Cyber Security Basics,Threat Pragmatics & Cryptography

Network Security Workshop

29-31 May 2017

Phnom Penh, Cambodia

Overview

• Security Overview• Threat Pragmatics

• Cryptography Basics

2

Drawing some correlations

3

Why Security?

• The Internet was initially designed for connectivity – Trust was assumed– Security protocols added on top of the TCP/IP with time

• The Internet has become fundamental to our daily activities (business, work, and personal)

• Fundamental aspects of information must be protected– Confidential data– Employee information– Business models– Protect identity and resources

4

Internet Evolution

Security (threats and challenges) changes as the Internet evolves!

LAN connectivity Content driven (email, web, music, video)

Data on the Cloud

5

Recent Incidents• WannaCry Ransomware (May 2017)

– As of 12 May, 45K attacks across 74 countries– Remote code execution in SMBv1 using EternalBlue exploit

• TCP 445, or via NetBIOS (UDP/TCP 135-139)

– Patch released on 14 March 2017 (MS17-010)• https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

– Exploit released on 14 April 2017

6

Recent Incidents• SHA-1 is broken (Feb 23, 2017)

– colliding PDF files: obtain same SHA-1 hash of two different pdf files, which can be abused as a valid signature on the second PDF file.• https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html

7

Recent Incidents• San Francisco Rail System Hacker Hacked

(Nov 2016)– Ransomware attack on San Francisco public transit gave

everyone a free ride (cryptom27@yandex.com)• Encrypts boot sectors (ransom for decryption) - Mamba

– Java vulnerability not patched (Security Alert CVE-2015-4852 since Nov 2015 from Oracle )

8

Recent Incidents

• Dyn cyberattack (Oct 2016)– With an estimated throughput of 1.2 terabits per second– DDoS by IOT devices (Mirai botnet)– malicious queries!

9

Recent Incidents• Cloudbleed (Sept 2016)

– Again a buffer overflow like Heartbleed affecting Cloudflare– Coding bug (Layer 8 problem!):

• inserted an == instead of >= in the source code of cf-html (html parser), causing a buffer overflow

– Problem: HTTP requests read past the buffer and kept reading from other memory spaces• Session tokens• Encryption keys• POST data• Passwords

– cached by search engines L• https://github.com/pirate/sites-using-cloudflare

10

www.shodan.io

11

• Find any internet connected device

haveibeenpwned.com

12

abc@test.com

• Have you been compromised?

Who are they? (Attack Motivation)

• Nation states want SECRETS

• Organized criminals want MONEY

• Protesters or activists want ATTENTION

• Hackers and researchers want KNOWLEDGE

13

Source: NANOG60 keynote presentation by Jeff Moss, Feb 2014

http://cartoonsmix.com/cartoons/national-security-agency-cartoon.html

Threats, Vulnerability, and Risks

• Threat– circumstance or event with potential to cause harm to a

networked system

• Vulnerability– A weakness that can be exploited

• Software bugs• Design flaws• Configuration mistakes• Lack of encryption

• Risk– The likelihood that a particular vulnerability will be exploited

14

The Threat Matrix

15

Degree of Focus

Opportunistic hacks

Joy hacks Targeted attacks

Advanced Persistent Threats

Source: Thinking Security – Steve M. Bellovin

Joy Hacks

• For fun - with little skill using known exploits

• Minimal damage - especially unpatched machines

• Random targets – anyone they can hit

• Most hackers start this way – learning curve

16

Opportunistic Hacks

• Skilled (often very skilled) - also don’t care whom they hit– Know many different vulnerabilities and techniques

• Profiting is the goal - bank account thefts, botnets, ransomwares….– WannaCry?

• Most phishers, virus writers, etc.

17

Targeted Attacks

• Have a specific target!

