Network Security ? Week 1
Network Security
Prof Chan Yeob Yeun
August 27, 2007
School of Engineering,
Information and Communications University
¨ Information Security Group, ICU2 / 81
Prof Chan Yeob Yeun
Education
Royal Holloway, University of London (2000)
Ph.D. in Information Security supervised by Professor Fred Piper and Professor Chris Mitchell
Royal Holloway, University of London (1996)
MSc. in Information Security
Professional Careers
Professor at ICU (2007 - )
Technical Advisor to LG Electronics, Mobile Handset R&D Centre (2007 - )
Vice President / Research Fellow, LG Electronics (2005-2007)
World First Development for the Mobile TV with CAS including DVB-H, TDMB, MediaFLO
Leader of Wireless Security, Toshiba Telecommunication Research LAB (2000-2004)
Visiting Research Professor, ICU (2004)
Industrial Supervisor at University of London and University of Bristol (2001-2004)
Industrial Security Mentor at Mobile Virtual Centre of Excellence (2001-2004)
¨ Information Security Group, ICU3 / 81
Course
Title : Network Security (ICE615)
Credit/Hour : 3/3
Prof : Prof Chan Yeob Yeun (x6192)
Email: [email protected]
TA : Hyunrok Lee (x6236)
Email: [email protected]
Hour : Mon. / Wed., 14:30 - 16:00
Web page :
http://caislab.icu.ac.kr/Lecture/data/2007/fall/ice615
¨ Information Security Group, ICU4 / 81
Syllabus 1. Course Description
This course offers how to evaluate a variety of vulnerabilities over the existing network and how to constructsecurity protocols and their applications by using crypto algorithms, digital signature and hash function toguarantee integrity of information and authentication of network entities including WLAN security, MobileSecurity, WPAN Security and Ubiquitous Security. Moreover, every student can get the knowledge how tobulid a typical network security protocols like Kerberos, SSL, TLS and IPSEC and network securitymechanism like Firewall and IDS.
2. TextbookA. Main Textbook : - Cryptography and Network Security ? Principles and Practices, William Stallings, Pearson Education
International, 4th Ed., ISBN 0-13-202322-9,2006- Handouts
B. Recommended Reading Material - Handbook of Applied Cryptography, A.J.Menezes, P.C. van Oorschot, S.A.Vanstone, CRC Press, 1997, ISBN 0-
8493-8523-7 - Network Security : Private Communication in a Public World, C. Kaufmann, R. Perlman, M. Speciner, Prentice
Hall, ISBN 0-13-046019-2, 2nd Ed., 2002- Handbook of Elliptic and Hyperelliptic Curve Cryptography, H. Cohen, G. Frey et al, Chapman & Hall/CRC,
ISBD 1-58488-518-1, 2006- Security for Ubiquitous Computing, F. Stajano, Wiley, 2002, ISBN 0-470-84493-0
3. Test and Evaluation- Midterm Exam: 15% - Quiz:5% - Final Exam:25% - Homework: 15% - Term Project : 15% -Term Paper : 20%,
Attendance and short questions : 5% (Total : 100%)
¨ Information Security Group, ICU5 / 81
Weekly Lecture Plan
Wk Contents Cmt Wk Contents Cmt
1
(8/27,29)
Introduction to Information Security & Network Security
9
(10/29,31)
Applications of Security III Hw#3
2
(9/3,5)
PKC and Digital Signature TP Plan 10
(11/5,7)
Applications of Security IV
3
(9/10,12)
New PKCs and Semantic Security
Hw#1 11
(11/12,14)
SSL and TLS HW#4
4
(9/17,19)
Security Protocols 12
(11/19,21)
IPSec and SET
5
(10/1,3)
TP Contest #1 TP Rep#1 13
(11/26,28)
Firewall and IDS
6
(10/10)
Midterm Exam 14
(12/3,5)
TP Contest #2 TP paper
7
(10/15,17)
Applications of Security I HW#2 15
(12/12)
Final Exam
8
(10/22,24)
Applications of Security II
¨ Information Security Group, ICU6 / 81
What is Network Security ?
