Lecture 24 Secure Communications CS 450/650 Fundamentals of Integrated Computer Security Slides are...
Transcript of Lecture 24 Secure Communications CS 450/650 Fundamentals of Integrated Computer Security Slides are...
Lecture 24
Secure Communications
CS 450/650
Fundamentals of Integrated Computer Security
Slides are modified from Ian Goldberg
Who Attacks Networks
• Hackers break into organizations from the outside– Challenge– Fame– Money & Espionage– Ideology
• However, most security breaches are internal, by employees and ex-employees
Threat Precursors
• Port Scan• Social Engineering
– Reconnaissance– Bulletin Board / Chat– Docs
• Packet Sniffers (telnet/ftp in cleartext)
Network Security Threats
• Interception– If interceptor cannot read, have confidentiality
(privacy)– If cannot modify without detection, have message
integrity
Network Security Threats
• Impostors (Spoofing/ Masquerade)– Claim to be someone else– Need to authenticate the sender--prove that they
are who they claim to be
TruePerson
Impostor
Network Security Threats
• Remotely Log in as Root User– Requires cracking the root login password– Then control the machine– Read and/or steal information– Damage data (erase hard disk)– Create backdoor user account that will let them in
easily later
Root Login Command
Security Threats
• Content Threats– Application layer content may cause problems
• Viruses• In many ways, most severe security problem in
corporations today• Must examine application messages
Replay Attack
• First, attacker intercepts a message– Not difficult to do
Replay Attack
• Later, attacker retransmits (replays) the message to the original destination host– Does not have to be able to read a message to
replay it
Replay Attack
• Why replay attacks?– To gain access to resources by replaying an
authentication message– In a denial-of-service attack, to confuse the
destination host
Thwarting Replay Attacks
• Put a time stamp in each message to ensure that the message is “fresh”– Do not accept a message that is too old
• Place a sequence number in each message– Do not accept a duplicated message
Message
SequenceNumber
TimeStamp
Thwarting Replay Attacks
• In request-response applications,– Sender of request generates a nonce (random
number)– Places the nonce in the request– Server places the nonce in the response– Neither party accepts duplicate nonces
Nonce Nonce
Request Response
Network Security Threats
• Denial of Service (DOS) Attacks– Overload system with a flood of messages– Or, send a single message that crashes the
machine
Denial of Service (DOS) Attacks
• Transmission Failure• Connection Flooding
– Echo-Chargen– Ping of Death– Smurf– Syn Flood– Traffic Redirection– DNS Attacks
• Distributed Denial of Service
VPNs
• IETF developing IPsec security standards– IP security– At the internet layer– Protects all messages at the transport and
application layers
IPsec
TCP UDP
E-Mail, WWW, Database, etc.
VPNs
• IPsec Transport Mode– End-to-end security for hosts
LocalNetwork
Internet LocalNetwork
Secure Communication
VPNs
• IPsec Tunnel Mode– IPsec server at each site– Secure communication between sites
LocalNetwork
Internet LocalNetwork
Secure Communication
IPsecServer
VPNs
• IPsec Modes Can be Combined– End-to-end transport mode connection– Within site-to-site tunnel connection
LocalNetwork
Internet LocalNetwork
Tunnel Mode Transport Mode
VPNs
• Another Security System for VPNs is the Point-to-Point Tunneling Protocol (PPTP)– For dial-up connections, based on PPP– Connects user with securely to a remote access
server at a site
Internet LocalNetwork
Remote Access Server
Dial-UpConnection
PPTP Connection
PKIs
• To use public key methods, an organization must establish a comprehensive Public Key Infrastructure (PKI)– A PKI automates most aspects of using public key
encryption and authentication– Uses a PKI Server
PKIServer
PKIs
• PKI Server Creates Public Key-Private Key Pairs– Distributes private keys to applicants securely– Often, private keys are embedded in delivered
software
PKIServer
Private Key
PKIs
• PKI Server Provides CRL Checks– Distributes digital certificates to verifiers– Checks certificate revocation list before sending
digital certificates
PKIServer
Digital Certificate
PKIs
• CRL (Certificate Revocation List) Checks– If applicant gives verifier a digital certificate,– The verifier must check the certificate revocation
list
PKIServer
OK?
