security in networks (part 2) cpsc 363 computer networks ellen walker hiram college (includes...
Post on 15-Jan-2016
215 Views
Preview:
TRANSCRIPT
Security in Networks (Part 2)
CPSC 363 Computer Networks
Ellen Walker
Hiram College
(Includes figures from Computer Networking by Kurose & Ross, © Addison Wesley 2002)
Trusted Intermediaries
• How do 2 entities establish shared keys?– Trusted key distribution center– Gives appropriate one-time session key to each entity when
a conversation is established– No entity knows another’s secret key (except for a specific
conversation)
• How do I know the public key Alice sent me is really Alice’s public key?– Trusted Certification Authority keeps list of all public keys;
issues certificates with ID & public key (encrypted with CA’s private key, so nonforgeable)
Key Distribution Center
Aliceknows
R1
Bob knows to use R1 to communicate with Alice
Alice and Bob communicate: using R1 as session key for shared symmetric
encryption
KDC generate
s R1
KB-KDC(A,R1)
KA-KDC(A,B)
KA-KDC(R1, KB-KDC(A,R1) )
Certification Authority
• Binds key to entity E (host or router)• Generates digitally-signed certificate after
receiving appropriate proof of identity and payment
Bob’s public
key K B+
Bob’s identifying informatio
n
digitalsignature(encrypt)
CA private
key K CA-
K B+
certificate for Bob’s public
key, signed by CA
Firewall• Analogy: brick wall between apartments to
contain a fire• In networking, isolates internal net from larger
Internet, hopefully containing attacks
administerednetwork
publicInternet
firewall
What Can Firewall Prevent?
• Denial of service attacks– SYN flooding establishes bogus TCP connections,
preventing “real users” from establishing them
• Illegal access / modification of internal data• Access by unauthorized users/hosts
Types of Firewall
• Packet sniffing– Each packet examined and allowed to pass (or
not) based on a set of rules
• Application level– All messages for a given application pass through
a “gateway”– Information such as username available at
application level, but not packet
Packet Filtering Rules
• Packets can be determined to pass or not based on:– Source, Destination IP address– TCP / UDP source & destination port numbers– ICMP message type– TCP SYN and ACK bits
• E.g. TCP ACK=0 is new message originating from outside
• Ordering of rules is important (and can get complex) - see Table 8.5
Application Gateway
• Filters packets on application data (e.g. user) – E.g. only certain users can telnet
host-to-gatewaytelnet session
gateway-to-remote host telnet session
applicationgateway
router and filter
– Telnet connections through gateway allowed (authentication at gateway)
– All other (direct) telnet connections blocked
Limitations of Firewalls and Gateways
• IP spoofing - fake “return address” to get through
• Client needs to know how to access application gateway (e.g. proxy server address configured in browser)
• Tradeoff: more communication vs. more risk• Even highly protected sites suffer attacks• ‘Arms race’ mentality (hacker vs. netadmins)
Attacks
• Mapping– Ping, port sniffing, etc.
• Packet Sniffing– Interfaces in “promiscuous mode” look at every
packet
• Spoofing– “From” IP does not match IP of device
• Denial of service & Hijacking (next slides)
Countermeasures
• Mapping– Record & analyze traffic, react to suspicious patterns (e.g.
update firewall rules)
• Packet Sniffing– Watch for hosts in promiscuous mode– Avoid broadcast media (e.g. use switch, not hub)
• Spoofing– Stop bogus packet at outgoing router (if not from that
network) but we can’t control everyone else’s router
• Denial of service & Hijacking (next slides)
Denial of Service Attacks
• SYN flooding– Starts the TCP handshake, but does not complete– Server allocates data structures for “partial
connections” until space runs out
• SMURF attack– Convince many innocent hosts to send ICMP
packets (traceroute) back to attacked host
• DDoS (Distributed Denial of Service)– Many hosts act as “slaves” for the attacker due to
prior compromise
Denial of Service Countermeasures
• Filter out flooded packets at firewall (loss of good packets, too)
• Traceback to source of floods– Probably an innocent machine that has been
compromised!
Hijacking Attack
• Bob is connected to Alice, Trudy listening in– Trudy gets seq num, ack num, etc from packets
• Trudy eliminates Alice’s host– DoS attack, e.g.
• Trudy continues the conversation– Spoof’s Alice’s host– All header info is correct– Data can be whatever Trudy wants!
Hijacking Countermeasures
• Application level– Authentication protocols– Encryption– Trusted intermediaries– Digital signatures
• Packet level– Encryption of broadcast media (e.g. wireless)– Protect physical media from tapping
Security Across Layers
• Application Layer– Secure e-mail
• Transport Layer– Secure sockets layer (SSL)– Transport Layer security (TLS)
• Network Layer– IPsec (IP security)
• Authentication Header Protocol (AH)• Encapsulation Security Payload Protocol (ESP)
• Data Link Layer– Wired Equivalence Privacy (WEP) on 802.11
What Security Provides (review)
• Confidentiality• Message integrity• Authentication
– Sender– Receiver
Secure Email: Confidentiality
• Encryption options– Private key (key exchange problem)– Public key (inefficient for long email)
• Best of both worlds– Alice chooses “random” session key– Alice encrypts message using session key– Alice encrypts session key using Bob’s public key
• Recipient authentication as well as confidentiality (why?)
