Digital Signature
Digital Signature
Signer Recipient
Signer’s Private Key
Signature
Signer’s Public Key
Verify the signature
Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.
5
Introduction —Security Issues in Authentication
Identification (Password Authentication)Authentication Service
Kerberos (Authentication & Key Distribution)PKI (Certificates Authority)
CommunicationSSL
Payment System and CommerceSET
Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.
6
Introduction—Authentication
SSL Handshake Protocol
Authentication & Key Distribution
HTTP ServerClientBrowser
Certificatecertificate
Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.
7
Introduction—Authentication
SET ProtocolInternet
Cardholder
Merchant
Issuer
CertificateAuthority
Internet
Paymentnetwork
…….Acquirer
Paymentgateway
Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.
8
Introduction—Authentication
Three Party KDP: Kerberos
Kerberos
Authentication Server (AS)
Ticket-granting Server (TGS)
(1)Request ticket-granting ticket
(2)Ticket + session key
(3)Request service-granting ticket
(4)Ticket + session key
Once per user logon session
Once per user service session
1. User logs on to workstation and requests service on host
2. AS verifies user’s Access rights in database, creates ticket-granting ticket and session key. Results are encrypted using key derived from user’s password.
3. Workstation prompts user for password and uses password to decrypt incoming message, then sends ticket and authenticator that contains user’s name, network address, and time to TGS.
4. TGS decrypts ticket and authenticator, verifies request, then creates ticket for requested server
(5)Request service
(6)Provide server authenticator
5. Workstation sends ticket and authenticator to server
6. Server verifies that ticket and authenticator match, then grants access to service. If mutual authentication is required, server returns an authenticator
Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.
9
Introduction —Fair Exchange
One-line TTP fair payments
BuySafe. http://www.buysafe.com.tw
Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.
10
Part I
Network Authentication
Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.
11
Authentication & IdentificationPassword Authentication
Sending Plain-Password through an insecure channel
Local
Server A Serve B
Intruder X
Internet
Intruder Y
RouterRouter
Packet Sniffing
Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.
12
Authentication & IdentificationPacket Sniffing
Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.
13
Authentication & Identification
Password AuthenticationEncrypt password
Suffer from replay attack where the intruder intercepts the encrypted password and re-sends it to the server
EK(PW)
Intercept
Replay
User Server
EK(PW)
Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.
14
Authentication & Identification
Password Authentication with Timestamp
Terminal Ser
ver
(1) EPK-S{Connect, T_id}
(2) EPK-T{“User Name:”}
(3) EPK-S{User-ID}
(4) EPK-T{“Password ”: , Timestamp}
(5) EPK-S{User-Password, Timestamp_U}Timestamp_U =? Timestamp
Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.
15
Authentication & Identification
Human Identification SchemePassword Authentication in an insecure channel
Prover
Verifier
Network
InterceptReplay attack
Peeping attack
Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.
16
Current News (Peeping Attack)
Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.
17
Authentication & Identification
Password Authentication with EncryptionAvoid intercept attack
Password Authentication with TimestampAvoid replay attack
Challenge-Response ProtocolAvoid intercept, replay & peeping attacks
Question
AnswerProver
Verifier
Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.
18
Human Identification
Users can identify themselves to a host via insecure channels without any help of auxiliary devices.
The computational complexity of identification process for the end users must be bounded to the human ability of memorizing and computations.
Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.
19
Human Identification
Previous WorksMatsumoto & Imai [Eurocrypt’91]
Wang, Hwang & Tsai [Eurocrypt;95]
A simple exampleW: window alphabets; SW: secret words
8 5 1 7 3 46
3 1 2 1 3 4 42
q=
a=
2 W={1,2,4,6}SW=3124A={1,2,3,4}Verify a 。 f=SW|Q|=8 |W|=4 |A|=4
Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.
20
Human Identification
General Case
Prover selects at least distinct question blocks randomly and uniformly out from blocks to generate the answer
Ex: |Q|=36 |W|=18 |A|=2 =10 =20
…
Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.
21
Human IdentificationSecurity
Known-A random attack
Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.
22
Human Identification
Our attackPassive attack
Password can be revealed in trials
8 5 1 7 3 46
3 1 2 1 3 4 42
q=
a=
2
Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.
23
Human Identification
Theorem1
Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.
24
Human Identification
Replay Challenge Attack
8 5 1 7 3 46
3 1 2 1 3 4 42
q=
a1=
2
3 2 1 1 4 3 42a2=
Not Change
Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.
25
Human Identification
Lemma 1: Let a and a’ be two distinct answer blocks of the same question q. If there exists an i, i<|Q|>, such that a(i) a’(i), then qW
Theorem 2: The window W of Matsumoto and Imai human identification scheme with ==1 can be found in
expected trials if an intruder replays the same question one time.Corollary 1: Similar to theorem 2, an intruder can found the window W in
expected trials if an intruder replays the same question n time
Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.
26
Human Identification
Case 1: |Q|=36 |W|=18 |A|=2 ==1
Case 2: |Q|=50 |W|=10 |A|=3 ==1
Value of n Expected trials in case 1 Expected trials in case 2
1 3.08107 3.78106
3 8165.32 174.2
5 65.8 3.328
7 5.3 1.19
9 1.73 1.02
Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.
