Resilient Networks Missouri S&T University CPE 6510 Network Security Overview

Transcription

1 Resilient Networks Missouri S&T University CPE 6510 Network Security Overview Egemen K. Çetinkaya Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University of Science and Technology 2 March 2017 rev Egemen K. Çetinkaya

2 Network Security Overview Outline Overview and role in resilience Security sub-disciplines Overview of attacks and defenses Metrics and evaluation 2 March 2017 MST CPE 6510 Network Security Overview 2

3 Network Security Overview Overview and Role in Resilience Overview and role in resilience Security sub-disciplines Overview of attacks and defenses Metrics and evaluation 2 March 2017 MST CPE 6510 Network Security Overview 3

4 Security Security Definition property of a system and measures taken protect itself from unauthorized access or change subject to policy 2 March 2017 MST CPE 6510 Network Security Overview 4

5 Self-protection Self-Protection Importance to Resilience systems protect themselves from unauthorized access network control infrastructure Systems with the need to protect themselves end systems (e.g. firewalls) intermediate systems: routers, switches servers: DNS, Web, etc. enterprise networks (e.g. firewalls) virtual enclaves network realms that define trust boundaries 2 March 2017 MST CPE 6510 Network Security Overview 5

6 Self-protection Self-Protection Importance to Resilience systems protect themselves from unauthorized access network control infrastructure Network control infrastructure signalling (e.g. ICMP, RSVP/MPLS) routing protocols (e.g. S-BGP, OSPF, IS-IS) network services (e.g. DNSSEC, ICP) 2 March 2017 MST CPE 6510 Network Security Overview 6

7 Vulnerability Security Vulnerability flaw or weakness in system design, implementation, controls, operation, or management could be exploited to violate security policy [CNSS ] [S2007] note relation to definition with respect to faults internal fault that allows an external fault to cause an error [Laprie-1994], [ALR+2004] 2 March 2017 MST CPE 6510 Network Security Overview 7

8 Threat Security Threats entity, circumstance, capability, action, or event with potential to violate security and cause harm [CNSS ] [S2007] potential challenge that might exploit a vulnerability 2 March 2017 MST CPE 6510 Network Security Overview 8

9 Threat Security Threat Analysis entity, circumstance, capability, action, or event with potential to violate security and cause harm [CNSS ] [S2007] potential challenge that might exploit a vulnerability Threat analysis examination of information and analysis of actions to identify potential threats identifying probability of occurrence and consequences [CNSS ] [S2007] 2 March 2017 MST CPE 6510 Network Security Overview 9

10 Security Challenges Challenge : adverse event or condition that might violate security policy including availability impact dependability impact performability three aspects of trustworthiness 2 March 2017 MST CPE 6510 Network Security Overview 10

11 Security Discipline Evolution 1960s: computer system security security among multiple users on timesharing systems operating system security (e.g. Multics) 1980s: computer network security security among computers sharing enterprise network 1990s: Internet security security against (almost) universal access to Global Internet 2000s: privacy issues and wireless security security of mobile wireless networks critical infrastructures: power-grid, nuclear 2020s: privacy and smart environment security security of IoT, autonomous vehicles, cloud, SDN, NFV 2 March 2017 MST CPE 6510 Network Security Overview 11

12 Network Security Overview Security Sub-disciplines Overview and role in resilience Security sub-disciplines Overview of attacks and defenses Metrics and evaluation 2 March 2017 MST CPE 6510 Network Security Overview 12

13 Security Relationship to Resilience Disciplines Egemen K. Çetinkaya Survivability many targetted failures Fault Tolerance (few random) Challenge Tolerance Traffic Tolerance Disruption Tolerance environmental delay connectivity energy mobility Robustness Complexity confidentiality Trustworthiness Dependability reliability maintainability safety availability auditability Security AAA authenticity integrity nonrepudiability authorisability legitimate flash crowd attack DDoS Performability QoS measures 2 March 2017 MST CPE 6510 Network Security Overview 13

14 Confidentiality AAA (triple-a) Security Security Properties and Attributes accounting or auditability (sometimes AAAA) authorisation authentication Attributes shared with dependability availability integrity Nonrepudiation note: all stated as -ilities in diagram for consistency 2 March 2017 MST CPE 6510 Network Security Overview 14

