Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Wireless security wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Deep packet inspection wikipedia , lookup
Zero-configuration networking wikipedia , lookup
Computer security wikipedia , lookup
Computer network wikipedia , lookup
Piggybacking (Internet access) wikipedia , lookup
Network tap wikipedia , lookup
Airborne Networking wikipedia , lookup
Distributed firewall wikipedia , lookup
An Introduction to Computer Networks Lecture 16: Security I have used slides from Mackeown, Stanford, Raj Jain, WuStl, etc, to prepare these slides University of Tehran Dept. of EE and Computer Engineering Univ. of Tehran By: Introduction to Computer Network 1 Outline Why Network security Network Security Goals Security vs. Internet Design Attacks Defenses Encryption Univ. of Tehran Introduction to Computer Network 2 Life Just Before Slammer Univ. of Tehran Introduction to Computer Network 3 Life Just After Slammer Univ. of Tehran Introduction to Computer Network 4 A Lesson in Economy Slammer exploited connectionless UDP service, rather than connection-oriented TCP. Entire worm fit in a single packet! (376 bytes) Worm infected 75,000+ hosts in 10 minutes (despite broken random number generator). When scanning, worm could “fire and forget”. Stateless! At its peak, doubled every 8.5 seconds Progress limited by the Internet’s carrying capacity Univ. of Tehran Introduction to Computer Network 5 Why Security? First victim at 12:15am By 12:45, transcontinental links starting to fail 300,000 access points downed in Portugal All cell and Internet in Korea failed (27 million people) 5 root name servers were knocked offline 911 didn’t respond (Seattle) Flights canceled Univ. of Tehran Introduction to Computer Network 6 Witty Worm Univ. of Tehran Introduction to Computer Network 7 Network Security Goals Availability (everyone can reach all network resources all the time) Protection (protect users from interactions they don’t want) Authenticity (know who you are speaking with) Data Integrity (protect data en-route) Privacy, Confidentiality Confidentiality, Integrity and Availability (CIA) Univ. of Tehran Introduction to Computer Network 8 Threats Disclosure, alteration, and denial (DAD) Disclosure or unauthorized access: snooping, passive wiretapping, Deception or acceptance of false data: active wiretapping (data modified), man-in-the-middle attack, spoofing (impersonation), repudiation of origin (denying sending), denial of receipt Disruption or prevention of correct operation unauthorized control of some part of a system: Delay, Infinite delay Denial of service Univ. of Tehran Introduction to Computer Network 9 Steps in Cracking a Network Information Gathering: Public sources/tools. Port Scanning: Find open TCP ports. Network Enumeration: Map the network. Servers and workstations. Routers, switches, firewalls. Gaining Access: Keeping root/administrator access Modifying: Using access and modifying information Leaving a backdoor: To return at a later date. Covering tracks Univ. of Tehran Introduction to Computer Network 10 Types of Malware Viruses: Code that attaches itself to programs, disks, or memory to propagate itself. Worms: Installs copies of itself on other machines on a network, e.g., by finding user names and passwords Trojan horses: Pretend to be a utility. Convince users to install on PC. Spyware: Collect personal information Hoax: Use emotion to propagate, e.g., child's last wish. Trap Door: Undocumented entry point for debugging purposes Logic Bomb: Instructions that trigger on some event in the future Zombie: Malicious instructions that can be triggered remotely. The attacks seem to come from other victims. Univ. of Tehran Introduction to Computer Network 11 Types of Attacks Denial of Service (DoS): Flooding with traffic/requests Buffer Overflows: Error in system programs. Allows hacker to insert his code in to a program. Malware Brute Force: Try all passwords. Port Scanning: Disable unnecessary services and close ports Network Mapping Univ. of Tehran Introduction to Computer Network 12 Internet Design Internet has been designed for connectivity Initially, anybody is good, Not true anymore Destination routing Packet based (statistical multiplexing) Global addressing (IP addresses) Simple to