1

Lecture 3

Network Security and Cryptography

Graduate Course, Hosei U., J. Ma

2

Outline

Threats and security techniques

Secret key cryptography

Hash functions

Authentication

Public key cryptography and Digital signatures

Certificates and Kerberos

Access control

Firewalls

Virtual private networking

IPsec and SSL

Intrusion detection

Denial of Service (DoS)

Java cryptography (homework)

3

Introduction

Security is an important problem in network computing

because networking is central --> all data and network

security issues are relevant to network computing

One can view secure computing as

Secure communications: how to counter threats related to

network

• Based on cryptography

• Addressed at least at application layer, eg, encryption,

assuming network is completely untrusted

• Attention is growing at other layers, eg, data link

encryption, packet encryption, secure transport layer

Secure hosts: mainly access control

• VPNs, firewalls, IDS,…

4

Types of Attacks

*Mobile code:

viruses, worms,

Trojan horses,…

A B

interception

A B

interruption

B

interruption

(denial of service)

A B

modification,

eg, replay

A B

fabrication ,

eg, masquerade

5

Threats and Security Mechanisms

Interception: eavesdropping - loss of privacy

Privacy is protected mainly by cryptography

Interruption: loss of service

Blocking of communications or denial of service attacks

Generally difficult to protect against in an open network

Modification: capture and alteration

Hashes (message digests) can ensure data integrity

Nonces (timestamps) can help protect against replay attacks

(e.g., retransmit login ID and password)

6

Threats and Mechanisms (cont)

Fabrication: masquerade

Digital signatures can authenticate sender

But some man-in-middle attacks can be hard to protect against

Mobile code security

Still open problem

Most security experts believe perfect security is impossible

Practical level of security involves trade-off between tolerable

risks and acceptable cost

7

Cryptography

From Greek words meaning “hidden or secret” (kryptos) and

“writing”

Originated in techniques for hiding messages, now called

steganography. Such as an ancient Italy, Giovanni Porta

developed an ink to write a message on a hard boiled egg

shell, which permeated shell to leave a message on the inner

egg under the shell.

Steganography hides existence of message but message

can be read if discovered

Cryptography hides meaning of message, not its existence

Steganography Digital Watermarking

8

Cryptography (cont)

Basic purpose is to change (scramble) a message before

transmission to prevent an eavesdropper from reading

Based on mathematical transformations, involving an

encryption algorithm and key

Cryptography can be combined with steganography, eg,

German agents in WWII encrypted messages and reduced

to photographic microdots carried on innocent-looking

letters. Some latest technologies, eg, watermarking and

information hiding, are also related to this.

Plaintext Encryption Decryption Plaintext Ciphertext

9

Secret Key (or Symmetric Key)

Cryptography

Secret key K Secret key K

Plaintext X Encryption Decryption Plaintext

X = DK(Y)

Ciphertext

Y = EK(X)

Encryption algorithm changes plaintext into ciphertext

Decryption uses same secret key (or “symmetric key”

because keys are same)

Assumes that sender and receiver have securely shared secret

key somehow

Confidentiality depends on secrecy of key

10

Cryptanalysis

Cryptanalysis tries to recover key, plaintext, or both

Usually encryption algorithm is known (not a secret)

Block ciphers operate on blocks of plaintext independently,

one at a time, producing blocks of ciphertext

Stream ciphers process elements continuously and produce

continuous ciphertext

Ciphertext only attack: cryptanalyst knows only the

ciphertext (and encryption algorithm)

Brute force trying all possible keys can take too long (usually

keys are intentionally long)

Statistical analysis is possible if cryptanalyst knows nature of

plaintext (eg, English)

11

Cryptanalysis (cont)

• 12% E, 9% T, 8% R, 7% I or N or A or O

• 2-letter combinations = digrams, most common is “TH”

• 3-letter combinations = trigrams, most common is “THE”

But strong encryption algorithms are typically designed and

able to withstand frequency analysis

Known plaintext attack: cryptanalyst also knows samples of

plaintext and their ciphertext

Easier to deduce key in this case than ciphertext only attack

Encryption algorithms are generally designed to withstand this

attack

Chosen plaintext attack: if cryptanalyst can somehow

choose the plaintext messages to be encrypted

12

DES (Data Encryption Standard)

64-bit plaintext

Stage 1 subkey 1

56-bit key

: :

64-bit ciphertext

Stage 16

Permutation

32-bit swap

Permutation

Permutation

Permutation

subkey 16 Permutation Left shift

:

Left shift

13

History of DES

Late 1960s IBM research project on cryptography led by

Horst Feistel

All symmetric block encryption algorithms are generally based

on Feistel block cipher. 1971 led to Lucifer algorithm.

