security – basics · encrypted with its own secret key. and the server will confirm the...

TECHNISCHE UNIVERSITÄTILMENAU

Inte

grat

ed H

ard-

and

Softw

are

Syst

ems

http

://w

ww

.tu-il

men

au.d

e/ih

sSecurity – Basics

Security Threats

Authentication

Authorization

Accounting

Security Attacks

Unauthorized Access

Misconfiguration

Eavesdropping

Client-to-Client Attacks

Denial-of-Service Attack

Jamming and Hijacking

Hardware Theft

Wireless Internet 2Andreas Mitschele-Thiel 6-Apr-06

Security Threats

snooping blocking

sniffing spoofing/hijacking

Alice BobEve

A simple communication model


Possible Solutions

hashingone-way function (reduce size of data)no reconstruction of input possible

encryption/decryptiontransformation in cipher text and vice versa based on a key

biometric analysise.g. fingerprint, iris scan, voice print, face recognition

chaffing and winnowingsending “chaff” (incorrect messages)receiver “winnows” the incoming data, i.e. sorts out the “chaff” (nonsense) to retrieve the “wheat” (correct content)

=> confusion of the bad guye.g. steganography: hiding data in content of a picture


Authentication, Authorization and Accounting

Using AAA services, network administrators can control:Who can log on to the network from wired or wireless connections(authentication) What privileges each user has in the network (authorization)What accounting information is recorded in terms of security audits or account billing (accounting)

Important for wireless networks: accountingSophisticated scheme depending on

class of user (tariff details)day of the weektime of the dayservice (0180, 0190, 0800, special service numbers, GPRS data, GSM data, VPN)...


Authentication I

Definition:

The act of verifying a claimed identity, in the form of a pre-existing label from a mutually known name space, as the originator of a message (message authentication) or as the end-point of a channel (entity authentication).

Authentication request

Authentication confirm


Authentication II

Authentication of the channel end point &Authentication of the message originator

Authentication methods: password, symmetric encryption, public key cryptography, challenge-response schemes, etc.

Security requirements: confidentiality, protection against replay attacks, resistance against man-in-the-middle attacks, etc.

T

J

I’m T, please verify.


Verify OK. You are T.

Verify failed. You are not T.


Authentication using challenge-response scheme

A3

RANDKi

128 bit 128 bit

SRES* 32 bit

A3

RAND Ki

128 bit 128 bit

SRES 32 bit

SRES* =? SRES SRES

RAND

SRES32 bit

mobile network SIM

AuC

MSC

SIM

Ki: individual subscriber authentication key SRES: signed response


Symmetric encryption

encryption

Alice´splain text

decryption

plain text

Alice´scipher text

cipher textBob´s Bob´s

plain text is transformed into a cipher text – and vice versa

use of “secret key” by communicating partners

symmetric encryption:same secret key for encryption and decryption

algorithm for decryption is reverse of encryption algorithm

e.g. XOR or modulo operation

encryption

plaindata key

ciphereddata

decryption

key

plaindata


Bob´s public key

Public key cryptography

encryption

Alice´splain text

decryption

Alice´scipher text

Bob´s private key

Alice´s private key

Alice´s public key

plain text is transformed into a cipher text – and vice versatwo different keys:

(secret) private key public key shared with communicating partners

pair of keys used for encryption and decryptionsending with receivers public key => encryptionsending with own private key => authentication

certificate used to transfer public key and to support authentication

encryption

plaindata

publickey

ciphereddata

decryption

plaindata

privatekey


Public key cryptography (mutual authentication)

PrK: Private Key PuK: Public Key

Certificate (s)/(r): The certificate of sender/receiver

PrK(s) {random(r)}

Certificate verifiedRetrieve PuK(s) from certificate

Certificate(s), PrK(s) {random (s)}

Certificate(r), PuK(s) {session key}PrK(r) {random(r), random(s)}Verify certificate

of receiver(retrieve PuK(r) from certificate)

Sender (s) Receiver (r)


Public key cryptography (details)Detailed steps for mutual authentication:a) The VPN client (sender) sends its certificate and a random number (encrypted with its

private key) to the VPN server. b) The server (receiver) verifies the integrity of the received certificate using its Certificate

