Network Security Where we are in the Course Security crosses all - - PowerPoint PPT Presentation

network security where we are in the course
SMART_READER_LITE
LIVE PREVIEW

Network Security Where we are in the Course Security crosses all - - PowerPoint PPT Presentation

Jan 31, 2024 364 likes •932 views

Network Security Where we are in the Course Security crosses all layers Application Transport Network Link Physical CSE 461 University of Washington 2 Security Threats Security is like performance Means many things

slide-1
SLIDE 1

Network Security

slide-2
SLIDE 2

Where we are in the Course

  • Security crosses all layers

CSE 461 University of Washington 2

Physical Link Network Transport Application

slide-3
SLIDE 3

Security Threats

  • “Security” is like “performance”
  • Means many things to many people
  • Must define the properties we want
  • Key part of network security is clearly stating the

threat model

  • The dangers and attacker’s abilities
  • Can’t assess risk otherwise

Introduction to Computer Networks 3

slide-4
SLIDE 4

Security Threats (2)

  • Some example threats
  • It’s not all about encrypting messages

Introduction to Computer Networks 4

Attacker Ability Threat Eavesdropper Intercept messages Read contents of message Observer Inspect packet destinations Collect conversations Intruder Compromised host Tamper with contents of message Impersonator Remote social engineering Trick party into giving information Extortionist Remote / botnet Disrupt network services

slide-5
SLIDE 5

Risk Management

  • Security is hard as a negative goal
  • Try to ensure security properties and don’t let anything

bad happen!

  • End-to-end principle in action (can’t trust network!)
  • Only as secure as the weakest link
  • Could be design flaw or bug in code
  • But often the weak link is elsewhere …

Introduction to Computer Networks 5

?

slide-6
SLIDE 6

Risk Management (2)

  • 802.11 security … early on, WEP:
  • Cryptography was flawed; can run cracking software to

read WiFi traffic

  • Today, WPA2/802.11i security:
  • Computationally infeasible to break!
  • So that means 802.11 is secure against

eavesdropping?

Introduction to Computer Networks 6

slide-7
SLIDE 7

Risk Management (3)

  • Many possible threats
  • We just made the first one harder!
  • 802.11 is more secure against eavesdropping in that the

risk of successful attack is lower. But it is not “secure”.

7

Threat Model Old WiFi (WEP) New WiFi (WPA2)

Break encryption from outside Very easy Very difficult Guess WiFi password Often possible Often possible Get password from computer May be possible May be possible Physically break into home Difficult Difficult

slide-8
SLIDE 8

Cryptography

slide-9
SLIDE 9

Cryptology

  • Rich history, especially spies / military
  • From the Greek “hidden writing”
  • Cryptography
  • Focus is encrypting information
  • Cryptanalysis
  • Focus is how to break codes
  • Modern emphasis is on codes that are “computationally

infeasible” to break

  • Takes too long compute solution

Introduction to Computer Networks 9

slide-10
SLIDE 10

Uses of Cryptography

  • Encrypting information is useful for more than

deterring eavesdroppers

  • Prove message came from real sender
  • Prove remote party is who they say
  • Prove message hasn’t been altered
  • Designing secure cryptographic scheme tricky!
  • Use approved design (library) in approved way

Introduction to Computer Networks 10

slide-11
SLIDE 11

Internet Reality

  • Most of the protocols were developed before the

Internet grew popular

  • It was a smaller, more trusted world
  • So protocols lacked security …
  • We have strong security needs today
  • Clients talk with unverified servers
  • Servers talk with anonymous clients
  • Security has been retrofitted
  • This is far from ideal!

Introduction to Computer Networks 11

slide-12
SLIDE 12

Goal and Threat Model

  • Goal is to send a private message from Alice to Bob
  • This is called confidentiality
  • Threat is Eve will read the message
  • Eve is a passive adversary (observes)

Introduction to Computer Networks 12

Alice Bob Eve

??

