Network Security. CSC 482/582: Computer Security Slide #1

Transcription

1 Network Security CSC 482/582: Computer Security Slide #1

2 Topics 1. Protocols and Layers 2. Layer 2 Network Concepts 3. ARP 4. Network Sniffing 5. Internet Protocol (IP) 6. IP Spoofing and Other Vulnerabilities 7. ICMP 8. Transmission Control Protocol (TCP) 9. TCP Session Hijacking 10. UDP 11. Wireless Security

3 Protocols A protocol defines the rules for communication between computers. Two primary types of protocols: Connectionless protocol Sends data out as soon as there is enough data to be transmitted E.g., user datagram protocol (UDP) Connection-oriented protocol Provides a reliable connection stream between two nodes Consists of set up, transmission, and tear down phases Creates virtual circuit-switched network E.g., transmission control protocol (TCP)

4 Encapsulation A packet typically consists of Control information for addressing the packet: header and footer Data: payload A network protocol N1 can use the services of another network protocol N2 A packet p1 of N1 is encapsulated into a packet p2 of N2 The payload of p2 is p1 The control information of p2 is derived from that of p1 Header Header Payload Footer Footer Payload

5 Network Layers Network models typically use a stack of layers Higher layers use the services of lower layers via encapsulation A layer can be implemented in hardware or software The bottommost layer must be in hardware A network device may implement several layers A communication channel between two nodes is established for each layer Actual channel at the bottom layer Virtual channel at higher layers

6 Internet Layers Application Application Transport Transport Network Network Network Network Link Link Link Link Ethernet Fiber Optics Physical Layer Wi-Fi

7 Intermediate Layers Link layer Local area network: Ethernet, WiFi, optical fiber 48-bit media access control (MAC) addresses Packets called frames Network layer Internet-wide communication Best effort transmission 32-bit internet protocol (IP) addresses in IPv4 128-bit IP addresses in IPv6 Transport layer 16-bit addresses (ports) for classes of applications Connection-oriented transmission layer protocol (TCP) Connectionless user datagram protocol (UDP)

8 Internet Packet Encapsulation Application Packet Application Layer TCP Header TCP Data Transport Layer IP Header IP Data Network Layer Frame Header Frame Data Frame Footer Link Layer

9 Data link header IP header TCP or UDP header Application packet Data link footer Internet Packet Encapsulation Data link frame IP packet TCP or UDP packet Application packet

10 The OSI Model The OSI (Open System Interconnect) Reference Model is a network model consisting of seven layers

11 Network Interfaces Network interface: device connecting a computer to a network, such as an Ethernet or WiFi card. A computer may have multiple network interfaces. Most local area networks, including Ethernet and WiFi, broadcast frames, so all hosts on the LAN receive them. In regular mode, each network interface sends only packets destined for it to OS for processing. Network sniffing can be accomplished by configuring the network interface to send all frames (promiscuous mode) to OS for processing.

12 MAC Addresses Layer 2 protocols identify nodes by MAC addresses. A MAC address is a 48-bit number: E.g., 00-1A-92-D4-BF-86 The first three octets of any MAC address are IEEEassigned Organizationally Unique Identifiers E.g., Cisco 00-1A-A1, D-Link 00-1B-11, ASUSTek 00-1A-92 The next three can be assigned by manufacturers as they please, with uniqueness being the only constraint. Note that uniqueness is not always the case in practice. Admins can set MAC addresses to any desired value.

13 Switch A switch Operates at the link layer. Has multiple ports, each connected to a computer. Operation of a switch Learn the MAC address of each connected device. Forward frames only to the destination device.

14 Combining Switches Switches can be arranged into a tree. Each port learns the MAC addresses of the machines in the segment (subtree) connected to it. Fragments to unknown MAC addresses are broadcast. Frames to MAC addresses in the same segment as the sender are ignored. 11/19/2014

15 MAC Address Filtering A switch can be configured to provide service only to machines with specific MAC addresses Users must register devices with network admin. A MAC spoofing attack impersonates another PC Find out MAC address of target machine. Threat sets MAC address of his PC to that of target. Turn off or unplug target machine. Countermeasures to MAC spoofing: Block switch port when machine is turned off. Disable duplicate MAC addresses.

