CS3009 Cryptography and Network Security Week 13-14 PDF

Summary

This document provides an overview of computer and network security. It includes definitions of key terms like vulnerabilities, threats, and attacks. It also covers different types of attacks and security concepts.

Full Transcript

CS3009 –
Cryptography and
Network Security
Week 13-14
Network Security

Network security is activity designed to protect the usability and
integrity of network data
It includes both hardware and software technologies
Network security terms:
Vulnerabilities: attack surface or flaw in the system that can
be exploited by attacker
Threats: condition/circumstance which can cause damage to
the system/asset. It can be intentional or unintentional.
Attacks: an intended action to cause damage to
system/asset

2
Vulnerabilities

Primary vulnerabilities in network
Technology vulnerabilities – security weaknesses in
technology
Configuration vulnerabilities – incorrect network
configurations
Security policy vulnerabilities – lack of security policy
imposement

3
Technology Vulnerabilities

Computer and network technologies have inbuilt security
vulnerabilities:
TCP/IP protocol vulnerabilities
(HTTP, FTP are inherently unsecure)
Operating system vulnerabilities
(Windows, Linux have security problems)
Network equipment vulnerabilities
(routers, switches have security weaknesses)

4
Configuration Vulnerabilities
Network administrator need to correctly configure the computing
and network devices to compensate:
Unsecured user accounts
(information transmitted insecurely across network)
System account with easily guessed passwords
Unsecured default settings within products
Misconfigured internet services
(untrusted sites on dynamic webpages)
Misconfigured network equipment
(misconfiguration itself cause security problem)

5
Security Policy Vulnerabilities
The network can pose security risk if users do not follow the
security policies.
Lack of written security policy
(policies in booklet)
Politics
(political battles makes it difficult to implement security
policies)
Lack of continuity
(easily cracked or default password allows unauthorized
access)
Logical access control. Not applied
(imperfect monitoring allows unauthorized access)
Disaster recovery plan nonexistent
(lack of disaster recovery plan allows panic when
someone attacks the enterprise)
6
Threats
The people eager, willing and qualified to take advantage of each
security vulnerability, and they continually search for new
exploits and weaknesses. Following classes of threats:
Structured threats: implemented by a technically skilled
person who is trying to gain access to your network
Unstructured threats: created by an inexperienced/ non-
technical person who is trying to gain access to your
network
External threats: occurs when someone from inside your
network creates a security threat to your network
Internal threats: occurs when someone from outside your
network creates a security threat to your network
7
Common terms
Hacker: hacker is a person intensely interested in requiring secret and
recondite workings of any computer operating system. Hackers are most
often programmers.
Phreaker: A phreaker is an individual who manipulates the phone network to
cause it to perform a function that is normally not allowed. A common goal of
phreaking is breaking into the phone network.
Spammer: An individual who sends large number of unsolicited e-mail
messages. Spammers often use viruses to take control of home computers to
use these computers to send out their bulk messages.
Phisher: A phisher uses e-mail or other means in an attempt to trick others
into providing sensitive information, such as credit card no or password etc.
White hat: Individuals who use their abilities to find vulnerabilities in systems
or networks and then report these vulnerabilities to the owners of the system
so that they can be fixed.
Black hat: Individuals who use their knowledge of computer to break into
system that they are not authorized to use.

8
Attacks
The threats use a variety of tools, scripts and programs to launch attack against
network and network devices. Following are the classes of attacks:
Reconnaissance: is a primary step of computer attack. It involve
unauthorized discovery of targeted system to gather information about
vulnerabilities. The hacker surveys a network and collects data for a future
attacks
Access: it is just what it sounds like: an attempt to access another user
account or network device through improper means.
Denial of Service (DoS): DoS attacks are often implemented by a hacker as
a means of denying a service that is normally available to a user or
organization. DoS attacks involve either crashing the system or slowing it
down to the point that it is unusable.
Worms, viruses and trojan horses: malicious code is the kind of harmful
computer code designed to create system vulnerabilities leading to back
doors and other potential damages to files and computing systems. It’s a
type of threat that may not be blocked by antivirus software on its own.9
Access attack can consist of the
following:

1. Password attack
2. Trust exploitation
3. Port redirection
4. Traffic Interception attack
5. Man-in-the-Middle attack
6. Social engineering
7. Phishing

10
Password attacks
Password attacks can be implemented using brute-force
attack (repeated attempts to identify users password)
Methods for computing passwords:
Dictionary cracking

Brute-force computation

11
Trust exploitation
Trust exploitation refers to an attack in which an individual takes
advantage of a trust relationship within a network.