• Research the target and tailor attacks– physical reconnaissance

• At worst, an insider (behind all your defenses)– Not so happy

• Tools like “spear-phishing”

• May use 0-days

18

Advanced Persistent Threats

• Highly skilled (well funded) - specific targets– Mostly 0-days

• Sometimes (not always) working for a nation-state– Think Stuxnet (up to four 0-days were used)

• May use non-cyber means:– burglary, bribery, and blackmail

• Note: many lesser attacks blamed on APTs

19

Are you a Target?

• Biggest risk?– assuming you are not interesting enough!

• Vendors and their take on security:– Underwhelming– Overwhelming

20

Defense Strategies

• Depends on what you’re trying to protect

• Tactics that keep out teenagers won’t keep out a well-funded agency

• But stronger defenses are often much more expensive, and cause great inconvenience

21

What Are You Protecting?

• Identify your critical Assets– Both tangible and intangible (patents, methodologies) assets

• Hardware, software, data, people, documents

– Who would be interested?

• Place a Value on the asset– Different assets require different level of protection– Security measures must be in proportion with asset value

• How much can you afford?

• Determine Likelihood of breaches– threats and vulnerabilities ?

22

Against Joy Hacks

• By definition, joy hackers use known exploits

• Patches exist for known holes:– Up to date system patches– Up to date antivirus database

• Ordinary enterprise-grade firewalls will also repel them

23

Opportunistic Hacks

• Sophisticated techniques used

• You need multiple layers of defense– Up to date patches and anti-virus– Firewalls– Intrusion detection– Lots of attention to log files

24

Targeted Attacks

• Targeted attacks exploit knowledge of target– Try to block or detect reconnaissance– Security policies and procedures matter a lot

• How do you respond to phone callers?• What do people do with unexpected attachments?• USB sticks in the parking

• Hardest case: disgruntled employee or ex-employee– Already behind your defenses– Think Manning & Snowden

25

Advanced Persistent Threats

• L very very hard defend against!

• Use all of the previous defenses

• There are no sure answers

• Pay special attention to policies and procedures

• Investigate all oddities

26

Example of Security Controls

27

Category Example of Controls Purpose

Policy & Procedure

Cyber Security Policy, IncidentHandling Procedure

Make everyone aware of theimportance of security, define role and responsibilities (pre and post incident), understandscope of the problem

Technical Firewall, Intrusion DetectionSystem, AV, Logging Systems

Prevent and detect potentialattacks, mitigate risk of breach

Physical CCTV, Locks, Biometrics, Secure working space

Prevent physical theft of information assets or unauthorized physicalaccess

Goals of Information Security

Confidentiality Integrity Availability

SEC

UR

ITY

prevents unauthorized use or disclosure of

information

safeguards the accuracy and

completeness of information

authorized users have reliable and timely access to

information

28

Access Control

• To permit or deny the use of resource(s)

• All about:– Authentication (who is the user)– Authorization (who is allowed to use what)– Accountability (what did the user do)

Authentication

• Verify a user’s identity• “user” may refer to:

– A person – An application or process– A machine or device

• Identification comes before authentication– Ex: username to establish user’s identity

• To prove identity, a user must present either:– What you know (passwords, passphrase, PIN)– What you have (token, smart cards, passcodes, RFID)– Who you are (biometrics such as fingerprints and iris scan,

signature or voice)

Strong Authentication

• An absolute requirement

• Two-factor authentication – Passwords (something you know)– Tokens (something you have)

• Examples:– Passwords– Tokens– PINs– Biometrics– Certificates

Two-factor Authentication• At least two authentication ‘factors’ to prove user’s

identity– something you know

• Username/password

– something you have• Token using a one-time password (OTP)

• OTP is generated using device in physical possession of the user– generated each time and expires after some time– through applications installed on mobile device

• Multi-factor authentication is also common

Authorization

• Defines the user’s rights and permissions on a system

• Typically done after user has been authenticated• Grants a user access to a particular resource and

what actions he is permitted to perform on that resource

• Access criteria based on the level of trust:– Roles– Groups– Location– Time– Transaction type

Authorization Concepts

• Authorization Creep– When users may possess unnecessarily high access

privileges within an organization

• Default to Zero– Start with zero access and build on top of that

• Need to Know Principle– Least privilege; give access only to information that the user

absolutely need

• Access Control Lists– List of users allowed to perform particular access to an

object (read, write, execute, modify)

Accountability

• What did the user do with the resource?