16 MAC Addresses Viewing the MAC addresses of the interfaces of a machine Linux: ifconfig Windows: ipconfig /all Changing a MAC address in Linux Stop the networking service: /etc/init.d/network stop Change the MAC address: ifconfig eth0 hw ether <MAC-address> Start the networking service: /etc/init.d/network start Changing a MAC address in Windows Open the Network Connections applet Access the properties for the network interface Click Configure In the advanced tab, change the network address to the desired value Changing a MAC address requires administrator privileges

17 ARP The address resolution protocol (ARP) connects the network layer to the data layer by translating IP addresses to MAC addresses. ARP broadcasts requests and caches responses for future use Protocol begins with a computer broadcasting a message of the form who has <IP address1> tell <IP address2> When the machine with <IP address1> or an ARP server receives this message, its broadcasts the response <IP address1> is <MAC address> Requestor s IP address <IP address2> contained in the link header The Linux and Windows command arp - a displays the ARP table Internet Address Physical Address Type c-07-ac-00 dynamic c-76-b2-d7-1d dynamic c-76-b2-d0-d2 dynamic

18 ARP Caches IP: MAC: 00:11:22:33:44:01 ARP Cache :11:22:33:44:02 Data is at 00:11:22:33:44: is at 00:11:22:33:44:02 IP: MAC: 00:11:22:33:44:02 ARP Cache :11:22:33:44:01

19 ARP Spoofing ARP table updated when ARP response is received Requests are not tracked ARP announcements are not authenticated, so A rogue machine can spoof other machines Rogue sends ARP redirecting IP to its MAC Network traffic destined for that IP sent to rogue machine by all hosts on subnet including switch. Countering ARP spoofing Use static ARP table. Requires admin to reconfigure each time a new host is added or a host is removed from the subnet.

20 Poisoned ARP Caches :11:22:33:44:03 Dat a Dat a :11:22:33:44: is at 00:11:22:33:44: is at 00:11:22:33:44: :11:22:33:44:02 Poisoned ARP Cache :11:22:33:44:03 Poisoned ARP Cache :11:22:33:44:03

21 ARP Spoofing CLIENT LAN: x Regular traffic SERVER switch Alice Using arp poisoning Bob MAC: 00:0A:E4:2E:9B:11 MAC: 00:0A:E4:3B:47:7E gratuitous arp reply Bob s IP Cracker s MAC arpspoof victim ip gateway ip MAC: 00:22:64:34:60:88 Cracker.1 gratuitous arp reply Alice s IP Cracker s MAC arpspoof victim ip gateway ip

22 Telnet Protocol (RFC 854) Telnet is a protocol that provides unencrypted communication to another machine to issue commands and receive output. Allows remote shell access like ssh. Sends whatever you type. Prints whatever comes back. Telnet client can connect to any TCP port Useful for testing TCP services (ASCII based protocols) like HTTP, SMTP, etc.

23 Packet Sniffing Packet sniffing is the process of intercepting and observing traffic on a network. If packets are not encrypted, attacker can read confidential data, such as passwords, etc. Wired networks Broadcast traffic is observable by all hosts. Hubs send all packets to all hosts on subnet. Switches send packets only to destination host, but ARP poisoning can let attacker see all packets. Wireless networks Sniffer can see all packets.

24 menu main toolbar filter toolbar packet list pane packet details pane packet bytes pane status bar

25 Packet Sniffer Applications Legitimate applications Debug network problems. Monitor network usage. Network intrusion detection. Attacker applications View confidential information. Gather data required for other attacks, especially spoofing attacks.