1973 NIST request for proposals for national cipher

standard

1977 IBM’s refined Lucifer algorithm adopted as DES

DES (data encryption standard) standardized in 1977 for US

unclassified info

Most widely used modern encryption algorithm (until AES)

DES Critics wondered if 56-bit keys (reduced from original

Lucifer’s 128-bit keys) is too short for brute force attack

Rumor that NSA shortened to 56-bit key for secret reasons

14

DES Attack

56-bit keys --> 256 = 7x1016 possible keys, brute force attack

seemed unlikely

1997 RSA Laboratories issued $10,000 DES I challenge to find

DES key given a ciphertext and partially unknown plaintext

Rocke Verser began brute force attack distributed over

Internet, eventually joined over 70,000 computers --> found

key in 84 days after searching 14% key space

Latest DES III challenge to find 56-bit key was solved under 24

hours on January 18, 1999, after searching 30% key space

For more info:

http://www.rsa.com/rsalabs/node.asp?id=2091

http://en.wikipedia.org/wiki/Data_Encryption_Standard

15

Triple DES

Double DES: use two 56-bit keys with 2 encryption stages

But equivalent in power to single DES --> same as 56-bit key

K1 K2

X Encryption Encryption

Triple DES: uses two 56-bit keys in 3 stages --> effective

strength = 112-bit key

Much more secure but processing is much slower

K1 K2

X Encryption Decryption

K1

Encryption

16

AES

1997 NIST invited proposals for a new encryption standard

AES (advanced encryption standard) to replace DES

DES is vulnerable to differential cryptanalysis discovered in

1990 by Biham and Shamir - looks at differences between

pairs of ciphertext and uses differences to learn the key

DES also vulnerable to linear cryptanalysis discovered by

Matsui - works against most block ciphers

15 algorithms were submitted and evaluated for strength

and performance (implementability)

5 finalists: Mars (IBM), RC6 (RSA), Rijndael (Joan Daemen,

Vincent Rijmen), Serpent (Ross Anderson, Eli Biham, Lars

Knudsen), Twofish (Bruce Schneier and others)

17

AES (cont)

2000 Rijndael (“rain doll”) selected for AES

Symmetric block cipher supporting blocks of 128 bits and

key sizes of 128, 192, or 256 bits

Strong against various known cryptanalysis methods:

differential, truncated differential, linear, interpolation, and

Square attacks

In CBC MAC (cipher block chaining message authentication

code) mode, can be used as a hash function and

pseudorandom number generator

More info:

http://en.wikipedia.org/wiki/Advanced_Encryption_Standard

18

Hash and Message Digests

Hash is a one-way (irreversible) function: variable-length

message M fixed size digest H(M), 48-196bits

Easy to computer H(M) but not easy to find M given H(M)

M1<>M2 H(M1)<>H(M2)

Even if two messages are similar, their digests will appear very

different (“weak collision resistance” property)

Popular hash algorithms:

MD5 by Ron Rivest Produces 128-bit digest

SHS (secure hash standard, NIST) Produces 160-bit digest

Hash essentially acts as a fingerprint of a message

Mainly used to simplify digital signatures

Password hashing

Doesn’t need to know password to verify it

Store H(P+S), S (salt), and compare it with user-entered p

More Info: http://en.wikipedia.org/wiki/Cryptographic_hash_function

19

Hash for Mutual Authentication

Alice and Bob share a secret key K

Alice cannot reverse response from Bob to discover K, but

can verify that his response used the correct K

Similarly, Bob can verify that Alice knows K

A challenge-response protocol

Alice Bob

Random number A

H(A,K)

Random number B

H(B,K)

20

Hash for Data Authentication/Integrity

Works if Alice and Bob share a secret key K

A third party cannot change M and compute a correct

H(M,K) without knowledge of K

Alice Bob

Message M

H(M,K)

21

Problems with Secret Keys

Secret key must be shared (before a private connection can

be established)

1. Key is shared physically, eg, mail, telephone call

Hard to scale; impractical for a communications network

Need a unique key for every pair of users --> each user must

keep track of many keys

2. If a secure connection exists to third party, this party can

distribute key

Need for a key distribution center, eg, Kerberos

All parties need a unique key (master key) to communicate

with center

Two parties are assigned a temporary key (session key) for

duration of a connection

3. Diffie-Hellman protocol (Whitfield Diffie, Martin Hellman)

22

Diffie-Hellman Key Exchange

Two parties can exchange a secret number over an unsecure channel

Alice and Bob know a prime number p and a second number g =

“primitive root” of p (both can be public)

This means (g mod p, g2 mod p,.., gp-1 mod p) are all distinct

Each chooses a random number less than p and keeps private, say A

and B

Alice computes T(A) = gA mod p. Bob computes T(B) = gB mod p.