Authority (CA) public key. This verification also involves checks whether the certificate is on a revocation list, the validation range is acceptable and whether it concerns a certificate of other trusted CAs.

c) When all of the above is fine, the server (receiver) decrypts the encrypted random number by using the client’s public key and encrypts it with its own secret key. It also encrypts a randomly generated session key using the public key in the client’s certificate and sends these two data blocks as well as a challenge (random (r)) back to the client.

d) The VPN client decrypts the session key with its own private key, and then checks the validity of the server’s certificate and decrypts the answered random number using the server’s public key. Since the server’s certificate is valid and the challenge sent from the client to the server has been returned encrypted with the server’s secret key, the client can be sure, that the server is in the possession of the secret key belonging to the server’s certificate and since the CA has signed the connection between this key and the server’s user ID, the client can be sure that this partner is really the server it’s looking for.

e) If mutual authentication is required, the client sends back the challenge of the server encrypted with its own secret key. And the server will confirm the client’s identity.

f) In the following communication, the sender always send data encrypted with the receiver’s public key, which can be decrypted only by the receiver. Thus, a secure virtual tunnel is set up.


Authorization I

Definition:

The act of determining if a particular right, such as access to some resource, can be granted to the user

Normally authentication is first needed, before authorization can be done


Verify OK. You are T.I want to make a telephone call.

OK, you can make a call.

I want to visit a website

No, you don’t have the privilege


Authorization II

Entities in a usual authorization situation

1. Userrequesting some service needs to be authorized to access it

2. User’s home organizationagreement with the userused to check whether the user has the permission to use the requested service

3. AAA server of the service providerauthorizes the service based on an agreement with the user’s home organization

4. Service equipment of the service providerprovides the service for network connection, etc.


Authorization III

User

User’s home organization

AAA Server

Service provider

AAA Server

Service equipment

Basic authorization entities


Accounting

Accounting

Collecting information on resource usage

Collection of resource consumption data for different purposes: billing trend analysiscapacity planningauditing and cost allocation

Intra-domain accounting & inter-domain accounting


Unauthorized Access

Why:In wireless communications, there is no need for physically connecting to a communication channel

=> Attackers can easily listen or capture sensitive data in the wireless network

Solution: AAA ServiceRemote Authentication Dial-In User Service (RADIUS)

a widely deployed protocol enabling centralized authentication, authorization, and accounting for network access

originally developed for dial-up remote access, now RADIUS is supported by wireless access points and other network access types

RFC 2865, "Remote Authentication Dial-in User Service (RADIUS)"

RFC 2866, "RADIUS Accounting".


RADIUS architecture in wireless network

Wireless Client

(NAS)

RADIUS Server

RADIUS Client

NAS: Network Access Server

Internet


Misconfiguration

Why:Problem with 802.11 that the equipment is designed to allow for ease of installationsecurity features may be present, but

default settings disable security features to allow a network to be set up as quickly as possibleWLANs using default settings are particularly vulnerable as hackers are likely to try known passwords and settings

How:Default settings:

access by using network ID “Any” without password or any other authentication method

NetStumbler tool allows to easily find out the network’s ESSID


Eavesdropping (Interception and Monitoring)

Why:Most LAN adapters (wired or wireless) on the market today offer a “promiscuous mode”

use off-the-shelf software to capture every packet flow over the segment of the LAN plain passwords or other sensitive data passing through these segments may be captureddesigned for network engineer to do traffic analysis in order to solve network problems

How:Wireless Packet Sniffers

easy penetration of a wireless network several software tools allow intruders to passively collect data for real-time or posteriori analysisexamples: AirSnort, NetStumbler and WEPCrack


Client-to-Client Attacks

Why:No wireless access point necessary for two wireless clients to communicatewireless clients can talk directly to each other, bypassing the access point

=> each client is at risk from the same file sharing attacks and TCP/IP attacks as clients on a wired network

=> users need to defend clients not just against external threats but also against each other

Solution: enable personal firewall on each client use strong password to protect shared files


Denial-of-Service (DoS) Attack by Jamming

Why:A denial-of-service attack could be launched against a mobile network by deliberately causing interference in the same frequency band