• Actions of an entity to be traced back uniquely to that entity – Senders cannot deny sending information– Receivers cannot deny receiving it – Users cannot deny performing a certain action

• Supports nonrepudiation, deterrence, fault isolation, intrusion detection and prevention and after-action recovery and legal action

Source: NIST Risk Management Guide for Information Technology Systems

Overview

• Security Overview

• Threat Pragmatics • Cryptography Basics

36

Target

• Targets could be:– Network infrastructure– Network services– Application services– End user machines

• What’s at risk?

Attacks on Different LayersApplication

Presentation

Session

Transport

Network

Data Link

Physical

Application

Transport

Internet

Network Access (Link Layer)

Layer 2: Ethernet, PPP, ARP, NDP, OSPF

Layer 4: TCP, UDP, SCTP

Layer 5: NFS, Socks

Layer 7: HTTP, FTP, IMAP, LDAP, NTP, Radius, SSH, SMTP, SNMP, Telnet, DNS, DHCP

DNS Poisoning, Phishing, SQL injection, Spam/Scam

ARP spoofing, MAC flooding

OSI Reference Model TCP/IP Model

Layer 3: IPv4, IPv6, ICMP, ICMPv6, IGMP

TCP attacks, Routing attack, SYN flooding

Ping/ICMP Flood, Sniffing

38

Layer 2 Attacks

• ARP Spoofing

• MAC attacks

• DHCP attacks

• VLAN hopping

39

ARP Spoofing

ARP Cache poisoned. Machine A connects to Machine D (not C)

I want to connect to 10.0.0.3. I don’t know the

MAC address

10.0.0.1AA-AA-AA-AA-AA-AA

10.0.0.2BB-BB-BB-BB-BB-BB

10.0.0.3CC-CC-CC-CC-CC-CC

10.0.0.4DD-DD-DD-DD-DD-DD

ARP Request

ARP Reply

Wait, I am 10.0.0.3!

I am 10.0.0.3. This is my MAC address

40

MAC Flooding

• Exploits the limitation of all switches

• CAM stores mapping of individual MAC addresses to source ports.

• Attacker floods the CAM table using spoofed source MAC addresses

41

DHCP Attacks

• DHCP Starvation Attack– Broadcasting vast number of DHCP requests with spoofed

MAC address simultaneously.

• DHCP Spoofing– Rogue DHCP

42

Layer 3 Attacks

• ICMP Attacks– ICMP Smurf/Flood– Ping of death

• Control plane attacks

43

ICMP Flood/Smurf

NetworkBroadcast Address

Victim

Other forms of ICMP attack:-Ping of death

Attacker

Echo request Echo request

Echo reply to actual destination

44

Routing Attacks

• Malicious route insertion– Poison routing table

• Distance Vector – Announce 0 (hop count-16 for RIPv2) distance to all other

nodes (count to infinity!)• Blackhole traffic

• Link State – drop links randomly (convergence)– Malicious routes to eavesdrop

• BGP attacks– Originate someone's prefix– Tamper the path information

45

TCP Attacks

• SYN Flood –attacker sends SYN requests in succession to a target

• Causes a host to retain enough state for bogus half-connections such that there are no resources (memory) left to establish new legitimate connections.

46

TCP Attacks

• Exploits the TCP 3-way handshake

• Attacker sends a series of SYN packets without replying with the ACK packet

• Finite queue size for incomplete connections

ServerCONNECTION ESTABLISHED

SYN

SYN+ACK

ACK

47

TCP Attacks

• Exploits the TCP 3-way handshake

• Attacker sends a series of SYN packets – Does not send ACK packet

• Finite queue size for incomplete connections

Server(Victim)

Attacker

OPEN CONNECTIONS

SYN

SYN+ACK

ACK?

