[PPT] - Network Security Where we are in the Course Security crosses all PowerPoint Presentation

SLIDE 1

Network Security

SLIDE 2

Where we are in the Course

Security crosses all layers

CSE 461 University of Washington 2

Physical Link Network Transport Applicatjon

SLIDE 3

Security Threats

“Security” is like “performance”
Means many things to many people
Must defjne the propertjes we want
Key part of network security is clearly statjng the

threat model

The dangers and atuacker’s abilitjes
Can’t assess risk otherwise

Introductjon to Computer Networks 3

SLIDE 4

Security Threats (2)

Some example threats
It’s not all about encryptjng messages

Introductjon to Computer Networks 4

Atuacker Ability Threat Eavesdropper Intercept messages Read contents of message Observer Inspect packet destjnatjons Collect conversatjons Intruder Compromised host Tamper with contents of message Impersonator Remote social engineering Trick party into giving informatjon Extortjonist Remote / botnet Disrupt network services

SLIDE 5

Risk Management

Security is hard as a negatjve goal
Try to ensure security propertjes and don’t let anything

bad happen!

End-to-end principle in actjon (can’t trust network!)
Only as secure as the weakest link
Could be design fmaw or bug in code
But ofuen the weak link is elsewhere …

Introductjon to Computer Networks 5

?

SLIDE 6

Risk Management (2)

802.11 security … early on, WEP:
Cryptography was fmawed; can run cracking sofuware to

read WiFi traffjc

Today, WPA2/802.11i security:
Computatjonally infeasible to break!
So that means 802.11 is secure against

eavesdropping?

Introductjon to Computer Networks 6

SLIDE 7

Risk Management (3)

Many possible threats
We just made the fjrst one harder!
802.11 is more secure against eavesdropping in that the

risk of successful atuack is lower. But it is not “secure”.

7

Threat Model Old WiFi (WEP) New WiFi (WPA2)

Break encryptjon from outside Very easy Very diffjcult Guess WiFi password Ofuen possible Ofuen possible Get password from computer May be possible May be possible Physically break into home Diffjcult Diffjcult

SLIDE 8

Cryptography

SLIDE 9

Cryptology

Rich history, especially spies / military
From the Greek “hidden writjng”
Cryptography
Focus is encryptjng informatjon
Cryptanalysis
Focus is how to break codes
Modern emphasis is on codes that are “computatjonally

infeasible” to break

Takes too long compute solutjon

Introductjon to Computer Networks 9

SLIDE 10

Uses of Cryptography

Encryptjng informatjon is useful for more than

deterring eavesdroppers

Prove message came from real sender
Prove remote party is who they say
Prove message hasn’t been altered
Designing secure cryptographic scheme tricky!
Use approved design (library) in approved way

Introductjon to Computer Networks 10

SLIDE 11

Internet Reality

Most of the protocols were developed before the

Internet grew popular

It was a smaller, more trusted world
So protocols lacked security …
We have strong security needs today
Clients talk with unverifjed servers
Servers talk with anonymous clients
Security has been retrofjtued
This is far from ideal!

Introductjon to Computer Networks 11

SLIDE 12

Goal and Threat Model

Goal is to send a private message from Alice to Bob
This is called confjdentjality
Threat is Eve will read the message
Eve is a passive adversary (observes)

Introductjon to Computer Networks 12

Alice Bob Eve

??

Inetworks

SLIDE 13

Encryption/Decryption Model

Alice encrypts private message (plaintext) using key
Eve sees ciphertext but not plaintext
Bob decrypts using key to get the private message

Introductjon to Computer Networks 13

Alice Bob Encrypt Decrypt Hi there

Ciphertext Plaintext Plaintext Key Key

Eve

Network

Inetworks Inetworks

SLIDE 14

Encryption/Decryption (2)

Encryptjon is a reversible mapping
Ciphertext is encrypted plaintext
Assume atuacker knows algorithm
Security does not rely on its secrecy
Algorithm is parameterized by keys
Security does rely on key secrecy
Must be distributed (Achilles’ heel)

