Strong Password Protocols, Firewalls Network Security Design Fundamentals ET-IDA-082 Lecture-22 Network Defense Strong Password Protocols, Firewalls 05.07.2011, v07 Prof. W. Adi
Outlines Firewalls Types and applications Strong Password Protocols Lamport´s Hash Strong Protocols Firewalls Types and applications
Password Schemes Strong Password Protocols There are many different electronic devices for e-payment system. Different banks may be concerted in e-payment and the financial network is neccessary. E-payment flatform is built connecting the financial network and other open network, where the electronic devices can communicate with the flatform. PC is the most common device. Other devices include mobile devices, e.g. laptop, PDA, mobile telephone, ATM(Automatic Teller Machine), POS(Position of Sale), telephone and terminal. The electronic devices can connect the e-payment flatform using different open network.
Challenge-Response Authentication User, system share a secret function F (in practice, f is a known function with unknown parameters, such as a cryptographic key Ks) A random source generates r as a challenge Secret key ks r F F(r) request to authenticate system user user random message r (the challenge) system F(r) (the response) user system
Pass Algorithms Challenge-response with the function F itself as secret Example: Challenge is a random string of characters such as “abcdefg”, “ageksido” Response is some function of that string such as “ bdf” , “gkio” (each second letter is selected) Can alter algorithm based on alternative selections Network connection is as above, dial-up might require “aceg”, “aesd” Usually deployed in conjunction with fixed, reusable password
One-Time Passwords One-Time Password: Password that can be used exactly once. After use, it is immediately invalidated Use strategies: 1- Any One-Time Password out of a shared list (Banking TAN) Challenge: give a valid authenticated passwords from a securely shared list (PINS) p1 p2 p3 ….. pn Response is any password for the list used only once 2- One-Time Password selected from a shred list (Selected Banking TAN) Challenge: is a serial number i for a password from the shared authenticated list p1 p2 p3 … pi .. pn Response is password for a particular random selection pi Problems Synchronization of user, system Generation of good random passwords Password distribution problem
S/Key (TM Bellcore 1980) h(p2) = p1 h(pi) = pi-1 One-time password scheme based on idea of Lamport (1981) h is a one-way hash function (MD5 or SHA-1, for example) User chooses initial seed k0 System calculates: h(k0) = k1 h(k1) = k2 h(k2) = k3 … h(kn–2) = kn–1 h(kn–1) = kn pn pn-1 pn-2 … p2 p1 h ki+1 ki Initialize with k0 at t=0 h(p2) = p1 h(pi) = pi-1 Passwords pi ‘s are recalled in the reversed order
S/Key Protocol System stores maximum number of authentications n, number of next authentication i, last correctly supplied password pi–1. { name } { i } { pi } system user system user h(pi) = pi-1 user system System computes h(pi) = h(kn–i+1) = kn–i = pi-1. If match with what is stored, system replaces pi–1 with pi and increments i.
Next used password in revesred order Source Wikipedia
Compare password to Hn-1 password Compare password to Hn-1 password. If equal, n authen-tication is successfull. Store password for the n-1 future reference Next password Source Wikipedia
Hardware Support Token-based Temporally-based Used to compute response to challenge May encipher or hash challenge May require PIN from user Temporally-based Every minute (or so) different number shown Computer knows what number to expect when User enters number and fixed password
C-R and Dictionary Attacks Same as for fixed passwords Attacker knows challenge r and response f(r); if f encryption function, can try different keys May only need to know form of response; attacker can tell if guess correct by looking to see if deciphered object is of right form Example: Kerberos Version 4 used DES, but keys had 20 bits of randomness; Purdue attackers guessed keys quickly because deciphered tickets had a fixed set of bits in some locations
Encrypted Key Exchange Defeats off-line dictionary attacks Idea: random challenges enciphered, so attacker cannot verify correct decipherment of challenge Assume Alice, Bob share secret password s In what follows, Alice needs to generate a random public key p and a corresponding private key q Also, k is a randomly generated session key, and RA and RB are random challenges
EKE: Encrypted Key Exchange Protocol ( Starting with W as a weak secret password between Alice and Bob ) and E is a cipher Alice || Ew( ga mod p) Alice Bob Bob || Ew( gb mod p) Alice Bob Now Alice, Bob share a randomly generated secret Diffie-Hellman session key k = gab mod p Ek(RA) Alice Bob Ek(RARB) Alice Bob Ek(RB) Alice Bob
Biometrics Automated measurement of biological, behavioral features that identify a person Fingerprints: optical or electrical techniques Maps fingerprint into a graph, then compares with database Measurements not exact, so approximate matching algorithms used Voices: speaker verification or recognition Verification: uses statistical techniques to test hypothesis that speaker is who is claimed (speaker dependent) Recognition: checks content of answers (speaker independent)
Other Characteristics Can use several other characteristics Eyes: patterns in irises unique Measure patterns, determine if differences are random; or correlate images using statistical tests Faces: image, or specific characteristics like distance from nose to chin Lighting, view of face, other noise can hinder this Keystroke dynamics: believed to be unique Keystroke intervals, pressure, duration of stroke, where key is struck Statistical tests used Cautions: Known patters can be optically attacked by copying!
