Network and Communication Security COS 461: Computer Networks Spring 2009 (MW 1:30-2:50 in COS 105) Mike Freedman Teaching Assistants: Wyatt Lloyd and.

Slides:



Advertisements
Similar presentations
IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.
Advertisements

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
NS-H /11041 Attacks. NS-H /11042 The Definition Security is a state of well-being of information and infrastructures in which the possibility.
Cryptography and Network Security Chapter 16 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Dr. Lo’ai Tawalbeh Summer 2007 Chapter 9 – Public Key Cryptography and RSA Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus INCS.
Network and Communication Security COS 461: Computer Networks Spring 2010 (MW 3:00-4:20 in COS 105) Mike Freedman
Cryptography and Network Security Chapter 9 Fourth Edition by William Stallings.
Network and Communication Security Section COS 461: Computer Networks Spring 2011 Mike Freedman
Cryptography and Network Security
Cryptography and Network Security Chapter 9. Chapter 9 – Public Key Cryptography and RSA Every Egyptian received two names, which were known respectively.
Public Key Cryptography and the RSA Algorithm
Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.
Chapter 6 IP Security. Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.
Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications.
Dr.Saleem Al_Zoubi1 Cryptography and Network Security Third Edition by William Stallings Public Key Cryptography and RSA.
1 Pertemuan 08 Public Key Cryptography Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Cryptography and Network Security Chapter 9 5th Edition by William Stallings Lecture slides by Lawrie Brown.
Network Security Sorina Persa Group 3250 Group 3250.
Cryptography and Network Security Chapter 9 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Introduction to Public Key Cryptography
CS5204 – Fall Cryptographic Security Presenter: Hamid Al-Hamadi October 13, 2009.
CSE 486/586 CSE 486/586 Distributed Systems Security Steve Ko Computer Sciences and Engineering University at Buffalo.
Cryptography COS 461: Computer Networks Princeton University 1.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Lecture 9 Advance Topics in Networking Host Mobility,
Public Key Cryptography and the RSA Algorithm Cryptography and Network Security by William Stallings Lecture slides by Lawrie Brown Edited by Dick Steflik.
Applied Cryptography (Public Key) RSA. Public Key Cryptography Every Egyptian received two names, which were known respectively as the true name and the.
Network and Communication Security: HTTPS, IP Sec, DNS-Sec Section 8.4 COS 461: Computer Networks Spring 2011 Mike Freedman
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CSCE 715: Network Systems Security
CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.
Private-Key Cryptography  traditional private/secret/single key cryptography uses one key  shared by both sender and receiver  if this key is disclosed.
Private-Key Cryptography  traditional private/secret/single key cryptography uses one key  shared by both sender and receiver  if this key is disclosed.
1 Public-Key Cryptography and Message Authentication.
Computer and Network Security Rabie A. Ramadan Lecture 6.
Cryptography and Network Security Chapter 9 - Public-Key Cryptography
Network Security David Lazăr.
Welcome to Introduction to Computer Security. Why Computer Security The past decade has seen an explosion in the concern for the security of information.
IP Security.  In CERTs 2001 annual report it listed 52,000 security incidents  the most serious involving:  IP spoofing intruders creating packets.
Chapter 6 IP Security. We have considered some application specific security mechanisms in last chapter eg. S/MIME, PGP, Kerberos however there are security.
PUBLIC-KEY CRYPTOGRAPH IT 352 : Lecture 2- part3 Najwa AlGhamdi, MSc – 2012 /1433.
Cryptography and Network Security Public Key Cryptography and RSA.
Cryptography and Network Security Chapter 9 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Chapter 3 – Public Key Cryptography and RSA (A). Private-Key Cryptography traditional private/secret/single-key cryptography uses one key shared by both.
Cryptography COS 461: Computer Networks Precept: 04/20/2012 Princeton University 1.
CSE 486/586, Spring 2012 CSE 486/586 Distributed Systems Security Steve Ko Computer Sciences and Engineering University at Buffalo.
Chapter 9 Public Key Cryptography and RSA. Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender.
Cryptography and Network Security Chapter 9 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Chapter 8 IP Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI.
Cryptography and Network Security Chapter 9 Fourth Edition by William Stallings.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security (CS435) Part Thirteen (IP Security)
Network Security Celia Li Computer Science and Engineering York University.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Network Layer Security Network Systems Security Mort Anvari.
By Marwan Al-Namari & Hafezah Ben Othman Author: William Stallings College of Computer Science at Al-Qunfudah Umm Al-Qura University, KSA, Makkah 1.
Chapter 9 – Public Key Cryptography and RSA Every Egyptian received two names, which were known respectively as the true name and the good name, or the.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
CSEN 1001 Computer and Network Security Amr El Mougy Mouaz ElAbsawi.
Cryptography and Network Security Chapter 9 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
第六章 IP 安全. Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
UNIT 7- IP Security 1.IP SEC 2.IP Security Architecture
IPSecurity.
CSE 486/586 Distributed Systems Security --- 1
CSE565: Computer Security Lecture 23 IP Security
Cryptography and Network Security
CSE 486/586 Distributed Systems Security --- 1
Cryptography and Network Security
Presentation transcript:

Network and Communication Security COS 461: Computer Networks Spring 2009 (MW 1:30-2:50 in COS 105) Mike Freedman Teaching Assistants: Wyatt Lloyd and Jeff Terrace 1

Overview Network security and definitions Brief introduction to cryptography – Cryptographyic hash hunctions – Symmetric-key crypto – Public-key crypto IP-Sec DNS-Sec (Slides partially from Nick Feamster’s GATech network security course) 2

Internet’s Design: Insecure Designed for simplicity “On by default” design Readily available zombie machines Attacks look like normal traffic Internet’s federated operation obstructs cooperation for diagnosis/mitigation 3

Security: Definition Security is a state of well-being of information and infrastructures in which the possibility of successful yet undetected theft, tampering, and disruption of information and services is kept low or tolerable Security rests on confidentiality, authenticity, integrity, and availability 4

Basic Components Confidentiality: concealment of information or resources Authenticity: identification and assurance of the origin of info Integrity: the trustworthiness of data or resources in terms of preventing improper and unauthorized changes Availability the ability to use the info or resource desired Non-repudiation: offer of evidence that a party indeed is the sender or a receiver of certain information Access control: facilities to determine and enforce who is allowed access to what resources (host, software, network, …) 5

Eavesdropping - Message Interception (Attack on Confidentiality) Unauthorized access to information Packet sniffers and wiretappers Illicit copying of files and programs A B Eavesdropper 6

Eavesdropping Attack: Example tcpdump with promiscuous network interface – On a switched network, what can you see? What might the following traffic types reveal about communications? – DNS lookups (and replies) – IP packets without payloads (headers only) – Payloads 7

Integrity Attack - Tampering Stop the flow of the message Delay and optionally modify the message Release the message again A B Perpetrator 8

Authenticity Attack - Fabrication Unauthorized assumption of other’s identity Generate and distribute objects under this identity A B Masquerader: from A 9

Attack on Availability Destroy hardware (cutting fiber) or software Modify software in a subtle way Corrupt packets in transit Blatant denial of service (DoS): – Crashing the server – Overwhelm the server (use up its resource) A B 10

Impact of Attacks Theft of confidential information Unauthorized use of – Network bandwidth – Computing resource Spread of false information Disruption of legitimate services All attacks can be related and are dangerous! 11

12 Introduction to Cryptography

13 What is Cryptography? Comes from Greek word meaning “secret” – Primitives also can provide integrity, authentication Cryptographers invent secret codes to attempt to hide messages from unauthorized observers Modern encryption: – Algorithm is public, key is secret and provides security – May be symmetric (secret) or asymmetric (public) plaintext ciphertext plaintext encryptiondecryption

14 Cryptographic Algorithms: Goal Given key, relatively easy to compute Without key, hard to compute (invert) “Level” of security often based on “length” of key

15 Three Types of Functions Cryptographic hash Functions – Zero keys Secret-key functions – One key Public-key functions – Two keys

16 Cryptographic hash functions

17 Cryptography Hash Functions Take message, m, of arbitrary length and produces a smaller (short) number, h(m) Properties – Easy to compute h(m) – Pre-image resistance: Hard to find an m, given h(m) “One-way function” – Second pre-image resistance: Hard to find two values that hash to the same h(m) E.g. discover collision: h(m) == h(m’) for m != m’ – Often assumed: output of hash fn’s “looks” random

Hash Algorithm Structure 18

Hash and MAC Algorithms Hash Functions – Condense arbitrary size message to fixed size – By processing message in blocks – Through some compression function – Either custom or block cipher based Message Authentication Code (MAC) – Fixed sized authenticator for some message – To provide authentication for message – By using block cipher mode or hash function 19