OK or Revoked
CRL
Integrated Security System
• When two parties communicate …– Their software usually handles the details– First, negotiate security methods– Then, authenticate one another– Then, exchange symmetric session key– Then can communicate securely using symmetric
session key and message-by-message authentication
SSL Integrated Security System
• SSL– Secure Sockets Layer– Developed by Netscape
• TLS (now)– Netscape gave IETF control over SSL– IETF renamed it TLS (Transport Layer Security)– Usually still called SSL
Location of SSL
• Below the Application Layer– IETF views it at the transport layer– Protects all application exchanges– Not limited to any single application
• WWW transactions, e-mail, etc.
SSL SSL
E-Mail WWW E-Mail WWW
SSL Operation
• Browser & Webserver Software Implement SSL– User can be unaware
SSL Operation
• SSL ISS Process– Two sides negotiate security parameters– Webserver authenticates itself– Browser may authenticate itself but rarely does– Browser selects a symmetric session key, sends to
webserver– Adds a digital signature and encrypts all messages
with the symmetric key
Importance of SSL
• Supported by Almost All Browsers– De facto standard for Internet application security
• Problems– Relatively weak security– Does not involve security on merchant server– Does not validate credit card numbers– Viewed as an available but temporary approach to
consumer security
Other ISSs
• SSL is merely an example integrated security system
• Many other ISSs exist– IPsec – PPP and PPTP– Etc.
Other ISSs
• All ISSs have the same general steps– Negotiate security parameters– Authenticate the partners– Exchange a session key– Communicate with message-by-message privacy,
authentication, and message integrity
IPsec
• IPsec (IP security)• Security for transmission over IP networks
– The Internet– Internal corporate IP networks– IP packets sent over public switched data
networks (PSDN)
LocalNetwork
Internet LocalNetwork
IPsec
• Why do we need IPsec?– IP has no security– Add security to create a virtual private network
(VPN) to give secure communication over the Internet or another IP network
LocalNetwork
Internet LocalNetwork
IPsec
• Genesis– Being created by the Internet Engineering Task
Force– For both IP version 4 and IP version 6
IPsec
• Two Modes of operation• Tunnel Mode
– IPsec server at each site– Secures messages going through the Internet
LocalNetwork
Internet LocalNetwork
Secure Communication
IPsecServer
IPsec
• Tunnel Mode– Hosts operate in their usual way
• Tunnel mode IPsec is transparent to the hosts
– No security within the site networks
LocalNetwork
Internet LocalNetwork
Secure Communication
IPsecServer
IPsec
• Two Modes of operation• Transport Mode
– End-to-end security between the hosts– Security within site networks as well – Requires hosts to implement IPsec
LocalNetwork
Internet LocalNetwork
Secure Communication
IPsec
• Transport Mode– Adds a security header to IP packet– After the main IP header– Source and destination addresses of hosts can be
learned by interceptor– Only the original data field is protected
ProtectedOriginal Data Field
OriginalIP Header
TransportSecurityHeader
IPsec
• Tunnel Mode– Adds a security header before the original IP
header– Has IP addresses of the source and destination
IPsec servers only, not those of the source and destination hosts
– Protects the main IP header
ProtectedOriginal Data Field
ProtectedOriginal
IP Header
TunnelSecurityHeader
IPsec
• Can combine the two modes– Transport mode for end-to-end security– Plus tunnel mode to hide the IP addresses of the
source and destination hosts during passage through the Internet
LocalNetwork
Internet LocalNetwork
Tunnel Mode Transport Mode
IPsec• Two forms of protection• Encapsulating Security Protocol (ESP) security
provides confidentiality as well as authentication
• Authentication Header (AH) security provides authentication but not confidentiality– Useful where encryption is forbidden by law– Provides slightly better authentication by providing
authentication over a slightly larger part of the message, but this is rarely decisive
IPsec
• Modes and protection methods can be applied in any combination
Tunnel Tunnel ModeMode
Transport Transport ModeMode