27
Part II
Fair Exchange/Payment
Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.
28
Fair Exchange/Payment
Fair payments/exchangeTwo parties (buyer and merchant) exchange the electronic items in the network to each other in a fair manner
No one can gain an advantage over the other even if there are malicious actions in exchanging process
Bit by bit (simultaneously) exchange
On-line TTP (Trusted Third Party)
Off-line TTP
Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.
29
Fair Payment
Off-line TTPTTP need to participate in the exchange protocols only when the faults occur
Always able to solve the disputes
Buyer
Merchant
Normal case
$
Soft goods
Dispute
Buyer Merchant
TTP
$Soft goods
negotiate
Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.
30
Fair Payment Using Confirmation Signatures
Boyd and Foo 1998 Asiacrypt’98Convertibility
Payment1. C -> M : S(m)2. C <-> M: M verifies interactively that S(m) is valid3. M -> C : EC(Goods)4. C -> M : SigC(m)
Dispute1. M -> TTP: SigM(S(m), ETTP(Goods)) TTP converts S(m) to SigC(m)2. TTP -> M : SigC(m)3. TTP -> C : EC(Goods)
C: customer M: merchantm: purchase information
Confirmation signatures
Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.
31
Fair Payment Using Confirmation Signatures
Non-transferability
Untraceable payments
Protect the privacy of payment behavior
Payment
1. C -> M : S(m)
2. C <-> M: M verifies interactively that S(m) is valid
3. M -> C : EC(Goods)
4. C -> M : SigC(m)
Confirmation signatures with limited verifiers
General signatures with limited verifiers
Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.
32
Undeniable Signatures
Undeniable SignaturesChaum et al. 1989Require the signer’s cooperation to verify the validity of the signatureNon-transferabilityExample
The signer may sign a terrible secret and fear that his enemies will find out he said this secretSoftware protection
Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.
33
Undeniable Signatures
Undeniable SignaturesIn many applications, the proliferation of certified copies could facilitate improper uses like blackmail or industrial espionage
Others
Sender ReceiverSign a signature
Verify a signature
non-transferability
Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.
34
Designated Confirmer Signatures
Designated confirmer signaturesChaum 1994 Eurocrypt’94
Eliminate the shortcoming of the undeniable signature in that the signature can only be verified by cooperating with the original signer
For many applications, the protection of undeniable is to week
Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.
35
Designated Confirmer SignaturesSigner’s cooperation
If the signer should become unavailable, such as should refuse to cooperate, then the recipient cannot make use of the signature
Others
Sender ReceiverSign a signature
Verify a signature
non-transferabilityConfirmer
Confirm the signature
Refuse to cooperateor be absent
Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.
36
DCS Protocol Design (1/2)Signing
Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.
37
DCS Protocol Design (2/2)Confirmation
Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.
38
Confirmer Signatures with Limited Verifiers
Malicious confirmerThe confirmer may prove the correctness of the signature to the signer's adversaries
New ApproachThe signer pre-determines some verifiers whom the confirmer can convince later
signer Pre-determinedverifiers
confirmer Otherverifiers
Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.
39
Confirmer Signatures with Limited Verifiers
DefinitionLet (S, C) be a designated confirmer signature which is signed by S and can be confirmed by C. We say that (S, C,{V_i, i=1, … , n}) is a designated confirmer signature with limited verifiers if C can only convince the verifiers {V_i, i=1, … , n} whom the signer S pre-determined.
PublicationC. H. Wang and Y. C. Chen. Limiting Verifiers in Designated Confirmer Signatures. Proceedings of the Eleventh Information Security Conference, Tainan, R.O.C., pp. 67-73, May 3-4, 2001.
Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.
40
Multiple Confirmers Signatures Schemes
For very large network: (t, n) threshold multiple confirmers signatures scheme
One confirmer may create both performance and security bottlenecks
Increasing the availability and security
Signer...
Confirmers Verifiers
(t,n) threshold scheme
Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.
41
Fair Payment with Electronic Cash
Asiacrypt’2003 C.H. Wang
BuyerMerchant
1. The buyer selects the goods from merchant.2. The buyer sends the pseudo e-coins for the goods to the merchant. 3. The merchant verifies whether the pseudo e-coins are valid..
The merchant sends soft goods to the buyer
Complete (The buyer convert the pseudo e-coin to true one)
Trusted Third Party
TTP sends the merchant a transformation certificate which can be used for the conversion of the pseudo e-coins.
Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.
42
Fair Payment with Electronic Cash
Our contributions (1/2)Previous works of fair exchange are not really suitable for many applications on network payments because they are only used to exchange the confidential data or signatures.Many payment applications need to protect the buyer's purchase privacy, which has never been considered in the previous papers.In our view, a complete solution for fair payment should contain payment actions, such as electronic cash or network credit card method, instead of simply signing the purchase information.
Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.
43
Fair Payment with Electronic Cash
Our contributions (2/2)Propose a generic model for real fair network payments.