They exchange T(A) and T(B) over unsecure channel

Alice computes key = T(B)A = gBA mod p. Bob computes key = T(A)B

= gAB mod p Result in same number

A third party knows g, p, T(A), T(B), but it is considered

computationally infeasible to calculate A from T(A) or B from T(B),

especially if p is a large prime, because T(.) is a one-way modular

arithmetic operation

23

Diffie-Hellman (cont)

Alice Bob

Alice chooses A=3 (secret) Bob chooses B=6 (secret)

g=7, p=11

Alice computes 73 mod 11 = 2 Bob computes 76 mod 11 = 4

Alice sends 2 to Bob Bob sends 4 to Alice

Eavesdropper Eve can intercept 2 and 4,

but insufficient to discover the key

Alice computes 43 mod 11 = 9 Bob computes 26 mod 11 = 9

Alice learns key = 9 Bob learns key = 9

24

Public Key Cryptography

1976 Diffie and Hellman postulate concepts of public key

cryptography

Encryption key is public --> anyone can encrypt message to

Alice using Alice’s public key

Decryption key is secret to Alice --> only Alice’s secret key can

decrypt a message

Public key K1 Private key K2

Plaintext X Encryption Decryption Plaintext

X = DK2(Y)

Ciphertext

Y = EK1(X)

More Info: http://en.wikipedia.org/wiki/Public-key_cryptography

25

RSA

1978 RSA (Rivest-Shamir-Adleman at MIT) is the first

published (and patented 1983) public key algorithm

Parameters:

p, q = two chosen prime numbers [private]

n = pq [public]

e = chosen number such that greatest common denominator

between e and (p-1)(q-1) is 1 [public]

d = e-1 mod (p-1)(q-1) [private]

Private key = {d,n}

Public key = {e,n}

Justification depends on Euler’s theorem and properties of

prime numbers

26

RSA (cont)

To prevent discovery of (p,q) by exhaustive search, both p

and q should be large prime numbers

Computationally difficult to find large prime numbers

System can be attacked mathematically, essentially to

factor the product of 2 large prime numbers (n = pq)

1977 RSA issued $100 challenge to discover plaintext for an

RSA-encrypted cipher, believed to be computationally

impossible to break (428-bit key)

1994 challenge was solved by team working over Internet after

8 months - equivalent to 5,000 MIPS years

More info: http://www.rsa.com/rsalabs/node.asp?id=2092

More Info: http://en.wikipedia.org/wiki/RSA

27

Public Key Cryptography (cont)

Advantages:

Private key never needs to be distributed

Private keys can be changed at any time, only requires new

public key to be published

Misconceptions:

Public key crypto is not inherently more secure than secret key

crypto - depends only on key size

Public key crypto will not replace or supercede secret key

crypto - public key crypto is used mainly for authentication

Key distribution is not trivial

28

Digital Signatures

Diffie-Hellman postulated a digital counterpart to

handwritten signatures that guarantee the sender of a

message could be authenticated

Using RSA, private key can be used to verify sender identity

RSA has property that encrypt/decrypt keys are

interchangable

Plaintext

Encrypt

Alice sends:

Plaintext

Bob receives:

Alice’s private key

Decrypt

Alice’s public key

29

Key Distribution

If public keys are public, why not broadcast them?

Public announcements can be easily forged

Publicly available directory?

Assume parties can register their public keys securely in a

public directory maintained by a trusted organization

Parties can update their keys at any time

Entire directory is published periodically

But this depends on integrity of the directory authority - if an

attacker obtains private key of authority, could counterfeit

public keys

Need better security for distribution of public keys from

authority

30

Key Distribution (cont)

Improve public key authority:

1) A sends a timestamped request to authority

for public key of B

2) Authority’s reply is encrypted with its private key

so A can decrypt the reply with authority’s public key

• Reply contains B’s public key, copy of A’s request, A’s original

timestamp

3) A uses B’s public key to encrypt a message to B

• Message contains A’s identity and timestamp

4), 5) B retrieves A’s public key from the authority in similar manner

6) B uses A’s public key to send a message to A with A’s old

timestamp (to authenticate B), B’s new timestamp

7) A replies with encrypted B’s timestamp (to authenticate A)

Public key

authority

A B

1 2

3

4 5

6

7

31

Certificate Authority

But parties must still fetch public keys from authority for

every communication --> possible bottleneck

Possible to exchange public keys without contacting a

public key authority for every communication?