ESPESP SupportedSupported SupportedSupported
AHAH SupportedSupported SupportedSupported
IPsec
• Security Associations (SAs) are agreements between two hosts or two IPsec servers, depending on the mode
• “Contracts” for how security will be performed
• Negotiated• Governs subsequent transmissions
Host A Host B
NegotiateSecurity Association
IPsec
• Security Associations (SAs) can be asymmetrical– Different strengths in the two directions– For instance, clients and servers may have
different security needs
Host A Host B
SA for messagesFrom A to B
SA for messagesFrom B to A
IPsec
• Policies may limit what SAs can be negotiated– To ensure that adequately strong SAs for the
organization’s threats– Gives uniformity to negotiation decisions
Host A Host B
Security AssociationNegotiations Limited
By Policies
IPsec
• First, two parties negotiate IKE (Internet Key Exchange) Security Associations– IKE is not IPsec-specific– Can be used in other security protocols
Host A Host BCommunication
Governed byIKE SA
IPsec
• Under the protection of communication governed by this IKE SA, negotiate IPsec-specific security associations
Host A Host BCommunication
Governed byIKE SA
IPsec SA Negotiation
IPsec
• Process of Creating IKE SAs (and other SAs)– Negotiate security parameters within policy
limitations– Authenticate the parties using SA-agreed methods– Exchange a symmetric session key using SA-agreed
method– Communicate securely with confidentiality,
message-by-message authentication, and message integrity using SA-agreed method
IPsec
• IPsec has mandatory security algorithms– Uses them as defaults if no other algorithm is
negotiated– Other algorithms may be negotiated– But these mandatory algorithms MUST be
supported
IPsec
• Diffie-Hellman Key Agreement– To agree upon a symmetric session key to be used
for confidentiality during this session– Also does authentication
Party A Party B
IPsec
• Diffie-Hellman Key Agreement– Each party sends the other a nonce (random
number)– The nonces will almost certainly be different – Nonces are not sent confidentially
Party A Party BNonce B
Nonce A
IPsec
• Diffie-Hellman Key Agreement– From the different nonces, each party will be able
to compute the same symmetric session key for subsequent use
– No exchange of the key; instead, agreement on the key
Party A Party B
Symmetric Key Symmetric KeyFrom nonces,
independently computesame symmetric
session key
Multi-Layer Security
• Security Can be Applied at Multiple Layers Simultaneously– Application layer security for database, e-mail, etc.– Transport layer: SSL– Internet layer: IPsec – Data link layer: PPTP, L2TP– Physical layer: locks
Multi-Layer Security
• Applying security at 2 or more layers is good– If security is broken at one layer, the
communication will still be secure
• However,– Security slows down processing– Multi-Layer security slows down processing at
each layer
Total Security
• Network Security is Only Part• Server Security
– Hackers can take down servers with denial-of-service attack
– Hacker can log in as root user and take over the server
– Steal data, lock out legitimate users, etc.
Total Security
• Server Security– Occasionally, weakness are discovered in server
operating systems– This knowledge is quickly disseminated– Known security weaknesses
Total Security
• Server Security– Server operating system (SOS) vendors create
patches– Many firms do not download patches– This makes them vulnerable to hackers, who
quickly develop tools to probe for and then exploit known weaknesses
Total Security
• Client PC Security– Known security weaknesses exist but patches are
rarely downloaded– Users often have no passwords or weak passwords
on their computer– Adversaries take over client PCs and can therefore
take over control over SSL, other secure communication protocols
Total Security
• Application Software– May contain viruses
• Must filter incoming messages
– Database and other applications can add their own security with passwords and other protections
Total Security
• Managing Users– Often violate security procedures, making
technical security worthless– Social engineering: attacker tricks user into
violating security procedures
Defense in Depth
• Firewalls• Antivirus• Intrusion Detection Systems• Intrusion Protection Systems