Layer 2Layer 1 Layer 3 Layer 4 Layer 5 Layer 6 Layer 7
Confidentiality Authentication Integrity Non-repudiation Access Control
Encryption AuthenticationExchange
Data Integrity
Digital Signature Access Control
Traffic Control
Routing Control
Trust Security Label Detection Anti-Spam Recovery
Notarizations
Physical ApplicationDatalink Network Transport Session Presentation
¨ Information Security Group, ICU7 / 81
Security Requirements - Confidentiality
Attacker (Eavesdropper)
※ Pictures are taken from the CryptMail User's Guide, Copyright (C) 1994 Utimaco Belgium,
Eavesdropping
A B
E
¡ Keeping information secret from all but those who are authorized to it.¡
¨ Information Security Group, ICU8 / 81
Security Requirements - Authentication
Impersonation
A B
E
Entity authentication (or identification) : Corroboration of the identity of an entity (e.g., a person, a computer terminal, etc)
Message authentication : Corroboration the source of information also known as data origin authentication
= data integrity
¨ Information Security Group, ICU9 / 81
Security Requirements - Integrity
¡ Ensuring information has not been altered by unauthorized or unknown means.¡
Modification
A B
E
¨ Information Security Group, ICU10 / 81
Security Requirements - Non-repudiation
Repudiation
A B
I sent this message to you
No, I didn¡t receive it.
¡ Preventing the denial of previous commitment or actions.¡
¨ Information Security Group, ICU11 / 81
1. Introduction to Information Security (1/3)
The word Cryptology stems from Greek meaning ¡ hidden word¡ .
Cryptology splits into two: Cryptography and Cryptanalysis.
Cryptography is the study of mathematical techniques related to aspects of information security such as confidentiality, integrity, authentication, availability, accountability and non-repudiation.
¨ Information Security Group, ICU12 / 81
History of Cryptologic Research (I) (2/3)
1900BC : Non-standard hieroglyphics
1500BC : Mesopotamian pottery glazes
50BC : Caesar cipher
1518 : Trithemius¡ cipher book
1558 : Keys invented
1583 : Vigenere¡s book
1790 : Jefferson wheel
1854 : Playfair cipher
1857 : Beaufort¡s cipher
1917 : Friedman¡s Riverbank Labs
1917 : Vernam one-time pads
¨ Information Security Group, ICU13 / 81
History of Cryptologic Research (II) (3/3)
1919 : Hegelin machines
1921 : Hebern machines
1929 : Hill cipher
1973 : Feistel networks
1976 : Public Key Cryptography
1977 : DES
1979 : Secret Sharing
1985 : Zero Knowledge
1990 : Differential Cryptanalysis
1994 : Linear Cryptanalysis
1997 : Triple-DES
1998 ~ 2001 : AES
2001 ~ : Side Channel Attacks
2005 : Collusion Search Attack of SHA-1
¨ Information Security Group, ICU14 / 81
Encrypt DecryptAlice Bob
Eve
Encryption Key Decryption Key
plaintext ciphertext
Basic Communication Scenario
Enemy orEavesdropper
plaintext
1.1 Secure Communications
¨ Information Security Group, ICU15 / 81
1.2 Symmetric Key Cryptography
Encryption and decryption keys are known to both i.e. Encryption key = Decryption key
communicating parties (Alice and Bob).
All of the classical (pre-1970) cryptosystems are symmetric.
Examples : DES and AES (Rijndael)
A Secret should be shared (or agreed) between the communicating parties.
¨ Information Security Group, ICU16 / 81
1.3 Asymmetric Key Cryptography
Public key encryption (invented in the late 1970s), involves a different model.
Private Key - known only to the owner
Public Key - known to anyone in the systems with assurance
Sender encrypts the message by the Public Key of the receiver
Only the receiver can decrypt the message by her/his Private Key
Encryption key ≠ Decryption Key
¨ Information Security Group, ICU17 / 81
1.4 Message Authentication Codes (MACs)
MACs are designed to enable the recipient of a message to verify its origin and integrity.
A MAC algorithm takes a secret key and a message as input and outputs a MAC (appended to the message as a type of integrity check).
If recipient has the same secret key, the MAC can be computed on received message and compared with sent value.
¨ Information Security Group, ICU18 / 81
Given arbitrary length m, compute constant length digest d = h(m)
Desirable properties
h(m) easy to compute given m
One-way: given h(m), hard to find m
Weakly collision free: given h(m) and m, hard to find m¡ s.t. h(m) = h(m¡)
Strongly collision free: hard to find any x, y s.t. h(x) = h(y)
Example use: password database, file distribution
Common algorithms: MD5, SHA
1.4.1 Hash Functions
¨ Information Security Group, ICU19 / 81
1.5 Digital signatures
Digital signatures are also a kind of public key cryptography.
