Security (Part 2) School of Business Eastern Illinois University © Abdou Illia, Spring 2007 (Week 13, Thursday 4/5/2007)
2 Learning Objectives n Discuss security goals n Discuss defense systems against – Intercepting confidential messages – DoS attacks – Malware attacks
3 Security Goals nIf eavesdropping and message alteration attacks succeed, in which of the following ways the victims could be affected? a)Data files stored on hard drives might be deleted b)Data files stored on hard drives might be altered c)Data being transmitted could be altered d)Data being transmitted could be intercepted and used by the attacker e)Users might not be able to get network services for a certain period of time f)The network might slow down Confidentiality = Main goal of implementing defense systems against eavesdropping and message alteration.
4 Security Goals nIf a malware attack succeeds, in which of the following ways the victims could be affected? a)Data files stored on hard drives might be deleted b)Data files stored on hard drives might be altered c)Data being transmitted could be altered d)Data being transmitted could be intercepted and used by the attacker e)Users might not be able to get network services for a certain period of time f)The network might slow down Integrity = Main goal of implementing defense systems against malware attacks.
5 Security Goals nIf a DoS attack succeeds, in which of the following ways the victims could be affected? a)Data files stored on hard drive might be deleted b)Data files stored on hard drives might be altered c)Data being transmitted could be altered d)Data being transmitted could be intercepted and used by the attacker e)Users might not be able to get network services for a certain period of time f)The network might slow down Availability = Main goal of implementing defense systems against DoS attacks.
6 Security Goals n CIA is the key word in implementing security – C onfidentiality of communications – I ntegrity of data – A vailability of network services and resources
7 Encryption-Decryption techniques n Cryptography is the study of creating and using encryption and decryption techniques. Plaintext is the data before any encryption has been performed Ciphertext is the data after encryption has been performed The key is the unique piece of information that is used to create ciphertext and decrypt the ciphertext back into plaintext
8 Encryption-Decryption techniques n Key = COMPUTER SCIENCE n Plaintext = this is the account number you have requested n Algorithm based on Vigenere matrix
9 Encryption-Decryption techniques 1) Look at the first letter in the plaintext (T) 2) Look at the corresponding key character immediately above it (C) 3) C tells us to use row C of Vigenere matrix to perform alphabetic substitution for plaintext character T 4) Go to column T in row C and find the cipher character V 5) Repeat Steps 1 through 4 for every character of the plaintext. COMPUTERSCIENCECOMPUTERSCIENCECOMPUTERSCIENCE Thisistheaccountnumberyouhaverequested
10 Encryption and Decryption techniques n Encryption algorithm cannot be kept secret n Key must be kept secret PlaintextEncryptionCiphertextDecryptionPlaintext Algorithm Key Algorithm Key TransmittedOriginal Message Original Message
11 Encryption: Key Length n Key can be “guessed” by exhaustive search – Try all possible keys – See which one decrypts the message n Long keys make exhaustive search difficult – If length is n bits, 2 n tries may be needed – If key length is 8 bits, only 256 tries maximum – Usually, Key Length ≥ 56 bits Assume a key is 56 bits. If it takes seconds to try each key, how long will it take to try all possible keys? What if computers are working together to try all key combinations?