Inetworks

slide-13
SLIDE 13

Encryption/Decryption Model

  • Alice encrypts private message (plaintext) using key
  • Eve sees ciphertext but not plaintext
  • Bob decrypts using key to get the private message

Introduction to Computer Networks 13

Alice Bob Encrypt Decrypt Hi there

Ciphertext Plaintext Plaintext Key Key

Eve

Network

Inetworks Inetworks

slide-14
SLIDE 14

Encryption/Decryption (2)

  • Encryption is a reversible mapping
  • Ciphertext is confused plaintext
  • Assume attacker knows algorithm
  • Security does not rely on its secrecy
  • Algorithm is parameterized by keys
  • Security does rely on key secrecy
  • Must be distributed (Achilles’ heel)

Introduction to Computer Networks 14

slide-15
SLIDE 15

Encryption/Decryption (3)

Two main kinds of encryption:

  • 1. Symmetric key encryption », e.g., AES
  • Alice and Bob share secret key
  • Encryption is a bit mangling box
  • 2. Public key encryption », e.g., RSA
  • Alice and Bob each have a key in two parts: a public part

(widely known), and a private part (only owner knows)

  • Encryption is based on mathematics (e.g., RSA is based on

difficulty of factoring)

Introduction to Computer Networks 15

slide-16
SLIDE 16

Symmetric (Secret Key) Encryption

  • Alice and Bob have the same secret key, KAB
  • Anyone with the secret key can encrypt/decrypt

Introduction to Computer Networks 16

Alice Bob Encrypt Decrypt Hi there

Ciphertext Plaintext Plaintext Secret key Secret key

Inetworks Inetworks

KAB KAB

slide-17
SLIDE 17

Public Key (Asymmetric) Encryption

  • Alice and Bob have public/private key pairs (KB /KB-1)
  • Public keys are well-known, private keys are secret

Introduction to Computer Networks 17

Alice Bob Encrypt Decrypt Hi there

Ciphertext Plaintext Plaintext Bob’s public key Bob’s private key

Inetworks Inetworks

KB-1 KB

slide-18
SLIDE 18

Public Key Encryption (2)

  • Alice encrypts w/ Bob’s pubkey KB; anyone can send
  • Bob decrypts w/ his private key KB-1; only he can

Introduction to Computer Networks 18

Alice Bob Encrypt Decrypt Hi there

Ciphertext Plaintext Plaintext Bob’s public key Bob’s private key

Inetworks Inetworks

KB-1 KB

slide-19
SLIDE 19

Key Distribution

  • This is a big problem on a network!
  • Often want to talk to new parties
  • Symmetric encryption problematic
  • Have to first set up shared secret
  • Public key idea has own difficulties
  • Need trusted directory service
  • We’ll look at certificates later

Introduction to Computer Networks 19

slide-20
SLIDE 20

Symmetric vs. Public Key

  • Have complementary properties
  • Want the best of both!

Introduction to Computer Networks 20

Property Symmetric Public Key Key Distribution Hard – share secret per pair of users Easier – publish public key per user Runtime Performance Fast – good for high data rate Slow – few, small, messages

slide-21
SLIDE 21

Winning Combination

  • Alice uses public key encryption to send Bob a small

private message

  • It’s a key! (Say 256 bits.)
  • Alice/Bob send messages with symmetric encryption
  • Using the key they now share
  • The key is called a session key
  • Generated for short-term use

Introduction to Computer Networks 21

slide-22
SLIDE 22

Message Authentication

slide-23
SLIDE 23

Goal and Threat Model

  • Goal is for Bob to verify the message is from Alice and

unchanged

  • This is called integrity/authenticity
  • Threat is Trudy will tamper with messages
  • Trudy is an active adversary (interferes)

Introduction to Computer Networks 23

Alice Bob Trudy Inetworks ????

slide-24
SLIDE 24

Wait a Minute!

  • We’re already encrypting messages to provide

confidentiality

  • Why isn’t this enough?

Introduction to Computer Networks 24

slide-25
SLIDE 25

Encryption Issues

  • What will happen if Trudy flips some of Alice’s

message bits?

  • Bob will decrypt it, and …

Introduction to Computer Networks 25

Bob Trudy

slide-26
SLIDE 26

Encryption Issues (2)

  • What will happen if Trudy flips some of Alice’s

message bits?