join (as infrastructure) Power in end hosts (end-to-end argument) “Ad hoc” naming system Univ. of Tehran Introduction to Computer Network 13 Internet Design vs. Security Destination routing Keeps forwarding tables small Simple to maintain forwarding tables How do we know where packets are coming from? Probably simple fix to spoofing, why isn’t it in place? Packet based (statistical multiplexing) Global addressing (IP addresses) Simple to join (as infrastructure) Power in end hosts (end-to-end arg) of Tehran Introduction to Computer Network Univ. “Ad hoc” naming system 14 Internet Design vs. Security Destination Routing Packet Based (statistical multiplexing) Simple + Efficient Difficult resource bound per-communication How to keep someone from hogging? (remember, we can’t rely on source addresses) Global Addressing (IP addresses) Simple to join (as infrastructure) Power in End Hosts (end-to-end arg) “Ad hoc” naming system Univ. of Tehran Introduction to Computer Network 15 Internet Design vs. Security Destination routing Packet based (statistical multiplexing) Global Addressing (IP addresses) Very democratic Even people who don’t necessarily want to be talked to (“every psychopath is your next door neighbor” – Dan Geer) Simple to join (as infrastructure) Power in end hosts (end-to-end arg) “Ad hoc” naming system Univ. of Tehran Introduction to Computer Network 16 Internet Design vs. Security Destination routing Packet based (statistical multiplexing) Global addressing (IP addresses) Simple to join (as infrastructure) Very democratic Misbehaving routers can do very bad things No model of trust between routers Power in End Hosts (end-to-end arg) “Ad hoc” naming system Univ. of Tehran Introduction to Computer Network 17 Internet Design vs. Security Destination routing Packet based (statistical multiplexing) Global addressing (IP addresses) Simple to join (as infrastructure) Power in end-hosts (end-to-end arg) Decouple hosts and infrastructure = innovation at the edge! Giving power to least trusted actors How to guarantee good behavior? “Ad hoc” naming system Univ. of Tehran Introduction to Computer Network 18 Internet Design vs. Security Packet Based (statistical multiplexing) Destination Routing Global Addressing (IP addresses) Simple to join (as infrastructure) Power in End Hosts (end-to-end arg) “Ad hoc” naming system Seems to work OK Fate sharing w/ hierarchical system Off route = more trusted elements Univ. of Tehran Introduction to Computer Network 19 IP-level vulnerabilities IP addresses are specified by the source Use of IP address for authentication Spoofing attacks! e.g., .rhosts, some web sites Some IP features that have been exploited Fragmentation Attacks Smurf Attacks Univ. of Tehran Introduction to Computer Network 20 Routing attacks Divert traffic to malicious nodes Black-hole attack Dropping or Eavesdropping How to implement routing attacks? Distance-Vector Announce low-cost routes BGP vulnerabilities Prefix hijacking Path alteration Univ. of Tehran Introduction to Computer Network 21 Denial of Service Make a service unusable, usually by overloading the server or network Disrupt service by taking down hosts Consume host-level resources E.g., SYN-floods Consume network resources E.g., UDP/ICMP floods Univ. of Tehran Introduction to Computer Network 22 DoS: Via Resource Exhaustion CPU User-time Uplink bandwidth Downlink bandwidth Univ. of Tehran Memory (e.g. TCP TCB exhaustion) Introduction to Computer Network 23 DoS: Via Resource Exhaustion Uplink bandwidth Saturate uplink bandwidth using legitimate requests (e.g. download large image) Solution: admission control at the server (not a network problem ??) CPU time similar to above Victim Memory TCP connections require state, can try to exhaust E.g. SYN Flood (next few slides) Univ. of Tehran Introduction to Computer Network 24 TCP Handshake C S SYNC Listening SYNS, ACKC Store data Wait ACKS Connected Univ. of Tehran Introduction to Computer Network 25 Example: SYN Flooding C S SYNC1 SYNC2 SYNC3 Listening Store data SYNC4 SYNC5 Univ. of Tehran Introduction to Computer Network 26 Protection against SYN Attacks SYN Cookies Client sends SYN Server responds to Client with SYN-ACK cookie sqn = f(src addr, src port, dest addr, dest port, rand) Server does not save state Honest