Introduction Introduction Nils Gruschka University Kiel (Diploma - - PowerPoint PPT Presentation

Network and Communications Security (IN3210/IN4210)

Introduction

Introduction

• Nils Gruschka

− University Kiel (Diploma in Computer Science) − T-Systems, Hamburg − University Kiel (PhD in Computer Science) − NEC Laboratories Europe, Bonn + Heidelberg − University of Applied Science Kiel − University of Oslo

• Contact:

− nilsgrus@ifi.uio.no

• Areas of interest:

− Security: Network, Web, Cloud Computing, Industrial Networks − Privacy, Data Protection

2

Nils Gruschka

Introduction

• Nils A. Nordbotten

− Cand.Scient and Ph.D. in informatics from UiO, and Executive Master of Management from BI Norwegian Business School − Simula Research Laboratory (2003-2007) − UniK-University Graduate Center (20 %) (2012-2014) − Norwegian Defence Research Establishment (FFI) (2007-2020) − University of Oslo (20 %) (2014-) − Thales Norway (2020-)

• Contact

− n.a.nordbotten@its.uio.no

3

Organisation

• “Cloned” course: IN3210 (Bachelor) + IN4210 (Master)
• Course page (also for IN4210):

− https://www.uio.no/studier/emner/matnat/ifi/IN3210/h20/index.html

• Lecture

− Home study: Pre-recorded lecture videos − Online conference: Discussion and Q&A during the scheduled slots

• Workshop

− Practical tasks, done individually or in groups − Not mandatory, but helps understanding the concepts from the lecture − Home work − Online conference: Discussion and Q&A during the scheduled slots

4

Organisation

• Canvas course:

− https://uio.instructure.com/courses/28965

• Quizzes:

− For every topic a “learning progress control” quiz is offered − Not mandatory, but highly recommended

• Discussion board:

− Ask / answer course-wide questions

• Groups (will be activated mid of September):

− For the semester task − Discuss and exchange files inside the group

5

Examination

• Semester Task (in groups):

− IN3210: write a report − IN4210: create a seminar presentation

• Written Exam (individually):

− 3 hour digital exam at home

• Both parts of the exam must be passed and must be passed in the same

semester.

• Final Grade

6

Semester Task 30% Written Exam 70%

Semester Task (general)

• Select a network security topic (as a group):

− https://uio- my.sharepoint.com/:x:/g/personal/nilsgrus_uio_no/EbEqNbzhIN5AsA6zuFlCae8BA g0eOvDXtRz8jgDynPmNJQ?e=esDJ2P

• Deadline for selecting group and topic:

− 15. September

• (Optional) Propose own topics:

− Submit your proposal: https://nettskjema.no/a/158011 − Deadline for topic proposal: 31. August − Approved topics will be added to the selection spreadsheet

7

Semester Task (just IN3210)

• Group size: 2 or 3 students
• Write a (scientific) report on the selected topic
• Length: 4 – 5 pages per person
• Language: English or Norwegian
• Submission via Inspera (more info later)
• Submission deadline: 20. November

8

Semester Task (just IN4210)

• Group size: 3 or 4 students
• Create a seminar presentation on the selected topic
• Presentation (submission of slides: 20. November)

− Approx. 10 min per persons − Performed via Zoom − Presented to the whole course (teachers + students) − During the scheduled slots in November (details soon) − Language: English

• Handout (submission: 1 day before the talk)

− 1 page, text + figures − Summarizes the most important facts

• Final exam (IN3210 + IN4210) will contain questions from seminar talks!

9

Exact length of presentations will be announced end of September!

Semester Task (general)

• Scientific work:

− Used sources (books, article, online recourses) must be referenced (at end of the report/on the last slide of the presentation) − Plagiarism → failed semester task → failed course

10

Content

• Cryptography
• Certificates & PKI
• Transport Layer Security
• IP Security
• MAC Security
• Wireless LAN Security
• Email Security
• DNS Security
• Firewalls
• Routing Security

11

Recommended Books

• https://link.springer.com/book/

10.1007/978-3-642-04101-3

• https://link.springer.com/book/

10.1007/978-1-4471-6654-2

• https://link.springer.com/book/

10.1007%2F978-3-030-33649-3

12

Questions?