26 Defending against Sniffing Encrypt traffic Use application level encryption, e.g. HTTPS instead of HTTP, SSH instead of telnet. Use network level encryption, like WPA2 or IPsec, where possible. Traffic patterns can still be observed. Use wired networks with switches Use static ARP tables to avoid ARP spoofing. Limits attacker to broadcasts and packets directed to attacker controlled machines.

27 << link >> Attempting to Sniff Telnet CLIENT LAN: x << link >> << link >> switch Alice Add a user on server: Bob.10 adduser user.100 In a switched network, packets are sent only to the destination computer One would think that another computer plugged to the switch cannot sniff traffic Cracker.1 and then follow program instructions Ethernet UTP RJ 45 SERVER

28 Sniffing Telnet Passwords CLIENT LAN: x Regular traffic SERVER switch Alice Using arp Bob poisoning With dsniff, we catch the passwords used to log in to a telnet service: dsniff -n Cracker.1 Acts as a router

29 Internet Protocol (IP) Connectionless Each packet is transported independently from other packets Unreliable Delivery on a best effort basis No acknowledgments Packets may be lost, reordered, corrupted, or duplicated IP packets Encapsulate TCP and UDP packets Encapsulated into link-layer frames Data link frame IP packet TCP or UDP packet

30 IP Addresses 32-bit integers that identify machine on net Dotted decimal notation: ii.jj.kk.ll DNS translates names to IP addresses byte 32 bits = 4 bytes IPv6 addresses are 128-bit integers written like 2001:0db8:0000:0000:0000:ff00:0042:8329

31

32 Network Address Translation Uses public IP addr to represent private IP. Translates source IP in outgoing packets. Translates dest IP in incoming packets. Router keeps table of translations.

33 IP Address Geolocation ISPs get blocks of IP addresses from ARIN. ARIN database records where IP addresses are. Application layer and time data may help reveal details. Check for your location.

34 IP Header

35 IP Routing A router bridges two or more networks Operates at the network layer. Maintains tables to forward packets to the appropriate network. Forwarding decisions based solely on the destination address. Routing table Maps ranges of IP addresses to LANs or other gateway routers.

36 IP Routing Same IP address at each hop used to route data packet. New MAC address at each hop

37 IP Vulnerabilities 1. Unencrypted transmission Eavesdropping possible at any intermediate host during routing. 2. No source authentication Sender can spoof source address, making it difficult to trace packet back to attacker. 3. No integrity checking Entire packet, header and payload, can be modified while en route to destination, enabling content forgeries, redirections, and man-in-the-middle attacks. 4. No bandwidth constraints Large number of packets can be sent to DoS target.

38 IP Spoofing IP Spoofing is an attempt by an intruder to send packets from one IP address that appear to originate at another. If victim trusts spoofed IP, then attacker trusted. Tracking down attack leads to spoofed IP. Two basic forms of IP Spoofing Blind Spoofing can be used from any source. Non-Blind Spoofing must be on same subnet.

39 Blind Spoofing Attacker cannot see response packets, but Some attacks, like DoS do not want to receive response packets, and Some responses can be guessed sufficiently accurately to carry on conversation, such as TCP hijacking attacks.

40 Network Tests with ICMP Internet Control Message Protocol (ICMP) Used for network testing and debugging. Simple messages encapsulated in single IP packets. Considered a network layer protocol. ICMP-based Network Testing Tools ping: sends echo request messages and provides statistics on roundtrip times and packet loss. traceroute: sends series of ICMP packets with increasing TTL value to discover routes.

41 ICMP DoS Attacks Ping of death ICMP specifies messages must fit a single IP packet (64KB). Send a ping packet that exceeds maximum size using IP fragmentation. Reassembled packet caused several operating systems to crash due to a buffer overflow. Smurf Ping a broadcast address using a spoofed source address. Large number of responses sent to target whose address was spoofed.

