CSC 8560 Computer Networks: Security Protocols

Similar documents
CSC 4900 Computer Networks: Security Protocols (2)

Chapter 8 roadmap. Network Security

Chapter 8 Network Security

COSC4377. Chapter 8 roadmap

Lecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ

14. Internet Security (J. Kurose)

Chapter 8 Security. Computer Networking: A Top Down Approach. Andrei Gurtov. 7 th edition Jim Kurose, Keith Ross Pearson/Addison Wesley April 2016

Computer Networks. Wenzhong Li. Nanjing University

FIREWALLS. Firewall: isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others

Network Security. Computer Networking: A Top Down Approach Featuring the Internet, 2 nd edition. Jim Kurose, Keith Ross Addison-Wesley, July 2002.

Computer Networking. What is network security? Chapter 7: Network security. Symmetric key cryptography. The language of cryptography

Computer Communication Networks Network Security

Chapter 8. Computer Networking: A Top Down Approach Featuring the Internet, 3 rd edition. Jim Kurose, Keith Ross Addison-Wesley, July 2004.

Chapter 8 Security. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

Internet and Intranet Protocols and Applications

Lecture 9: Network Level Security IPSec

CS Computer Networks 1: Authentication

Int ernet w orking. Internet Security. Literature: Forouzan: TCP/IP Protocol Suite : Ch 28

IPSec. Slides by Vitaly Shmatikov UT Austin. slide 1

Chapter 8 Security. Computer Networking: A Top Down Approach

Network Security. Thierry Sans

Chapter 8 Security. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

Security: Focus of Control. Authentication

Chapter 8 Network Security. Computer Networking: A Top Down Approach, 5 th edition. Jim Kurose, Keith Ross Addison-Wesley, April 2009.

Chapter 8 Network Security

Networking Security SPRING 2018: GANG WANG

Lecture 30. Cryptography. Symmetric Key Cryptography. Key Exchange. Advanced Encryption Standard (AES) DES. Security April 11, 2005

Chapter 5: Network Layer Security

Firewalls, Tunnels, and Network Intrusion Detection

Firewalls. Firewall. means of protecting a local system or network of systems from network-based security threats creates a perimeter of defense

Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP,

Cryptography and Network Security

Managing and Securing Computer Networks. Guy Leduc. Chapter 7: Securing LANs. Chapter goals: security in practice: Security in the data link layer

Security: Focus of Control

Lecture 13 Page 1. Lecture 13 Page 3

Network Encryption 3 4/20/17

Chapter 4: Securing TCP connections

EEC-682/782 Computer Networks I

Internet security and privacy

Junos Security. Chapter 8: IPsec VPNs Juniper Networks, Inc. All rights reserved. Worldwide Education Services

Chapter 8 Network Security

Virtual Private Network

Cryptography and Network Security Chapter 16. Fourth Edition by William Stallings

8. Network Layer Contents

IP Security IK2218/EP2120

Protocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE i, IEEE 802.1X P2.

Lecture Nov. 21 st 2006 Dan Wendlandt ISP D ISP B ISP C ISP A. Bob. Alice. Denial-of-Service. Password Cracking. Traffic.

CS 356 Internet Security Protocols. Fall 2013

Distributed Systems. 27. Firewalls and Virtual Private Networks Paul Krzyzanowski. Rutgers University. Fall 2013

CSE543 Computer and Network Security Module: Network Security

Lecture 12 Page 1. Lecture 12 Page 3

Protocol Architecture (2) Suguru Yamaguchi Nara Institute of Science and Technology Department of Information Science

Computer Security 3e. Dieter Gollmann. Security.di.unimi.it/sicurezza1415/ Chapter 16: 1

SonicWALL Addendum. A Supplement to the SonicWALL Internet Security Appliance User's Guide

Network Security - ISA 656 IPsec IPsec Key Management (IKE)

IPSec. Overview. Overview. Levente Buttyán

IP Security. Have a range of application specific security mechanisms

CSC 6575: Internet Security Fall 2017

Security Engineering. Lecture 16 Network Security Fabio Massacci (with the courtesy of W. Stallings)