For a digital signature algorithm, keys are again generated in pairs: public verification keys and private signing keys.
Private signature key of sender applied to message to yield a digital signature of the message.
Sent with message.
Any recipient with public verification key can check origin and integrity of the message.
¨ Information Security Group, ICU20 / 81
1.6 MACs and Signatures
Whilst both MACs and signatures provide integrity and origin protection for data, they have different characteristics.
A MAC relies on shared secrets, and hence is appropriate in a point-to-point environment.
A signature enables the origin and integrity of a message to be independently checked by many recipients, and hence fits well to a broadcast or multicast environment.
¨ Information Security Group, ICU21 / 81
1.7 Non-repudiation
Digital signatures can also provide non-repudiation.
Since verifier has only the public key, they cannot create signatures (compare with MACs).
Hence a digitally signed message may be of value as long term evidence of an event, which cannot be repudiated by the originator of the signature.
¨ Information Security Group, ICU22 / 81
1.8 Authentication protocols
An authentication protocol is a cryptography-based exchange of messages, designed to enable participants to verify who it is they are communicating with.
Typically the protocols use MACs or signatures to protect individual messages.
However, apart from use of cryptography, means are required to verify that messages are not replays of old (valid) messages.
¨ Information Security Group, ICU23 / 81
1.9 Security threats and services
All cryptographic schemes are designed to counter security threats.
Threats include:
Eavesdropping on communications
Masquerade
Manipulation of communications
Repudiation
DoS
¨ Information Security Group, ICU24 / 81
1.10 Addressing threats by Cryptanalysis
A ¡Security service¡ is a term for the provision of protection against a threat.
Examples include:
Confidentiality (to defeat eavesdropping);
Entity authentication (to defeat masquerade);
Integrity protection (to defeat manipulation);
Non-repudiation (to defeat repudiation).
Security services include as follows:
Encryption can provide confidentiality;
Authentication protocols can provide entity authentication;
MACs or digital signatures can provide integrity protection;
Digital signatures can provide non-repudiation.
¨ Information Security Group, ICU25 / 81
1.11 Key management and PKIs
Any use of cryptography requires the generation and distribution of key material (key management).
Key management for public key cryptography rather different than for ¡secret key¡ cryptography.
Key management for secret key cryptography involves confidential and reliable transfer of secret keys.
Key management for public key cryptography is simpler ? public keys are not secret.
However public keys still need to be reliably transferred.
¨ Information Security Group, ICU26 / 81
1.12 Public key certificates
The Certificate Authority (CA) signs a concatenation of the public key, client name, and expiry date to form a public key certificate.
Anyone who verifies a public key certificate then has a reliable copy of the public key of the certificate owner.
Certificates (i.e. data structures signed by a Trusted Third Party, i.e. CA) can be used for things other then public keys.
An Attribute Authority can create Attribute Certificates, granting the owner privileges.
E.g. a network operator could sign an attribute certificate saying that a particular software vendor is reliable.
¨ Information Security Group, ICU27 / 81
1.13 Authorisation and access control
Authorisation is a term relating to the notion of access control.
Any system will often need to make a decision about whether another entity should be allowed to perform a particular action.
This is normally referred to as access control.
¨ Information Security Group, ICU28 / 81
Alice wants to talk to Bob
Needs to convince him of her identity
Both have private key k
Naive scheme
Alice Bob
Vulnerability?
