Lecture 01-introduction

Network Security

Dr. Nguyen Tuan Nam [email protected]

mailto:[email protected]


2

What to Be Covered

Nguyen Tuan Nam/NetSec/Win2010

Cryptography

Authentication

Standard Electronic

mail Others

3

Assignment & Grading


Textbook Network Security – Private Communication in a

Public World, 2nd edition, Charlie Kaufman, Radia Perlman, Mike Speciner, Prentice Hall

2 exams Midterm

On the 5th week (4 weeks from today) 25%

Final exam (or final project) 45%

Term projects (20%) Class participation (10%) Students are responsible to attend classes and

take notes (extra credit) Fun and creative

4

Terminology


Hacker Not for the vandals that break into

computer systems Steal money, people’s time Called intruder, bad guy and imposter

(Trudy) Instead, master

programmers Incorruptly honest Not motivated by money Careful not to harm

anyone Secret key cryptography (instead

of symmetric cryptography) Public key cryptography (instead of

asymmetric cryptography)

5

Terminology


Privacy Keeping communication from being

seen by anyone other than the intended recipients

Other books use confidentiality Alice and Bob: Alice’s computer

and Bob’s computer User Alice and user Bob: human

6

Why so many Terminology?


Speaker: Isn’t it terrifying that on the Internet we have no privacy?

A: You mean confidentiality? B: Why do security types insist

on inventing their own language? C: It’s a denial-of-service attack

7

Notation


Symbol Description

⊕ Bitwise-exclusive-or

| Concatenation

K{message}

Message encrypted with secret key K

{message}B

ob

Message encrypted with Bob’s public key

[message]Bo

b

Message signed with Bob’s private key

Primer on Networking

Dr. Nguyen Tuan Nam [email protected]



9

OSI Reference Model Not the only way to construct a network

Designed by the ISO (International Standard Organization) Too big a task for single committee subdivide

the problem among several committees 7 layers

Each layer Uses the services of the layer below Adds functionality Provides services to the layer above

Note: real networks seldom neatly fit into the seven- layer model

10

OSI Reference Model

Application

Presentation

Session

Transport

Network

Data link

Physical

11

IP, UDP, and TCP

12

Directory Service

Directory or Naming Service Instead of one directory, it is

structured as a treeof directory Hierarchical name Prevent the directory from getting

unreasonable large Why is it important to security?

13

Replicated Services

Convenient to have 2 or more computers performing the same function (due to performance) Overloaded Distance Availability

Why is it so important to security?

14

Packet Switching

In a network, message is generally broken into smaller chunks

Each chunk (packet) is sent independently

Why? Messages from various sources can be

interleaved on the same link Error recovery is done on the chunk Buffer management in the routers is

simpler if the size of packets has a reasonable upper limit

15

Network Component

Clients Servers Dumb terminal Terminal server

16

Active vs. Passive Attacks Passive attack where the intruder

Eavesdrops but does NOT modify the message stream in anyway

Active attack where the intruder May transmit messages Replay old messages Modify messages in transit Delete selected messages Ex: man-in-the-middle attack

17

Layers and Cryptography

Encryption and integrity protection are done On the original message

Infrastructure does not need to know, just forward the message

Infrastructure and the one that keeps the crypto. protected message need not be trusted

Any corruption or lost

On each chunk of the message End-to-end Hop-by-hop

Packet switches must be trusted (by definition, the packet switches see the plaintext)

18

Authorization

Authentication proves who you are Authorization defines what you are

allowed to do Access control list (ACL)

Who is allow to do what with a resource

Capability model For each user, what he/she is allowed

to do

19

Tempest

Biggest concern: eavesdrop and modify/inject messages Magic of physics: movement of electrons

can be measured from a surprising distance away

Can eavesdrop without even needing to physically access the link

Wireless, shared medium US military Tempest program

Measures how far away an intruder must be before eavesdropping is impossble

That distance is known as the device’s control zone

Control zone is the region that must be physically guarded to keep out intruders

TRAN2013-09-09 01:08:15

--------------------------------------------ban kinh an toan. vao vung nay nghe len duoc