Confidential Email
KS( ).
KB( ).+
+ -
KS(m
)
KB(KS )+
m
KS
KS
KB+
Internet
KS( ).
KB( ).-
KB-
KS
mKS(m
)
KB(KS )+
Ks = session key, Kb+ and Kb- are Bob’s public and private keys
Secure Email: Message Integrity
• Use a hash function to compress the message: H(m)
• Encrypt the hash using Alice’s private key (KA- (H(m))– This is the signature
• Send m + (KA- (H(m)) together• Bob computes H(m), compares to KA+(Alice’s sig)
– If they’re equal, message is valid
• Also provides sender authentication (why?)
Pretty Good Privacy
• Provides all 4 aspects of security– Note 3 keys!
H( ). KA( ).-
+
KA(H(m))-
m
KA-
m
KS( ).
KB( ).+
+
KB(KS )+
KS
KB+
Internet
KS
Security for Internet Commerce
• Protect consumer from having credit card info stolen “in transit”
• Protect consumer from providing credit card (etc) information to “spoofed site”
Secure Sockets Layer
• Data Encryption and Authentication• Handshake
– Negotiate encryption algorithm and session keys– Authenticate server to the client
• Transaction– All data is encrypted using negotiated algorithm
and session keys
How It Works (Almost-SSL)
• Client & Server exchange TCP handshake– SYN, SYN+ACK, ACK
• Client establishes server’s identity– SSL hello, certificate
• “Master Secret” (to generate keys) exchanged– Client creates MS, sends K+(MS) – K+ is public key from certificate
How It Works (Almost SSL)
• From MS, we generate 4 keys– Eb = session encryption key for Bob->Alice– Mb = session MAC key for Bob->Alice– Ea, Ma from Alice->Bob
• Encryption keys encrypt data• MAC keys verify data integrity
– Record data + M key are hashed & encrypted with E key.
– Recipient decrypts and checks
Real SSL adds…
• Negotiate & agree on cryptographic algorithms
• Nonces sent during handshake– Used in creation of MS for E and M session keys
• MAC of handshakes sent both ways at end (to protect the handshake itself)
SSL Not Just for Web
• “Secure Sockets” can be used by other applications– ssh (secure telnet)– scp (secure file transfer)– IMAP (secure email)
• Application -> SSL -> TCP (& vice versa)
SSL Authentication
• Browser has list of trusted Certification Authorities & their public keys
• Browser obtains certificate with server’s public key (digitally signed by CA)
• Server also has access to client certificates from CA– Client authentication is optional
SSL Confidentiality
• All data is encrypted using info determined during handshake (authentication is included, too):– Browser sends its SSL version # and preferences– Server sends its SSL version #, preferences, and certificate
(contains public key, signed by CA)– Browser checks validity of certificate– Browser generates session key, encrypts with server’s
public key & sends– Browser sends encrypted “handshake done” message– Server sends encrypted “handshake done” message
IP Security (IPSec)
• Confidentiality – Message contents are encrypted– TCP / UDP headers are encrypted too
• This protects control and management messages as well as data
• Source Authentication– IP cannot be spoofed– Based on signature
IPSec Protocols
• Authentication Header Protocol (AH)– Source authentication – Data integrity
• Encapsulation Security Protocol (ESP)– Surce Authentication– Data Integrity– Confidentiality
• Both are based on Security Association– Logical connection established by handshake– Security protocol ID , source IP and Security Parameter
Index (SPI) = unique 32-bit connection ID
IEEE 802.11 (WiFi) Security
• “War Driving” - drive around a city, see what open networks are available– Generally find many unprotected networks
available from the street
• Securing 802.11– WEP (failed)– 802.11i (improved, ratified June 2004)
Wireless Equivalent Privacy
• Based on symmetric key (no key exchange protocol specified)– Request connection, receive nonce, encrypt nonce, if correct,
connection accepted
• Encryption based on symmetric key plus Initialization Vector (IV) and XOR
• Algorithm, RC4, changes IV (in a pattern) for every transmission, and transmits
• Problems– Not enough unique IV’s (only a few seconds’ worth)– IV transmitted in plaintext!– If Trudy knows content and sees encrypted files, keys can be
extracted.
IEEE 802.11i - Four phasesAP: access point AS:
Authentication server
wirednetwork
STA:client station
1 Discovery ofsecurity capabilities
3
STA and AS mutually authenticate, togethergenerate Master Key (MK). AP servers as “pass through”
2
3 STA derivesPairwise Master
Key (PMK)
AS derivessame PMK, sends to AP
4 STA, AP use PMK to derive Temporal Key (TK) used for message
encryption, integrity
Advantages of 802.11i
• Explicit key distribution protocol, using concept of “trusted host”, in this case the authentication server
• Multiple available forms of encryption, including AES based encryption and other stronger than WEP
• Separates authentication server from Access Point (centralizing important decisions)
top related