CSC 574 Computer and Network Security. TCP/IP Security

Network Security Chapter 8

L13. Reviews. Rocky K. C. Chang, April 10, 2015

CSCE 715: Network Systems Security

CSC 8560 Computer Networks: Network Security

Internet Protocol and Transmission Control Protocol

HP Instant Support Enterprise Edition (ISEE) Security overview

HW/Lab 4: IPSec and Wireless Security. CS 336/536: Computer Network Security DUE 11 am on 12/01/2014 (Monday)

Introduction and Overview. Why CSCI 454/554?

Internet Layers. Physical Layer. Application. Application. Transport. Transport. Network. Network. Network. Network. Link. Link. Link.

Sample excerpt. Virtual Private Networks. Contents

Computer Security 3e. Dieter Gollmann. Security.di.unimi.it/sicurezza1516/ Chapter 16: 1

Chapter 8. Network Security. Cryptography. Need for Security. An Introduction to Cryptography 10/7/2010

VPN and IPsec. Network Administration Using Linux. Virtual Private Network and IPSec 04/2009

Network Security and Cryptography. December Sample Exam Marking Scheme

The Internet community has developed application-specific security mechanisms in a number of application areas, including electronic mail (S/MIME,

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

Security+ SY0-501 Study Guide Table of Contents

Internet Technology. Security

On the Internet, nobody knows you re a dog.

Introduction to Computer Security

IP Security Part 1 04/02/06. Hofstra University Network Security Course, CSC290A

Virtual Private Networks

CSc 466/566. Computer Security. 18 : Network Security Introduction

Security issues: Encryption algorithms. Threats Methods of attack. Secret-key Public-key Hybrid protocols. CS550: Distributed OS.

20-CS Cyber Defense Overview Fall, Network Basics

Distributed Systems. 25. Authentication Paul Krzyzanowski. Rutgers University. Fall 2018

Application Note. Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder )

The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to

INTERNET PROTOCOL SECURITY (IPSEC) GUIDE.

Prof. Shervin Shirmohammadi SITE, University of Ottawa. Security Architecture. Lecture 13: Prof. Shervin Shirmohammadi CEG

key distribution requirements for public key algorithms asymmetric (or public) key algorithms

Chapter 6. IP Security. Dr. BHARGAVI H. GOSWAMI Department of Computer Science Christ University

R (2) Implementation of following spoofing assignments using C++ multi-core Programming a) IP Spoofing b) Web spoofing.

ELEC5616 COMPUTER & NETWORK SECURITY

Cryptography and Network Security. Sixth Edition by William Stallings

Kurose & Ross, Chapters (5 th ed.)

Chapter 6/8. IP Security

CONTENTS. vii. Chapter 1 TCP/IP Overview 1. Chapter 2 Symmetric-Key Cryptography 33. Acknowledgements

Network Security and Cryptography. 2 September Marking Scheme

Transcription:

CSC 8560 Computer Networks: Security Protocols Professor Henry Carter Fall 2017

CATS Reports Now available online! Go to MyNova -> Blackboard Learn -> Course Evaluations Take 10 minutes Will not be visible to me until after grades are submitted Help me improve the course!

Last Time Trying to prove who you are simply by saying your name is an example of...? How are MACs and Digital Signatures Different? What algorithms used to implement them? Diffie-Hellman key exchanges are vulnerable to what kind of attack? 3

Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message Integrity 8.4 End point Authentication 8.5 Securing e-mail 8.6 Securing TCP connections: SSL 8.7 Network layer security: IPsec 8.8 Securing wireless LANs 8.9 Operational security: firewalls and IDS 4

Email Security Transmission is often not the only place crypto needs to be used to protect your email. Some system administrators, service providers and (if you re unlucky) law enforcement agencies read your email when it sits on the server. e.g., GMail Advertisements How can you protect the confidentiality and integrity of your communications? 5