15 Confidentiality Security Confidentiality information is not made available or disclosed to unauthorized individuals, entities, processes, devices [X ] [CNSS ] [S2007] dependability with respect to the absence of unauthorized disclosure of information [Laprie-1994] Mechanisms for confidentiality? 2 March 2017 MST CPE 6510 Network Security Overview 15

16 Confidentiality Security Confidentiality information is not made available or disclosed to unauthorized individuals, entities, processes, devices [X ] [CNSS ] [S2007] dependability with respect to the absence of unauthorized disclosure of information [Laprie-1994] Mechanisms for confidentiality physical access restrictions encryption 2 March 2017 MST CPE 6510 Network Security Overview 16

17 Accounting Security Accounting and Auditing collecting information on access to resources generating audit trail Accounting is part of AAA auditing is sometimes separately added as AAAA 2 March 2017 MST CPE 6510 Network Security Overview 17

18 Authorization Security Authorization granting of privileges or rights [X ] [CNSS ] [S2007] Authorization is part of AAA Mechanisms for authorization? 2 March 2017 MST CPE 6510 Network Security Overview 18

19 Authorization Security Authorization granting of privileges or rights [X ] [CNSS ] [S2007] Authorization is part of AAA Mechanisms for authorization ACLs (access control lists) and capabilities authentication 2 March 2017 MST CPE 6510 Network Security Overview 19

20 Authentication Security Authentication data origin authentication: assurance that the source of data is as claimed peer-entity authentication: assurance that peer in association is as claimed [X ] [CNSS ] [S2007] Authentication is part of AAA Mechanisms for authentication? 2 March 2017 MST CPE 6510 Network Security Overview 20

21 Authentication Security Authentication data origin authentication: assurance that the source of data is as claimed peer-entity authentication: assurance that peer in association is as claimed [X ] [CNSS ] [S2007] Authentication is part of AAA Mechanisms for authentication digital certificates and signatures 2 March 2017 MST CPE 6510 Network Security Overview 21

22 Availability Security Availability property of being accessible and useable upon demand by an authorized entity [X ] [CNSS ] [S2007] Availability is also a dependability aspect probability of a system operational at a given time 2 March 2017 MST CPE 6510 Network Security Overview 22

23 Integrity Security Integrity refers to logical correctness [ATIS-T ] data integrity: not changed, lost, destroyed; maliciously or accidentally system integrity: correct operation without unauthorized manipulation source integrity: data trustworthy based on its source and handling [X ] [CNSS ] [S2007] Integrity is also a dependability aspect Mechanisms for integrity? 2 March 2017 MST CPE 6510 Network Security Overview 23

24 Integrity Security Integrity refers to logical correctness [ATIS-T ] data integrity: not changed, lost, destroyed; maliciously or accidentally system integrity: correct operation without unauthorized manipulation source integrity: data trustworthy based on its source and handling [X ] [CNSS ] [S2007] Integrity is also a dependability aspect Mechanisms for integrity message digest (e.g. MD5, SHA-1) 2 March 2017 MST CPE 6510 Network Security Overview 24

25 Nonrepudiation Security Nonrepudiation inability to deny having participated in communication [X ] [CNSS ] [S2007] Mechanisms for nonrepudiation? 2 March 2017 MST CPE 6510 Network Security Overview 25

26 Nonrepudiation Security Nonrepudiation inability to deny having participated in communication [X ] [CNSS ] [S2007] Mechanisms for nonrepudiation digital certificates and signatures 2 March 2017 MST CPE 6510 Network Security Overview 26

27 Network Security Overview Overview of Attacks and Defenses Overview and role in resilience Security sub-disciplines Overview of attacks and defenses Metrics and evaluation 2 March 2017 MST CPE 6510 Network Security Overview 27

28 Misuse of terminology Network Security Attackers Do all of the below mean a malicious entity? Adversary? Cracker? Hacker? Intruder? 2 March 2017 MST CPE 6510 Network Security Overview 28