12 Encryption-Decryption methods n Symmetric key encryption method – Use a single key for Encryption-Decryption – Examples: Data Encryption Standard (DES), 3DES n Public/Private key encryption method – Use different keys for Encryption-Decryption – Examples: RSA, Elliptical curve cryptosystem
13 Symmetric Encryption-Decryption n Symmetric key must be distributed secretly between partners n When Partner A sends to Partner B n Partner A encrypts with the key, partner B decrypts with the key n When Partner B send to Partner A n Partner B encrypts with the key, partner A decrypts with the key PlaintextEncryptionCiphertextDecryptionPlaintext Transfer $5,000 Transfer $5,000
14 Symmetric Encryption-Decryption n Advantages: n Simple enough for fast Encryption-Decryption n Fast enough for long messages n Disadvantages: n Need a different Symmetric key for each partner (or other partners could read messages) n If N partners, need N*(N-1)/2 keys. PlaintextEncryptionCiphertextDecryptionPlaintext Transfer $5,000 Transfer $5,000
15 Public/Private key Encryption- Decryption n Each partner has a private key (kept secret) and a public key (shared with everybody) n Sending n Partner A encrypts with the public key of Partner B n Partner B encrypts with the public key of Partner A n Receiving n Each receiver decrypt with its own private key Encrypt with Party B’s Public Key Partner A Partner B Decrypt with Party B’s Private Key
16 Public/Private key Encryption- Decryption n Advantages: n Once the message is encrypted, nobody can decrypted it except the receiver n Simplicity of key exchange: No need to exchange public key securely n Disadvantages: n Complex: Requires many computer processing cycles to do Public Encryption-Decryption n Can only be used to encrypt small messages Encrypt with Party B’s Public Key Partner A Partner B Decrypt with Party B’s Private Key
17 Summary Questions 3) Jason sends a message to Kristin using public key encryption. (a) What key will Jason use to encrypt the message? (b) What key will Kristin use to decrypt the message? (c) What key will Kristin use to encrypt the reply? (d) What key will Jason use to decrypt the reply? (e) Can the message and reply be long messages? Explain. (a) (b) (c) (d) (e) 4) Does public key encryption have a problem with secure key exchange for the public key? Explain.
18 What is common to malware attacks? n Malware or content attack messages – Include illicit content in the data filed of the message IP-H TCP-H UDP-HApplication Layer Message Defense systems for protecting against malware attacks are designed to filter Application layer messages. Are Anti-Virus Programs or Application Firewalls.
19 What is common to DoS messages? n Most DoS messages – Include Heading fields that might hide false identity IP-H TCP-H UDP-HApplication Layer Message Defense systems for protecting against DoS attacks are designed to check message headers. Could be Firewalls or Intrusion Detection Systems
20 Firewall? n A security system that implement an access control policy between two networks – Usually between the corporate network and an external network. n A firewall limits n The types of messages that enters a network n The types of messages that leaves the network
21 Kinds of Firewall n All firewalls – Examine parts (fields) of incoming messages – Permit or deny access based on a list of rules n Based on the way they operate, there are – Packet Filter firewalls – Application (proxy) firewalls
22 Packet Filter Firewall Packet Filter Firewall IP-H TCP-H UDP-HApplication Message IP-HICMP Message Arriving Packets Permit Deny Corporate NetworkThe Internet Examines content of IP header, TCP header, UDP header, and content of ICMP supervisory messages
23 Packet Filter Firewall: Common rules n IP headers include IP addresses – A company could decide to block messages with specific IP addresses. So, the firewall could be configured to do so. n TCP headers include port numbers that indicate which application service is desired – A company could decide to block any outsider from trying to telnet into the company. So, it could configure its firewall to stop all incoming message requesting port 23 – A company could decide to stop outgoing messages requesting Usenet (port 119) IF Interface = External And Destination port = 23 And Destination IP address <> x.x THEN DENY Example of rule for denying access Telnet (remote login): port 23 Usenet (newsgroup service): port 119 (SMTP): port 25 Web browsing: port 80 Typical TCP port numbers
24 Application (Proxy) Firewall n Application firewalls, also known as Proxy firewalls – Examine Application layer messages to check for illicit content n Application firewalls and Packet filter firewalls are complementary – In terms of what part of a message they examine. IP-H TCP-H UDP-HApplication layer message
25 Application (Proxy) Firewalls SMTP ( ) Proxy FTP Proxy Application Firewall HTTP Proxy Browser Webserver Application 1. HTTP Request Client PC Webserver 2. Examined HTTP Request 3. HTTP Response 4. Examined HTTP Response Acts like a server program to a client program, and like a client program to a server program
26 Application (Proxy) Firewalls n Intercept messages from clients to a server and intercept messages from a server to its clients n Read Application layer messages to scan for illicit content n IF illicit content detected, the message is discarded n Multiple types of application proxy programs because – Different application programs have different characteristics to examine.
27 Intrusion Detection Systems n Software or hardware device that – Capture network activity data in log files – Generate alarms in case of suspicious activities
28 Summary Questions 1. What are the three main security goals Answer: See slide #6 2. What parts of incoming messages do packet filter firewalls examine? Answer: See slide #22 3. a) What parts of incoming messages do application firewalls examine? b) What do they look for? Answer: a) Application layer messages. b) They look for illicit content. 4. What is an IDS? What it is used for?