48

Application Layer Attacks

• Scripting vulnerabilities

• Cookie poisoning

• Buffer overflow

• Hidden field manipulation

• Parameter tampering

• Cross-site scripting

• SQL injection

49

Layer 7 DDoS Attack

• Traditional DoS attacks focus on L3 and L4

• On L7, a DoS attack targets applications disguised as legitimate packets

• The aim is to exhaust application resources (bandwidth, ports, protocol weakness)

• Includes:– Slowloris– RUDY (R-U-Dead Yet)

• POST request with long content length and write forms slowly

– LOIC/HOIC (Low/high orbit Ion canon)• TCP/UDP/HTTP requests (H-only HTTP with scripts)

50

Layer 7 DDoS – Slowloris

• Incomplete HTTP requests– No blank line in request header (\r\n)

• Properties– Low bandwidth– Keep threads active

• Only affects threaded web servers (Apache)• Doesn’t work through load balancers

– Keepalives to reset timeout

51

DNS Changer

• Anyone who controls your DNS controls what you see!

• How: – infect computers with a malicious software (malware) – This malware changes the user’s DNS settings with that of

the attacker’s DNS servers– Points the DNS configuration to DNS resolvers in specific

address blocks and use it for their criminal enterprise

52

DNS Cache Poisoning

• Caching incorrect resource record that did not originate from authoritative DNS sources.

• Result: – connection (web, email, network) is redirected to another

target (controlled by the attacker)

53

DNS Cache Poisoning

(pretending to be the authoritative

zone)

ns.example.comWebserver

(192.168.1.1)

DNS Caching Server

Client

I want to access www.example.com

1

QID=645712

QID=64569

QID=64570

QID=64571

www.example.com 192.168.1.1

match!

www.example.com 192.168.1.993

3

Root/GTLD

QID=64571

54

Amplification Attacks

• Exploiting UDP protocol to return large amplified amounts of data– Small request, large reply

• Examples:– DNS– NTP– SMTP

55

DNS Amplification Attack

• A type of reflection attack combined with amplification– Source of attack is reflected off other machine(s)– Traffic received is bigger (amplified) than the traffic sent by

the attacker

• UDP packet’s source address is spoofed

56

DNS Amplification

Bots

57

Attacker

ns.example.com

Victim

Open DNS Resolvers

Root/GTLD

www.example.com 192.168.1.1

Queries (ANY) withspoofed IP - Victim’s IP

dig ANY www.example.com @8.8.8.8 +edns=0 +notcp +bufsize=4096 +dnssec

NTP Amplification

• UDP 123

• NTP versions older than v4.2.7p26 vulnerable to “monlist” attack– Made easier by Open NTP servers (time.google.com)– Monlist fetches the MRU list of NTP associationsntpdc -C –n monlist <NTP-Server-IP>

• Several incidents in 2014– Use mrulist instead of monlist (requires proof)– Upgrade NTP (ntpd) server

58

Wireless Attacks

• WEP (wired equivalent privacy) – first go at wireless security

• 104-bit WEP key:– 50% of the time broken with 45k packets– 95% of the time with 85k packets (in less than 60 seconds)

• Use WPA2 (wired protected access)– WPA – 256-bit key– WPA2 - AES

59

Tews,Weinmann, and Pyshkin, "Breaking 104 bit WEP in less than 60 seconds", Proceedings of the 8th international conference on Information security applications, 2007

Wireless Attacks- MITM

• Creates a fake access point and have clients authenticate to it instead of a legitimate one.