42 Smurf Attack Amplifying Network echo response echo request echo response Attacker echo response Victim

43 TCP: Transmission Control Protocol Connection-oriented Must establish connection before sending data. 3-way handshake. Reliable byte-stream TCP decides how to divide stream into packets. ACK, timeout, retransmit, reordering. 16-bit source and destination ports. FTP(21), HTTP(80), POP(110), SMTP(25) Slide #43

44 TCP Reliability 1. Breaks data into best-sized chunks. 2. After sending segment, maintains timer; if no ACK within time limit, resends segment. 3. Sends ACK on receipt of packets. 4. Discards pkts on bad checkum of header and data. 5. Receiver resequences TCP segments, based on sequence numbers, allowing data to be reassembled correctly no matter what order. 6. Receiver discards duplicate segments. 7. Flow control: only sends as much data as receiver can process. Slide #44

45 TCP Header Slide #45

46 TCP Connection Establishment Slide #46 TCP 3-Way Handshake

47 SYN Floods Create many half-open connections to target Send SYN packet Ignore SYN+ACK response (May spoof invalid source IP address for each SYN) Target connection table fills up, resulting in DoS 3 minute timeout for final ACK all new TCP connections refused Defenses Micro-connections (allocate few resources til see ACK) SYN cookies store state in TCP ISN, not on server

48 TCP Connection Termination

49 TCP Session Killing RST Need one valid TCP sequence number. Send RST segment with spoofed IP address and valid sequence number. May need to send multiple RST s in case host receives TCP segment with your chosen sequence number before your RST segment. FIN Need valid TCP sequence + ACK numbers. Send FIN+ACK segment with spoofed IP address to terminate session. Receive FIN packet in response, verifying kill if successful.

50 TCP Session Hijacking A TCP session hijacking attack is when an attacker takes control of an existing TCP session. The attacker must be able to Spoof IP address of one side of connection. Predict TCP sequence numbers. Gives threat access to authenticated sessions. Defenses: Random initial TCP sequence numbers. Use encrypted protocols like SSH, so attacker cannot interact with system due to inability to send properly encrypted traffic.

51 TCP Session Hijacking Steps 1. Guess TCP sequence numbers used in current session between two hosts. 2. Create desynchronized state so neither side of connection can talk to the other. 3. Send packet with correct SN + ACK with spoofed client IP address to server, containing attack.

52 ACK Storm Noisy side effect of TCP session hijacking. Both client and server ACK unacceptable packets with expected sequence number. Each ACK is also unacceptable and generates another ACK response. If network drops packet, no response made. ACK storms create network congestion, leading to many dropped packets.

53 Port Knocking Port knocking is a method of opening ports by making connections to a set of unused ports in a specified sequence. Fairly secure against brute force attacks since there are k combinations, where k is the number of ports knocked Susceptible to replay attacks. If a port knock is sniffed, then attacker can replay the knock. Used to hide ports from network scans. Can be used by defenders and attackers.

54 User Datagram Protocol (UDP) Stateless, unreliable layer 4 protocol. Runs on top of IP. Trades reliability for speed. Applications Streaming audio/video. TFTP (builds simple state on top of UDP.) DNS.

55 UDP Header Slide #55

56 Welcome to Wireless Radio waves No need to be physically plugged into the network. Unlicensed spectrum in the 2.4 and 5 GHz ranges. Coverage Personal Area Network (PAN). Local Area Network (WLAN). Metropolitan Area Network (MAN). Security concerns Radio signals leaking outside buildings (sniffing). Detection of unauthorized devices. Intercepting wireless communications. Man-in-the-middle attacks. Verification of users. Restricting access. 11/19/2014 Wireless Networks 56

57 IEEE Family of IEEE networking standards for creating wireless local area networks. Standar d Year Frequency Data Rate Per Stream a GHz 54 Mbps b GHz 11 Mbps g GHz 54 Mbps n and 5 GHz 150 Mbps ac GHz 867 Mbps ad , 5, and 60 GHz 6912 Mbps Allowable Streams