client responds with ACK(sqn) Server checks response [Bernstein, Schenk] If matches SYN-ACK, establishes connection Drop Random TCB in SYN_RCVD state (likely to be attackers) Univ. of Tehran Introduction to Computer Network 27 Simple DoS • Attacker generates lots of traffic Lots of traffic Attacker Victim • Think of a simple solution? • Attacker usually spoofs source address to hide origin Univ. of Tehran Introduction to Computer Network 28 Distributed DoS (DDoS) Attacker compromises multiple hosts Installs malicious program to do her biding (bots) Bots flood (or otherwise attack) victims on command; Attack is coordinated Bot-networks of 80k to 100k have been seen in the wild Aggregate bandwidth > 20Gbps (probably more) Univ. of Tehran Introduction to Computer Network 29 Distributed DoS Attacker Handler Agent Handler Agent Agent Agent Agent Victim Univ. of Tehran Introduction to Computer Network 30 Distributed DoS Handlers are usually high volume servers Agents are usually home users with DSL/Cable Already infected and the agent installed Very difficult to track down the attacker Easy to hide the attack packets Multiple levels of indirection! Aside: How to distinguish DDoS from a Flash Crowd? Flash Crowd Many clients using a service Slashdot Effect Univ. of Tehran Introduction to Computer Network 31 Smurf Attack Ping to a broadcast IP from the (spoofed) source address of ICMP Ping the victim Dst: bcast addr of remote net Src: Victim Internet Attacking System Broadcast Enabled Network Victim System Univ. of Tehran Introduction to Computer Network 32 DNS Vulnerability Users/hosts typically trust the hostaddress mapping provided by DNS Give somebody else IP address Redirect all following traffics Univ. of Tehran Introduction to Computer Network 33 Firewalls Lots of vulnerabilities on hosts in network Users don’t keep systems up to date Lots of patches Solution Limit access to the network Put firewalls across the perimeter of the network Univ. of Tehran Introduction to Computer Network 34 Firewalls (contd…) Firewall inspects traffic through it Allows traffic specified in the policy Drops everything else Two Types Packet Filters, Proxies Internal Network Firewall Internet Univ. of Tehran Introduction to Computer Network 35 Packet Filters Selectively passes packets from one network interface to another Usually done within a router between external and internal network What to filter based on? Packet Header Fields IP source and destination addresses Application port numbers ICMP message types/ Protocol options etc. Packet contents (payloads) Univ. of Tehran Introduction to Computer Network 36 Packet Filters: Possible Actions Allow the packet to go through Drop the packet (Notify Sender/Drop Silently) Alter the packet (NAT?) Log information about the packet Univ. of Tehran Introduction to Computer Network 37 Some examples Block all packets from outside except for SMTP servers Block all traffic to/from a list of domains Ingress filtering Drop all packets from outside with addresses inside the network Egress filtering Drop all packets from inside with addresses outside the network Univ. of Tehran Introduction to Computer Network 38 Firewall implementation Stateless packet filtering firewall Rule (Condition, Action) Rules are processed in top-down order If a condition satisfied – action is taken Univ. of Tehran Introduction to Computer Network 39 Packet Filters Advantages Transparent to application/user Simple packet filters can be efficient Disadvantages Security Overhead (speed) Usability Very hard to configure the rules Doesn’t have enough information to take actions (Does port 22 always mean SSH? Who is the user accessing the SSH?) Univ. of Tehran Introduction to Computer Network 41 Alternatives Stateful packet filters Keep the connection states Easier to specify rules Problems? State explosion State for UDP/ICMP? Proxy Firewalls Two connections instead of one Either at transport level SOCKS proxy Or at application level HTTP proxy Univ. of Tehran Introduction to Computer Network 42 Proxies Want to look “deeper” into packets Application type Content Can do by reconstructing TCP flows and “peering” in, however this is really hard Univ. of Tehran Introduction to Computer Network 44 Final Comments Internet not designed for security Many, many attacks