[PPT] - CSE543 Computer and Network Security Module: Network Security PowerPoint Presentation

SLIDE 1

฀฀฀฀ ฀

฀฀฀฀

฀฀฀฀฀ ฀฀฀฀฀฀

CSE543 - Introduction to Computer and Network Security Page

CSE543 Computer and Network Security Module: Network Security

Professor Trent Jaeger

1

Thursday, October 31, 13

SLIDE 2

CMPSC443 - Introduction to Computer and Network Security Page

Exam

Three kinds of questions
12 short answer
What (3pts each)
5 long answer
Why (6-7pts each)
3 constructions
How (10 pts each)

2

Thursday, October 31, 13

SLIDE 3

CMPSC443 - Introduction to Computer and Network Security Page

Short Answer

Three kinds of questions
12 short answer
What (3pts each)

3

4. (4pts) What is the purpose of a public key infrastructure? Why is there a risk for “who is using my

key?” answer: Bind a public key to an identity securely on internet scale. System cannot protect private key from compromise.

Thursday, October 31, 13

SLIDE 4

CMPSC443 - Introduction to Computer and Network Security Page

Exam

Three kinds of questions
5 long answer
Why (6-7pts each)
Longer what questions that want to know why and how

4

17. (7pts) Why is it necessary to prevent forgery of capabilities in capability systems to meet reference

monitor guarantees? Specify the conditions under which it is necessary to weaken (reduce) the permissions available to a capability. answer: If a capability can be forged, then a process can create its own permissions to any object that it can name. This would circumvent the tamperproofing of system policies, and nothing would be verifiable. We must weaken a capability when a high secrecy subject fetches a capability from a low secrecy

memory. Because this capability may have been created by a low secrecy subject, it may have write

permission to low secrecy objects. Since this would violate the *-property, such capabilities must be weakened to remove the write permission.

Thursday, October 31, 13

SLIDE 5

CMPSC443 - Introduction to Computer and Network Security Page

Exam

Three kinds of questions
3 constructions
How (10 pts each)

5

19. (10pts) Consider the Needham-Schroeder protocol for shared key distribution.

Assume XOR for encryption/decryption. In the NH protocol, the initiating party, we will call A, forwards the conversation key CK in a message encrypted by the authentication server AS for the verifying party B. Suppose A’s identity is represented by the 4-bit quantity 0001 and the key shared between B and the AS is 0101. (a) (2pts) If the message forwarded from A to B is 11010100, then what is the conversation key? (Hint: Use the format of the conversation key message in the NH protocol. Note that the key is 4 bits long).

Thursday, October 31, 13

SLIDE 6

CMPSC443 - Introduction to Computer and Network Security Page

Topics

Cryptography
Encryption, Hashing, Signatures, HMACs
Cryptographic Notation for Protocols
Symmetric key
Basic symmetric key operations (substitution, permutation)
Hash Functions
Properties
Some things you can do
Public key
RSA
Diffie-Hellman

6

Thursday, October 31, 13

SLIDE 7

CMPSC443 - Introduction to Computer and Network Security Page

Topics

Authentication
Basics
Passwords
Protocols
Authentication Protocols
Web
Needham-Schroeder
Kerberos
PKI
Differences between N-S and Kerberos
PKI (certificates, validation, issues)

7

Thursday, October 31, 13

SLIDE 8

CMPSC443 - Introduction to Computer and Network Security Page

Topics

System Security
Vulnerabilities
Access Control
OS Security
Vulnerabilities
Overflows, etc
Name Resolution
Access Control
Concepts
Models (matrix, RBAC, MLS, Clark-Wilson)
OS
Multics, Capabilities, Sandboxes, UNIX/Windows

8

Thursday, October 31, 13

SLIDE 9

CMPSC443 - Introduction to Computer and Network Security Page

Topics

Network Security
Vulnerabilities
Secure communication: IPsec, SSL, SSH
Vulnerabilities
TCP and other protocols
Secure communication
Concepts
IPsec
SSL
SSH
Use of modes, use of crypto, authentication

9

Thursday, October 31, 13

SLIDE 10

CSE543 - Introduction to Computer and Network Security Page

Transport Security

A host wants to establish a secure channel to remote

hosts over an untrusted network

Not Login – end-users may not even be aware that

protections in place (transparent)

Remote hosts may be internal or external
The protection service must …
Authenticate the end-points (each other)
Negotiate what security is necessary (and how achieved)
Establish a secure channel (e.g., key distribution/agreement)
Process the traffic between the end points
Also known as communications security.