29 Network Security Attackers Adversary? entity that attacks a system Cracker? (also spelled kracker) someone who tries to break into someone else s system Hacker? (cracker hacker) someone working on computers and make cool things Intruder? entity that tries to gain unauthorized access Packet monkey? (deprecated) someone who floods a system for a DOS condition Script kiddy? someone who uses existing scripts, but not innovative [S2007] 2 March 2017 MST CPE 6510 Network Security Overview 29

30 Application attacks Protocol attacks Operational Policy Hardware Network Security Attack Types 2 March 2017 MST CPE 6510 Network Security Overview 30

31 Application attacks Attack Types Applications attacks exploit vulnerability in end-user software Examples: attacks against web browsers 2 March 2017 MST CPE 6510 Network Security Overview 31

32 Attack Types Protocols Attacks on network protocols Examples: BGP DNS 2 March 2017 MST CPE 6510 Network Security Overview 32

33 Operational Attack Types Operational attacks exploiting operation procedures to mismanage traffic Examples: attacks on routers attacks on links DoS, DDoS 2 March 2017 MST CPE 6510 Network Security Overview 33

34 Attack Types Policy Attacks exploiting policy aspects Examples: policy about password length and character choice policy about opening attachment 2 March 2017 MST CPE 6510 Network Security Overview 34

35 Attacks on hardware Attack Types Hardware Can be more expensive as an attacker need to be involved from the design stage but the attack can be more damaging Examples: malicious design in hardware cutting fibre sniper attack on California power station [TK2010] 2 March 2017 MST CPE 6510 Network Security Overview 35

36 Network Security Defense Types Cryptographic algorithms: symmetric encryption asymmetric encryption data integrity protocols authentication protocols Security in network protocols: PGP, S/MIME, HTTPS, SSL, TLS, IPsec, S-BGP, DNSSEC i (WEP WPA WPA2) Firewall, ACL (access control list) [More in CPE5420-Introduction to Network Security] 2 March 2017 MST CPE 6510 Network Security Overview 36

37 Encryption Algorithms Symmetric Encryption Symmetric encryption: conventional or single-key Only type of encryption prior to public-key, 1970s Remains one of the two most used encryption [S2014] 2 March 2017 MST CPE 6510 Network Security Overview 37

38 Encryption Algorithms Asymmetric Encryption Egemen K. Çetinkaya Asymmetric encryption: public-key Uses two keys: public and private Harder to compromise, but doubles processing [S2014] 2 March 2017 MST CPE 6510 Network Security Overview 38

39 Hash Function Simplified Model Hash function yields a fixed-length hash value 2 March 2017 MST CPE 6510 Network Security Overview 39

40 Message Authentication Authentication and Confidentiality (a) Message plus concatenated hash code is encrypted using symmetric key encryption Message must come from A and has not been altered The hash code provides authentication Encryption on entire message + hash code provides confidentiality 2 March 2017 MST CPE 6510 Network Security Overview 40

41 Message Authentication Authentication (b) Only the hash code is encrypted using symmetric encryption This reduces the processing burden for those applications that do not require confidentiality 2 March 2017 MST CPE 6510 Network Security Overview 41

42 Message Authentication Authentication (c) It is possible to use a hash function but no encryption Sender and receiver share a common secret value S A computes the hash value over: the concatenation of M and S appends the resulting hash value to M Because B possesses S, it can recompute hash value 2 March 2017 MST CPE 6510 Network Security Overview 42

43 Message Authentication Authentication and Confidentiality (d) Confidentiality can be added to the method (c) by encrypting the entire message plus the hash code 2 March 2017 MST CPE 6510 Network Security Overview 43

44 Digital Signatures Authentication (a) The hash code is encrypted using public-key encryption with the sender s private key this provides authentication It also provides a digital signature only sender could have produced the encrypted hash code 2 March 2017 MST CPE 6510 Network Security Overview 44

45 Digital Signatures Authentication and Confidentiality (b) To achieve confidentiality and digital signature message plus the private-key-encrypted hash code can be encrypted using a symmetric secret key 2 March 2017 MST CPE 6510 Network Security Overview 45