¡ I am Alice¡ , x, E(x, k)
1.13 Authorisation and access control
Symmetric Key Authentication
¨ Information Security Group, ICU29 / 81
Eve can listen in and impersonate Alice later
Alice Bob
Eve
¡ I am Alice¡ , x, E(x, k)
Replay Attack
1.13 Authorisation and access control
¨ Information Security Group, ICU30 / 81
Preventing Replay Attacks
Bob can issue a challenge phrase to Alice
Alice Bob
¡ I am Alice¡
E(x, k)
x
1.13 Authorisation and access control
¨ Information Security Group, ICU31 / 81
Trivia Developed in 80¡s by MIT¡s Project Athena
Used on all Andrew machines
Mythic three-headed dog guarding the entrance to Hades
Uses DES, 3DES
Key Distribution Center (KDC) Central keyserver for a Kerberos domain
Authentication Service (AS) Database of all master keys for the domain
Users¡ master keys are derived from their passwords
Generates ticket-granting tickets (TGTs)
Ticket Granting Service (TGS) Generates tickets for communication between principals
¡slaves¡ (read only mirrors) add reliability
¡cross-realm¡ keys obtain tickets in others Kerberos domains
1.14 Kerberos
¨ Information Security Group, ICU32 / 81
1.14.1 Kerberos Authentication Steps
Kerberos
ServerClient
TGS
TGT Service TKT
Service REQ
¨ Information Security Group, ICU33 / 81
1.14.2 Kerberos Tickets
What is a ticket? Owner (Instance and Address)
A key for a pair of principles
A lifetime (usually ~1 day) of the key Clocks in a Kerberos domain must be roughly synchronized
Contains all state (KDC is stateless)
Encrypted for server
Ticket-granting-ticket (TGT) Obtained at beginning of session
Encrypted with secret KDC key
A needs TGT
E(kA,TGS, kA), TGTA
A AS
¨ Information Security Group, ICU34 / 81
1.14.3 Kerberos ? A wants to talk to B
First, get ticket from TGS
Then, use the ticket
E({A,B}, kA,TGS), TGTA
E(kA,B, kA,TGS), TKTA,B
A TGS
E({A,B}, kA,B), TKTA,BE(m, kA,B)
E(m, kA,B)
A B
¨ Information Security Group, ICU35 / 81
1.15 Diffie-Hellman Key Agreement
History
Developed by Whitfield Diffie, Martin Hellman
Published in 1976 paper ¡New Directions in Cryptography¡
Allows negotiation of secret key over insecure network
Algorithm
Public parameters Prime p
Generator g of
Alice chooses random secret a, sends Bob ga mod p
Bob chooses random secret b, sends Alice gb mod p
Alice computes (gb)a, Bob computes (ga)b ? this is the key
Difficult for eavesdropper Eve to compute gab
*pZ
¨ Information Security Group, ICU36 / 81
1.15.1 Diffie-Hellman Weakness
Man-in-the-Middle attack
Assume Eve can intercept and modify packets
Eve intercepts ga and gb, then sends Alice and Bob gc
Now Alice uses gac, Bob uses gbc, and Eve knows both
Defense requires mutual authentication
Back to key distribution problem
¨ Information Security Group, ICU37 / 81
1.16 Wireless Network Architecture
Internet
NetworkOperator
users
M-Commerce
¨ Information Security Group, ICU38 / 81
1.17 Wireless Security by using PKI
users
Server
Wireless security will extend PKI to mobile users
¨ Information Security Group, ICU39 / 81
1.18 Summary of Information Security
Confidentiality to keep information private
Authentication to prove the identity of an individual or an application
Integrity to prove that information has not been manipulated
Non-repudiation to ensure that information cannot be disowned
Cryptography
Digital Certificates
Digital signatures
Digital signatures and certificates
¨ Information Security Group, ICU40 / 81
1.19 Summary of cryptographic primitives
Unkeyed Primitives
Symmetric-key Primitives
Public-key Primitives
arbitrary length hash functions
1-way permutations
RNG, PUF(*)
symmetric-key ciphers
arbitrary length (keyed) hash functions(MAC)
Identification primitives
Identification primitives
signatures
public-key ciphers
SecurityPrimitives
block ciphers
stream ciphers
signatures
(*) RNG(Random Number Generator), PUF(Physically Unclonable Function)
¨ Information Security Group, ICU41 / 81
Network architecture is layered
Lower layer vulnerabilities are inherited at higher levels
Describing exploitable features and vulnerabilities in the scope of each layer makes sense
Example: TCP/IP v.4 is dominant design in use
Many vulnerabilities can't be prevented without a major
transition to a completely new design, or are hard problems
Most core vulnerabilities can't really be fixed
This is an important design consideration for any application that needs to use network
2. Introduction to Network Security
¨ Information Security Group, ICU42 / 81
2. Evolution of Attack2. Evolution of Attack
¨ Information Security Group, ICU43 / 81
2. Hacker¡s Motivation
1. From a hobby to a profitable industry
2. From annoying to destructive
3. From playing to stealing
4. From simplicity to complexity
¨ Information Security Group, ICU44 / 81
2. Trends of IT Security2. Trends of IT Security
Efficient work style,competitiveness
2000
Users
National security,calculation use
Reliability ofsystems
E-commerceEconomic infrastructure
Lifelines for society, economy, and daily life
Exclusive systems Big, host types C/S types PC, Internet Mobile & Ubiquitous
Government
Banking, transportation, energy sectors
Large enterprises
Small/mediumenterprises
Personal use
Role of information systems
Direction of IT security
Protection of military data.