Secure e-mail Alice wants to send confidential e-mail, m, to Bob. K S m. K S ( ) K S (m ) K S (m ). K S ( ) m + - Internet K S K S K +. B ( ) + K B (K S ) + K B (K S ) -. K B ( ) K B + K B - Alice: generates random symmetric private key, K S. encrypts message with K S (for efficiency) also encrypts K S with Bob s public key. sends both K S (m) and K B (K S ) to Bob. 6

Secure e-mail Alice wants to send confidential e-mail, m, to Bob. K S m. K S ( ) K S (m ) K S (m ). K S ( ) m + - Internet K S K S K +. B ( ) + K B (K S ) + K B (K S ) -. K B ( ) K B + K B - Bob: uses his private key to decrypt and recover K S uses K S to decrypt K S (m) to recover m 7

Secure e-mail (continued) Alice wants to provide sender authentication message integrity. K Ā K A + m. - H( ) K A (. ) - K A (H(m)) - K A (H(m)) +. K A ( ) H(m ) + - Internet compare m m. H( ) H(m ) Alice digitally signs message. sends both message (in the clear) and digital signature. 8

Secure e-mail (continued) Alice wants to provide secrecy, sender authentication, message integrity. K Ā m H( ). -. K A ( ) - K A (H(m)) K S +. K S ( ) m + Internet K S +. K B ( ) K B + + K B (K S ) Alice uses three keys: her private key, Bob s public key, newly created symmetric key 9

Pretty good privacy (PGP) Internet e-mail encryption scheme, de-facto standard. uses symmetric key cryptography, public key cryptography, hash function, and digital signature as described. provides secrecy, sender authentication, integrity. inventor, Phil Zimmerman, was target of 3-year federal investigation. A PGP signed message: ---BEGIN PGP SIGNED MESSAGE--- Hash: SHA1 Bob:My husband is out of town tonight.passionately yours, Alice ---BEGIN PGP SIGNATURE--- Version: PGP 5.0 Charset: noconv yhhjrhhgjghgg/12epj+lo8ge4vb3mqjhfevz P9t6n7G6m5Gw2 ---END PGP SIGNATURE--- pgp.mit.edu 10

PGP: A Web of Trust Instead of relying on a CA, PGP uses social relationships to verify a key. If you know a friend of mine and they signed my key (and you can verify their signature), you are more likely to believe the key belongs to me. 11

Using PGP For Mac users, download MacGPG. Windows users should get GPG4win. Linux users can download GPG. These are all free versions of PGP based on RFC4880. From the command-line: gpg -c filename.txt (encrypt a file using a symmetric key generated from a passphrase) gpg -e filename.txt (encrypt a file using the public key of the intended reader). 12

Public Key 13

Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message Integrity 8.4 End point Authentication 8.5 Securing e-mail 8.6 Securing TCP connections: SSL 8.7 Network layer security: IPsec 8.8 Securing wireless LANs 8.9 Operational security: firewalls and IDS 14

How do we get secure communications? We now have an idea of how cryptographic algorithms work (and what they try to guarantee). We also know how to ensure integrity of our communications. How do we actually use this stuff? Are we using it on a daily basis? 15

Secure Sockets Layer (SSL) Provides transport layer security to any TCP-based application using SSL services. e.g., between Web browsers, servers for e-commerce (https) security services: server authentication, data encryption, client authentication (optional) TCP socket Application TCP IP Application SSL sublayer TCP IP SSL socket TCP API TCP enhanced with SSL 16

SSL: Three Phases 1. Handshake: Bob establishes TCP connection to Alice authenticates Alice via CA signed certificate creates, encrypts (using Alice s public key), sends master secret key to Alice nonce exchange not shown create Master Secret (MS) decrypt using K A - to get MS 17

SSL: Three Phases 2. Key Derivation: Alice, Bob use shared secret (MS) to generate 4 keys: EB: Bob->Alice data encryption key EA: Alice->Bob data encryption key MB: Bob->Alice MAC key MA: Alice->Bob MAC key encryption and MAC algorithms negotiable between Bob, Alice why 4 keys? 18

