© 2009 pearson education, inc. publishing as prentice hall chapter 9 raymond panko’s business...

© 2009 Pearson Education, Inc. Publishing as Prentice Hall

Chapter 9

Raymond Panko’sBusiness Data Networks and Telecommunications, 7th edition

May only be used by adopters of the book

Security

© 2009 Pearson Education, Inc. Publishing as Prentice Hall 9-2

Security Requirements

• Authenticity

• Confidentiality

• Integrity

• Non-repudiation

• Availability


9-1: Security

• A Major Threat

• Intelligent Adversaries– Not just human error to content with

– Adapt to defenses

• Recap from Chapter 1– Authentication

– Cryptography for messages

– Firewalls

– Host hardening


9-3: Malware

• Malware– A general name for evil software

• Viruses– Pieces of code that attach to other programs

– Virus code executes when infected programs execute

– Infect other programs on the computer

– Spread to other computers by e-mail attachments, IM, peer-to-peer file transfers, etc.

– Antivirus programs are needed to scan arriving files• Also scan for other malware


9-3: Malware

• Worms

– Stand-alone programs that do not need to attach to other programs

– Can propagate like viruses through e-mail, etc.• This requires human gullibility, which is unreliable

and slow 易受欺騙


9-3: Malware

• Worms– Vulnerability-enabled worms jump to victim hosts directly

• Can do this because hosts have vulnerabilities

– Vulnerability-enabled worms can spread with amazing speed

– Vendors develop patches for vulnerabilities, but companies often fail or are slow to apply them

InfestedComputer

Computerwith

Vulnerability

寄生

弱點受害者


9-3: Malware

• Payloads

– After propagation, viruses and worms execute their payloads

– Payloads erase hard disks or send users to pornography sites if they mistype URLs

– Trojan horses are exploitation programs that disguise themselves as system files

– Spyware Trojans collect sensitive data and send the data it to an attacker

偽裝開採


9-4: Attacks on Individuals

• Social Engineering– Tricking the victim into doing something against his or her

interests

• Spam– Unsolicited commercial e-mail

• Fraud– Deceiving individuals to get them to do things against their

interests

• Taking the Reader to a Web site with Malware

未經請求的詭計 ; 騙局欺騙


9-4: Attacks on Individuals

• Credit Card Number Theft– Performed by carders

• Identity theft– Involves collecting enough data to impersonate the victim in

large financial transactions

• Phishing– A sophisticated social engineering attack in which an

authentic-looking e-mail or Web site entices the user to enter his or her username, password, or other sensitive information

網路釣魚


9-5: Human Break-Ins

• Human Break-Ins

– Viruses and worms rely on one main attack method

– Humans can keep trying different approaches until they succeed

• Hacking

– Hacking is breaking into a computer

– More precisely, hacking is intentionally using a computer resource without authorization or in excess of authorization



• Scanning Phase

– Send attack probes to map the network and identify possible victim hosts

– The Nmap program is popular for scanning attacks (Figure 9-6)


Figure 9-6: Nmap Scanning Output

IP Range to Scan

Type of Scan

Identified Host and

Open Ports



• The Break-In

– Uses an exploit—a tailored attack method that is often a program

– Normally exploits a vulnerability on the victim computer

– Often aided by a hacker tool

– The act of breaking in is called the exploit

– The hacker tool is also called an exploit



• After the Break-In– The hacker downloads a hacker tool kit to automate

hacking work

– The hacker becomes invisible by deleting log files

– The hacker creates a backdoor (way to get back into the computer)

• Backdoor account—account with a known password and full privileges

• Backdoor program—program to allow reentry; usually Trojanized



• After the Break-In– The hacker can then do damage at his or her leisure

• Download a Trojan horse to continue exploiting the computer after the attacker leaves

• Manually give operating system commands to do damage


9-7: Distributed Denial-of-Service (DDoS) Attack Using Bots

In a distributed denial-of-service attack,the attacker floods the victim computer(or network) with more traffic than the

victim can handle. Legitimate users aredenied service from the unavailable server.



The attackerinstalls Bot programs

on many PCs.

This is calleda botnet.



When it istime to attack

the victim,the attackersends attackcommands toall of the Bots.



The Bots then beginflooding the victim

with attack packets,rendering the victimunavailable to users


9-8: Bots

Bots can be updatedby their human master

to fix bugs or togive new functionality—for instance, to change

the Bot from a DOSattacker to a spambot.