12
Port redirection
A type of trust exploitation attack that uses a compromised host to
pass traffic through a firewall that would otherwise be dropped.

13
Traffic Interception Attack
In this attack, the cyber criminal uses software
such as packet sniffers to monitor network traffic
and capture passwords as they’re passed. Similar
to eavesdropping or tapping a phone line, the
software monitors and captures critical
information.

14
Man-in-the Middle attack
A man-in-the-Middle attack requires that
the hacker have access to network packets
that come across a network

15
Social engineering
Social engineering is the art of manipulating people so they give up
confidential information.
Phishing—Emails, texts, etc. sent to fool users into providing their
credentials, clicking a link that installs malicious software, or going to a fake
website.
Spear phishing—Similar to phishing but with better crafted, tailored
emails/texts which rely on information already gathered about the users. For
example, the hacker may know that the user has a particular type of
insurance account and reference it in the email or use the company’s logo
and layout to make the email seem more legitimate.
Baiting—Attackers leave infected USBs or other devices in public or employer
locations in the hopes they will be picked up and used by employees.
Quid quo pro—The cyber criminal impersonates someone, like a helpdesk
employee, and interacts with a user in a way that requires getting
information from them.
16
Denial of service (DoS)
DoS attacks are often implemented by a hacker as a means
of denying a service that is normally available to a user or
organization.
DoS attacks involve either crashing the system or slowing it
down to the point that it is unusable

17
Distributed DoS
DDoS uses attack methods similar to standard DoS
attack but operates on a much large scale

18
IPSecurity (IPSec)

IPSecurity (IPSec) is a collection of protocols designed
by the Internet Engineering Task Force (IETF) to
provide security for a packet at the network level.

Two Modes
Two Security Protocols
Security Association
Virtual Private Network
Internet Key Exchange (IKE)
Figure TCP/IP protocol suite and IPSec
Figure Transport mode and tunnel modes of IPSec protocol
Note

IPSec in the transport mode does not
protect the IP header; it only protects
the information coming from the
transport layer.
Figure Transport mode in action
Figure Tunnel mode in action
Note

IPSec in tunnel mode protects the
original IP header.
Figure Encapsulating Security Payload (ESP) Protocol in transport mode
Note

ESP provides source authentication,
data integrity, and privacy.
Figure Authentication Header (AH) Protocol in transport mode
Note

The AH Protocol provides source
authentication and data integrity,
but not privacy.
Table IPSec services
Figure Simple inbound and outbound security associations
Table Addresses for private networks
Figure Private network
Figure Hybrid network
Figure Virtual private network
Figure Addressing in a VPN
Note

IKE creates SAs for IPSec.
E-mail architecture

5
0
Message Integrity

An authenticated message

10
Compression

A compressed message

11
Cryptographic Algorithms
Note
In e-mail security, the sender of the message needs to
include the name or identifiers
of the algorithms used in the message.

Certificates
It is obvious that some public-key algorithms must be
used for e-mail security.