SSL: Three Phases 3. Data Transfer TCP byte stream b 1 b 2 b 3 b n block n bytes together d. H( ) M B compute MAC d d H(d) H(d). H( ) E B SSL seq. # encrypt d, MAC, SSL seq. # SSL record format Type Ver Len d H(d) unencrypted encrypted using E B 19

What does that little lock mean? What does this lock actually mean? Are you secure? It really depends... Some websites used negotiate the use of the null cipher. So even with the lock icon, no crypto was being used. Attackers can launch SSL downgrade attacks against older browsers. Commonly misspelled websites might make you think you are connected securely to the right page. 20

Steve Bellovin Long time researcher at AT&T Research/Bell Labs. Member of the National Academy of Engineering Professor at Columbia University Credited as one of the Fathers of the firewall One of the originators of USENET The precursor to World Wide Web, allowed people to view and exchange content in newsgroups. 21

Security Problems in the TCP/IP Protocol Suite This is one of the classics of Network Security literature. Although written in 1989, many of the protocols discussed here are still widely used today. This is a nice overview of why security research is necessary. It is hard to build secure systems when the infrastructure supporting them was never designed to consider security. Attacks on specific implementations not discussed. Three general attack categories: TCP/IP Attacks, Routing Attacks, and Abusing Common Protocols. 22

TCP/IP Sequence Number Guessing TCP connects are established by the 3-way handshake: What do the three messages look like? Each client keeps a unique sequence number to order packets and prevent against loss. An attacker can spoof an IP address, but attempting to carry out a conversation when you don t know the correct responses is hard. If you can guess the response, you can establish a connection. 23

How This Attack Works C SYN, ACK, ACK, SYN, SeqA+1, SeqA+1, SeqB+1 SeqB S C A SYN, ACK, SeqA+1, SeqB ACK, SeqA+1, SeqB+1 SYN, SeqA S 24

What Can You Do With This? On Christmas Day 1994, Kevin Mitnick used this attack to break into Tsuomo Shimamura s machine. Claimed to be from a trusted IP address, added himself to rhosts file, gained full access. Unfortunately for Mitnick, Tsutomu Shimomura caught him in the act (saw the logs). Ultimately, this incident helped the FBI track down and arrest Mitnick in Raleigh, NC. 25

Defense Against SNG Attack Make the initial sequence number hard to guess. Most systems now use a PRNG, but they re not great. Most implementations of TCP will accept RST packets with a sequence number anywhere within their window. For a 32Kb window, 2 17 attempts is enough to get it right. Actively monitor your logs. But you need to be on top of this as an attacker is likely to delete or modify them once they get access. 26

Real-World Routing Attacks AS7007 (1997) YouTube hijacked by Pakistan (2008) 27

ICMP Attacks Examples ICMP Redirect ICMP Destination Unreachable ICMP Time to Live Exceeded Defense Filtering 28

Other Protocols Finger Directory-like service. Can this help with identity theft? Password cracking? Electronic Mail We have already shown how to spoof email. Until recently, even retrieving mail from your server used cleartext passwords. 29

Other Protocols (2) DNS Sequence number guessing and response spoofing thought to be potentially serious attacks in 1989. These are major issues today... why? ARP A local attacker could similarly siphon off all your traffic. 30

General Defenses Authentication Authentication by assertion repeatedly gets us into trouble. Why do we still do it? Encryption End-to-End Link-layer 31

Conclusions IP addresses are meaningless as an authentication token. Use random numbers whenever knowledge of that number may open your system to attack. The core of the network is based on algorithms that fall over pretty easily, making the Internet very fragile. 32

Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message Integrity 8.4 End point Authentication 8.5 Securing e-mail 8.6 Securing TCP connections: SSL 8.7 Network layer security: IPsec 8.8 Securing wireless LANs 8.9 Operational security: firewalls and IDS 33