Introductjon to Computer Networks 14

SLIDE 15

Encryption/Decryption (3)

Two main kinds of encryptjon:

1. Symmetric key encryptjon », e.g., AES
Alice and Bob share secret key
Encryptjon is a bit mangling box
2. Public key encryptjon », e.g., RSA
Alice and Bob each have a key in two parts: a public part (widely

known), and a private part (only owner knows)

Encryptjon is based on mathematjcs (e.g., RSA is based on diffjculty of

factoring)

Introductjon to Computer Networks 15

SLIDE 16

Symmetric (Secret Key) Encryption

Alice and Bob have the same secret key, KAB
Anyone with the secret key can encrypt/decrypt

Introductjon to Computer Networks 16

Alice Bob Encrypt Decrypt Hi there

Ciphertext Plaintext Plaintext Secret key Secret key

Inetworks Inetworks

KAB KAB

SLIDE 17

Public Key (Asymmetric) Encryption

Alice and Bob have public/private key pairs (KB / KB-1)
Public keys are well-known, private keys are secret

Introductjon to Computer Networks 17

Alice Bob Encrypt Decrypt Hi there

Ciphertext Plaintext Plaintext Bob’s public key Bob’s private key

Inetworks Inetworks

KB-1 KB

SLIDE 18

Public Key Encryption (2)

Alice encrypts w/ Bob’s pubkey KB; anyone can send
Bob decrypts w/ his private key KB-1; only he can

Introductjon to Computer Networks 18

Alice Bob Encrypt Decrypt Hi there

Ciphertext Plaintext Plaintext Bob’s public key Bob’s private key

Inetworks Inetworks

KB-1 KB

SLIDE 19

Key Distribution

This is a big problem on a network!
Ofuen want to talk to new partjes
Symmetric encryptjon problematjc
Have to fjrst set up shared secret
Public key idea has own diffjcultjes
Need trusted directory service
We’ll look at certjfjcates later

Introductjon to Computer Networks 19

SLIDE 20

Symmetric vs. Public Key

Have complementary propertjes
Want the best of both!

Introductjon to Computer Networks 20

Property Symmetric Public Key Key Distributjon Hard – share secret per pair of users Easier – publish public key per user Runtjme Performanc e Fast – good for high data rate Slow – few, small, messages

SLIDE 21

Winning Combination

Alice uses public key encryptjon to send Bob a small

private message

It’s a key! (Say 256 bits.)
Alice/Bob send messages with symmetric encryptjon
Using the key they now share
The key is called a session key
Generated for short-term use

Introductjon to Computer Networks 21

SLIDE 22

Message Authentication

SLIDE 23

Goal and Threat Model

Goal is for Bob to verify the message is from Alice and

unchanged

This is called integrity/authentjcity
Threat is Trudy will tamper with messages
Trudy is an actjve adversary (interferes)

Introductjon to Computer Networks 23

Alice Bob Trudy Inetworks ????

SLIDE 24

Wait a Minute!

We’re already encryptjng messages to provide

confjdentjality

Why isn’t this enough?

Introductjon to Computer Networks 24

SLIDE 25

Encryption Issues

What will happen if Trudy fmips some of Alice’s

message bits?

Bob will decrypt it, and …

Introductjon to Computer Networks 25

Bob Trudy

SLIDE 26

Encryption Issues (2)

What will happen if Trudy fmips some of Alice’s

message bits?

Bob will receive an altered message

Introductjon to Computer Networks 26

Bob Trudy Um?? yuiE#E3@

SLIDE 27

Encryption Issues (3)

Typically encrypt blocks of data
What if Trudy reorders message?
Bob will decrypt, and …

Introductjon to Computer Networks 27

Bob Trudy

1 2 3 4 5

SLIDE 28

Encryption Issues (4)

What if Trudy reorders message?
Bob will receive altered message

Introductjon to Computer Networks 28

Bob Trudy

1 2 3 4 5

BUY NOW! DO NOT STOP OK!