Availability for critical infrastructure
Availability for IT systems in corporations
Network security for e-commerce
Security fore-government
Safe/reliable society
1950
InternetPC
Mobile/Ubiquitous
¨ Information Security Group, ICU45 / 81
2. Tools & Technology
¨ Information Security Group, ICU46 / 81
Collapse Of Trust
Hacking of Internet Banking
Cyber Terror
Homepage DefacementPrivacy Infringement
Stealing Social Security Number,Information Leakage ofPersonal and Customer's information
Temptation
Digital Fraud
PhishingPharming
Sphere and Shield
Illegal Spam MailsAdvertisement Mobile Message
SpywareAdware
CyberCyberSeven Seven SinsSins
ID Theft
Forgery and alteration ofCivil Affairs Documents
2. Seven Sins in Cyber Space2. Seven Sins in Cyber Space2. Seven Sins in Cyber Space2. Seven Sins in Cyber Space
¨ Information Security Group, ICU47 / 81
2. Security, Privacy, Trust in Smart Environments2. Security, Privacy, Trust in Smart Environments
How to manage security, privacy, and trust?
¨ Information Security Group, ICU48 / 81
2. Ubiquitous Network Demo2. Ubiquitous Network Demo
¨ Information Security Group, ICU49 / 81
Every interactions be storedEvery interactions be stored
Ubiquity
Invisibility
Sensing
Memory Amplification
Infra will be everywhere, affecting everyday lifeInfra will be everywhere, affecting everyday life
No idea when or where they use the computerNo idea when or where they use the computer
Sense what we do, say, typeSense what we do, say, type
u-SocietyIntervene with Personal, Intimate Experience Intervene with Personal, Intimate Experience
Security, Privacy, TrustSecurity, Privacy, Trust
Changes in smart environmentsChanges in smart environments
No physical and cognitive signs for data collections
Trade off between privacy and usability
2. Issues in Smart Environments2. Issues in Smart Environments2. Issues in Smart Environments2. Issues in Smart Environments
¨ Information Security Group, ICU50 / 81
Trade-Off : Risk, Cost , Performance High Level Dependability without
high cost- Highly interconnected system
Only the right people get access at any time to the right informationwith the best possible performance and at the lowest possible cost
Access!Speed!
Confidence& ControlRisk CostPerformance
Performance vs. Cost
2. New Paradigm for u2. New Paradigm for u--Security (I)Security (I)2. New Paradigm for u2. New Paradigm for u--Security (I)Security (I)
¨ Information Security Group, ICU51 / 81
Patching Security Function after implementation
- Endless patches for vulnerability is not answer
- Cause end-user's burden for security
- Reconfigurable Security
PreventionPrevention RecoverRecover
Embedded Security
2. New Paradigm for u2. New Paradigm for u--Security (II)Security (II)2. New Paradigm for u2. New Paradigm for u--Security (II)Security (II)
Needs for new Security Model, Method
- Principal of mutual suspicion vs. Concept of perimeter defense
- end-to-end Security
100% Prevention is not possible
- Need prevention and recovery system
- Minimize damage & Quick Recovery
¨ Information Security Group, ICU52 / 81
2. Vulnerabilities in U2. Vulnerabilities in U--NetworkNetwork2. Vulnerabilities in U2. Vulnerabilities in U--NetworkNetwork
Risks Type of Intrusion Problem Countermeasures
Theft or Stolen Confidentiality
Authentication
Device holders have authentication information
Entity (or device) authentication/Cryptography
Illegal Access Point Authentication 1-way authentication Mutual authentication
IP Spoofing Confidentiality Radiation of RF signal to unwanted user
Cryptography
(D)DoS Availability Degraded availability Availability
Trojan Horse, Worm, Virus Availability, Confidentiality, Integrity Degraded availability & integrity Anti-Virus program
Attack by harmful signal Availability Interfered communication channel Spread Spectrum-Frequency Hopping
Resource consumption attack Availability Out of battery power Availability
Revealing Location or ID-information
Confidentiality Privacy Anonymity
¨ Information Security Group, ICU53 / 81
2. Security Engineering in U-Network2. Security Engineering in U-Network
Security requirement Special Requirement in U-network
Basic Authentication Mutual authentication, use of dynamic key, Wireless PKI, device authentication, Central authentication, QoS
Confidentiality Key management, light weight cryptography, secure DB, mobile cryptography
Integrity Integrity mechanism for U-network
Additional Availability DoS attack, Priority management in access control, Differentiated service
Control of delegate Entity authentication and authorization
Access control
Anonymity Transfer of real ID information
Safe roaming Global roaming, DRM, CAS, Seamless secure roaming
¨ Information Security Group, ICU54 / 81
OSI Model
7 layers
Old
Applications often have properties of several layers at once
Makes classification difficult, confusing
TCP/IP Model
"DoD" model (Department of Defense)
5 layers
2.1 Network Model
¨ Information Security Group, ICU55 / 81
OSI: Open Systems Interconnection
ISO standard
Layered approach provides:
Simplification
Abstraction
Each layer talks only to the equivalent layer somewhere else
Division of responsibilities
Standardization and interchangeability of equipment from different makers
2.2 OSI 7-Layer Model
¨ Information Security Group, ICU56 / 81
Application
Presentation
Session
Transport
Network
Data Link
Physical
The 7 Layers
2.2.1 OSI 7-Layer
¨ Information Security Group, ICU57 / 81
Specifies the physical signals (electrical, optical, etc...)