13

Introduction into (Network) Security

14

What is Security?

Attacker

Threat

Assets

Counter- measure

15

Computer Security

• Security of computers and networks
• Protection of digital assets
• Axioms of Computer Security:

− Confidentiality (e.g. of transmitted secret information) − Integrity (e.g. of stored data) − Availability (e.g. of services)

• Further goals:

− Authenticity − Non-repudiation − Privacy

16

Motivations for attacks

• Financial advantages

− Free of charge use service with costs − Performing financial transactions − → Spoofing different identity

• “Fun”

− Challenging security systems

• “Revenge”

− Vandalism − Intrigues

• Political or religious motives

17

Security Threats

• Examples for attacks

− Services:

▪ Denial-of-Service

− Communication:

▪ Eavesdropping ▪ Modification

− Stored data:

▪ Espionage ▪ Deletion ▪ „Vandalism“

• Basic attack measures
• n communication

− Sniffing − Redirection, e.g.

▪ ARP Spoofing ▪ DNS Poisoning ▪ Phishing

− Man-in-the-middle

18

“Nomenclature”

• The “good” ones:

− Alice − Bob

• The “bad” ones:

− Eve (passive attacker) − Mallory (active attacker)

19

Bob Alice Eve Mallory

Sniffing

• Requires access to the communication medium
• Passive Attacks, e.g.:

− Eavesdropping − Traffic analysis

Bob Alice Eve

20

Redirection

• Can be used as preparation for man-in-the middle attacks

Bob Alice Eve / Mallory

21

Man-in-the-middle

• Passive attacks (see „Sniffing“)
• Active attacks, e.g.

− Packet drop − Packet modification − Packet injection − Packet replay

Alice Bob Eve / Mallory

22

Adversary Model

• Important question:

− What capabilities do I assume for the attacker? − What kind of attacks can the attacker perform?

• → Adversary model
• Required for implementing countermeasures/testing security protocols
• Typical adversary model (Dolev and Yao, 1983):

− The attacker can perform any of the aforementioned action on transmitted packets − The attacker can not break “secure” algorithms (e.g. AES)

• Security schemes (e.g. cryptographic protocols) must guarantee their security

goals in the presence of this attacker

23

Attack Examples

24

ARP

• Address Resolution Protocol
• Maps inside local networks from IP address to MAC address

10.0.0.8 Who has 10.0.0.8? 10.0.0.8 = FA … B3 FA … B3

25

ARP Spoofing (Redirection Attack)

10.0.0.8 Who has 10.0.0.8? 10.0.0.8 = DC … A7 10.0.0.24 FA … B3 DC … A7

26

Denial-of-Service (DoS)

• Attacker tries to overload the target service or network
• → „Service Denial“ for legitimate users
• Attack can target different service layers:

− Network (e.g. gateway, TCP/IP stacks) − Representation (e.g. XML processing) − Application − Database

• Attacker looks for the bottleneck inside the service processing chain!

27

DoS Example: SYN Flooding

SYN SYN ACK ACK SYN SYN ACK SYN SYN ACK SYN SYN ACK Client Server Client Server

28

DDoS: Distributed DoS

• Often executed by multiple attackers: Distributed Denial of service (DDoS)
• Either controlled by botnet or „crowd“

29

DDoS: Mirai Botnet

• Millions of infected IoT devices (routers, IP cameras)
• Offers DDoS as a service:

50.000 devices for 2 weeks: 3000$ - 4000$

Image Source: https://fossbytes.com/live-map-shows-record-breaking-mirai-malware-attacking-country/ Image Source: http://www.bleepingcomputer.com/news/security/you-can-now-rent-a-mirai-botnet-of-400-000-bots/

30

DDoS: Mirai Botnet

• Illustrating the infection with Mirai

Source: Twitter

31

DDoS: Mirai Botnet

• One victim

32

Source: http://krebsonsecurity.com/

Attack Examples

• ... many more to come throughout the class

33