9-9: Types of Attackers

• Traditional Attackers

– Traditional Hackers• Hackers break into computers• Driven by curiosity, a desire for power, and peer

reputation

– Virus writers



• Traditional Attackers

– Script kiddies use scripts written by experienced hackers and virus writers

• They have limited knowledge and abilities• But large numbers of script kiddies make them

dangerous

– Disgruntled employees and ex-employees



• Criminal Attackers

– Most attacks are now made by criminals

– Crime generates funds that criminal attackers need to increase attack sophistication


9-9: Types of Attackers (Cont.)

• On the Horizon

– Cyberterror attacks by terrorists

– Cyberwar by nations

– Potential for massive attacks


9-11: Authentication with a Central Authentication Server

1.The supplicant sends its credentials to the verifier.



2.The verifier passes the credentials to

a central authentication server.

3.The central authentication server

checks the credentials.If the credentials are correct, the

authentication server sends an OK tothe verifier, along with authorizations.

1



Central authentication servers bring consistency.

All supplicants are evaluated exactly the same wayno matter what verifiers they connect to.


9-12: Password Authentication

• Passwords– Passwords are strings of

characters

– They are typed to authenticate the use of a username (account) on a computer

• Benefits– Ease of use for users (familiar)

– Inexpensive because they are built into operating systems



• Often Weak (Easy to Crack)

– Word and name passwords are common

– They can be cracked quickly with dictionary attacks

– Hybrid dictionary attacks can crack simple variations, such as “Processing1” almost as fast



• Passwords should be complex– Mix case (A and a), digits (6), and other keyboard

characters ($, #, etc.)

– Can only be cracked with brute force attacks (trying all possibilities)

• Passwords should be long– Eight characters minimum

– Each added character increases the brute force search time by a factor of about 70



• Tell what attack can break it fastest, and tell how difficult it will be for the attacker to guess the password

– swordfish

– Processing1

– SeAtTLe

– R7%t&

– 4h*6tU9$^l



• Other Concerns

– If people are forced to use long and complex passwords, they tend to write them down

– People should use different passwords for different sites• Otherwise, a compromised password will give access

to multiple sites


9-13: Digital Certificate Authentication

• Public and Private Keys– Each party has both a public key and a

private key

– A party makes its public key available to everybody

– A party keeps its private key secret

• If there are 12 employees, how many private keys will there be?

• How many public keys will there be?



• Digital Certificate– Tamper-proof file that gives a

party’s public key

Name: Smith

Public Key: 8m27cj$leo62@lj*^l18dwk...

Other field

…

Tamper Checking Field



Calculation Digital Certificate

AuthenticationTest

2.Public key ofthe person

the applicantclaims to be

1.Applicant

does a calculationwith his or her

Private key

3.

Verifier tests the calculation with the public key of theclaimed party (not of the sender)

If the test succeeds, the applicant mustknow the secret private key of the claimed party, which

only the claimed party should know

2



• Perspective

– Digital certificate authentication is very strong

– However, it is very expensive because companies must set up the infrastructure for distributing public–private key pairs

– The firm must do the labor of creating, distributing, and installing private keys


9-14: Biometric Authentication

• Biometric Authentication– Authentication based on bodily measurements

– Promises to eliminate passwords

• Fingerprint Scanning– Dominates biometrics use today

– Simple and inexpensive

– Substantial error rate (misidentification)

– Often can be fooled fairly easily by impostors



• Iris Scanners– Scan the iris (colored part of the eye)

– Irises are complex, so iris scanning gives strong authentication

– Expensive

• Face Recognition– Camera: allows analysis of facial structure

– Can be done surreptitiously—that is, without the knowledge or consent of the person being scanned

– Very high error rate and easy to fool



• Error and Deception Rates– Error and deception rates are higher than vendors claim

– The effectiveness of biometrics is uncertain


9-20: Cryptographic Systems

• Cryptographic Systems– Provide security to multi-message dialogues

• At the Beginning of Each Communication Session– The two parties usually mutually authenticate each other

Party A Party B

Initial Authentication

A’s CredentialsTo B

B’s CredentialsTo A


• Message-by-Message Protection

– After this initial authentication, cryptographic systems provide protection to every message

– Encrypt each message for confidentiality so that eavesdroppers cannot read it


Party A Party BMessages Encrypted for Confidentiality

EavesdropperCannot Read Messages


9-21: Symmetric Key Encryption for Confidentiality

Message“Hello”

Cipher &Key

SymmetricKey

Party AParty B

Network

Encrypted Message

Encryption uses anon-secret cipher

(encryption method )and a secret key



Encrypted Message

SymmetricKey

Party A

Party B

InterceptorNetwork

Interceptor cannot readencrypted messages en route

Encrypted Message



Encrypted Message Message“Hello”