Type
Levels
Speed
Cables if any
Range
Examples:
Ethernet coaxial cable specification
2.3 Physical Layer
¨ Information Security Group, ICU58 / 81
Disconnection
Cut cable
Barrier to radio waves
Availability
Eavesdropping
Tap in cable
Confidentiality
Interference and Jamming
e.g., provide 120 V AC in cable to cause damage
Selective jamming
Availability
Interception
Splice in cable, with attacker in-between
"man-in-the-middle"
Can also work on wireless networks (see later)
Can selectively remove or modify messages
Integrity
Physical integrity difficult to guarantee
Pressurized pipes, etc...
Integrity of radio waves
2.3.1 Physical Layer Risks
¨ Information Security Group, ICU59 / 81
How to transmit data between two stations in the same segment
Two components
MAC (Media Access Control)
Control which station receives which data
Which station has permission to transmit
MAC addresses uniquely identify stations (in theory)
LLC (Logical Link Control)
frame synchronization
Data unit is called a frame
flow control
error checking
Data Link Layer
2.4 Data Link Layer
¨ Information Security Group, ICU60 / 81
On a shared medium, how do you know if it's "your turn" to talk?
What if two stations send messages at the same time?
Collision
Approaches to Manage Contention
CSMA/CD
Carrier Sense Multiple Access with Collision Detection
CSMA/CA
Carrier Sense Multiple Access with Collision Avoidance
Token Passing
OFDM
Orthogonal Frequency Division Multiplexing
MAC Risks
2.4.1 MAC Risks (1/2)
¨ Information Security Group, ICU61 / 81
Address Resolution Protocol (ARP) vulnerabilities are a design
problem. There is nothing you can do from the implementation
standpoint to avoid them
This applies to both wireless and wired networks.
You can defend stations by:
Generating an alert when the protocol is abused
Welcome to the world of intrusion detection!
Using static IP-MAC pairs (in effect disabling ARP)
Configuring the network to put sensitive, important or trusted hosts and servers on a different subnet than other hosts
ARP is not used or relayed between subnets
This may include hosts used by privileged users
2.4.2 MAC Risks (2/2)
¨ Information Security Group, ICU62 / 81
Spoofed management frames in 802.11 wireless networks are
easy, common
Many automated tools available to disrupt wireless networks at the link
layer
De-authenticate stations, etc...
Wireless networks are a more attractive target due to the lack of a well-defined physical boundary
Harder to secure the link layer
More on this later in the section on wireless networks
LLC Risks: 802. 11 Frames
2.4.3 LLC Risks
¨ Information Security Group, ICU63 / 81
Routing between segments
Forwarding
Addressing
Internetworking
Error handling
Congestion control
Packet sequencing
Data units are called "packets"
2.5 Network Layer
¨ Information Security Group, ICU64 / 81
We'll discuss IPv4, although other protocols can be used at
this level
IP features
Network addresses
IP spoofing: Any station can send packets pretending to be from any IP address
Fragmentation: Firewalls and intrusion detection systems (IDS) may
reassemble packets differently from how the attacked operating systems do it
IP Components:
ICMP: Internet Control Message Protocol (Not Authenticated!)