20

Key Escrow for Careless Users Prudent to keep your key in a safe place When misplace your own key still scan

retrieve a copy of the key A database of keys Only be reconstructed with the

cooperation of several independent machines

Some applications don’t require recoverable key Can be reset by third party (administrator)

User may want different keys for different uses Only some of the keys are escrowed

21

Viruses, Worms, Trojan Horses Trojan horse Instructions hidden inside an otherwise

useful program that do bad thing Usually used when the malicious instructions

are installed at the time the program is written

Viruses A set of instructions that, when executed,

inserts copies of itself into other programs Worms

A program that replicates itself by installing copies of itself on other machines across a network

22

Viruses, Worms, Trojan Horses Trapdoor An undocumented entry point intentionally

written into a program For debugging purposes, which can be

exploited as a security flaw Logic bomb

Malicious instructions that trigger on some event in the future

Zombie Malicious instructions installed on a

system that can be remotely triggered to carry out some attack

Large number of zombies

23

Where Do They Come From?

Trapdoor May be intentionally installed to facilitate

troubleshooting The rest

Written by bad guys Problem

Halting problem Impossible to tell what an arbitrary program will

do

Nobody looks No access to the source code Even if you did have access to the code, won’t

bother reading it at all

lL .S . e n a .b l e s C h i n e s e h a c k i n g o f G -o o g l eB .y B .r u c e S c:h:ne:ie r S p e c i a l t o C

J a n . = u y 2 3 , 2 0 1 0 .:5 :2 0 p .m . E S T

S T O R Y l l l G H L I G H T S

GDCJL!!;le s a . y : . h a c k e r : . -::ron,_ C1:L-i=a.

g o t i n t o i t -s. G:tn.a..i l -s.ys t e n 1

B ru--ce Sc:ho.e:i.er ·s ;ay: . ha.ck:a:r :.e x p l o i t e e : :'.ea.t u.:re ! ;ru-t i n t o : : .yst e n 1a t b e h e s t o c U .S . : g ov e : r n . m = n t

'\"'i.o'h=n gove:r :n=J .21l . t : . § e t acoe;s.c:. t op r i . v a t e co:t:n:I7Lu.:n.i e a .t:i01:L-s." t h e yi n v i t e .a.lrro.-s.e" h e sa.:y-;s;

• G o v t :.u:rvce:i.11 a nc e :an<

TJ c:o:c.t : r o l off" I n t e:r:o.cet a r e flou.:r:i:.hin._gc, h s ·s;ay-s.

-

E d n o r "s n .o:Le .- B r u c e. S c h n e l ,e r · i s a. secur i zy t e c h n o.l og i s t · a.n.d a:ui"ho:r o f' B e:y o n c l F e a r .- T h i n k i ng S , e n s i b. ) . A b .ou . t S e c u r i ' IJV i.n a n Uncer : ta . i .n "R\,..or:ld . '""l ?e. a d 1'1<!0re. o f h i s 1-'Y i t t .ng a t h t t p .- 1.'1l1.'w.schneie.r. .co .n ,..

(C · il\.1-) - - 'G o o g le m a d e h e adl.li.:ne s -.;, h e n lt ' .<V e n it p u b l ic ;.;\r l l i t h e f a c t l l iat rC h i n es e h a ckretrs h a d p en""'ltlr.a ltred :s.o m re o f lts ,s,en.- o es= su c h .as

G m a i l= i n .a p o l it i c a l ly m o t i -alte d a He:m.p lt a li: i n t rel lig e n o e g a ltfu.<e r i :ng _ T h e

n e"\.vs h ere s.:n'·lt

·ltfu.a lt C h i n e s e h a c k e rs e : n gag re i n ·ltbes e .ac lti.v i lties O:lf ·ltfu.a lt

·ltbei:lf .atttremp lts .a:lfre "ltre c h n ic a l ly !S!O pfu.is ltic a ltred - - "\. re k n re'i.<V

tfu.a lt .abre a d y - - lt' s tfu.att ·itfu.""' U _S_ g o v re£:nme ntt inadl .v re r lte:nttly .a i d e d ·ltbre

h a ck e:lfs _In o r.d e.r ·Ito o o m p y "\."'io>'i lth g o v re:lf:l!1.lme:n·lt s e a£c h 'i.<V .a:lf:lf.a:nt s o n U !S!e:lf d a t a = G o o g l e

C:lf e at red a b a cl ud o o r a c c e s s .::y;:;;ltr e m i n ·lto 1G m .ail .ac o o u n t s _ T h is

fre a ltu:lfre s "'""'"h at tt1hl.e 1C h i n e s e b a ckretrs e x p lo te d ·Ito g a i n .ac o es s _

•

.h

25

What Does a Virus Look Like?