Location If you know where user is, validate identity by seeing if person is where the user is Requires special-purpose hardware to locate user GPS (global positioning system) device gives location signature of entity Host uses LSS (location signature sensor) to get signature for entity
Multiple Methods Example: “where you are” also requires entity to have LSS (Location Signature Sensor) and/or GPS, so also “which means you have?” Can assign different methods to different tasks As users perform more and more sensitive tasks, must authenticate in a variety of ways includes controls on access (time of day, etc.), resources, and requests to change passwords Pluggable Authentication Modules (Physical Security)
Key Points Authentication is not cryptography Passwords are useful You have to consider physical security of system components Passwords are useful They provide a basis for most forms of authentication Protocols are important Make attacks more difficult
Internal Defenses Firewalls etc. (Optional)
Perimeter and Internal Defenses Commonly deployed defenses Perimeter defenses – Firewall, IDS Protect local area network and hosts Keep external threats from internal network Internal defenses – Virus scanning Protect hosts from threats that get through the perimeter defenses Extend the “perimeter” – VPN Common practices, but could be improved Internal threats are significant Unhappy employees Compromised hosts
Standard perimeter defense mechanisms Firewall Packet filter (stateless, stateful) Application layer proxies Traffic shaping Intrusion detection Anomaly and misuse detection Methods applicable to network or host
Basic Firewall Concept Separate local area net from internet Firewall Local area network Internet Router All packets between LAN and internet routed through firewall
Firewall goals Prevent malicious attacks on hosts Port sweeps, ICMP echo to broadcast addr, syn flooding, … Worm propagation Exploit buffer overflow in program listening on network Prevent general disruption of internal network External SMNP packets Provide defense in depth Programs contain bugs and are vulnerable to attack Network protocols may contain; Design weaknesses (SSH CRC) Implementation flaws (SSL, NTP, FTP, SMTP...) Control traffic between “zones of trusts”
Review: TCP Protocol Stack Application protocol Application Application TCP, UDP protocol Transport Transport Network IP protocol IP IP protocol Network Link Network Access Link Data Link Data Link Transport layer provides ports, logical channels identified by number
Types of Firewalls Three common types of Firewalls: Packet-filtering routers Application-level gateways Circuit-level gateways
Types of Firewalls Packet-filtering Router
Types of Firewalls Packet-filtering Router Applies a set of rules to each incoming IP packet and then forwards or discards the packet Filter packets going in both directions The packet filter is typically set up as a list of rules based on matches to fields in the IP or TCP header Two default policies (discard or forward)
Packet-filtering Router Advantages: Simplicity Transparency to users High speed Disadvantages: Difficulty of setting up packet filter rules Lack of Authentication
Packet-filtering Router Possible attacks and appropriate countermeasures IP address spoofing Source routing attacks Tiny fragment attacks
Types of Firewalls Application-level Gateway
Types of Firewalls Application-level Gateway Also called proxy server Acts as a relay of application-level traffic
Application-level Gateway Advantages: Higher security than packet filters Only need to scrutinize a few allowable applications Easy to log and audit all incoming traffic Disadvantages: Additional processing overhead on each connection (gateway as splice point)
Types of Firewalls Circuit-level Gateway
Circuit-level Gateway Stand-alone system or Specialized function performed by an Application-level Gateway Sets up two TCP connections The gateway typically relays TCP segments from one connection to the other without examining the contents
Circuit-level Gateway The security function consists of determining which connections will be allowed Typically use is a situation in which the system administrator trusts the internal users An example is the SOCKS package
Firewall Configurations In addition to the use of simple configuration of a single system (single packet filtering router or single gateway), more complex configurations are possible Three common configurations
Firewall Configurations Screened host firewall system (single-homed bastion host)
Firewall Configurations Screened host firewall, single-homed bastion configuration Firewall consists of two systems: A packet-filtering router A bastion host
Firewall Configurations Configuration for the packet-filtering router: Only packets from and to the bastion host are allowed to pass through the router The bastion host performs authentication and proxy functions
Firewall Configurations Greater security than single configurations because of two reasons: This configuration implements both packet-level and application-level filtering (allowing for flexibility in defining security policy) An intruder must generally penetrate two separate systems
Firewall Configurations This configuration also affords flexibility in providing direct Internet access (public information server, e.g. Web server)
Firewall Configurations Screened host firewall system (dual-homed bastion host)
Firewall Configurations Screened host firewall, dual-homed bastion configuration The packet-filtering router is not completely compromised Traffic between the Internet and other hosts on the private network has to flow through the bastion host
Firewall Configurations Screened-subnet firewall system
Firewall Configurations Screened subnet firewall configuration Most secure configuration of the three Two packet-filtering routers are used Creation of an isolated sub-network
Firewall Configurations Advantages: Three levels of defense to thwart intruders The outside router advertises only the existence of the screened subnet to the Internet (internal network is invisible to the Internet)
Firewall Configurations Advantages: The inside router advertises only the existence of the screened subnet to the internal network (the systems on the inside network cannot construct direct routes to the Internet)
Trusted System Technology Trusted Computing One way to enhance the ability of a system to defend against intruders and malicious programs is to implement trusted system technology