10

Thursday, October 31, 13

SLIDE 11

CSE543 - Introduction to Computer and Network Security Page

IPsec (not IPSec!)

Host level protection service
IP-layer security (below TCP/UDP)
De-facto standard for host level security
Developed by the IETF (over many years)
Available in most operating systems/devices
E.g., XP

, Vista, OS X, Linux, BSD*, …

Implements a wide range of protocols and cryptographic

algorithms

Selectively provides ….
Confidentiality, integrity, authenticity, replay protection, DOS

protection

11

Thursday, October 31, 13

SLIDE 12

CSE543 - Introduction to Computer and Network Security Page

IPsec and the IP protocol stack

IPsec puts the two main

protocols in between IP and the

ther protocols
AH - authentication header
ESP - encapsulating security

payload

Other functions provided by

external protocols and architectures

SMTP FTP

TCP

HTTP

ESP AH IP UDP

12

Thursday, October 31, 13

SLIDE 13

CSE543 - Introduction to Computer and Network Security Page

Modes of operation

Transport : the payload is encrypted and the non-

mutable fields are integrity verified (via MAC)

Tunnel : each packet is completely encapsulated

(encrypted) in an outer IP packet

Hides not only data, but some routing information

13

Header Payload Header Payload

encrypted MACed

Header

Header Payload Header Payload

encrypted MACed

Thursday, October 31, 13

SLIDE 14

CSE543 - Introduction to Computer and Network Security Page

Tunneling

“IP over IP”
Network-level packets are encapsulated
Allows traffic to avoid firewalls

IP layer …

14

Thursday, October 31, 13

SLIDE 15

CSE543 - Introduction to Computer and Network Security Page

Tunneling

“IP over IP”
Network-level packets are encapsulated
Allows traffic to avoid firewalls

IP layer …

14

Thursday, October 31, 13

SLIDE 16

CSE543 - Introduction to Computer and Network Security Page

Tunneling

“IP over IP”
Network-level packets are encapsulated
Allows traffic to avoid firewalls

IP layer …

14

Thursday, October 31, 13

SLIDE 17

CSE543 - Introduction to Computer and Network Security Page

Tunneling

“IP over IP”
Network-level packets are encapsulated
Allows traffic to avoid firewalls

IP layer … IP layer …

14

Thursday, October 31, 13

SLIDE 18

CSE543 - Introduction to Computer and Network Security Page

Tunneling

“IP over IP”
Network-level packets are encapsulated
Allows traffic to avoid firewalls

IP layer … IP layer …

14

Thursday, October 31, 13

SLIDE 19

CSE543 - Introduction to Computer and Network Security Page

Tunneling

“IP over IP”
Network-level packets are encapsulated
Allows traffic to avoid firewalls

IP layer … IP layer …

14

Thursday, October 31, 13

SLIDE 20

CSE543 - Introduction to Computer and Network Security Page

Tunneling

“IP over IP”
Network-level packets are encapsulated
Allows traffic to avoid firewalls

IP layer … IP layer …

14

Thursday, October 31, 13

SLIDE 21

CSE543 - Introduction to Computer and Network Security Page

Tunneling

“IP over IP”
Network-level packets are encapsulated
Allows traffic to avoid firewalls

IP layer … IP layer …

14

Thursday, October 31, 13

SLIDE 22

CSE543 - Introduction to Computer and Network Security Page

Tunneling

“IP over IP”
Network-level packets are encapsulated
Allows traffic to avoid firewalls

