security and privacy in computer networkm59wang/ece358/security and privacy in... · security...
TRANSCRIPT
Outline
Fundamental Security o Security Objectives o Fundamental Cryptograph Techniques o Security Solutions IPSec Firewall
Emerging Security Threats in Current Computer Networks o Social Networks o Sybil Attacks o Sybil Detections
2
Outline
Fundamental Security o Security Objectives o Fundamental Cryptograph Techniques o Security Solutions IPSec Firewall
Emerging Security Threats in Current Computer Networks o Social Networks o Sybil Attacks o Sybil Detections
3
Security
“Security” relates to “computing or communicating in the presence of adversaries.”
Typically involves an “information system”: PC, network of computers, cell phone, email, ATM, car, smart grid, RFID, wireless link, medical device, …
Everything is digital now!
4
Overview of Security Requirements
Privacy (Confidentiality) User Authentication Data Authentication (Data Integrity) Non-Repudiation Access Control Availability
5
Confidentiality
Ability to keep communicated information between (among) authorized parties confidential/private;
Observer should not be able to recover information; In a stronger sense, an observer cannot determine the
parties involved or whether a communication session occurred.
6
User Authentication
Ability of the authorized parties in a communication session to ascertain the identity of other authorized parties o Mutually Trusting o One-Way Authenticated o Mutually Suspicious
7
Data Integrity
Ability to assure that exchanged information has not been subject to additions, deletions, modifications or undue delay by an unauthorized party;
Maintain the accuracy and consistency of data
8
Non-Repudiation
Ability to prevent an authorized party from denying the existence or contents of a communication session
9
Access Control
Ability that selectively allows only authorized users, devices and applications to gain access to resources on the network;
Prevent from misuse of data and network resources.
10
Availability
Data and networks are available to authorized parties; It intends to assure that the systems work promptly and
service is not denied to authorized users.
11
Encryption/Decryption
Encryption is the process of transforming a plaintext message M into ciphertext C using a unique key K
Decryption is just the reverse operation; transforming
ciphertext C into plaintext M under control of key K
13
Message Authentication/Hashing
This function allows the detection of any modification of the plaintext message
It is usually a digest of the message created in such a way that as little as one bit change in the message will produce an unpredictable change in approximately 50% of the bits or characters of the digest
14
Digital Signatures
Ability to prove to an independent third party at a later date the author and contents of a message;
A digital signature is a mathematical scheme for demonstrating the authenticity of a digital message or document.
15
Randomness
The security of most systems relies on the availability of “random” numbers or bit streams
These are used for o Keys or keystreams o One-time authentication parameters (Nonce)
If the “random” parameters used are not random or can
be influenced, then the system is vulnerable (Netscape)
16
Objectives and Tools
Confidentiality/Privacy o Encryption
Data Integrity
o MAC o Hashing
User Integrity/Non-Repudiation
o Digital Signatures o Hashing
17
Computer Network Security
Security Functions can be applied at various points (layers) in the network o Link-to-Link o Transport o End-to-End
18
Link to Link
Contents and headers are encrypted
Information appears in-the-clear within switch
Lots of keys in the system!
19
Transport Layer Security
Provides protection of user identity and data from external observers
Requires high-speed (bulk) encryption processing No protection from other users in the same node
20
End-to-End Security
Encryption and Authentication Functions performed by end user
Lower speed requirements Attackers can monitor header information for
sender/receiver pairs (traffic analysis)
21
Internet Security
Collection of network connections and servers - messages may pass through non-secure nodes/various countries
TCP/IP was not designed to support security functions
22
IPSec Objectives
Internet Protocol Security (IPsec) is a set of protocols which sit on top of the Internet Protocol (IP) layer. It allows two or more hosts to communicate in a secure manner by authenticating and encrypting each IP packet of a communication session.
IPSec incorporates the facilities to provide: o Secure branch office connections via the Internet o Secure remote access via the Internet o Extranet and Intranet groups o “Some” protection for e-commerce applications
23
IPSec - Methods
Security functions are provided to allow encryption and/or authentication of all traffic at the IP level
Support a variety of public key algorithms, conventional algorithms and hash functions
24
IPSec Services
Access Control (limited) Connectionless data transfer integrity Data origin authentication Packet sequence integrity/replay rejection Confidentiality (Limited) traffic analysis protection
25
IPSec Security Associations
Relationship between sender and receiver is defined by the Security Association (SA)
A “peer” relationship consists of two SA’s Three Sub-protocols
o Authentication Header Provide support for authenticating and ensure integrity of IP
packets Replay protection provided by Sequence number in header
o Encapsulated Security Payload (ESP) Protect the IP packet data from third party interference by
encrypting the contents using symmetric cryptography algorithms such as Blowfish and 3DES
o IP Payload Compression Protocol (IPComp)
26
Authentication Header
Provide support for authenticating and ensure integrity of IP packets
Replay protection provided by Sequence number in header
27
Encapsulated Security Payload
Provide for confidentiality and (optional) authentication of the packet’s payload
Some protection from traffic analysis is also provided (tunnel mode)
28
Modes
There are two modes for AH and ESP o Transport Mode Protect communications between two hosts.
o Tunnel Mode Build virtual tunnels, commonly known as Virtual
Private Networks (VPNs)
30
Transport Mode
Provide protection of the payload of the packet Intended to protect upper-layer protocols using the
payload.
31
Tunnel Mode
The entire IP packet is encrypted and/or authenticated; Original IP packet is encapsulated in a new outer IP
packet which can be used to protect header information or create VPN;
Designed to allow networks behind firewalls to communicate without implementing IPSec;
Real IP addresses can be encrypted to prevent observation.