Certificate = public key and name, given to party with matching

private key (owner)

Only a trusted CA can create certificates

Parties exchange certificates directly without contacting CA

A party can verify that certificate was created by CA, and

can read certificate for name and public key of the owner

32

Certificate Authority (cont)

Creation of certificates:

A sends its public key (by some secure channel) to CA and

requests certificate

CA uses its private key to encrypt <timestamp, A’s name, A’s

public key> and sends this certificate to A

Verification of certificates:

If A sends certificate to B, B uses CA’s public key to decrypt

the certificate

If B can read the certificate, it verifies that certificate

originated from CA

Certificate provides A’s name and public key

Timestamp can be used to validate the currency of the

certificate (against replay attacks)

33

PKI and Certificate Validation

Public Key Infrastructure

Rooted tree of CAs

Cascading issuance

Any CA can issue cert

CAs issue certs for children

… … …

Root

CA1 CA2 CA3

CA11 CA12 CA21 CA22 CA1n

Cert11a Cert11b Cert11c … … … …

Certificate

Signature

More Info: http://en.wikipedia.org/wiki/Public_key_infrastructure

34

Kerberos

Developed at MIT to help authenticate users at workstations

to servers in a distributed system (network)

Servers should be restricted to authorized users, and requests

for services should be authenticated

Users must be authenticated for each service, and servers

must be authenticated to clients

Without elaborate authentication protocols needing to be built

into each server - Kerberos provides a centralized

authentication service

Using only conventional cryptography, no public key

cryptography

Should be reliable, scalable, and secure against

eavesdroppers

More Info: http://en.wikipedia.org/wiki/Kerberos_(protocol)

35

Kerberos (cont)

System consists of authentication server (AS) and ticket

granting service (TGS)

Alice identifies herself to AS

AS sends back her name and a session key, encrypted by a

secret key shared between Alice and AS (only Alice can

read)

AS also sends a ticket to Alice for use with TGS

Ticket holds Alice’s identity and assigned session key,

encrypted by a secret key shared between AS and TGS (only

TGS can read)

36

Kerberos (cont)

Now to talk with Bob, Alice must request TGS to generate a

session key for Bob

Alice sends ticket (to prove her identity), Bob’s identity, and

timestamp (against replay) to TGS

TGS returns a ticket with a session key and Alice’s identity,

encrypted with a secret key shared by TGS and Bob (so

Alice can send ticket to Bob and only Bob can read)

Alice can send ticket to Bob to verify her identity

More Info: http://en.wikipedia.org/wiki/Kerberos_(protocol)

37

Access Control Matrix

Entry M[s,o] lists the operations that subject “s” can request

on object “o”

If subject requests to invoke a method on object that is not in

list, then invocation is denied by reference monitor

s1

s2

s3

:

o1 o2

M[s,o]

o3 …

Subjects

Objects

38

Access Control (cont)

Matrix can become very large with many users and many

objects, but many entries might also be empty

One approach: Each object keeps its own access control list

(ACL)

ACL = list of access rights of subjects who are authorized to

access the object

This approach distributes the access control matrix to

individual objects

Alternatively, access control can be distributed to subjects

Subjects authenticate themselves (to an authentication server)

and get certificates, eg, Kerberos ticket-granting server gives

“tickets”

39

Access Control (cont)

Tickets are protected against forgery and modification

Tickets are presented for access to services

Advantages of tickets/certificates

A trusted authority can handle authentication and certificates,

independent of the servers themselves

Certificates allow access rights to be delegated

Delegation allows work to be migrated from one process to

another, without adversely affecting protection of resources

• Eg, a host gives print server its access rights to a file to be

printed

Delegation of authority is common in distributed systems to

allow jobs to be moved to remote processes while giving those

processes access to needed resources

40

Firewalls

Firewalls protect a system from external access by filtering

packets

Often combined with routers or gateways because filtering is

based on processing packet headers and applying a security

policy

All incoming and outgoing traffic goes through firewall -->

firewall is single point of monitoring, accounting, and control

Firewall itself should be immune to attack

Firewalls can regulate

Direction of traffic: which side initiates service requests

Services: filter inbound and outbound services based on IP

addresses, port numbers

41

Firewalls (cont)