How hard to find collisions? Birthday Paradox Compute probability of different birthdays Random sample of n people taken from k=365 days Probability of no repetition: – P = 1 - (1)(1 - 1/365)(1 – 2/365)(1 – 3/365) … (1 – (n-1)/365) – P ~ 1 – e^-(n(n-1)/2k – Let k=n, P ~ 2^N/2 20

How Many Bits for Hash? If m bits, takes 2 m/2 to find weak collision – Still takes 2 m to find strong (pre-image) collision 64 bits, takes 2 32 messages to search (easy!) Now, MD5 (128 bits) considered too little SHA-1 (160 bits) getting old 21

22 Example use Password hashing – Can’t store passwords in a file that could be read Concerned with insider attacks! – Must compare typed passwords to stored passwords Does hash (typed) == hash (password) ? – Actually, a “salt” is often used: hash (input || salt) File-sharing software (Freenet, BitTorrent) – File named by F name = hash (data) – Participants verify that hash (downloaded) == F name

23 Example use #2: TCP SYN cookies General idea – Client sends SYN w/ ACK number – Server responds to Client with SYN-ACK cookie sqn = f (time, rand nonce, src ip, src port, dest ip, dest port) Server does not save state – Honest client responds with ACK (sqn) – Server checks response – If matches SYN-ACK, establishes connection Prevents resource-exhausting attack by clients

24 TCP SYN/ACK seqno encodes a cookie – 32-bit sequence number t mod 32: counter to ensure sequence numbers increase every 64 seconds MSS: encoding of server MSS (can only have 8 settings) Cookie: easy to create and validate, hard to forge – Includes timestamp, nonce, 4-tuple t mod bits MSS 3 bits Cookie=HMAC(t, N s, SIP, SPort, DIP, DPort) Example use #2: TCP SYN cookies

25 Symmetric (Secret) Key Cryptography

26 Symmetric Encryption Also: “conventional / private-key / single-key” – Sender and recipient share a common key – All classical encryption algorithms are private-key Was only type of encryption prior to invention of public-key in 1970’s – And by far most widely used – Typically more computationally efficient

27 Symmetric Cipher Model

28 Requirements Two requirements – a strong encryption algorithm – a secret key known only to sender / receiver Mathematically: Y = E K (X) ; X = D K (Y) Goal: Given key, generate a 1-to-1 mapping to ciphertext that looks random if key unknown Assume encryption algorithm is known Implies a secure channel to distribute key

Block vs. Stream Ciphers Block ciphers process messages in blocks, each of which is then en/decrypted – Each block 64-bits or more – DES, AES, etc… Stream ciphers process messages a bit or byte at a time when en/decrypting (e.g., MD4) 29

30 Public-Key Cryptography

Why Public-Key Cryptography? Developed to address two key issues: – Key distribution – how to secure communication without having to trust a KDC with your key – Digital signatures – how to verify msg comes intact from claimed sender (w/o prior establishment) Public invention due to Whitfield Diffie & Martin Hellman in 1976 – known earlier in classified community 31

Public-Key Cryptography Public-key/two-key/asymmetric cryptography involves the use of two keys: – A public-key, which may be known by anybody, and can be used to encrypt messages, and verify signatures – A private-key, known only to the recipient, used to decrypt messages, and sign (create) signatures Is asymmetric because – Those who encrypt messages or verify signatures cannot decrypt messages or create signatures – If “one-way function” goes c  F(m), then public-key encryption is a “trap-door” function: Easy to compute c  F(m) Hard to compute m  F -1 (m) without knowing k Easy to compute m  F -1 (m,k) by knowing k 32

Public-Key Cryptography 33

Security of Public Key Schemes Like private key schemes brute force exhaustive search attack is always theoretically possible – But keys used are too large (> 1024bits) Security relies on a large enough difference in difficulty between easy (compute) and hard (invert without trapdoor) problems – More generally the hard problem is known, but is made hard enough to be impractical to break Requires the use of very large numbers – Hence is slow compared to private key schemes 34

RSA Rivest, Shamir, & Adleman in 1977 – best known & widely used public-key scheme Based on exponentiation in a finite field over integers modulo a prime – Exponentiation takes O((log n) 3 ) operations (easy) – Uses large integers (e.g., 1024 bits) Security due to cost of factoring large numbers – factorization takes O(e log n log log n ) operations (hard) 35