Denial of service by sending forged ICMP unreachable packets
2.5.1 Network Layer Vulnerability
¨ Information Security Group, ICU65 / 81
Transport layer components dependent on IP:
UDP: User Datagram Protocol
TCP: Transmission Control Protocol
Reliability
retransmissions, etc...
Error recovery
Flow control
2.6 Transport Layer
¨ Information Security Group, ICU66 / 81
Transport layer protocolsUDP
Best effort delivery
Letter in the mail, hope it gets there (and does most of the time) ? Connectionless
UDP does not in itself introduce new vulnerabilities, but makes the exploitation of IP layer vulnerabilities easy.
Makes applications more difficult to design to prevent amplification and ping-pong effects
When is UDP needed?
Domain Name System: Normal hosts query DNS servers using UDP in
practice
UDP also used for other DNS functions (more on this later)
Streaming video, Voice-over-IP
TCP Reliable
Receiver uses sequence numbers to correctly reorder segments and remove duplicates
Establishes connections and monitors deliveries
Similar to packages requiring signatures at delivery
2.6.1 Transport Layer Vulnerability
¨ Information Security Group, ICU67 / 81
Session
Handles connections between applications
Presentation
Handles encoding, encryption, etc...
Application
DNS, RPC, NFS, Routing, IPSec
Other Layers
2.7 Other Layers
¨ Information Security Group, ICU68 / 81
You can't authenticate based on host names
You can't rely on DNS as per the original RFCs
DNS is more vulnerable if hosted outside your network
Some attacks (IP spoofing) prevented by ingress filtering
Don't accept packets from outside, pretending to originate from inside the network
Except if DNS server is hosted outside the network!
No defense then
With a UDP packet, a notice can be sent
Other packet to tell slave the new version number ("SOA RR")
Zone transfer still uses TCP
Lower protocol vulnerabilities can then be exploited to load desired
information into secondary servers/slaves
TCP session hijacking
ARP poisoning (if on same network segment)
As previous attacks, but now the timing can be controlled by the attacker thanks
to notify function
Administrative attacks against registrar (see Domain Hijacking: A step-by-step
guide, akin to social engineering attacks)
2.7.1 DNS Vulnerability
¨ Information Security Group, ICU69 / 81
¡ Network Information Services (NIS) clients download the necessary username and password data from the NIS server to verify each user login"
How much can you trust the client?
Doesn't encrypt the username/password information sent to the clients with each login
All users have access to the encrypted passwords stored on the NIS server
Crack at leisure
Active Directory can specify mechanism
Authentication mechanisms
Kerberos (requires infrastructure support)
NULL sessions (no passwords)
2.7.2 NIS Vulnerability
¨ Information Security Group, ICU70 / 81
Sun's Remote Procedure Calls (RPC)
Microsoft's RPC
92 entries in ICAT ("rpc") as of May 2004
Example:
saned in sane-backends 1.0.7 and earlier does not check the IP address of the connecting host during the SANE_NET_INIT RPC call, which allows remote attackers to use that call even if they are restricted in saned.conf.
And we know how insecure IP-based restriction can be anyway!
2.7.3 RPC Vulnerability
¨ Information Security Group, ICU71 / 81
Root on a client machine could be trusted as root on the server!
Remote user ID is trusted as correct
use the root_squash option in exports
Replaces "root" with "nobody"
On by default in RedHat 9+
Root on a client machine can assume the identity of any other user (su) and change that user's files
Solution: Share ("export") only directories where everything belongs to root (with the above squash option)
other squash options available
Setuid programs: blocked by "nosuid" option
2.7.4 NFS Vulnerability
¨ Information Security Group, ICU72 / 81
Routing information must have:
Integrity
Authenticity
Authorization
Timeliness
Resist replay attacks
An attacker can send a packet specifying the return route
The attacker may control one of the "routers" on the return route
Attacker needs to send a single valid packet for that new route to be used for the entire TCP connection
Initial sequence number just has to be guessed correctly once
TCP session sniffing
Man-in-the-middle attack
?On-the-fly packet modification
?Dropping packets selectively, or all packets
2.7.5 Secure Routing Requirements
¨ Information Security Group, ICU73 / 81
Send a message to all gateways, saying the gateway to network
A has made network A unreachable
Send another message advertising that you can reach network
A cheaply
You will start receiving all traffic for network A
Forward the traffic to the original gateway, after doing whatever
you want to do with it
2.7.5.1 MIM Routing Attack
¨ Information Security Group, ICU74 / 81
Open Shortest Path First (OSPF) is an authenticated link
state protocol (RFC 2328) running directly on top of IP
(proto 89) and using multicasts instead of broadcasts
Alternative to Routing Information Protocol (RIP)
Methods:
1. Password (plain text), vulnerable to sniffers
2. Keyed MD5 (a.k.a. HMAC-MD5)
K is a shared secret key (padded with zeros)
T is the message
H() is a hash function like MD5
F(K, T) is a function that pre-mixes T and K
Idea: Along with message, send also H(F(K,T)). Routers that know K can verify the integrity of T, as well as authenticate the message.