• Capture traffic (usernames, passwords)

60

Security - Different LayersApplication

Presentation

Session

Transport

Network

Data Link

Physical

Application

Transport

Internet

Network Access (Link Layer)

Layer 2: Ethernet, PPP, ARP, NDP, OSPF

Layer 4: TCP, UDP, SCTP

Layer 5: NFS, Socks

Layer 7: HTTP, FTP, IMAP, LDAP, NTP, Radius, SSH, SMTP, SNMP, Telnet, DNS, DHCP

DNS Poisoning, Phishing, SQL injection, Spam/Scam

ARP spoofing, MAC flooding

OSI Reference Model TCP/IP Model

Layer 3: IPv4, IPv6, ICMP, ICMPv6, IGMP

TCP attacks, Routing attack, SYN flooding

Ping/ICMP Flood, Sniffing

IEEE 802.1X, PPP & PPTP

IPsec

TLS, SSL, SSH

HTTPS, DNSSEC, PGP, SMIME

61

BCP 38• Since 1998!

– https://tools.ietf.org/html/bcp38

• Only allow traffic with valid source addresses to– Leave your network (only those from your address space)– To enter your network (only from your customer’s address

space)

• uRPF verifies both source address and incoming interface with FIB entries– ip/ipv6 verify unicast reverse-path

62

Link-Layer Security

• Dynamic ARP Inspection– Check IP to MAC binding

• Port Security

• 802.1X

63

Transport Layer Security

• Secure Socket Layer (SSL)• Secure Shell (SSH)• SYN Cookies

– MD5 hash (source IP, source port, dest IP, dest port and ISN in SYN)

– Send in its SYN-ACK – no need for state for half-open connections in memory

64

Enable:vi /etc/sysctl.confÞ net.ipv4.tcp_syncookies = 1

Verify:Þ cat /proc/sys/net/ipv4_tcpsyncookiesÞ sysctl –n net ipv4.tcp_syncookies

Application Layer Security

• HTTPS

• PGP (Pretty Good Privacy)

• SMIME (Secure Multipurpose Internet Mail Extensions)

• TSIG and DNSSEC

• Wireless Encryption - WEP, WPA, WPA2

65

Overview

• Network SecurityFundamentals

• Threat Pragmatics

• Cryptography Basics

66

Cryptography

67

• All about hiding information in plain sight!

Cryptography• Cryptography deals with creating documents that

can be shared secretly over public communication channels

• Other terms closely associated– Cryptanalysis = code breaking– Cryptology

• Kryptos (hidden or secret) and Logos (description) = secret speech / communication

• combination of cryptography and cryptanalysis

• Cryptography is a function of plaintext and a cryptographic key

C = F(P,k) Notation:Plaintext (P)Ciphertext (C)Cryptographic Key (k)

68

Terminology

• Cryptography : the practice and study of hiding information

• Cryptanalysis : to find some weakness or insecurity in a cryptographic scheme

• Encryption : the method of transforming data (plain text) into an unreadable format

• Plaintext - the “scrambled” format of data after being encrypted

69

Cryptosystem Terminology

• Decryption : the method of turning cipher text back into plaintext

• Encryption Algorithm : a set of rules or procedures that dictates how to encrypt and decrypt data, also called encryption cipher

• Key : (cryptovariable) a value used in the encryption process to encrypt and decrypt

70

Key is the key

• The key length is the measure in bits and the key space is the number of possibilities that can be generated by a specific key length

• Example : – 22 key = a keyspace of 4– 24 key = a keyspace of 16 – 240 key = a keyspace of 1,099,511,627,776

71

• Assume everyone knows your encryption/decryption algorithm

• Security of encryption lies in the secrecy of the keys, not the algorithm! – Kerckhoff’s principle

• How do we keep them safe and secure?

72

Key is the key

Work Factor

• The amount of processing power and time to break a crypto system

• No system is unbreakable

• Make it too expensive to break

73

Encryption

• Scramble plaintext to ciphertext using a cryptographic key

• Used all around us– Application Layer – used in secure email, database sessions,

and messaging– Session layer – Secure Socket Layer (SSL) or Transport

Layer Security (TLS)– Network Layer –IPsec

74

Encryption and Decryption

Plaintext Ciphertext Plaintext

ENCRYPTIONALGORITHM

DECRYPTIONALGORITHM

Encryption Key Decryption Key

75

Symmetric Key Algorithm

• Same key to encrypt and decrypt information– Both sender and receiver needs to know the key

• Also known as a secret-key algorithm– The key must be kept a “secret” to maintain security

• Follows the more traditional form of cryptography with key lengths ranging from 40 to 256 bits.