SLIDE 29

MAC (Message Authentication Code)

MAC is a small token to validate the

integrity/authentjcity of a message

Conceptually ECCs again
Send the MAC along with message
Validate MAC, process the message
Example: HMAC scheme

Introductjon to Computer Networks 29

Alice Bob Message MAC

SLIDE 30

MAC (2)

Sorta symmetric encryptjon operatjon – key shared
Lets Bob validate unaltered message came from Alice
Doesn’t let Bob convince Charlie that Alice sent the

message

Introductjon to Computer Networks 30

Alice Bob Generate Validate

MAC Secret key Secret key

Inetworks Inetworks

KAB KAB

Message

SLIDE 31

Digital Signature

Signature validates the integrity/authentjcity of

message

Send it along with the message
Lets all partjes validate
Example: RSA signatures

Introductjon to Computer Networks 31

Alice Message Signature

SLIDE 32

Digital Signature (2)

Kind of public key operatjon – pub/priv key parts
Alice signs w/ private key, KA
1, Bob verifjes w/ public key, KA
Does let Bob convince Charlie that Alice sent the message

Introductjon to Computer Networks 32

Alice Bob Sign Verify

Alice’s private key Alice’s public key

Inetworks Inetworks

KA-1 KA Signature

Message

SLIDE 33

Speeding up Signatures

Same tension as for confjdentjality:
Public key has keying advantages
But it has slow performance!
Use a technique to speed it up
Message digest stands for message
Sign the digest instead of full message

Introductjon to Computer Networks 33

SLIDE 34

Message Digest or Cryptographic Hash

Digest/Hash is a secure checksum
Deterministjcally mangles bits to pseudo-random output

(like CRC)

Can’t fjnd messages with same hash
Acts as a fjxed-length descriptor of message – very useful!

Introductjon to Computer Networks 34

I might be a tjny bit sick of networks… Hash functjon

Output e.g., SHA1 (160 bits) Input

SLIDE 35

Speeding up Signatures (2)

Conceptually similar except sign the hash of message
Hash is fast to compute, so it speeds up overall operatjon
Hash stands for msg as can’t fjnd another w/ same hash

Introductjon to Computer Networks 35

Alice Bob Sign Verify

Alice’s private key Alice’s public key

Inetworks Inetworks

KA-1 KA Signature of hash

f message

Message

SLIDE 36

Preventing Replays

We normally want more than confjdentjality,

integrity, and authentjcity for secure messages!

Want to be sure message is fresh
Need to distjnguish message from replays
Repeat of older message
Actjng on it again may cause trouble

Introductjon to Computer Networks 36

SLIDE 37

Preventing Replays (2)

Replay atuack:
Trudy records Alice’s messages to Bob
Trudy later replays them (unread) to Bob
She pretends to be Alice

Introductjon to Computer Networks 37

Bob Trudy

Password?

Hi Alice!

SLIDE 38

Preventing Replays (3)

To prevent replays, include a proof of freshness in

the messages

Use a tjmestamp, or nonce

Introductjon to Computer Networks 38

Alice Bob OK Alice! Message MAC Tue 10:03:57: “sell stocks”

Freshness Authentjcity/Integrity Confjdentjality

SLIDE 39

T akeaway

Cryptographic designs can give us integrity,

authentjcity and freshness as well as confjdentjality.

Real protocol designs combine the propertjes in

difgerent ways

We’ll see some examples
Note many pitgalls in how to combine, as well as in the

primitjves themselves

Introductjon to Computer Networks 39

SLIDE 40

Web Security

SLIDE 41

Goal and Threat Model

Much can go wrong on the web!
Clients encounter malicious content
Web servers are target of break-ins
Fake content/servers trick users
Data sent over network is stolen …

Introductjon to Computer Networks 41

Internet Server Client

SLIDE 42

Goal and Threat Model (2)

Goal of HTTPS is to secure HTTP
We focus on network threats:

1. Eavesdropping client/server traffjc 2. Tampering with client/server traffjc 3. Impersonatjng web servers

Introductjon to Computer Networks 42

Server Client Network

SLIDE 43

HTTPS Context

HTTPS (HTTP Secure) is an add-on
Means HTTP over SSL/TLS
SSL (Secure Sockets Layer) precedes TLS (Transport Layer

Security)

Introductjon to Computer Networks 43

IP HTTP TCP SSL/TLS

HTTPS Insert

SLIDE 44

HTTPS Context (2)

SSL came out of Netscape
SSL2 (fmawed) made public in ‘95
SSL3 fjxed fmaws in ‘96
TLS is the open standard
TLS 1.0 in ‘99, 1.1 in ‘06, 1.2 in ‘08, 1.3 in ‘18
Motjvated by secure web commerce
Slow adoptjon, now widespread use
Can be used by any app, not just HTTP

Introductjon to Computer Networks 44

SLIDE 45

TLS 1.3

Motjvatjon 1: Strengthen security
Remove bad cyphers: SHA-1, RC4, DES, 3DES, AES-CBC,

MD5, Arbitrary Diffje-Hellman groups, etc

Simplify confjguratjon
Motjvatjon 2: Speed up protocol
2 RTTs → 1 RTT
0 RTT (resumptjon) possible if site has been recently been

visited

Introductjon to Computer Networks 45

SLIDE 46

SLIDE 47

SLIDE 48

SSL Operation

Protocol provides:

1. Verifjcatjon of identjty of server (and optjonally client) 2. Message exchange between the two with confjdentjality, integrity, authentjcity and freshness

Consists of authentjcatjon phase (that sets up

encryptjon) followed by data transfer phase

Introductjon to Computer Networks 48

SLIDE 49

SSL/TLS Authentication

Must allow clients to securely connect to servers

not used before

Client must authentjcate server
Server typically doesn’t identjfy client
Uses public key authentjcatjon
But how does client get server’s key?
With certjfjcates »

Introductjon to Computer Networks 49

SLIDE 50

Certifjcates

A certjfjcate binds pubkey to identjty, e.g., domain
Distributes public keys when signed by a party you trust
Commonly in a format called X.509

Introductjon to Computer Networks 50

Signed by CA

SLIDE 51

PKI (Public Key Infrastructure)

Adds hierarchy to certjfjcates to let partjes issue
Issuing partjes are called CAs (Certjfjcate Authoritjes)

Introductjon to Computer Networks 51

I certjfjed the ABC website!

SLIDE 52

I certjfjed the ABC website!

PKI (2)

Need public key of PKI root and trust in servers on

path to verify a public key of website ABC

Browser has Root’s public key
{RA1’s key is X} signed Root
{CA1’s key is Y} signed RA1
{ABC’s key Z} signed CA1

Introductjon to Computer Networks 52

SLIDE 53

Introductjon to Computer Networks 53

PKI (3)

Browser/OS has public keys of

the trusted roots of PKI

>100 root certjfjcates!
Inspect your web browser

Certjfjcate for wikipedia.org issued by DigiCert

SLIDE 54

PKI (4)

Real-world complicatjon:
Public keys may be compromised
Certjfjcates must then be revoked
PKI includes a CRL (Certjfjcate Revocatjon List)
Browsers use to weed out bad keys

Introductjon to Computer Networks 54

SLIDE 55

SSL3 Authentication (2)

Introductjon to Computer Networks 55

Negotjate ciphers, send certjfjcate, … Certjfjcate lets Alice check Bob Switch to Alice’s session key Real Bob can compute session key Encrypted data Encrypted data

SLIDE 56

Cellular Security (1)

Very difgerent model
Need to encrypt traffjc and

authentjcate user

Traffjc is not end-to-end, you

are talking to the core network

Plus we have a SIM card!

Introductjon to Computer Networks 56

SLIDE 57

Cellular Security (2)

Symmetric Key on SIM
Created when SIM is printed
Used for authentjcatjon and

link-layer encryptjon

Absolutely no end-to-end encryptjon

Actually illegal. Need to

support “lawful intercept”

Introductjon to Computer Networks 57

SLIDE 58

“Metadata”

What can atuacker (in the network) learn from a call?