See RFC 1828
Similar to TCP MD5 signature option (RFC 2385)
2.7.5.2 Authentication in OSPF
¨ Information Security Group, ICU75 / 81
5 layers:
Application (combines presentation and session)
Transport
Network
Data Link
Physical
We will use this one as it is less ambiguous
2.8 TCP/IP Model
¨ Information Security Group, ICU76 / 81
History
Standard libraries and protocols for encryption and authentication
Secure Sockets Layer (SSL) originally developed by Netscape
SSL v3 draft released in 1996
Transport Layer Security (TLS) formalized in RFC2246 (1999)
Uses
HTTPS, IMAP, SMTP, etc
Issues
Proxies?
2.8.1 SSL/TLS
¨ Information Security Group, ICU77 / 81
Negotiates use of many different algorithms
Encryption
Server-to-client authentication
Protects against man-in-the-middle
Uses public key cryptosystems
Keys distributed informally
kept in ~/.ssh/known_hosts
Signatures not used for trust relations
Client-to-server authentication
Can use many different methods
Password hash
Public key
Kerberos tickets
2.8.2 Secure Shell (SSH)
¨ Information Security Group, ICU78 / 81
Protection at the network layer
Applications do not have to be modified to get security
Actually a suite of protocols
IP Authentication Header (AH)
Uses secure hash and symmetric key to authenticate datagram payload
IP Encapsulating Security Payload (ESP)
Encrypts datagram payload with symmetric key
Internet Key Exchange (IKE)
Does authentication and negotiates private keys
2.8.3 IPSec
¨ Information Security Group, ICU79 / 81
1.18 Summary of Network SecurityConuntermeasures
Terminals Theft Terminals holders have authentication information
Illegal Access Point One way authentication
IP Spoofing Radiation of RF signal to unauthorised users
DoS Unable to access the network
Authentication and Cryptography
Mutual Authentication
Cryptography
Authorised Availability Trojan Horse, Worm, Virus
Degraded integrity and availability Anti-Virus Program Attack by harmful Signal
Interrupted communications channel Spread Spectrum Frequency Hopping Revealing Location or ID Information
Interrupted communications channel Anonymity
¨ Information Security Group, ICU80 / 81
Quizzes
What is Diffie-Hellman Problem?
Describe Man in the Middle Attack for the DH
How to overcome Man in the Middle Attack for the DH
The aim of authentication in routing protocols is mainly to guarantee which one of these?
a) Confidentialityb) Integrityc) Availabilityd) Auditability
¨ Information Security Group, ICU81 / 81
Term Project - examples
Securing Mobile SIM/USIM lock for the mobile operators and vendors
Securing Key management for the Mobile Ad-hoc Network (MANET)
Implementing secure email by using RSA, ElGamal, AES
Implementing mutual authentication VoIP by using Diffie-Hellman as well as securing communications by using AES
Pros and Cons for ID based schemes/digital signatures
Analysis of WLAN Security
Study on Mobile Security including GSM, 3GPP, CDMA with DRM, CAS
Study on Trusted Computing
Study on Denial of Service Attacks and possible conuterrmeasures
Discuss X.509 certificates, CA¡s certification validation and web of trust
Analysis of Hash functions and the future directions
Analysis of secret sharing schemes and on-line secret sharing schemes
Securing Key management for the Mobile Ad-hoc Network (MANET) by using ID based schemes in conjunction with secret sharing schemes
Security Applications for MANET, WPAN, RFID, Bluetooth, IrDA, IrFM, Mobile TV, DRM and CAS
¨ Information Security Group, ICU82 / 81
Mobile TV
¨ Information Security Group, ICU83 / 81
World First 3G + DVB-H
¨ Information Security Group, ICU84 / 81
World First 3G + DVB-H (May 2006)