What is network-layer confidentiality? between two network entities: sending entity encrypts datagram payload, payload could be: TCP or UDP segment, ICMP message, OSPF message. all data sent from one entity to other would be hidden: web pages, e-mail, P2P file transfers, TCP SYN packets blanket coverage 34

Virtual Private Networks (VPNs) motivation: institutions often want private networks for security. costly: separate routers, links, DNS infrastructure. VPN: institution s inter-office traffic is sent over public Internet instead encrypted before entering public Internet logically separate from other traffic 35

Virtual Private Networks (VPNs) public Internet laptop w/ IPsec salesperson in hotel router w/ IPv4 and IPsec router w/ IPv4 and IPsec headquarters branch office 36

IPsec services data integrity origin authentication replay attack prevention confidentiality two protocols providing different service models: AH ESP 37

Two IPsec protocols Authentication Header (AH) protocol provides source authentication & data integrity but not confidentiality Encapsulation Security Protocol (ESP) provides source authentication, data integrity, and confidentiality more widely used than AH 38

Security associations (SAs) before sending data, security association (SA) established from sending to receiving entity SAs are simplex: for only one direction ending, receiving entitles maintain state information about SA recall: TCP endpoints also maintain state info IP is connectionless; IPsec is connection-oriented! how many SAs in VPN w/ headquarters, branch office, and n traveling salespeople? 39

Example SA from R1 to R2 R1 Stores: 32-bit SA identifier: Security Parameter Index (SPI) origin SA interface (200.168.1.100) destination SA interface (193.68.2.23) type of encryption used (e.g., 3DES with CBC) encryption key type of integrity check used (e.g., HMAC with MD5) authentication key headquarters Internet branch office 200.168.1.100 193.68.2.23 172.16.1/24 R1 security association R2 172.16.2/24 40

IPsec datagram focus for now on tunnel mode with ESP 41

Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message Integrity 8.4 End point Authentication 8.5 Securing e-mail 8.6 Securing TCP connections: SSL 8.7 Network layer security: IPsec 8.8 Securing wireless LANs 8.9 Operational security: firewalls and IDS 42

IEEE 802.11 Security war-driving: drive around Bay area, see what 802.11 networks available? More than 9000 accessible from public roadways 85% use no encryption/authentication packet-sniffing and various attacks easy! securing 802.11 encryption, authentication first attempt at 802.11 security: Wired Equivalent Privacy (WEP): a failure current attempt: 802.11i 43

Wired Equivalent Privacy (WEP) authentication as in protocol ap4.0 host requests authentication from access point access point sends 128 bit nonce host encrypts nonce using shared symmetric key access point decrypts nonce, authenticates host no key distribution mechanism authentication: knowing the shared key is enough 44

WEP Encryption Sender-side WEP encryption 45

Breaking WEP security hole: 24-bit IV, one IV per frame, -> IV s eventually reused IV transmitted in plaintext -> IV reuse detected attack: Trudy causes Alice to encrypt known plaintext d 1 d 2 d 3 d 4 IV Trudy sees: c i = d i XOR k i IV Trudy knows c i d i, so can compute k i IV IV IV Trudy knows encrypting key sequence k 1 k 2 k 3 Next time IV is used, Trudy can decrypt! 46

802.11i: Improved Security numerous (stronger) forms of encryption possible provides key distribution uses authentication server separate from access point Common implementation: WPA2 47

Four phases 48

EAP: extensible authentication protocol EAP: end-end client (mobile) to authentication server protocol EAP sent over separate links mobile-to-ap (EAP over LAN) AP to authentication server (RADIUS over UDP) EAP TLS EAP EAP over LAN (EAPoL) IEEE 802.11 RADIUS UDP/IP 49

Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message Integrity 8.4 End point Authentication 8.5 Securing e-mail 8.6 Securing TCP connections: SSL 8.7 Network layer security: IPsec 8.8 Securing wireless LANs 8.9 Operational security: firewalls and IDS 50

Firewalls firewall isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others. 51