58 in the OSI Model

59 Types of Wireless Networks Infrastructure Client machines establish a radio connection to a wireless access point (WAP). Access points connected to a wired network, which provides a gateway to the Internet. Most common type of wireless network. Peer-to-peer Client Peer Client Access Point Wired LAN Peer Client Multiple peer machines connect to each other. Typically used in ad-hoc networks and Internet connection sharing. Peer Peer 11/19/2014 Wireless Networks 59

60 SSID Multiple wireless networks can coexist Each network is identified by a 32-character service set ID (SSID). Typical default SSID of access point is manufacturer s name. SSIDs often broadcasted via beacon frames to enable discovery of the network by prospective clients. SSIDs are not signed, thus enabling a simple spoofing attack Place a rogue access point in a public location (e.g., cafe, airport) Use the SSID of an ISP Set up a login page similar to the one of the ISP Wait for clients to connect to rogue access point and authenticate Possibly forward session to ISP network SSIDs with crafted Unicode can crash iphones/ipads. 11/19/2014 Wireless Networks 60

61 Eavesdropping and Spoofing All wireless network traffic can be eavesdropped. MAC-based authentication typically used to identify approved machines in corporate network. MAC spoofing attacks possible, as in wired networks. Sessions kept active after brief disconnects. If ISP client does not explicitly end a session, MAC spoofing allows to take over that session. Wireless Networks 61

62 Captive Portal Protocol DHCP provides IP address Name server maps everything to authentication server Firewall blocks all other traffic Any URL is redirected to authentication page After authentication, regular network services reinstated Client identified by MAC address Used by wireless ISPs Security issues A MAC spoofing and session stealing attack may be performed if client does not actively disconnect A tunneling attack can bypass captive portal if DNS traffic beyond firewall is not blocked before authentication 11/19/2014 Wireless Networks 62

63 Wireless Discovery

64 Wardriving Driving around looking for WLANs. Derived from earlier term wardialing. Also: warflying.

65 Wardriving Tools Vistumbler or other wifi scanner. Antenna for db gain. Wireless card with plug and monitor mode. GPS (optional). 11/19/2014 Wireless Networks 65

66 Wired Equivalent Privacy (WEP) Goals Confidentiality: eavesdropping is prevented. Data integrity: packets cannot be tampered with. Access control: only properly encrypted packets are routed. Design constraints Inexpensive hardware implementation with 90s technology. Early U.S. export regulations caused WEP to deploy with 40-bit keys. Later versions used 104-bit keys. Implementation and limitations Encrypts the body of each frame at the data-link level. Can be broken and decrypted in minutes. 11/19/2014 Wireless Networks 66

67 WEP Protocol Setup Access point and client share 40-bit key K. The key never changes during a WEP session Encryption. Compute CRC-32 checksum of message M (payload of frame) Pick 24-bit initialization vector V Using the RC4 stream cipher, generate key stream S(K,V) Create ciphertext C = (M crc(m)) S(K,V) Client authentication Access point sends unencrypted random challenge to client. Client responds with encrypted challenge. Transmission Send V C. Message Key Stream CRC 67

68 Initialization vector (IV) One for each packet, a 24-bit value Sent in the cleartext part of the message! Small space of initialization vectors guarantees reuse of the same key stream IV Collision: Attack the XOR of the two plaintext messages IV is often very predictable and introduces a lot of redundancy 11/19/2014 Wireless Networks 68

69 WEP Key Recovery Attacks FiOS calculator attacks insecure SSID to key algorithm on Verizon FiOS routers. Neesus attacks insecure passphrase to key algorithm, reducing key from 40 to 21-bits, then brute forces. Dictionary attacks brute force other passphrase to key algorithms.

70 FMS WEP Cracking To crack a 64-bit WEP key you can capture: 50,000 to 200,000 packets containing Initialization Vectors (IVs) Only about ¼ of the packets contain IVs So you need 200,000 to 800,000 packets It can take a long time (typically several hours or even days) to capture that many packets 11/19/2014 Wireless Networks 70

71 Aircrack-ng 50% change to recover 104 bit WEP key with 40,000 captured packets. 80% chance with 60,000; 95% chance with 85,000. Using active techniques like deauth and ARP re-injection, 40,000 packets can be captured in less than one minute under good condition.