SLIDE 59

“Metadata”

What can atuacker (in the network) learn from a call?
What can atuacker (in the network) learn from an HTTPS connectjon?

SLIDE 60

T akeaways

SSL/TLS is a secure transport
For HTTPS and more, with the usual confjdentjality, integrity /

authentjcity

Client authentjcates web server
Done with a PKI and certjfjcates
Major area of complexity and risk
Cellular networks are dumb
“Metadata” leaks
Use other tools (Tor or VPN) if you want to hide that

Introductjon to Computer Networks 60

SLIDE 61

Defenses

SLIDE 62

T

pic
Virtual Private Networks (VPNs)
Run as closed networks on Internet
Use IPSEC to secure messages

Introductjon to Computer Networks 62

Internet

SLIDE 63

Motivation

The best part of IP connectjvity
You can send to any other host
The worst part of IP connectjvity
Any host can send packets to you!
There’s nasty stufg out there …

Introductjon to Computer Networks 63

Internet

SLIDE 64

Motivation (2)

Ofuen desirable to separate network from the

Internet, e.g., a company

Private network with leased lines
Physically separated from Internet

Introductjon to Computer Networks 64

Site A Site B Site C

No way in!

Leased line

SLIDE 65

Motivation (3)

Idea: Use the public Internet instead of leased lines

– cheaper!

Logically separated from Internet …
This is a Virtual Private Network (VPN)

Introductjon to Computer Networks 65

Internet Site A Site B Site C

Maybe …

Virtual link

SLIDE 66

Goal and Threat Model

Goal is to keep a logical network (VPN) separate

from the Internet while using it for connectjvity

Threat is Trudy may access VPN and intercept or tamper

with messages

Introductjon to Computer Networks 66

Ideal

SLIDE 67

T unneling

How can we build a virtual link? With tunneling!
Hosts in private network send to each other normally
To cross virtual link (tunnel), endpoints encrypt and

encapsulate packet

Introductjon to Computer Networks 67

Public Internet Virtual link

r tunnel

Private Network B Private Network A Tunnel endpoint Tunnel endpoint

SLIDE 68

T unneling (2)

Tunnel endpoints encapsulate IP packets (“IP in IP”)
Add/modify outer IP header for delivery

68

TCP IP 802.11 App IP 802.11 TCP IP 802.11 App IP Public Internet 802.11 IP

Ethernet

IP IP

Ethernet

IP Tunnel Endpoint Tunnel Endpoint Private Network B Private Network A Many Routers!

SLIDE 69

T unneling (3)

Simplest encapsulatjon wraps packet with another

IP header

Outer (tunnel) IP header has tunnel endpoints as

source/destjnatjon

Inner packet is encrypted and has private network IP

addresses as source/destjnatjon

Introductjon to Computer Networks 69

TCP HTTP IP IP

Outer (Tunnel) IP Inner packet

SLIDE 70

IPSEC (IP Security)

Longstanding efgort to secure the IP layer
Adds confjdentjality, integrity/authentjcity
IPSEC operatjon:
Keys are set up for communicatjng host pairs
Communicatjon becomes more connectjon-oriented
Header and trailer added to protect IP packets

Introductjon to Computer Networks 70

Tunnel Mode

SLIDE 71

T akeaways

VPNs are useful for building networks on top of the

Internet

Virtual links encapsulate packets
Alters IP connectjvity for hosts
VPNs need crypto to secure messages
Typically IPSEC is used for confjdentjality,

integrity/authentjcity

Introductjon to Computer Networks 71

SLIDE 72

T

r
“The Onion Router”
Basic idea:
1. Generate circuit of routers that you know will send packet
2. Encrypt the packet in layers for each router in circuit
3. Send the packet
4. Each router receives, decrypts their layer, and forwards based on new info
5. Routers maintain state about circuit to route stufg back to sender
But again, only know the next hop

SLIDE 73

Image courtesy torproject.org

SLIDE 74

Image courtesy torproject.org

SLIDE 75

Image courtesy torproject.org

SLIDE 76

SLIDE 77

Other Attacks

SLIDE 78

T

pic
Distributed Denial-of-Service (DDOS)
An atuack on network availability

Introductjon to Computer Networks 78

Internet

Yum!