Replace any instruction (at location x), by a jump to some free space in memory (location y)

Write the virus program starting at location y

Place the instruction that was originally at location x at the end of the virus program

Jump to x+1

26

Viruses


Do some damage Might replicate itself by looking for any

executable files and infecting them Once an infected program is run

The virus is executed again Do more damage Replicate itself to more programs

Usually spread silently until some triggering event

If damage to fast, wouldn’t spread as far

27

How Does a Digital Pest Appear on Your Computer?


Running an infected program Forum Program: planted by employees or

intruders Email with attached program

Sometimes you don’t realize you are running a program Postscript Autorun (CD-ROMs, USB flash

drives)

28

What Is This?


main(t,_,a ) char * a; { return! 0<t? t<3? main(-79,-13,a+ main(-87,1-_, main(-

86, 0, a+1 ) +a)): 1, t<_? main( t+1, _, a ) :3, main ( -94, -27+t, a ) &&t == 2?_ <13 ? main ( 2, _+1, "%s %d %d\n" ) :9:16: t<0? t<-72? main( _, t,"@n'+,#'/*{}w+/w#cdnr/+,{}r/*de}+,/*{*+,/w{%+,/w#q#n+,/#{l,+,/n{n+,/+#n+,/#;#q#n+,/+k#;*+,/'r :'d*'3,}{w+K w'K:'+}e#';dq#'lq#'+d'K#!/+k#;q#'r}eKK#}w'r}eKK{nl]'/#;#q#n'){)#}w'){){nl]'/+#n';d}rw' i;# ){nl]!/n{n#'; r{#w'r nc{nl]'/#{l,+'K {rw' iK{;[{nl]'/w#q#n'wk nw'iwk{KK{nl]!/w{%'l##w#' i; :{nl]'/*{q#'ld;r'}{nlwb!/*de}'c ;;{nl'-{}rw]'/+,}##'*}#nc,',#nw]'/+kd'+e}+;#'rdq#w! nr'/ ') }+}{rl#'{n' ')#}'+}##(!!/") : t<-50? _==*a ? putchar(31[a]): main(-65,_,a+1) : main((*a =='/') + t, _, a + 1 ) : 0<t? main ( 2, 2 , "%s") :*a=='/'|| main(0, main(-61,*a, "!ek;dc i@bK'(q)-[w]*%n+r3#l,{}:\nuwloca-O;m .vpbks,fxntdCeghiry"),a+1);}

29

[mm@noise]$ xmas On the first day of Christmas my true love gave to me a partridge in a pear tree. On the second day of Christmas my true love gave to me two turtle doves and a partridge in a pear tree. On the third day of Christmas my true love gave to me three french hens, two turtle doves and a partridge in a pear tree. On the fourth day of Christmas my true love gave to me four calling birds, three french hens, two turtle doves and a partridge in a pear tree. On the fifth day of Christmas my true love gave to me five gold rings; four calling birds, three french hens, two turtle doves and a partridge in a pear tree. On the sixth day of Christmas my true love gave to me six geese a-laying, five gold rings; four calling birds, three french hens, two turtle doves and a partridge in a pear tree. On the seventh day of Christmas my true love gave to me seven swans a-swimming, six geese a-laying, five gold rings; four calling birds, three french hens, two turtle doves and a partridge in a pear tree. On the eigth day of Christmas my true love gave to me eight maids a-milking, seven swans a-swimming, six geese a-laying, five gold rings; four calling birds, three french hens, two turtle doves and a partridge in a pear tree. On the ninth day of Christmas my true love gave to me nine ladies dancing, eight maids a-milking, seven swans a-swimming, six geese a-laying, five gold rings; four calling birds, three french hens, two turtle doves and a partridge in a pear tree. On the tenth day of Christmas my true love gave to me ten lords a-leaping, nine ladies dancing, eight maids a-milking, seven swans a-swimming, six geese a-laying, five gold rings; four calling birds, three french hens, two turtle doves and a partridge in a pear tree. On the eleventh day of Christmas my true love gave to me eleven pipers piping, ten lords a-leaping, nine ladies dancing, eight maids a-milking, seven swans a- swimming, six geese a-laying, five gold rings; four calling birds, three french hens, two turtle doves and a partridge in a pear tree. On the twelfth day of Christmas my true love gave to me twelve drummers drumming, eleven pipers piping, ten lords a-leaping, nine ladies dancing, eight maids a-milking, seven swans a-swimming, six geese a-laying, five gold rings; four calling birds, three french hens, two turtle doves and a partridge in a pear tree.