Apply a subtle tool of Restrictive Confirmation Signature Scheme (RCSS) to achieve the property of untraceability.
Design a new technique of pseudo e-coin to achieve fairness of exchanging the electronic cash.
Demonstrate how to construct a practical and efficient fair network payment protocol based on the Brands' e-cash scheme [Bra93b].
Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.
44
The Basic Model
Four parties involved in the protocol
Three procedures similar to a general e-cashWithdrawal
Payment
Dispute
Deposit
Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.
45
Definition of RCSS
Definition 1: Restrictive Confirmation Signature Scheme (RCSS)
Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.
46
The Concept of RCSS
Signer
Confirmer
Verifiers
Signing and verification
predeterminedby the signer
confirmationcan not confirm
Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.
47
Main Procedures
Withdrawal
Obtains the electronic coins
Blind signature
Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.
48
Main Procedures
Payment
Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.
49
Main Procedures
PaymentPseudo e-coins
In step 3, The merchant can gain a conviction that he can prove the validity of to TTP and ask TTP convert the pseudo e-coins into true e-coins if some faults occur.
Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.
50
Main Procedures
DisputeThe buyer may refuse to send the true e-coins to the merchant after he receives the valid goods.
TTP
Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.
51
Main Procedures
Deposit
Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.
52
Part III
Intrusion Detection
Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.
53
Intrusion Detection System (IDS)
The forerunner of IDS is “audit”. That is, the system records the user activities and then analyzes the record to find any suspicious intrusion.
Two intrusion detection system taxonomy :
(1)Host-Based IDS (HIDS): Host-based IDS stands on hosts, and monitor important logs, executive files and communications.
(2)Network-Based IDS (NIDS): Network-based IDS primarily monitors the network packets in real-time.
Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.
54
Taxonomy of False-Positives
Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.
55
HoneypotHoneypot uses the dummy or virtual environment (i.e. a true system of low security level) behind the firewall or on DMZ to record and observe the intruders’ behaviors. Honeypot is a system designed to be attacked, usually for the purpose of deception or alarm of intruders’ activities.
Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.
56
Hacker Attacks:Weak Password
Password guessing is that hacker either manually enters common passwords or makes programmed scripts to guess password.
Brute-force logon likes password guessing but is much faster and more powerful.
Password cracking is a much more effective method than the above methods we mentioned
Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.
57
Hacker Attacks: Denial Of Service (DoS)
Denial of service attack engages all victims’ available resources, and engulf victim with service requests and processes. This is an attempt to prevent legitimate users of a service from using that service.
The trend of DoS is DDoS. The DDoS definition: it uses many computers to launch a coordinated DoS attack against on one or more targets.
Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.
58
Hacker Attacks: The Distributed
Denial of Service (DDoS) Attack
Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.
59
Exploit software bugs
SQL injection is a technique for exploiting web applications that use client-supplied data in SQL queries without stripping potentially harmful characters first, that is, it is a trick to inject SQL query/command as an input possibly via web pages.
Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.
60
The motive and concept
Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.
61
Our ApproachWe design an intermediate dummy-host system with defense-in-depth principle. (Firewall-IDS-DS)The design concepts and advantages are: (1) The minimum defense unit is a host so that the redirection work
will not raise the load of redirection management system host (RMS host).
(2) The centralization recording work, in RMS host, will not influence the general host system on efficiency and is good for system managers to control the overall intrusive situations.
(3) A isolated trap area can avoid a great harm on internal network. The hosts outside the trap area would still be secure even if some trap area hosts are compromised.
Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.
62
Integrated Network Security
Architecture
Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.
63
Step1 Step1: If link is
diagnosed as illegitimate by firewall, the firewall disrupts the link. Only authentic links can be allowed to access to the internal network.
Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.
64
Step2
Step2: Network-Based IDS and Host-Based IDS monitor the inbound links which can successfully pass through the firewall.
Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.
65
Step3
Step3: Trap-area host observes the redirected trafficStep3-1: If there are no advanced intrusion attempts, the trap-area host will turn the links back to the original host. The HIDS and NIDS can still monitor these returned links.Step3-2: If the trap-area host finds that some intrusive activities occur, it will immediately identify the attack and take appropriate actions.
Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.
66
Agent-based IDS – AAFID2
User InterfaceMonitor
Monitor
Transceiver
Transceiver
Transceiver
Agent
AgentAgent
Agent
Agent
Agent
Agent
Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.
67
New Approach: Integrating AAFID2 and Honeyd
Win NT 4.0 Linux 2.4 Win 2000
Web Server
FTP Server
MonitorTransceiver
Transceiver
Agents
Agents
Agents
Level 1 Level 2 Level 3
Internet
MyScan Agent MyProb Agent
MyDDoS Agent
Router
Honeyd
Honeyd Virtual Servers
Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.
68
Conclusions
Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.
69
Conclusions
Other Advanced ResearchesAuthentication
Key Distribution and Management Protocols in Wireless Network
Fair Exchange/PaymentSemi-Trusted Off-line TTP
Contract Signing
Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.
70
Conclusions
Other Advanced ResearchesIntrusion Detection
Mobile Agent based IDS & Honeypot
Active IDS