• Examples:– DES, 3DES, AES, RC4, RC6, Blowfish

76

Same shared secret key

Plaintext

ENCRYPTIONALGORITHM

DECRYPTIONALGORITHM

Ciphertext Plaintext

Encryption Key Decryption Key

Shared Key Shared Key

Symmetric Encryption

77

Symmetric Key AlgorithmSymmetric Algorithm Key SizeDES 56-bit keys

Triple DES (3DES) 112-bit and 168-bit keys

AES 128, 192, and 256-bit keys

IDEA 128-bit keys

RC2 40 and 64-bit keys

RC4 1 to 256-bit keys

RC5 0 to 2040-bit keys

RC6 128, 192, and 256-bit keys

Blowfish 32 to 448-bit keys

Note: Longer keys are more difficult to crack, but more computationally expensive.

78

Asymmetric Key Algorithm

• Also called public-key cryptography

• Public-Private key pair– Encrypt with one key and decrypt with the other

• Keep private-key private• Anyone can see the public-key

• The decryption key cannot, at least in a reasonable amount of time, be calculated from the encryption key and vice-versa.

• Examples:– RSA, DSA, Diffie-Hellman, ElGamal, PKCS

79

Asymmetric Encryption

Plaintext

ENCRYPTIONALGORITHM

DECRYPTIONALGORITHM

Ciphertext Plaintext

Encryption Key Decryption Key

Public Key Private Key

Different keys

80

Asymmetric Key Algorithms

• RSA (512-2048 bits)– the first and still most common implementation

• DSA (512-1024)– provides capability for authentication of messages

• Diffie-Hellman (512, 1024, 2048 bits) – used for secret key exchange only

• ElGamal (512-1024)– used for key exchange (similar to DH)

81

Hash Functions

• produces a condensed representation of a message

• takes an input message of arbitrary length and outputs fixed-length code– The fixed-length output is called the hash or message digest

• A form of signature that uniquely represents the data

• Uses: – Verifying file integrity – Digitally signing documents– Hashing passwords

82

Hash Functions

• Message Digest (MD) Algorithm – Outputs a 128-bit fingerprint of an arbitrary-length input– MD5 is widely-used

• Secure Hash Algorithm (SHA)– SHA-1 produces a 160-bit message digest similar to MD5

• Widely-used on security applications (TLS, SSL, PGP, SSH, S/MIME, IPsec) L

– SHA-256, SHA-384, SHA-512 produce longer hash values

83

Digital Signature

• Encrypted hash of a message appended to the message– used to prove the identity of the sender and the integrity of

the packet

84

Digital Signature Process

• Hash the data

• Encrypt the hash with the sender’s private key

• Append the signature to the data

DATA HASH SIGNATURE

MD5/SHA PRIVATE KEY

85

SIGNATURE

Verification - Receiver• Hash the received data

– with the same hashing algorithm

• Decrypts the signature using the sender’s public key

• Compare the hashes– If match, the data was not modified and signed by the

sender

DATAHASH

HASH

MD5/SHA-1

86

PUBLIC KEYSIGNATURE

Example

87

https://www.gpg4win.org (MSWIN) https://www.gpgtools.org (OS X)

PKI / PGP Primer

• 🔑 Public Key• 🗝 Private Key

• 📝 Message

• 📝+🔑 = 🔒✉ Encrypted

• 🔒✉+🗝 = 🔓📝 Decrypted• 📝+🗝 = 🔏✉ Signed

• 🔏✉ + 🔑 = 👤 Authenticated

88

89