46 Network Security Overview Metrics and Evaluation Overview and role in resilience Security sub-disciplines Overview of attacks and defenses Metrics and evaluation 2 March 2017 MST CPE 6510 Network Security Overview 46

47 Security Metrics Overview How can the security evaluated? Generally two ideas: security is binary it can be evaluated within a range Security metrics metric indicating strength/weakness of security mechanism very immature field (except for cryptanalysis) Examples confidentiality: key length, CPU time for brute-force attack 2 March 2017 MST CPE 6510 Network Security Overview 47

48 Rainbow series NIST FIPS 199 Attack graphs Attack trees [NST2004] Security Evaluation Methods 2 March 2017 MST CPE 6510 Network Security Overview 48

49 Security Evaluation Rainbow Series Rainbow series About computer security guidelines Published by DoD and NSA in early 1980s Replaced by Common Criteria in 2000s Orange book is known for security evaluation 2 March 2017 MST CPE 6510 Network Security Overview 49

50 Security Evaluation Orange Book Trusted Computer System Evaluation Criteria TCSEC Initially issued 1983, later updated in 1985 Replaced by common criteria in 2005 Evaluation criteria Class D: minimal protection Class C1: discretionary security protection Class C2: controlled access protection Class B1: labelled security protection Class B2: structured protection Class B3: security domains Class A1: verified design 2 March 2017 MST CPE 6510 Network Security Overview 50

51 NIST FIPS 199 Security Evaluation NIST FIPS 199 NIST: National Institute of Standards and Technology FIPS: Federal Information Processing Standards Pub 199: issued in Feb Evaluation criteria based on levels of impact high moderate low 2 March 2017 MST CPE 6510 Network Security Overview 51

52 Security Evaluation Attack Graphs Attack graphs also called scenario graphs More info in Chapter 9, [QTK+2008] 2 March 2017 MST CPE 6510 Network Security Overview 52

53 Security Evaluation Attack Trees Describes combinatorial events leading to failure Nonleaf nodes describe attack goal Leaf nodes describe atomic attacks Uses AND and OR logic gates AND node OR node [NST2004] 2 March 2017 MST CPE 6510 Network Security Overview 53

54 References and Further Reading [L2001] Carl E. Landwehr, Computer Security, Intl. J. of Information Security, vol.1, #1, Aug. 2001, pp [CM2002] Anirban Chakrabarti and G. Manimaran, Internet Infrastructure Security: A Taxonomy, IEEE Network, vol.16, #6, Nov./Dec. 2002, pp [IW2008] Vinay M. Igure, and Ronald D. Williams, Taxonomies of Attacks and Vulnerabilities in Computer Systems, IEEE Comm. Surv. & Tut., vol.10 iss.1, 1st qtr pp [S2007] Robert W. Shirey, Internet Security Glossary, Version 2, FYI 36, RFC 4949, August [S2014] William Stallings, Cryptography and Network Security: Principles and Practice, 6th edition, Prentice Hall, Some slides are adopted from KU EECS 983 Resilient and Survivable Networking class taught by Prof. James P.G. Sterbenz 2 March 2017 MST CPE 6510 Network Security Overview 54

55 References and Further Reading [TK2010] Mohammad Tehranipoor and Farinaz Koushanfar, A Survey of Hardware Trojan Taxonomy and Detection, IEEE Design & Test of Computers, Vol. 27, No. 1, pp , [ALR+2004] Algirdas Avižienis, Jean-Claude Laprie, Brian Randell, and Carl Landwehr, Basic Concepts and Taxonomy of Dependable and Secure Computing, IEEE Transactions on Dependable and Secure Computing, Vol. 1, No. 1, pp , January-March [QTK+2008] Yi Qian, David Tipper, Prashant Krishnamurthy, and James Joshi, Information Assurance: Dependability and Security in Networked Systems, Morgan Kaufmann, [NST2004] David M. Nicol, William H. Sanders, and Kishor S. Trivedi, Model-Based Evaluation: From Dependability to Security, IEEE Transactions on Dependable and Secure Computing, Volume 1, Issue 1, pp , January-March March 2017 MST CPE 6510 Network Security Overview 55

56 End of Foils 2 March 2017 MST CPE 6510 Network Security Overview 56