Retrofitting solutions often break original design principles Defense is very difficult Attackers are smart; Broken network aids them! Some of these solutions work, some of the time Some make the network inflexible, brittle Time to go back to the drawing board? (see Nick for details ) Univ. of Tehran Introduction to Computer Network 45 A general view Cryptography functions Secret key (e.g., DES) Public key (e.g., RSA) Message digest (e.g., MD5) Security services Privacy: preventing unauthorized release of information Authentication: verifying identity of the remote participant Integrity: making sure message has not been altered Security Cryptography Algorithm Secret Key (e.g., DES) Univ. of Tehran Public key Message digest Privacy (e.g., RSA) (e.g., MD5) Introduction to Computer Network Security Services Authentication integrity 46 Encryption Change the message such that others can not understand it except those who knows mechanism. Univ. of Tehran Introduction to Computer Network 47 Encryption elements Encryption/Decryption function: It usually permute bit/characters Ex. – move characters, Cesar Method Permute character Can be solved in at most 25 steps. Needs 26! Step to solve But it can be solved more easily by analyzing/guessing the content Key: Cipher: the result after encryption cipher E(message, Key) Univ.message of Tehran Introduction to Computer Network D(cipher, key) 48 Encryption Symmetric = 1 Key/2 users = Secret Key Asymmetric = Public Key = Public and Private Keys Block: Message broken in to fixed size blocks Synchronous: Key stream depends on the key and IV Asynchronous: Key stream depends on key, IV, and previous Introduction to Computer Network 49 cipher text Secret Key (DES) •Published by National Bureau of Standards in 1977 For commercial and unclassified government applications •8 octet (64 bit) key. •Each octet with 1 odd parity bit ⇒ 56-bit key •Efficient hardware implementation •Used in most financial transactions •56-bit was secure in 1977 but is not secure today •Now we use DES three times ⇒ Triple DES = 3DES Plaintext Plaintext Encrypt with secret key Spring 2000 Decrypt with secret key Ciphertext CS 461 50 64-bit key (56-bits + 8-bit parity) 16 rounds • Each Round Initial permutation L i– 1 R i– 1 Round 1 K F + Round 2 … 56-bit key Round 16 i L i R i •Documents only specify how to encrypt/ decrypt not why? Final permutation Other DES variants International Data Encryption Algorithm (IDEA) Designed for software implementation Encryption and Decryption are identical as in DES Key: Use 128 bit key Advanced Encryption Standard (AES) Published by NIST in Nov 2001 Based on a competition won by Rijmen and Daemen (Rijndael) Rijndael allows many block sizes and key sizes AES restricts it to: Block Size: 128 bits Key sizes: 128, 192, 256 (AES-128, AES-192,AES-256) Introduction to Computer Network 52 Operation mode How to generate cipher Different Operation modes Electronic Code Book (ECB) Cipher Block Chaining (CBC) Cipher Feedback Mode (CFB) Electronic Code Book (ECB) Plaintext Block 1 Block 2 Block 3 Block 4 Block 5 Block Encryption E(block) Ciphertext Block 1 Block 2 Block 3 Block 4 Block 5 • Pad E(block) E(block) E(block) E(block) … E(block) last block, if necessary •Problem: One specific message always creates the same cipher … Cipher Block Chaining (CBC) Plaintext Random Block 1 Block 2 Block 3 Block 4 … XOR XOR XOR XOR XOR Block Encryption E(block) E(block) E(block) E(block) E(block) Ciphertext Block 2 Block 3 Block 4 Block 5 • Pad … last block, if necessary • Random Block called IV can be sent in plain text. Not a secret – just prevents a codebook. Often times a timestamp. Cipher Feedback Mode (CFB) 1 unit is 1/N block Shift Register (1 Block wide) C I-6 Block Encryption Encrypted Register Next unit of Plaintext C I-5 C I-4 C I-3 C I-2 C I-1 E(register) Leftmost XOR Next unit of Ciphertext output After each unit, shift input register and insert the most recently generated unit of ciphertext Public Key cipher Use two key for encryption and decryption, public key and private key. Public Key cipher It is a one way channel. Anybody can encrypt and send data but only the owner of the private key can decrypt it. It is symmetric meaning E(KS, M) = C => D(KP, C) =M It is based on the number theory It is used for