IP layer … IP layer …

14

Thursday, October 31, 13

SLIDE 23

CSE543 - Introduction to Computer and Network Security Page

Tunneling

“IP over IP”
Network-level packets are encapsulated
Allows traffic to avoid firewalls

IP layer … IP layer …

14

Thursday, October 31, 13

SLIDE 24

CSE543 - Introduction to Computer and Network Security Page

Tunneling

“IP over IP”
Network-level packets are encapsulated
Allows traffic to avoid firewalls

IP layer … IP layer …

14

Thursday, October 31, 13

SLIDE 25

CSE543 - Introduction to Computer and Network Security Page

Authentication Header (AH)

Authenticity and integrity
via HMAC
over IP headers and data
Advantage: the authenticity of data and IP header

information is protected

it gets a little complicated with mutable fields, which are

supposed to be altered by network as packet traverses the network

some fields are immutable, and are protected
Confidentiality of data is not preserved
Replay protection via AH sequence numbers
note that this replicates some features of TCP (good?)

15

Thursday, October 31, 13

SLIDE 26

CSE543 - Introduction to Computer and Network Security Page

Authentication Header (AH)

Modifications to the packet format

16

IP Header AH Header MAC Payload

AH Packet Encrypted Authenticated

IP Header Payload

Thursday, October 31, 13

SLIDE 27

CSE543 - Introduction to Computer and Network Security Page

Encapsulating Security Payload (ESP)

Confidentiality, authenticity and integrity
via encryption and HMAC
over IP payload (data)
Advantage: the security manipulations are done solely
n user data
TCP packet is fully secured
simplifies processing
Use “null” encryption to get authenticity/integrity only
Note that the TCP ports are hidden when encrypted
good: better security, less is known about traffic
bad: impossible for FW to filter/traffic based on port

17

Thursday, October 31, 13

SLIDE 28

CSE543 - Introduction to Computer and Network Security Page

Encapsulating Security Payload (ESP)

Modifications to packet format

18

IP Header ESP Header Payload ESP Trailer MAC

ESP Packet Encrypted Authenticated

IP Header Payload

Thursday, October 31, 13

SLIDE 29

CSE543 - Introduction to Computer and Network Security Page

Practical Issues and Limitations

IPsec implementations
Large footprint
resource poor devices are in trouble
New standards to simplify (e.g, JFK, IKE2)
Slow to adopt new technologies
Configuration is really complicated/obscure
Issues
IPsec tries to be “everything for everybody at all times”
Massive, complicated, and unwieldy
Policy infrastructure has not emerged
Large-scale management tools are limited (e.g., CISCO)
Often not used securely (common pre-shared keys)

19

Thursday, October 31, 13

SLIDE 30

CSE543 - Introduction to Computer and Network Security Page

Network Isolation: VPNs

Idea: I want to create a collection of hosts that operate

in a coordinated way

E.g., a virtual security perimeter over physical network
Hosts work as if they are isolated from malicious hosts
Solution:

Virtual Private Networks

Create virtual network topology over physical network
Use communications security protocol suites to secure

virtual links “tunneling”

Manage networks as if they are physically separate
Hosts can route traffic to regular networks (split-tunneling)

20

Thursday, October 31, 13

SLIDE 31

CSE543 - Introduction to Computer and Network Security Page

Remote Commands

Idea: Run a command on a remote computer
rsh, rexec, telnet
Login to a remote computer
Get a shell for executing commands
How did we do that in the old days?
Send the commands in the clear
Problem?
How can you login to remote computer and execute

commands securely?