  • Bob will receive an altered message

Introduction to Computer Networks 26

Bob Trudy Um?? yuiE#E3@

slide-27
SLIDE 27

Encryption Issues (3)

  • Typically encrypt blocks of data
  • What if Trudy reorders message?
  • Bob will decrypt, and …

Introduction to Computer Networks 27

Bob Trudy

1 2 3 4 5

slide-28
SLIDE 28

Encryption Issues (4)

  • What if Trudy reorders message?
  • Bob will receive altered message

Introduction to Computer Networks 28

Bob Trudy

1 2 3 4 5

BUY NOW! DO NOT STOP OK!

slide-29
SLIDE 29

MAC (Message Authentication Code)

  • MAC is a small token to validate the

integrity/authenticity of a message

  • Conceptually ECCs again
  • Send the MAC along with message
  • Validate MAC, process the message
  • Example: HMAC scheme

Introduction to Computer Networks 29

Alice Bob Message MAC

slide-30
SLIDE 30

MAC (2)

  • Sorta symmetric encryption operation – key shared
  • Lets Bob validate unaltered message came from Alice
  • Doesn’t let Bob convince Charlie that Alice sent the

message

Introduction to Computer Networks 30

Alice Bob Generate Validate

MAC Secret key Secret key

Inetworks Inetworks

KAB KAB

Message

slide-31
SLIDE 31

Digital Signature

  • Signature validates the integrity/authenticity of

message

  • Send it along with the message
  • Lets all parties validate
  • Example: RSA signatures

Introduction to Computer Networks 31

Alice Message Signature

slide-32
SLIDE 32

Digital Signature (2)

  • Kind of public key operation – pub/priv key parts
  • Alice signs w/ private key, KA-1, Bob verifies w/ public key, KA
  • Does let Bob convince Charlie that Alice sent the message

Introduction to Computer Networks 32

Alice Bob Sign Verify

Alice’s private key Alice’s public key

Inetworks Inetworks

KA-1 KA Signature

Message

slide-33
SLIDE 33

Speeding up Signatures

  • Same tension as for confidentiality:
  • Public key has keying advantages
  • But it has slow performance!
  • Use a technique to speed it up
  • Message digest stands for message
  • Sign the digest instead of full message

Introduction to Computer Networks 33

slide-34
SLIDE 34

Message Digest or Cryptographic Hash

  • Digest/Hash is a secure checksum
  • Deterministically mangles bits to pseudo-random output

(like CRC)

  • Can’t find messages with same hash
  • Acts as a fixed-length descriptor of message – very useful!

Introduction to Computer Networks 34

I might be a tiny bit sick of networks… Hash function

Output e.g., SHA1 (160 bits) Input

slide-35
SLIDE 35

Speeding up Signatures (2)

  • Conceptually similar except sign the hash of message
  • Hash is fast to compute, so it speeds up overall operation
  • Hash stands for msg as can’t find another w/ same hash

Introduction to Computer Networks 35

Alice Bob Sign Verify

Alice’s private key Alice’s public key

Inetworks Inetworks

KA-1 KA Signature of hash

  • f message

Message

slide-36
SLIDE 36

Preventing Replays

  • We normally want more than confidentiality,

integrity, and authenticity for secure messages!

  • Want to be sure message is fresh
  • Need to distinguish message from replays
  • Repeat of older message
  • Acting on it again may cause trouble

Introduction to Computer Networks 36

slide-37
SLIDE 37

Preventing Replays (2)

  • Replay attack:
  • Trudy records Alice’s messages to Bob
  • Trudy later replays them (unread) to Bob
  • She pretends to be Alice

Introduction to Computer Networks 37

Bob Trudy

Password?

Hi Alice!

slide-38
SLIDE 38

Preventing Replays (3)

  • To prevent replays, include a proof of freshness in

the messages

  • Use a timestamp, or nonce

Introduction to Computer Networks 38

Alice Bob OK Alice! Message MAC Tue 10:03:57: “sell stocks”

Freshness Authenticity/Integrity Confidentiality

slide-39
SLIDE 39

Takeaway

  • Cryptographic designs can give us integrity,

authenticity and freshness as well as confidentiality.