30

Virus Checker


A race between good and bad Patterns of command

Knows the instruction sequence for lots of types of viruses Checks all the files on disk and instruction in memory for those patterns Raises a warning if it finds a match Needs to be updated periodically for new patterns file Hooks into the OS and inspects files before they are written to disk

Polymorphic virus: each time it copies itself Changes the order of its instructions Changes to functionally similar instructions Encryption with a variable key Poly = many; morphic = form Heuristic virus checkers only require certain crucial piece parts of code to

match still enough patterns left even in polymorphic code Constrains the mutation rate Any other approaches?

Metamorphic virus Snapshot of disk storage Goat or bait files

31

Nonresident vs. Resident Viruses


Nonresident viruses: can be thought of Finder module Replication module

Resident viruses Replication module is loaded into the memory This module is executed each time the OS is called to perform

a certain operation Fast infector

Infect as many files as possible Pros and cons?

Slow infector Infect host infrequently Does not seem very successful

Stealth mode Anti-virus software can be misused if it cannot detect the

virus in the memoryGiven that there is no Infallible method to test a program for hidden bad side effects what can we do?

32

What Can We Do Today?


Don’t run software from suspicious sources

Frequently run virus checkers Run programs in the most

limited possible environment Separate

disks Separate

VMs Watch out for

warnings Frequent

backups External

devices

33

Mandatory (Nondiscretionary) Access Control


Discretionary Someone who owns a resource can make a decision as

to who is allowed to use (access) it Philosophy: users and the programs they run are good

guys Nondiscretionary access controls

Enforce a policy where users might be allowed to use information themselves

But might not be allowed to make a copy of it available to someone else

Even owners of the resources has to follow the policy

Philosophy: Users are careless + programs they run can’t be

trusted System must prevent users from accidentally or

intentionally giving info to someone else Confine information within a security perimeter

34

Levels of Security

Simplified description of the US DoD as an example

Security level Unclassified < confidential < secret < top secret

A set of categories (compartments) CRYPTO, INTEL, NUCLEAR

A clearance (SECRET; {INTEL, NUCLEAR})

Given 2 security labels (X, S1) and (Y, S2) (X, S1) is at least as sensitive as (Y, S2) iff X ≥ Y and S2 is a subset of S1

Example: (TOP_SECRET, {CRYPTO, COMSEC}) > (SECRET,{CRYPTO})

TRAN2013-09-09 01:43:30

--------------------------------------------doc duoc thong tin do minh tao ra hoac level thap hon.doc dc thong tin cap cao hon dam bao cap duoikhong doc duoc


35

Mandatory Access Control Rules


A human can only run a process that has a security label below or equal to that of the human’s label

A human can only read information marked with a security label below or equal to that of the process

A process can only write information marked with a security label above or equal to that of the processWill it be enough to protect sensitive data?

36

Covert Channel

Timing channel Create some signal/behavior to represent 0

or 1 per unit of time Noise

Storage channel The use of shared resources (memory, sound

card) No general way to prevent all the covert

channels Introduce enough noise to reduce the

bandwidth of the covert channel (assuming the secret data is large)Nguyen Tuan Nam/NetSec/Win2010

37

Legal Issues


Patents Most cryptographic techniques are

covered by patents and historically this has slowed their deployment

Export controls The US government used to

impose severe restrictions on export of encryption

Why?

Lecture 01-introduction

Technology

Transcript of Lecture 01-introduction