SLIDE 79

T

pic
Distributed Denial-of-Service (DDOS)
An atuack on network availability

Introductjon to Computer Networks 79

Internet

Uh oh!

SLIDE 80

Motivation

The best part of IP connectjvity
You can send to any other host
The worst part of IP connectjvity
Any host can send packets to you!

Introductjon to Computer Networks 80

Internet

Uh oh!

SLIDE 81

Motivation (2)

Flooding a host with many packets can interfere

with its IP connectjvity

Host may become unresponsive
This is a form of denial-of-service

Introductjon to Computer Networks 81

Internet

Uh oh Hello?

SLIDE 82

Goal and Threat Model

Goal is for host to keep network connectjvity for

desired services

Threat is Trudy may overwhelm host with undesired traffjc

Introductjon to Computer Networks 82

Trudy Internet

Ideal Hello! Hi!

SLIDE 83

SLIDE 84

Internet Reality

Distributed Denial-of-Service is a huge problem

today!

Github atuack of 1tbps
There are no great solutjons
CDNs, network traffjc fjltering, and best practjces all help

Introductjon to Computer Networks 84

SLIDE 85

Denial-of-Service

Denial-of-service means a system is made unavailable to intended

users

Typically because its resources are consumed by atuackers instead
In the network context:
“System” means server
“Resources” mean bandwidth (network) or CPU/memory (host)

Introductjon to Computer Networks 85

SLIDE 86

Host Denial-of-Service

Strange packets can sap host resources!
“Ping of Death” malformed packet
“SYN fmood” sends many TCP connect requests and never follows up
Few bad packets can overwhelm host
Patches exist for these vulnerabilitjes
Read about “SYN cookies” for interest

Introductjon to Computer Networks 86

XXX

SLIDE 87

Network Denial-of-Service

Network DOS needs many packets
To saturate network links
Causes high congestjon/loss
Helpful to have many atuackers … or Distributed Denial-of-Service

Introductjon to Computer Networks 87

Uh oh

Access Link

SLIDE 88

Distributed Denial-of-Service (DDOS)

Botnet provides many atuackers in the form of

compromised hosts

Hosts send traffjc fmood to victjm
Network saturates near victjm

Introductjon to Computer Networks 88

Ouch 

Victjm Botnet

SLIDE 89

Complication: Spoofjng

Atuackers can falsify their IP address
Put fake source address on packets
Historically network doesn’t check
Hides locatjon of the atuackers
Called IP address spoofjng

Introductjon to Computer Networks 89

From: “Bob” Trudy

I hate that Bob! Ha ha!

Alice

SLIDE 90

Spoofjng (2)

Actually, it’s worse than that
Trudy can trick Bob into really sending packets to Alice
To do so, Trudy spoofs Alice to Bob

Introductjon to Computer Networks 90

1: To Bob From: “Alice” Trudy

Huh?

Alice Bob 2: To Alice From Bob (reply)

SLIDE 91

Best Practice: Ingress Filtering

Idea: Validate the IP source address of packets at ISP

boundary (Duh!)

Ingress fjltering is a best practjce, but deployment has

been slow

Introductjon to Computer Networks 91

From: Bob

Trudy

Nope, from Trudy Drat

ISP boundary Internet

SLIDE 92

Introductjon to Computer Networks 92

Flooding Defenses

1. Increase network capacity around the server; harder

to cause loss

Use a CDN for high peak capacity
2. Filter out atuack traffjc within the network (at

routers)

The earlier the fjltering, the betuer
Ultjmately what is needed, but ad hoc measures by ISPs today