Firewalls: why prevent denial of service attacks: SYN flooding: attacker establishes many bogus TCP connections, no resources left for real connections prevent illegal modification/access of internal data e.g., attacker replaces CIA s homepage with something else allow only authorized access to inside network set of authenticated users/hosts three types of firewalls: stateless packet filters, stateful packet filters, application gateways 52

Stateless Packet Filtering internal network connected to Internet via router firewall router filters packet-by-packet, decision to forward/drop packet based on: source IP address, destination IP address TCP/UDP source and destination port numbers ICMP message type TCP SYN and ACK bits 53

Stateless Packet Filtering: Example example 1: block incoming and outgoing datagrams with IP Protocol field = 17 and with either source or dest port = 23. result: all incoming, outgoing UDP flows and telnet connections are blocked. example 2: Block inbound TCP segments with ACK=0. result: prevents external clients from making TCP connections with internal clients, but allows internal clients to connect to outside. 54

Stateless packet filtering: more examples 55

Access Control Lists ACL: table of rules, applied top to bottom to incoming packets: (action, condition) pairs: looks like OpenFlow forwarding (Ch. 4)! action source address dest address protocol source port dest port flag bit allow 222.22/16 outside of 222.22/16 TCP > 1023 80 any allow outside of 222.22/16 222.22/16 TCP 80 > 1023 ACK allow 222.22/16 outside of 222.22/16 UDP > 1023 53 --- allow outside of 222.22/16 222.22/16 UDP 53 > 1023 ---- deny all all all all all all 56

Stateful Packet Filtering stateless packet filter: heavy handed tool admits packets that make no sense, e.g., dest port = 80, ACK bit set, even though no TCP connection established: action source address dest address protocol source port dest port flag bit allow outside of 222.22/16 222.22/16 TCP 80 > 1023 ACK stateful packet filter: track status of every TCP connection track connection setup (SYN), teardown (FIN): determine whether incoming, outgoing packets makes sense timeout inactive connections at firewall: no longer admit packets 57

Stateful Packet Filtering ACL augmented to indicate need to check connection state table before admitting packet action source address dest address proto source port dest port flag bit check conxion allow 222.22/16 outside of 222.22/16 TCP > 1023 80 any allow outside of 222.22/16 222.22/16 TCP 80 > 1023 ACK x allow 222.22/16 outside of 222.22/16 UDP > 1023 53 --- allow outside of 222.22/16 222.22/16 UDP 53 > 1023 ---- x deny all all all all all all 58

Application gateways filter packets on application data as well as on IP/TCP/UDP fields. host-to-gateway telnet session application gateway example: allow select internal users to telnet outside router and filter gateway-to-remote host telnet session 1. require all telnet users to telnet through gateway. 2. for authorized users, gateway sets up telnet connection to dest host. Gateway relays data between 2 connections 3. router filter blocks all telnet connections not originating from gateway. 59

Limitations of Firewalls and Gateways IP spoofing: router can t know if data really comes from claimed source if multiple apps need special treatment, each has own app gateway client software must know how to contact gateway. e.g., must set IP address of proxy in Web browser filters often use all or nothing policy for UDP tradeoff: degree of communication with outside world, level of security many highly protected sites still suffer from attacks 60

Intrusion Detection Systems packet filtering: operates on TCP/IP headers only no correlation check among sessions IDS: intrusion detection system deep packet inspection: look at packet contents (e.g., check character strings in packet against database of known virus, attack strings) examine correlation among multiple packets port scanning network mapping DoS attack 61

Intrusion Detection Systems multiple IDSs: different types of checking at different locations 62

Network Security Summary Basic techniques... cryptography (symmetric and public) message integrity end-point authentication. used in many different security scenarios secure email secure transport (SSL) IP sec 802.11 Operational Security: firewalls and IDS 63

Next Time... Textbook Chapter 9.1-9.4 Remember, you need to read it BEFORE you come to class! Homework: Project 4 presentations NEXT WEEK! 64

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback