network and communications security (in3210/in4210 ... · introduction into (network) security 14....
TRANSCRIPT
![Page 1: Network and Communications Security (IN3210/IN4210 ... · Introduction into (Network) Security 14. What is Security? Attacker Threat Assets Counter-measure 15. Computer Security Security](https://reader034.vdocuments.us/reader034/viewer/2022051814/60381b8b076d64206535b71b/html5/thumbnails/1.jpg)
Network and Communications Security (IN3210/IN4210)
Introduction
![Page 2: Network and Communications Security (IN3210/IN4210 ... · Introduction into (Network) Security 14. What is Security? Attacker Threat Assets Counter-measure 15. Computer Security Security](https://reader034.vdocuments.us/reader034/viewer/2022051814/60381b8b076d64206535b71b/html5/thumbnails/2.jpg)
Introduction
● Nils Gruschka− University Kiel (Diploma in Computer Science)
− T-Systems, Hamburg
− University Kiel (PhD in Computer Science)
− NEC Laboratories Europe, Bonn + Heidelberg
− University of Applied Science Kiel
− University of Oslo
● Contact:− [email protected]
● Areas of interest:− Security: Network, Web, Cloud Computing, Industrial Networks
− Privacy, Data Protection
2
Nils Gruschka
![Page 3: Network and Communications Security (IN3210/IN4210 ... · Introduction into (Network) Security 14. What is Security? Attacker Threat Assets Counter-measure 15. Computer Security Security](https://reader034.vdocuments.us/reader034/viewer/2022051814/60381b8b076d64206535b71b/html5/thumbnails/3.jpg)
Introduction
● Nils A. Nordbotten
− Cand.Scient and Ph.D. in informatics from UiO, and Executive Master of Management from BI Norwegian Business School
− Simula Research Laboratory (2003-2007)
− UniK-University Graduate Center (20 %) (2012-2014)
− Norwegian Defence Research Establishment (FFI) (2007-2020)
− University of Oslo (20 %) (2014-)
− Thales Norway (2020-)
● Contact
3
![Page 4: Network and Communications Security (IN3210/IN4210 ... · Introduction into (Network) Security 14. What is Security? Attacker Threat Assets Counter-measure 15. Computer Security Security](https://reader034.vdocuments.us/reader034/viewer/2022051814/60381b8b076d64206535b71b/html5/thumbnails/4.jpg)
Organisation
● “Cloned” course: IN3210 (Bachelor) + IN4210 (Master)
● Course page (also for IN4210):− https://www.uio.no/studier/emner/matnat/ifi/IN3210/h20/index.html
● Lecture− Home study: Pre-recorded lecture videos
− Online conference: Discussion and Q&A during the scheduled slots
● Workshop− Practical tasks, done individually or in groups
− Not mandatory, but helps understanding the concepts from the lecture
− Home work
− Online conference: Discussion and Q&A during the scheduled slots
4
![Page 5: Network and Communications Security (IN3210/IN4210 ... · Introduction into (Network) Security 14. What is Security? Attacker Threat Assets Counter-measure 15. Computer Security Security](https://reader034.vdocuments.us/reader034/viewer/2022051814/60381b8b076d64206535b71b/html5/thumbnails/5.jpg)
Organisation
● Canvas course:
− https://uio.instructure.com/courses/28965
● Quizzes:
− For every topic a “learning progress control” quiz is offered
− Not mandatory, but highly recommended
● Discussion board:
− Ask / answer course-wide questions
● Groups (will be activated mid of September):
− For the semester task
− Discuss and exchange files inside the group
5
![Page 6: Network and Communications Security (IN3210/IN4210 ... · Introduction into (Network) Security 14. What is Security? Attacker Threat Assets Counter-measure 15. Computer Security Security](https://reader034.vdocuments.us/reader034/viewer/2022051814/60381b8b076d64206535b71b/html5/thumbnails/6.jpg)
Examination
● Semester Task (in groups):
− IN3210: write a report
− IN4210: create a seminar presentation
● Written Exam (individually):
− 3 hour digital exam at home
● Both parts of the exam must be passed and must be passed in the same semester.
● Final Grade
6
Semester Task 30%
Written Exam 70%
![Page 7: Network and Communications Security (IN3210/IN4210 ... · Introduction into (Network) Security 14. What is Security? Attacker Threat Assets Counter-measure 15. Computer Security Security](https://reader034.vdocuments.us/reader034/viewer/2022051814/60381b8b076d64206535b71b/html5/thumbnails/7.jpg)
Semester Task (general)
● Select a network security topic (as a group):
− https://uio-my.sharepoint.com/:x:/g/personal/nilsgrus_uio_no/EbEqNbzhIN5AsA6zuFlCae8BAg0eOvDXtRz8jgDynPmNJQ?e=esDJ2P
● Deadline for selecting group and topic:
− 15. September
● (Optional) Propose own topics:
− Submit your proposal: https://nettskjema.no/a/158011
− Deadline for topic proposal: 31. August
− Approved topics will be added to the selection spreadsheet
7
![Page 8: Network and Communications Security (IN3210/IN4210 ... · Introduction into (Network) Security 14. What is Security? Attacker Threat Assets Counter-measure 15. Computer Security Security](https://reader034.vdocuments.us/reader034/viewer/2022051814/60381b8b076d64206535b71b/html5/thumbnails/8.jpg)
Semester Task (just IN3210)
● Group size: 2 or 3 students
● Write a (scientific) report on the selected topic
● Length: 4 – 5 pages per person
● Language: English or Norwegian
● Submission via Inspera (more info later)
● Submission deadline: 20. November
8
![Page 9: Network and Communications Security (IN3210/IN4210 ... · Introduction into (Network) Security 14. What is Security? Attacker Threat Assets Counter-measure 15. Computer Security Security](https://reader034.vdocuments.us/reader034/viewer/2022051814/60381b8b076d64206535b71b/html5/thumbnails/9.jpg)
Semester Task (just IN4210)
● Group size: 3 or 4 students
● Create a seminar presentation on the selected topic
● Presentation (submission of slides: 20. November)− Approx. 10 min per persons
− Performed via Zoom
− Presented to the whole course (teachers + students)
− During the scheduled slots in November (details soon)
− Language: English
● Handout (submission: 1 day before the talk)− 1 page, text + figures
− Summarizes the most important facts
● Final exam (IN3210 + IN4210) will contain questions from seminar talks!
9
Exact length ofpresentations will be
announced end ofSeptember!
![Page 10: Network and Communications Security (IN3210/IN4210 ... · Introduction into (Network) Security 14. What is Security? Attacker Threat Assets Counter-measure 15. Computer Security Security](https://reader034.vdocuments.us/reader034/viewer/2022051814/60381b8b076d64206535b71b/html5/thumbnails/10.jpg)
Semester Task (general)
● Scientific work:
− Used sources (books, article, online recourses) must be referenced (at end of the report/on the last slide of the presentation)
− Plagiarism → failed semester task → failed course
10
![Page 11: Network and Communications Security (IN3210/IN4210 ... · Introduction into (Network) Security 14. What is Security? Attacker Threat Assets Counter-measure 15. Computer Security Security](https://reader034.vdocuments.us/reader034/viewer/2022051814/60381b8b076d64206535b71b/html5/thumbnails/11.jpg)
Content
● Cryptography
● Certificates & PKI
● Transport Layer Security
● IP Security
● MAC Security
● Wireless LAN Security
● Email Security
● DNS Security
● Firewalls
● Routing Security
11
![Page 12: Network and Communications Security (IN3210/IN4210 ... · Introduction into (Network) Security 14. What is Security? Attacker Threat Assets Counter-measure 15. Computer Security Security](https://reader034.vdocuments.us/reader034/viewer/2022051814/60381b8b076d64206535b71b/html5/thumbnails/12.jpg)
Recommended Books
● https://link.springer.com/book/10.1007/978-3-642-04101-3
● https://link.springer.com/book/10.1007/978-1-4471-6654-2
● https://link.springer.com/book/10.1007%2F978-3-030-33649-3
12
![Page 13: Network and Communications Security (IN3210/IN4210 ... · Introduction into (Network) Security 14. What is Security? Attacker Threat Assets Counter-measure 15. Computer Security Security](https://reader034.vdocuments.us/reader034/viewer/2022051814/60381b8b076d64206535b71b/html5/thumbnails/13.jpg)
Questions?
13
![Page 14: Network and Communications Security (IN3210/IN4210 ... · Introduction into (Network) Security 14. What is Security? Attacker Threat Assets Counter-measure 15. Computer Security Security](https://reader034.vdocuments.us/reader034/viewer/2022051814/60381b8b076d64206535b71b/html5/thumbnails/14.jpg)
Introduction into (Network) Security
14
![Page 15: Network and Communications Security (IN3210/IN4210 ... · Introduction into (Network) Security 14. What is Security? Attacker Threat Assets Counter-measure 15. Computer Security Security](https://reader034.vdocuments.us/reader034/viewer/2022051814/60381b8b076d64206535b71b/html5/thumbnails/15.jpg)
What is Security?
Attacker
Threat
Assets
Counter-measure
15
![Page 16: Network and Communications Security (IN3210/IN4210 ... · Introduction into (Network) Security 14. What is Security? Attacker Threat Assets Counter-measure 15. Computer Security Security](https://reader034.vdocuments.us/reader034/viewer/2022051814/60381b8b076d64206535b71b/html5/thumbnails/16.jpg)
Computer Security
● Security of computers and networks
● Protection of digital assets
● Axioms of Computer Security:− Confidentiality (e.g. of transmitted secret information)
− Integrity (e.g. of stored data)
− Availability (e.g. of services)
● Further goals:− Authenticity
− Non-repudiation
− Privacy
16
![Page 17: Network and Communications Security (IN3210/IN4210 ... · Introduction into (Network) Security 14. What is Security? Attacker Threat Assets Counter-measure 15. Computer Security Security](https://reader034.vdocuments.us/reader034/viewer/2022051814/60381b8b076d64206535b71b/html5/thumbnails/17.jpg)
Motivations for attacks
● Financial advantages− Free of charge use service with costs
− Performing financial transactions
− → Spoofing different identity
● “Fun”− Challenging security systems
● “Revenge”− Vandalism
− Intrigues
● Political or religious motives
17
![Page 18: Network and Communications Security (IN3210/IN4210 ... · Introduction into (Network) Security 14. What is Security? Attacker Threat Assets Counter-measure 15. Computer Security Security](https://reader034.vdocuments.us/reader034/viewer/2022051814/60381b8b076d64206535b71b/html5/thumbnails/18.jpg)
Security Threats
● Examples for attacks
− Services:▪ Denial-of-Service
− Communication:▪ Eavesdropping
▪ Modification
− Stored data:▪ Espionage
▪ Deletion
▪ „Vandalism“
● Basic attack measureson communication− Sniffing
− Redirection, e.g.▪ ARP Spoofing
▪ DNS Poisoning
▪ Phishing
− Man-in-the-middle
18
![Page 19: Network and Communications Security (IN3210/IN4210 ... · Introduction into (Network) Security 14. What is Security? Attacker Threat Assets Counter-measure 15. Computer Security Security](https://reader034.vdocuments.us/reader034/viewer/2022051814/60381b8b076d64206535b71b/html5/thumbnails/19.jpg)
“Nomenclature”
● The “good” ones:
− Alice
− Bob
● The “bad” ones:
− Eve (passive attacker)
− Mallory (active attacker)
19
Bob
Alice
Eve
Mallory
![Page 20: Network and Communications Security (IN3210/IN4210 ... · Introduction into (Network) Security 14. What is Security? Attacker Threat Assets Counter-measure 15. Computer Security Security](https://reader034.vdocuments.us/reader034/viewer/2022051814/60381b8b076d64206535b71b/html5/thumbnails/20.jpg)
Sniffing
● Requires access to the communication medium
● Passive Attacks, e.g.:
− Eavesdropping
− Traffic analysis
Bob Alice
Eve
20
![Page 21: Network and Communications Security (IN3210/IN4210 ... · Introduction into (Network) Security 14. What is Security? Attacker Threat Assets Counter-measure 15. Computer Security Security](https://reader034.vdocuments.us/reader034/viewer/2022051814/60381b8b076d64206535b71b/html5/thumbnails/21.jpg)
Redirection
● Can be used as preparation for man-in-the middle attacks
Bob Alice
Eve / Mallory
21
![Page 22: Network and Communications Security (IN3210/IN4210 ... · Introduction into (Network) Security 14. What is Security? Attacker Threat Assets Counter-measure 15. Computer Security Security](https://reader034.vdocuments.us/reader034/viewer/2022051814/60381b8b076d64206535b71b/html5/thumbnails/22.jpg)
Man-in-the-middle
● Passive attacks (see „Sniffing“)
● Active attacks, e.g.− Packet drop
− Packet modification
− Packet injection
− Packet replay
AliceBob Eve / Mallory
22
![Page 23: Network and Communications Security (IN3210/IN4210 ... · Introduction into (Network) Security 14. What is Security? Attacker Threat Assets Counter-measure 15. Computer Security Security](https://reader034.vdocuments.us/reader034/viewer/2022051814/60381b8b076d64206535b71b/html5/thumbnails/23.jpg)
Adversary Model
● Important question:
− What capabilities do I assume for the attacker?
− What kind of attacks can the attacker perform?
● → Adversary model
● Required for implementing countermeasures/testing security protocols
● Typical adversary model (Dolev and Yao, 1983):
− The attacker can perform any of the aforementioned action on transmitted packets
− The attacker can not break “secure” algorithms (e.g. AES)
● Security schemes (e.g. cryptographic protocols) must guarantee their security goals in the presence of this attacker
23
![Page 24: Network and Communications Security (IN3210/IN4210 ... · Introduction into (Network) Security 14. What is Security? Attacker Threat Assets Counter-measure 15. Computer Security Security](https://reader034.vdocuments.us/reader034/viewer/2022051814/60381b8b076d64206535b71b/html5/thumbnails/24.jpg)
Attack Examples
24
![Page 25: Network and Communications Security (IN3210/IN4210 ... · Introduction into (Network) Security 14. What is Security? Attacker Threat Assets Counter-measure 15. Computer Security Security](https://reader034.vdocuments.us/reader034/viewer/2022051814/60381b8b076d64206535b71b/html5/thumbnails/25.jpg)
ARP
● Address Resolution Protocol
● Maps inside local networks from IP address to MAC address
10.0.0.8Who has 10.0.0.8?
10.0.0.8 = FA … B3
FA … B3
25
![Page 26: Network and Communications Security (IN3210/IN4210 ... · Introduction into (Network) Security 14. What is Security? Attacker Threat Assets Counter-measure 15. Computer Security Security](https://reader034.vdocuments.us/reader034/viewer/2022051814/60381b8b076d64206535b71b/html5/thumbnails/26.jpg)
ARP Spoofing (Redirection Attack)
10.0.0.8
Who has 10.0.0.8?
10.0.0.8 = DC … A710.0.0.24
FA … B3
DC … A7
26
![Page 27: Network and Communications Security (IN3210/IN4210 ... · Introduction into (Network) Security 14. What is Security? Attacker Threat Assets Counter-measure 15. Computer Security Security](https://reader034.vdocuments.us/reader034/viewer/2022051814/60381b8b076d64206535b71b/html5/thumbnails/27.jpg)
Denial-of-Service (DoS)
● Attacker tries to overload the target service or network
● → „Service Denial“ for legitimate users
● Attack can target different service layers:
− Network (e.g. gateway, TCP/IP stacks)
− Representation (e.g. XML processing)
− Application
− Database
● Attacker looks for the bottleneck inside the service processing chain!
27
![Page 28: Network and Communications Security (IN3210/IN4210 ... · Introduction into (Network) Security 14. What is Security? Attacker Threat Assets Counter-measure 15. Computer Security Security](https://reader034.vdocuments.us/reader034/viewer/2022051814/60381b8b076d64206535b71b/html5/thumbnails/28.jpg)
DoS Example: SYN Flooding
SYN
SYN ACK
ACK
SYN
SYN ACK
SYN
SYN ACK
SYN
SYN ACK
Client Server
Client Server
28
![Page 29: Network and Communications Security (IN3210/IN4210 ... · Introduction into (Network) Security 14. What is Security? Attacker Threat Assets Counter-measure 15. Computer Security Security](https://reader034.vdocuments.us/reader034/viewer/2022051814/60381b8b076d64206535b71b/html5/thumbnails/29.jpg)
DDoS: Distributed DoS
● Often executed by multiple attackers: Distributed Denial of service (DDoS)
● Either controlled by botnet or „crowd“
29
![Page 30: Network and Communications Security (IN3210/IN4210 ... · Introduction into (Network) Security 14. What is Security? Attacker Threat Assets Counter-measure 15. Computer Security Security](https://reader034.vdocuments.us/reader034/viewer/2022051814/60381b8b076d64206535b71b/html5/thumbnails/30.jpg)
DDoS: Mirai Botnet
● Millions of infected IoT devices (routers, IP cameras)
● Offers DDoS as a service: 50.000 devices for 2 weeks: 3000$ - 4000$
Imag
e So
urc
e: h
ttp
s://
foss
byt
es.c
om
/liv
e-m
ap-s
ho
ws-
reco
rd-b
reak
ing-
mir
ai-m
alw
are-
atta
ckin
g-co
un
try/
Imag
e So
urc
e: h
ttp
://w
ww
.ble
epin
gco
mp
ute
r.co
m/n
ews/
secu
rity
/yo
u-c
an-n
ow
-ren
t-a-
mir
ai-b
otn
et-o
f-4
00
-00
0-b
ots
/
30
![Page 31: Network and Communications Security (IN3210/IN4210 ... · Introduction into (Network) Security 14. What is Security? Attacker Threat Assets Counter-measure 15. Computer Security Security](https://reader034.vdocuments.us/reader034/viewer/2022051814/60381b8b076d64206535b71b/html5/thumbnails/31.jpg)
DDoS: Mirai Botnet
● Illustrating the infection with Mirai
Sou
rce:
Tw
itte
r
31
![Page 32: Network and Communications Security (IN3210/IN4210 ... · Introduction into (Network) Security 14. What is Security? Attacker Threat Assets Counter-measure 15. Computer Security Security](https://reader034.vdocuments.us/reader034/viewer/2022051814/60381b8b076d64206535b71b/html5/thumbnails/32.jpg)
DDoS: Mirai Botnet
● One victim
32
Sou
rce:
htt
p:/
/kre
bso
nse
curi
ty.c
om
/
![Page 33: Network and Communications Security (IN3210/IN4210 ... · Introduction into (Network) Security 14. What is Security? Attacker Threat Assets Counter-measure 15. Computer Security Security](https://reader034.vdocuments.us/reader034/viewer/2022051814/60381b8b076d64206535b71b/html5/thumbnails/33.jpg)
Attack Examples
● ... many more to come throughout the class
33