32
Cryptographic Algorithms
Authentication includes o HMAC – MD5 o HMAC – SHA-1
Encryption includes o Three-key triple DES, RC5, IDEA, three key triple IDEA,
CAST Recent IETF initiative to incorporate Suite B algorithms
36
Automated Key Management
Default Automated Key Management is ISKAMP/Oakley (Modified version of Diffie Hellman key exchange
Diffie Hellman RSA
37
Limits to IPSec Protection
IPSec runs at a low enough layer that it is transparent to the user and applications
IPSec can only resolve to the level of the IP address No protection of data above IP level
38
Firewall
A firewall is a network security system that controls the incoming and outgoing network traffic based on an applied rule set;
A firewall establishes a barrier between a trusted, secure internal network and another network (e.g., the Internet) that is assumed not to be secure and trusted;
Firewalls exist both as software to run on general purpose hardware and as a hardware appliance.
39
Firewall Logic
Firewalls use 3 types of filtering mechanisms o Packet filtering or packet purity
Data flow consists of packets of information and firewalls analyze these packets to sniff out offensive or unwanted packets depending on what you have defined as unwanted packets.
o Proxy Firewalls in this case assume the role of a recipient & in turn
sends it to the node that has requested the information & vice versa.
o Inspection In this case Firewalls instead of sifting through all of the
information in the packets, mark key features in all outgoing requests & check for the same matching characteristics in the inflow to decide if it relevant information that is coming through.
40
Firewall Rules
Firewalls rules can be customized as per your needs, requirements and security threat levels. o IP Addresses
Blocking off a certain IP address or a range of IP addresses, which you think are predatory.
o Domain names allow certain specific domain names to access your
systems/servers or allow access to only some specified types of domain names or domain name extension like .edu.
o Protocols A firewall can decide which of the systems can allow or have
access to common protocols like IP, SMTP, FTP, UDP,ICMP,Telnet or SNMP.
41
Firewall Rules (Cont’)
Firewalls rules can be customized as per your needs, requirements and security threat levels. o Ports
Blocking or disabling ports of servers that are connected to the internet will help maintain the kind of data flow you want to see it used for & also close down possible entry points for hackers or malignant software.
o Keywords Shift through the data flow for a match of the keywords or phrases
to block out offensive or unwanted data from flowing in.
42
Outline
Fundamental Security o Security Objectives o Fundamental Cryptograph Techniques o Security Solutions IPSec Firewall
Emerging Security Threats in Current Computer Networks o Social Networks o Sybil Attacks o Sybil Detections
43
Social Networks
Social Networks (SNs) facilitate social interactions and exchange information among users
44
45
Primary Identity Information Disclosure on Social Networks
Privacy in MSNs?
Access a user’s account or profile indirectly Via the friends of the user
Forge fake information
Privacy in SNs
46
Maryland
Califonia
Delaware
Michigan
New Jersey
Social Networking Online Protection Act (SNOPA)
Sybil Attack
What is Sybil? The Sybil attack is an attack wherein a reputation system
or a network is subverted by a considerable number of forging identities.
How does Sybil work? By illegitimately infusing false or biased information via
the pseudonymous identities, an adversary can mislead a system into making decisions benefiting herself.
Spam, information leakage.
47
Examples
Sensor Networks, Mobile Sensing, Smart Grid Sybils report false sensing data
Social Network Voting Change the overall popularity of an option
Reputation System (Service Evaluation) Forge positive or negative reviews
48
Spam Advertisement, malware, phishing
Steal user’s information Facebook spies create false profile for top Nato chief to
steal personal data from his high-ranking friends Sybil population 14.3 million Sybils (August, 2012) 20 million Sybils (August, 2013)
49
Examples (Cont’)
Cryptograph based Sybil Defense
Cryptograph mechanisms, such as digital signatures and identity authentication.
These schemes require a trusted authority (TA) for the verification of identities. o The TA is the bottleneck of systems, which could easily
become a target point. o Moreover, it is impractical, since there is definitely not a
globe agency who can be trusted by the entire public.
System Feature based Sybil Defense
Explore the specific features of the unique systems or applications
Such anti-Sybil systems are specially designed; an efficient solution for one application is typically not suitable for the others
Moving patterns Sybils usually appear together
Sensor networks Nodes are static Measure RSSI of Sybils
Social Network based Sybil Defense
With SOCIAL NETWORK (social relationship), we can detect Sybil based on a unique structure of friendships. Observation: although attackers can create plenty of Sybil
identities and further create plenty of friendships (also known as social links) among the Sybils, the number of links between Sybils and honest users is limited.
53
Detect Sybils according to the community structures of social networks [9]
54
Social Community based Sybil Defense
9. B. Viswanath, A. Post, K. Gummadi, and A. Mislove, “An analysis of social network-based sybil defenses,” in Proc. of ACM SIGCOMM, vol. 40, no. 4, 2010, pp. 363–374.
(1) Sybil defense can be viewed as implicitly ordering or ranking nodes in the network, (2) The ranking of nodes is biased towards those which decrease conductance. Thus, nodes that are tightly connected around a trusted node are more likely to be ranked higher. (3) When the trusted node is located in a densely connected community of nodes, with a clear boundary between this community and the rest of the network, the nodes in the local community around the trusted node are ranked before others.
Social Network based Sybil Defense (NSD) vs. Social Community based Sybil Defense (CSD) Constraints for NSD: Multi-community for an honest node
55
Social Community based Sybil Defense (Cont’)
NSD Sybil Defense Community Detection
Outline
Fundamental Security Security Objectives Fundamental Cryptograph Techniques Security Solutions
Emerging Security Threats in Current Computer Networks Social Networks Sybil Attacks Sybil Detections
57