72 Wi-Fi Protected Access (WPA) WEP became widely known as insecure In 2005, FBI publically cracked a WEP key in only 3 minutes! Wi-Fi Protected Access (WPA) proposed in 2003 Subset of i that could be deployed quickly. Improves on WEP in several ways: Larger secret key (128 bits) and initialization data (48 bits) Supports various types of authentication besides a shared secret, such as username/password Dynamically changes keys as session continues Cryptographic method to check integrity Frame counter to prevent replay attacks 11/19/2014 Wireless Networks 72

73 802.11i IEEE standard approved to replace WEP in Wi-Fi Alliance branded i as WPA2. Security Features Four-way handshake for AP authentication, key xchg. AES encryption instead of RC4 used by WEP and WPA. Converts AES-128 into stream cipher by using it in Counter Mode with Cipher Block Chaining (CCMP). Generates Pairwise Transient Key (PTK) for encryption with each client/ap pair. Almost all wireless hardware supports i. 11/19/2014 Wireless Networks 73

74 4-way Handshake 1. AP sends a nonce to client station (STA). 2. Client constructs PTK (Pairwise Transient Key) and sends its nonce and a hash (MIC) to AP. 3. AP constructs PTK, sends GTK (Group Temporal Key), used to decrypt multicast and broadcast traffic, and hash. 4. Client acknowledges receipt.

75 Alternatives and Add-Ons WEP, WPA, and WPA2 all protect your traffic only up to the access point. No security provided beyond access point. Other methods can encrypt end-to-end: SSL, SSH, VPN, PGP, etc. End-to-end encryption is often simpler than setting up network-level encryption. Most of these solutions require per-application configuration. 11/19/2014 Wireless Networks 75

76 Wi-Fi Protected Setup (WPS) Protocol to make i setup easy. Enter PIN from sticker or AP display. Push button on each device. WPS protocol has design flaws. Brute force PIN in 10 8 tries (4 hours). Design flaws in protocol provide feedback on PIN guesses, reducing tries to

77 Key Points: Layer 2 1. Layer 2 concepts Hosts identified by 48-bit MAC addresses. OS can spoof MACs by setting to any value. Switches manage layer 2 traffic. 2. ARP translates IPs to MACs so packets can be delivered on hosts on local subnet. There is no authentication. ARP spoofing can be used to receive frames destined for other hosts. 3. Network sniffing View confidential network traffic of other hosts. ARP spoofing can let attacker sniff even if switches used.

78 Key Points: Layers IP addresses seen by recipient unlike MAC NAT hides many IP addresses behind one. 2. IP spoofing Blind: do not see responses. Non-blind: use sniffer to see responses. 3. Technical DoS: ping of death, smurf, SYN flood 4. TCP session hijacking seizes authenticated session Guess TCP sequence numbers based on ISN. Desynchronize existing TCP session. Threat resynchronizes with server, seizing control. 5. Cannot hijack encrypted sessions like ssh.

79 Key Points: Wireless 1. Wireless networks can be discovered by 1. Passive scanning (Kismet). 2. Active scanning if no beacons broadcast. 2. Wireless networks can be sniffed. 1. By anyone in range. 2. Range can be miles with good antennas. 3. WEP security is broken 1. Threat can recover key in seconds i (WPA2) security is good 1. But WPS protocol can allow breaking if used.

80 References 1. Carna Botnet, Internet Census 2012, Johnny Cache, Hacking Exposed: Wireless, 2 nd edition, Mc-Graw Hill, Matthew Gast, Wireless Networks: The Definitive Guide, 2 nd edition, Goodrich and Tammasia, Introduction to Computer Security, Pearson, Richard Stevens, TCP/IP Illustrated, Vol. 1, Addison- Wesley, Vladimirov et. Al., Wi-Foo: The Secrets of Wireless Hacking, Addison-Wesley, 2004.