authentication and symmetric key distribution Authentication by Public Key It is assumed that anybody who has the private key has done the encryption. RSA (A Public Key Encryption Scheme) Proposed by Rivest, Shamir, Adleman, 1977 Later known that British knew it around 1970 NASA (American) knew it around mid 60’s. It is build on the factoring numbers It uses relatively large keys 1024 bits It is very hard to break but it is very slow compared to symmetric keys. RSA (Procedure) Select two large prime numbers at random p , q Compute N=p*q ø(N) = (p-1)*(q-1) Discard p and q COMPLETELY! Select an e < N such that e ,ø(N) relatively prime Find 0 d N such that e*d = 1 mod ø(N) Public encryption key is K = { e ,N } Encryption Algorithm is c = me mod N Private decryption key is K-1 = { d, N } Decryption Algorithm is m = cd mod N RSA Example (simple) p = 5 and q = 11 (destroy after computing e , d ) N = p*q = 55 modulus ø(N) = 4*10 = 40 e=3 public exponent relatively prime to 40 d = 27 private exponent 3*27 = 1 mod 40 Say we want to transmit the message m=4 E(4) = (43) mod 55 = 64 mod 55 = 9 D(4) = 927 mod 55 = = 58149737003040059690390169 mod 55 = 4 RSA Example (not so simple) p = 61 and q = 53 (destroy after computing e , d ) N = p*q = 3233 modulus ø(N) = 60*52 = 3120 e = 17 public exponent relatively prime to 3120 d = 2753 private exponent 17*2753 = 1 mod 3120 Say we want to transmit the message m = 123 E(123) = (12317) mod 3233 = 337587917446653715596592958817679803 mod 3233 = 855 D(855) = 8552753 mod 3233 = (‘eight thousand digit plus’ number) mod 3233 = 123 THE POINT: It is VERY DIFFICULT to compute ‘d’ from ‘e’ and ‘N’ . Factoring large numbers is a computation intensive process. Data integrity It is possible to send cipher which sounds OK. How do we know we get the message from the right person. We need athuntication We append some redundant information like CRC, message digest. We do so by cryptographic Hash functions Hash Functions Usually operate on an arbitrary length message to give a fixed length message digest. Properties of a good hash function: 1. 2. 3. Pre-image Resistant: given f(x) cannot find x 2nd Pre-image Resistant: given x and f(x), it is difficult to find x’ x such that that f(x) = f(x’) Collision Resistant: it is difficult to find any x’, x such that that x’ x and f(x) = f(x’) If 1,2 are satisfied, the function is said to be one way Hash Collisions Arbitrary length message => Fixed length hash =>Many messages will map to the same hash Given 1000 bit messages => 21000 messages 128 bit hash => 2128 possible hashes =>21000/2128 = 2872 messages/hash value n-bit hash => Need avg 2n/2 tries to find two messages with same hash 64 bit hash => 232 tries (feasible) 128 bit hash => 264 tries (not feasible) Hash functions MD5 128-bit hash using 512 bit blocks Invented by Ron Rivest in 1991 Described in RFC 1321 Commonly used to check the integrity of files (easy to fudge message and the checksum) Also used to store passwords March 2006: collisions within 1 minute on a single notebook Hash functions Secure Hash Algorithm (SHA) SHA-1 is used in TLS, SSL, PGP, SSH, S/MIME, and IPsec Data integrity MAC: Message Authentication code They use only Hash function instead of encrypting hash Why Hash and One Way Functions? Message Authentication Password Storage ? Key Generation Digital Signatures Authenticity & non-repudiation Which cryptographic protocol could you use for this purpose? Alice signs the document with her private key SA(m) Alice sends the signed document to Bob Bob verifies the signature by decrypting it with Alice’s public key VA(SA(m)) = m – Only Alice knows her private key. This proves that: m is from Alice Alice can’t deny she sent m Key Distribution Have network with n entities Add one more Must generate n new keys Each other entity must securely get its new key Big headache managing n2 keys! One solution: use a central keyserver Needs n secret keys between entities and keyserver Generates session keys as needed Downsides Only scales to single organization level How Useful is a KDC? Must always be online to support secure communication KDC can expose our session keys to others! Centralized trust and point of failure. In practice, the KDC model is mostly used within single organizations (e.g. Kerberos) but not more widely.