RSA Algorithm Key generation – Generate two large primes p and q ; compute n=p*q – Find e,d such that e*d = 1 mod (p-1)(q-1) To encrypt a message M the sender: – Obtain public key of recipient PU={e,n} – Compute C = M e mod n, where 0 ≤ M < n To decrypt the ciphertext C the owner: – Uses private key PR={d,n} – Computes M = C d mod n Note that msg M must be smaller than the modulus n – Otherwise, hybrid encryption: Generate random symmetric key r Use public key encryption to encrypt r Use symmetric key encryption under r to encrypt M 36

37 IP Security

There is range of app-specific security mechanisms – eg. S/MIME, PGP, Kerberos, SSL/HTTPS However there are security concerns that cut across protocol layers Implement by the network for all applications? Enter IPSec! 38

IPSec General IP Security mechanisms Provides – authentication – confidentiality – key management Ppplicable to use over LANs, across public & private WANs, and for the Internet 39

IPSec Uses 40

Benefits of IPSec If in a firewall/router: – Provides strong security to all traffic crossing the perimeter – Resistant to bypass Is below transport layer, hence transparent to applications Can be transparent to end users Can provide security for individual users Secures routing architecture 41

IP Security Architecture Specification is quite complex Defined in numerous RFC’s – Incl. RFC 2401 / 2402 / 2406 / 2408 Mandatory in IPv6, optional in IPv4 Have two security header extensions: –Authentication Header (AH) –Encapsulating Security Payload (ESP) 42

IPSec Services Access control Connectionless integrity Data origin authentication Rejection of replayed packets – A form of partial sequence integrity via seq #’s – But not as robust as if on top of TCP (why not?) Confidentiality (encryption) Limited traffic flow confidentiality 43

Transport vs. Tunnel Mode ESP Transport mode is used to encrypt & optionally authenticate IP data – Data protected but header left in clear – Can do traffic analysis but is efficient – Good for host-to-host traffic Tunnel mode encrypts entire IP packet – Add new header for next hop – Good for VPNs, gateway-to-gateway security 44

45 DNS Security

Source: 46

Root level DNS attacks Feb. 6, 2007: – Botnet attack on the 13 Internet DNS root servers – Lasted 2.5 hours – None crashed, but two performed badly: g-root (DoD), l-root (ICANN) Most other root servers use anycast 47

Do you trust the TLD operators? Wildcard DNS record for all.com and.net domain names not yet registered by others.com.net – September 15 – October 4, 2003 – February 2004: Verisign sues ICANN Redirection for these domain names to Verisign web portal: “to help you search” – and serve you ads…and get “sponsored” search 48

Defense: Replication and Caching source: wikipedia 49

DNS Amplification Attack 580,000 open resolvers on Internet (Kaminsky-Shiffman’06) DNS Server DoS Source DoS Target DNS Query SrcIP: DoS Target (60 bytes) EDNS Reponse (3000 bytes) DNS Amplification attack: (  40 amplification ) 50

attacker Solutions ip spoofed packets replies victim open amplifier prevent ip spoofing disable open amplifiers 51

But should we believe it? Enter DNSSEC DNSSEC protects against data spoofing and corruption DNSSEC also provides mechanisms to authenticate servers and requests DNSSEC provides mechanisms to establish authenticity and integrity 52

PK-DNSSEC (Public Key) The DNS servers sign the hash of resource record set with its private (signature) keys Public keys can be used to verify the SIGs Leverages hierarchy: – Authenticity of nameserver’s public keys is established by a signature over the keys by the parent’s private key – In ideal case, only roots’ public keys need to be distributed out-of-band 53

Verifying the tree stub resolver Question: ? A ? resolver.(root) A ? ask.com server SIG (ip addr and PK of.com server).com A ? ask cnn.com server SIG (ip addr and PK of cnn.com server) cnn.com A ? SIG (xxx.xxx.xxx.xxx) xxx.xxx.xxx.xxx add to cache src.cs.princeton.edu dns.cs.princeton.edu transaction signatures slave servers transaction signatures 54

Summary Network security and definitions Introduction to cryptography – Cryptographic hash functions: Zero keys, hard to invert, hard to find collisions – Symmetric-key crypto One key, hard to invert, requires key distribution – Public-key crypto Two keys, hard to invert, more expensive Application to crypto to help secure IP communication and DNS lookup 55