=> availability problem: keeping authorized users from using the network

How:mobile network is vulnerable against denial of service attacks due to the nature of the radio transmission a powerful transceiver can easily generate radio interference that the mobile network is unable to communicate

Solution: Use a microwave emission analyzer to find out the interfering source


Communication Jamming

JammerClient Station Base Station

Jamming and communication hijacking I


Client Jamming (Rogue Client)jamming can be used to DoS the client so that it loses connectivity and cannot access the applicationjamming a client station provides an opportunity for a rogue client to take over or impersonate the jammed client

Jamming and communication hijacking II

Client Station Jammer Base StationAttacker


Jamming and communication hijacking II

Base Station Jamming (Rogue Base Station)jamming a base station provides an opportunity for a rogue base station to stand in for the legitimate base station users loging into the substitute server will unknowingly give away passwords and similar sensitive data

Client Station Jammer Base StationAttacker


Solution: Network Sniffingrogue access points might be deployed

by employees within the organization or

by outside intruders wishing to penetrate the system

deploy network sniffers on a regular basis in order to identify rogue access points

take measurements external to a facility in areas an intruder might be likely to attempt an attack

Jamming and communication hijacking III


Hardware Theft

Why:wireless network device may be lost or stolen the person in control of the device could potentially access thenetwork without the knowledge of network and security administrators

Solution: Call the police???

update the access control databasechange user password


Summary

MAC Address, PasswordHardware Theft

Microwave Emission AnalyzerDoS Attack

Personal Firewall, Strong PasswordClient-to-Client Attacks

EncryptionEavesdropping

Change Default SettingsMisconfiguration

Authentication, e.g. RADIUSUnauthorized Access

Avoidance / Correction / PreventionAttack


Security in ISO/OSI model

Datatransportlayer set

Applicationlayer set

Protocolexamples:Layers:

Application

Presentation

Session

Transport

Network

Data Link

Physical

IEEE 802.x,FDDI,PPP, SLIP...

IP...

SCP...

Telnet, FTP, SMTP, HTTP...

SIP...

TCP, UDP...

7

6

5

4

3

2

1

3

2

1

3

2

1

Source Intermediate System Target

7

6

5

4

3

2

1

SSL, TLS, PCT...

PPTP, L2TP...

IPSec...

PGP, SSH, S/MIME...

SHTTP...

Security realisationexamples:


Security in ISO/OSI model – Details

Session Control Protocol (SCP): Several heavily used Internet applications such as FTP, GOPHER, and HTTP use a protocol model in which every transaction requires a separate TCP connection. Since clients normally issue multiple requests to the same server, this model is quite inefficient, as it incurs all the connection start up costs for every single request. SCP is a simple protocol which lets a server and client have multiple conversations over a single TCP connection. The protocol is designed to be simple to implement, and is modelled after TCP.

Transport Layer Security (TLS): TLS supports encryption of data, similar to SSL but with improved encryption scheme. IETF has defined TLS as successor of SSL.

Private Communication Technology (PCT) protocol: Designed to provide privacy between two communicating applications (a client and a server), and to authenticate the server and (optionally) the client (Cisco protocol).

PPTP (Point-to-Point Tunelling Protocol): connects client and server (corporate network) via the Internet. Supports encryption based on PPP.

L2TP (Layer 2 Tunneling Protocol): connects client and server (corporate network) via the Internet. Combines L2F and PPTP.

L2F (Layer 2 Forwarding): Connects client and server (corporate network) via the Internet (Cisco protocol).


Reference

Books:“Hack proofing your wireless network”, Syngress, 2002

“Certified Wireless Network Administrator™ (CWNA™) Study Guide”

“Wireless security: models, threats, and solutions”, McGraw-Hill, 2002

Web Links:Remote Authentication Dial In User Service (RADIUS) http://www.ietf.org/rfc/rfc2865.txt

RADIUS Accounting http://www.ietf.org/rfc/rfc2866.txt

Unofficial 802.11 security web pagehttp://www.drizzle.com/~aboba/IEEE/

Virtual Private Network Consortium http://www.vpnc.org/

The Wireless LAN Association http://www.wlana.org/learn/security.htm

security – basics · encrypted with its own secret key. and the server will confirm the...

Documents