21

Thursday, October 31, 13

SLIDE 32

CSE543 - Introduction to Computer and Network Security Page

SSH

Secure SHell
Secure communications protocol between two machines
To run shell commands on the other machine
Built from
Cryptographic algorithms to authenticate client and server
Goals
Encrypt all transmitted data
Protect data integrity
Uses
Forwards X11 connections
Forwards TCP/IP ports
File transfer

22

Thursday, October 31, 13

SLIDE 33

CSE543 - Introduction to Computer and Network Security Page

SSH Protocol

SSH channels built on a transport layer protocol (TCP/IP)
Steps
SSH client requests connection with server (not protected)
Server sends its RSA public host key and RSA server key
Latter changes frequently
SSH client validates host key binding with server name
On failure, client user gets warning message - punt to user
SSH Client generates 256-bit random number and encryption algorithm
This is the session key
SSH Client encrypts the session key using both the host key and the server key

and send to server

SSH Server decrypts the two RSA encrypted messages
To recover the session key - From now on, all messages will be encrypted in

that key

Who has been authenticated at this stage?

23

Thursday, October 31, 13

SLIDE 34

CSE543 - Introduction to Computer and Network Security Page

SSH Keys

Where do host keys come from?
ssh-keygen to produce a new host key yourself
Pass-phrase used in encrypt the resultant private key
Authenticated bindings of hosts to public keys stored in

authorized keys file

Who is the CA?
...
Why is it sufficient to use a host key produced this way

for authentication?

Can you determine the binding between the key and the host?
What other risks are possible?

24

Thursday, October 31, 13

SLIDE 35

CSE543 - Introduction to Computer and Network Security Page

SSH Client Authentication

How does the server authenticate the client using SSH?
Password - as in login
Other methods are possible
GSSAPI-based authentication (Kerberos)
host-based authentication
Validates client’s host key and user name (e.g., in hosts.equiv)
public key authentication
Each user has public key pair; if in server’s authorized keys and

client knows associated private key

challenge-response authentication
Server sends challenge, client sends response
Authentication methods are tried in that order
Password is last

25

Thursday, October 31, 13

SLIDE 36

CSE543 - Introduction to Computer and Network Security Page

Application Communication

Idea: Setup a secure connection between application

components running on two separate computers

IPsec is used for all communication between computers
May use between ports, but not typically
We want a secure connection that the application can

setup itself

What is the right way to set this up?

26

Thursday, October 31, 13

SLIDE 37

CSE543 - Computer and Network Security Page

Web Transport Security: SSL

Secure Socket Layer (SSL/TLS)
Used to authenticate servers
Uses certificates, “root” CAs
Can authenticate clients
Inclusive security protocol
Security at the socket layer
Transport Layer Security (TLS)
Provides
authentication
confidentiality
integrity

Participants: Alice/A (client) and Bob/B (server) Crypto Elements : Random R, Certificate C, k+

i Public Key (of i)

Crypto Functions : Hash function H(x), Encryption E(k, d), Decryption D(k, d), Keyed MAC HMAC(k, d) 1. Alice → Bob RA 2. Bob → Alice RB, CB Alice pick pre-master secret S Alice calculate master secret K = H(S, RA, RB) 3. Alice → Bob E(k+

B, S), HMAC(K,0 CLNT 0 + [#1, #2])

Bob recover pre-master secret S = D(k

B, E(k+ B, S))

Bob calculate master secret K = H(S, RA, RB) 4. Bob → Alice HMAC(K,0 SRV R0 + [#1, #2]) Note: Alice and Bob : IV Keys, Encryption Keys, and Integrity Keys 6 keys,where each key ki = gi(K, RA, RB), and gi is key generator function.

29 Thursday, October 31, 13

SLIDE 49

CSE543 - Computer and Network Security Page

SSL Use

SSL Handshake Protocol
What algorithms can you send pre-master secret to the

server?

Public key: E.g., RSA, but others are supported
SSL Record Protocol
What algorithm can you use to encapsulate the data?
Symmetric key: AES, RC4, 3DES

30 Thursday, October 31, 13

SLIDE 50

CSE543 - Computer and Network Security Page

SSL Tradeoffs

Pros
Server authentication*
GUI clues for users
Built into every browser
Easy to configure on the server
Protocol has been analyzed like crazy
Cons
Users don’t check certificates
Too easy to obtain certificates
Too many roots in the browsers
Non-trivial to get right in your app

31 Thursday, October 31, 13