User access: restricts users’ access to services, applied to

users inside firewall

Behavior: application-level gateways can inspect the contents

of packets to control how services are used, eg, filter out email

that is spam

Packet-filtering router type of firewall:

For every inbound and outbound packet, examines IP packet

header (IP addresses, protocol number) and TCP/UDP header

inside payload (TCP/UDP port number)

Filter = list of values to match each inspected field and rules to

apply

Actions = discard or forward the packet

42

Firewall Known Limitations

Firewalls cannot protect inside users from each other, or

inside resources from malicious users within the firewall

Firewalls often let through malicious mobile code (viruses,

Trojans, applets)

Firewalls are ineffective if they can be bypassed (eg, by

some other means of communications, eg, dialup)

Once connected to a valid service that service can be exploited

Ineffective against exploits using software vulnerabilities,

eg, buffer overflow attacks

Packet-filtering firewalls are hard to configure correctly

More Info: http://en.wikipedia.org/wiki/Firewall_(computing)

43

Virtual Private Networking (VPNs)

Companies now often have multiple offices nationwide

Need to communicate securely --> private networks using

leased lines

But leased lines will be expensive, hard to reach globally, and

private network will be totally closed to outside

communications

Private

LAN

Private

LAN

Private

LAN

Leased lines

More Info: http://en.wikipedia.org/wiki/Virtual_Private_Networking

44

Internet

VPNs (cont)

VPNs work as a private overlay network over the public

Internet

Depends on tunneling packets through Internet, eg, using

IPsec

• Real packet sits inside an outer IP packet --> tunnels

serve as “virtual” leased lines

Communications only between participants in the private

network, protected against non-participants

Private

LAN

Private

LAN

Tunnels

Private

LAN

45

VPNs (cont)

IPsec in tunneling mode can be used for VPNs

IPsec provides authenticated and encrypted packets

These packets are carried in payloads of regular IP packets

(tunneled)

Tunnels begin and end at secure VPN equipment at

company sites (eg, firewalls/gateways capable of IPsec)

A B

Gateway Gateway

New IP

Header

AH or ESP

Header

TCP

Data

Orig IP

Header

Encrypted

46

IPsec (IP Security)

IP obviously lacks any security features

Security can be done at application layer, but leaving it

solely to applications complicates applications development

Network layer security could handle authentication and/or

encryption of packets, helping applications that have not

been developed with security

Security-aware applications can also work over a secure

network

IETF specifications for a security “framework” (not a

protocol) at IP level in 3 functional areas

47

IPsec Protocol Suite

(IKE)

Internet Key

Exchange

(AH)

Authentication

Header

(ESP)

Encapsulating

Security Payload

(SPS)

Security Policy

System

Manual

Policy/Configuration

Managent Key Management Packet Processing

48

IPsec (cont)

Authentication: using authentication header (AH)

Confidentiality: add encapsulating security payload (ESP)

Key management: using ISAKMP (Internet security association

and key management protocol)

• Complex and flawed

New concept of security association (SA) = one-way

relationship between sender and receiver with traffic

protected by one or more security services (authentication,

confidentiality, protection from replay)

SA is identified by parameters carried in packets

SA indicates the security algorithms to apply

49

IPsec - Authentication Header

IPsec itself is algorithm-independent (can work with multiple

algorithms)

New AH header can be inserted right after IPv4 header or

can be IPv6 extension header

Provides data integrity, sender authentication, protection

against replays, but not encryption

Next header Payload length Reserved (unused)

Security parameters index

Sequence number

Authentication data (HMAC)

50

IPsec- AH (cont)

Next header: the normal value of the protocol field (protocol

field is now 51 to indicate the presence of AH header)

Payload length: length of AH header in 4-byte units

Security parameters index: to identify the security

association for this packet

Sequence number: unique number of the packets sent on

this security association, to protect against replay attacks

Authentication data: hashed message authentication code

(HMAC) = digital signature computed by a hash over the

packet (including some header fields) with a shared secret

key

51

IPsec - Encapsulating Security Payload

New ESP header can be used alone or after AH header

Adds privacy (packet payload is encrypted)

Security parameters index: to identify security association

for this packet

Sequence number: to protect against replay

Security parameters index

Sequence number

Packet payload (encrypted)

52

Secure Sockets layer (SSL)

SSL: to any TCP-based app using SSL services.

SSL: used between WWW browsers (originated by Netscape), servers for e-commerce (https).