Cipher &Key

SymmetricKey

SameSymmetric

KeyParty A

Party B

InterceptorNetwork

Receiver decrypts the messageusing the same cipher

and the same symmetric key


Types of Symmetric Key Encryption

DES 3DES AES

Key Length (bits) 56 112 or 168 128, 192, or 256

Strength Weak Strong Strong to Very Strong

Processing Requirements

Moderate High Modest

RAM Requirements Moderate High Modest


Figure 9-20: Symmetric and Public Key Encryption

Public Key Encryption for Confidentiality

EncryptedMessage

EncryptedMessage

Party A Party B

Encrypt withParty B’s Public Key

Decrypt withParty B’s Private Key

Decrypt withParty A’s Private Key

Encrypt withParty A’s Public Key

Note:Four keys are used to encryptand decrypt in both directions




– Adds an electronic signature to each message

• The electronic signature authenticates the sender

• It also provides message integrity: receiver can tell if a message has been changed in transit

Party A Party BElectronic Signature




– Digital signatures use digital certificate authentication• Very strong authentication, but also very expensive

– HMACs (key-hashed message authentication codes) are less expensive

• They are not quite as secure as digital signatures, but are still quite secure

• The most widely used electronic signature method


Figure D-7: Digital Signature

SenderReceiver

DS Plaintext

Add Digital Signature to Each MessageProvides Message-by-Message Authentication

Encrypted for Confidentiality


Figure D-7: Digital Signature: Sender

DS

Plaintext

MD

Hash

Sign (Encrypt) MD withSender’s Private KeySender’s Private Key

To Create the Digital Signature:

1.1. HashHash the plaintext to create the plaintext to createa brief message digesta brief message digest; This is

NOT the digital signature

2. Sign (encrypt) the messagedigest with the sender’s privatesender’s private

keykey to create the digitalSignature

Hash algorithms: MD5, SHA-1http://en.wikipedia.org/wiki/MD5http://en.wikipedia.org/wiki/SHA-1


Figure D-7: Digital Signature

SenderEncrypts Receiver

Decrypts

Send Plaintext Plus Digital SignatureEncrypted with Symmetric Session Key

DS Plaintext

Transmission

Receiver Decrypts the Message,Getting the Plaintext Plus Digital Signature


Figure D-7: Digital Signature: Receiver

DSReceived Plaintext

MDMD

1.Hash

2.Decrypt withTrue Party’sPublic Key

3.Are they Equal?

1. Hash the receivedplaintext with the samehashing algorithm the

sender used. This givesthe message digest.

2. Decrypt the digitalsignature with the sender’spublic key. This also should

give the message digest.

3. If the two match, the message is authenticated;The sender has the true

Party’s private key


Figure D-8: Public Key Deception

Impostor

“I am the True Party.”

“Here is TP’s public key.” (Sends Impostor’s public key)

“Here is authenticationbased on TP’s private key.”

(Really Impostor’s private key)

Decryption of message from Verifierencrypted with Impostor’s public key,

so Impostor can decrypt it

Verifier

Must authenticate True Party.

Believes now has TP’s public key

Believes True Partyis authenticated

based on Impostor’s public key

“True Party,here is a message encrypted

with your public key.”

CriticalDeception


Digital Certificates

• Digital certificates are electronic documents that give the true party’s name and public key

• Applicants claiming to be the true party have their authentication methods tested by this public key

• If they are not the true party, they cannot use the true party’s private key and so will not be authenticated

• Digital certificates follow the X.509 Standard


Figure D-10: Roles of Digital Certificates and Digital Signatures in Authentication

• Public key authentication requires both a digital signature and a digital certificate to give the public key needed to test the digital signature

DS Plaintext

Applicant

Verifier

Certificate Authority

DigitalCertificate:True Party’sPublic Key


Figure D-10: Roles of Digital Certificates and Digital Signatures in Authentication

DigitalSignature

Authentication

Applicant

Verifier

Certificate Authority

DigitalCertificate:True Party’sName andPublic KeyMust be Tested with

True Party’sDigital Certificate


Figure D-9: Public Key Infrastructure (PKI)

Verifier(Brown)

Certificate AuthorityPKI Server

2.Distribute

PrivateKey

Applicant (Lee)

Verifier(Cheng)

1.Create

Public Key/Private Key

Pair



Verifier(Brown)

Certificate AuthorityPKI Server

4.Certificate

for Lee

Applicant (Lee)

Verifier(Cheng)

3. RequestCertificate

for Lee



Verifier(Brown)

Certificate AuthorityPKI Server 6. Request Certificate

Revocation List (CRL)

Applicant (Lee)

5.Certificate

for Lee

Verifier(Cheng)

7. CRL

© 2009 pearson education, inc. publishing as prentice hall chapter 9 raymond panko’s business...

Documents