  • Real protocol designs combine the properties in

different ways

  • We’ll see some examples
  • Note many pitfalls in how to combine, as well as in the

primitives themselves

Introduction to Computer Networks 39

slide-40
SLIDE 40

Web Security

slide-41
SLIDE 41

Goal and Threat Model

  • Much can go wrong on the web!
  • Clients encounter malicious content
  • Web servers are target of break-ins
  • Fake content/servers trick users
  • Data sent over network is stolen …

Introduction to Computer Networks 41

Internet Server Client

slide-42
SLIDE 42

Goal and Threat Model (2)

  • Goal of HTTPS is to secure HTTP
  • We focus on network threats:

1. Eavesdropping client/server traffic 2. Tampering with client/server traffic 3. Impersonating web servers

Introduction to Computer Networks 42

Server Client Network

slide-43
SLIDE 43

HTTPS Context

  • HTTPS (HTTP Secure) is an add-on
  • Means HTTP over SSL/TLS
  • SSL (Secure Sockets Layer) precedes TLS (Transport Layer

Security)

Introduction to Computer Networks 43

IP HTTP TCP SSL/TLS

HTTPS Insert

slide-44
SLIDE 44

HTTPS Context (2)

  • SSL came out of Netscape
  • SSL2 (flawed) made public in ‘95
  • SSL3 fixed flaws in ‘96
  • TLS is the open standard
  • TLS 1.0 in ‘99, 1.1 in ‘06, 1.2 in ‘08
  • Motivated by secure web commerce
  • Slow adoption, now widespread use
  • Can be used by any app, not just HTTP

Introduction to Computer Networks 44

slide-45
SLIDE 45

SSL Operation

  • Protocol provides:

1. Verification of identity of server (and optionally client) 2. Message exchange between the two with confidentiality, integrity, authenticity and freshness

  • Consists of authentication phase (that sets up

encryption) followed by data transfer phase

Introduction to Computer Networks 45

slide-46
SLIDE 46

SSL/TLS Authentication

  • Must allow clients to securely connect to servers

not used before

  • Client must authenticate server
  • Server typically doesn’t identify client
  • Uses public key authentication
  • But how does client get server’s key?
  • With certificates »

Introduction to Computer Networks 46

slide-47
SLIDE 47

Certificates

  • A certificate binds pubkey to identity, e.g., domain
  • Distributes public keys when signed by a party you trust
  • Commonly in a format called X.509

Introduction to Computer Networks 47

Signed by CA

slide-48
SLIDE 48

PKI (Public Key Infrastructure)

  • Adds hierarchy to certificates to let parties issue
  • Issuing parties are called CAs (Certificate Authorities)

Introduction to Computer Networks 48

I certified the ABC website!

slide-49
SLIDE 49

I certified the ABC website!

PKI (2)

  • Need public key of PKI root and trust in servers on

path to verify a public key of website ABC

  • Browser has Root’s public key
  • {RA1’s key is X} signed Root
  • {CA1’s key is Y} signed RA1
  • {ABC’s key Z} signed CA1

Introduction to Computer Networks 49

slide-50
SLIDE 50

Introduction to Computer Networks 50

PKI (3)

  • Browser/OS has public keys of

the trusted roots of PKI

  • >100 root certificates!
  • That’s a problem …
  • Inspect your web browser

Certificate for wikipedia.org issued by DigiCert

slide-51
SLIDE 51

PKI (4)

  • Real-world complication:
  • Public keys may be compromised
  • Certificates must then be revoked
  • PKI includes a CRL (Certificate Revocation List)
  • Browsers use to weed out bad keys

Introduction to Computer Networks 51

slide-52
SLIDE 52

SSL3 Authentication (2)

Introduction to Computer Networks 52

Negotiate ciphers, send certificate, … Certificate lets Alice check Bob Switch to Alice’s session key Real Bob can compute session key Encrypted data Encrypted data

slide-53
SLIDE 53

“Metadata”

  • What can attacker still learn from an HTTPS connection?
slide-54
SLIDE 54

Tor

  • “The Onion Router”
  • Basic idea:
  • 1. Generate circuit of routers that you know will send packet
  • 2. Encrypt the packet in layers for each router in circuit
  • 3. Send the packet
  • 4. Each router receives, decrypts their layer, and forwards based on new info
  • 5. Routers maintain state about circuit to route stuff back to sender
  • But again, only know the next hop
slide-55
SLIDE 55

Takeaways

  • SSL/TLS is a secure transport
  • For HTTPS and more, with the usual confidentiality, integrity /

authenticity

  • Very widely used today
  • Client authenticates web server
  • Done with a PKI and certificates
  • Major area of complexity and risk
  • “Metadata” leaks
  • Use other tools (Tor) if you want to hide that

Introduction to Computer Networks 55