SSL security services:

server authentication

data encryption

client authentication (optional)

TLS (Transport Layer Security from IETF) is based on SSL with some changes, can be viewed as SSLv3.1.

TCP

IP

SSL

HTTP

53

SSL (cont)

Encrypted SSL session:

Browser generates symmetric session

key, encrypts it with server’s public key,

sends encrypted key to server.

Using private key, server decrypts

session key.

Browser, server know session key. All

data sent into TCP socket (by client or

server) encrypted with session key.

SSL: basis of IETF Transport Layer

Security (TLS).

SSL can be used for non-Web

applications, e.g., IMAP.

Client authentication can be done with

client certificates.

Client Server

(1) Client Hello (algorithms)

(2) Server Hello (alg selection)

(3) Server Certificate

(4) ClientKeyRequest

(5) ChangeCipherSuite

(6) ChangeCipherSuite

(7) Finished

(8) Finished

54

Intrusion Detection

Intruders may include unauthorized outsider

(“masquerader”) trying to access a system like a legitimate

user; legitimate user (“malfeasor”) trying accesses that are

not authorized or misusing his privileges; or intruder

(“clandestine user”) trying to get supervisory control of

system and modifying access controls or auditing

Attempt to gain access to system (via password cracking),

elevate privileges on system, or create dummy account

Or worms/Trojans can leave backdoors (eg, Back Orifice,

netbus, Subseven)

First objective should be prevention of intrusions, but

intrusion detection is additional defense

55

Firewall Versus IDS (Intrusion Detection System)

Firewall

Active filtering

Fail-close

Network IDS

Passive monitoring

Fail-open

FW

IDS

56

Intrusion Detection (cont)

If intrusions cannot be prevented, intrusion detection tries to

identify an intrusion attempt as quickly as possible to

minimize changes of damage

Effective intrusion detection might deter future attacks

Data collected from intrusion detection might be useful to

improve intrusion detection techniques

Assume that behavior of intruders is different from legitimate

users

2 general approaches:

Statistical anomaly detection: collect statistical data about

“normal” user behavior and establish a baseline normal profile

• If someone’s behavior deviates from the baseline, it is

flagged as possible intruder

57

Intrusion Detection (cont)

Rule-based detection: define a set of rules to decide that

behavior appears suspicious

• Could be implemented as an expert system

No system is perfect, and errors can be classified as

False positives: authorized users mis-identified as intruders

False negatives: intruders not identified as intruders

Systems try to minimize false positives and false negatives

Additional utilities for intrusion detection might include

ps or top: to list the processes running on a machine

lsof: to list all open files belonging to active processes on

machine

logcheck: to monitor the system log for changes and compare

to user-specified list

58

Intrusion Detection (cont)

portsentry: to watch for port access attempts

tripwire: computes and stores checksums for files to detect any

changes, or changes in permissions

tcpdump and tcpshow, or snort: lists all packets sniffed on a

LAN in promiscuous mode

netstat: to show open connections

After identification of intruder, usually system administrator

must investigate further

Intruders may use “rootkits” or “autorooters” to hide their

tracks

More Info: http://en.wikipedia.org/wiki/Intrusion_detection_system

59

Denial of Service (DoS) Attacks

Unlike other forms of computer attacks, goal isn’t access or

theft of information or services

The goal is to stop the service from operating

To deny service to legitimate users

This is usually a temporary effect that passes as soon as

the attack stops

How Can a Service Be Denied? Lots of ways

Crash the machine

Or put it into an infinite loop

Crash routers on the path to the machine

Use up a key machine resource

Use up a key network resource

Using up resources is the most common approach

More Info: http://en.wikipedia.org/wiki/Denial-of-service_attack

60

Simple Denial of Service (SDoS)

61

Distributed Denial of Service (DDoS)

62

Typical Attack Modus Operandi

Typical Attack Modus Operandi

63

DDoS Defense Approaches

Detect anomalous behavior of packets to routers and

filter/drop packets with particular characteristics

Pushback

Traceback

D-WARD

Netbouncer

SOS

Proof-of-work systems

Distributed solutions

Cossack

DefCOM

64

Trustworthiness System and Trust Computing

The system does what is required

Despite disruption, errors, and attacks

The system does not do other things

Encompasses

Correctness

Reliability

QoS

Security

Privacy

Safety

Survivability

Reputation

65

Homework

Study Java Cryptography

by

Reading PPT file in Lecture 3 Reading List

and

accessing Sun’s Java website:

http://java.sun.com