6
7
Position of PGP in the TCP/IP protocol suite

6
8
A scenario in which an e-mail message is
authenticated and encrypted
Confidentiality with One-Time Session Key

A confidential message

13
Code Conversion
Another service provided by PGP is code
conversion. PGP uses Radix-64 conversion.

Segmentation
PGP allows segmentation of the message.
 Key Revocation

It may become necessary for an entity to
revoke his or her public key from the ring.
This may happen if the owner of the key
feels that the key is compromised (stolen,
for example) or just too old to be safe.
PGP Packets

Format of packet header
Types of PGP Packet
Literal data packet
Compressed data packet
Encrypted data packet
Signature packet
Session-key packet
Public-key packet

Public Key

30
Encrypted message
Signed message
Certificate message
S/MIME

Another security service designed for
electronic mail is Secure/Multipurpose
Internet Mail Extension (S/MIME). The
protocol is an enhancement of the
Multipurpose Internet Mail Extension
(MIME) protocol.
MIME
40
Radix-64 conversion
 S/MIME
S/MIME adds some new content types to include
security services to the MIME. All of these new
types include the parameter “application/pkcs7-
mime,” in which “pkcs” defines “Public Key
Cryptography Specification.”

Cryptographic Message Syntax (CMS)
To define how security services, such as confidentiality or
integrity, can be added to MIME content types, S/MIME
has defined Cryptographic Message Syntax (CMS). The
syntax in each case defines the exact encoding scheme
for each content type.
Signed-data content type
Enveloped-data content type
Digest-data content type
Authenticated-data content type
SSL (Secure Socket Layer)

transport layer security service
originally developed by Netscape
version 3 designed with public input
subsequently became Internet standard
known as TLS (Transport Layer Security)
uses TCP to provide a reliable end-to-end
service
SSL has two layers of protocols
SSL Architecture
SSL Architecture

SSL session
an association between client & server
created by the Handshake Protocol
define a set of cryptographic parameters
may be shared by multiple SSL connections
SSL connection
a transient, peer-to-peer, communications link
associated with 1 SSL session
SSL Record Protocol
confidentiality
using symmetric encryption with a shared secret
key defined by Handshake Protocol
IDEA, RC2-40, DES-40, DES, 3DES, Fortezza, RC4-
40, RC4-128
message is compressed before encryption
message integrity
using a MAC with shared secret key
similar to HMAC but with different padding
SSL Change Cipher Spec Protocol

one of 3 SSL specific protocols which use the
SSL Record protocol
a single message
causes pending state to become current
hence updating the cipher suite in use
SSL Alert Protocol

conveys SSL-related alerts to peer entity
severity
warning or fatal
specific alert
unexpected message, bad record mac, decompression
failure, handshake failure, illegal parameter
close notify, no certificate, bad certificate, unsupported
certificate, certificate revoked, certificate expired,
certificate unknown
compressed & encrypted like all SSL data
SSL Handshake Protocol

allows server & client to:
authenticate each other
to negotiate encryption & MAC algorithms
to negotiate cryptographic keys to be used
comprises a series of messages in phases
Establish Security Capabilities
Server Authentication and Key Exchange
Client Authentication and Key Exchange
Finish
SSL Handshake Protocol
Location of SSL and TLS in the Internet model

17.106
 SSL ARCHITECTURE

SSL is designed to provide security and compression
services to data generated from the application layer.
1. Services
2. Key Exchange Algorithms
3. Encryption/Decryption Alogrithms
4. Hash Algorithms
5. Cipher Suite
6. Compression Algorithms
7. Crypography Parameter Generation
8. Session and Connections

17.10
 Services

Fragmentation

Compression

Message Integrity

Confidentiality

Framing
Key Exchange Algorithms

Key-exchange methods

17.109
 NULL

There is no key exchange in this method. No pre-
master secret is established between the client and
the server.

Note
Both client and server need to know the
value of the pre-master secret.

17.11
 RSA

RSA key exchange; server public key

17.11
 Anonymous Diffie-Hellman

Anonymous Diffie-Hellman key exchange

17.11
 Ephemeral Diffie-Hellman key exchange

Ephemeral Diffie-Hellman key exchange

17.11
Fixed Diffie-Hellman
Another solution is the fixed Diffie-Hellman method.
All entities in a group can prepare fixed Diffie-
Hellman parameters (g and p).
Fortezza
Fortezza is a registered trademark of the U.S.
National Security Agency (NSA). It is a family of
security protocols developed for the Defense
Department.
Encryption/Decryption Algorithms

Encryption/decryption algorithms
NULL
The NULL category simply defines the lack of an
encryption/decryption algorithm.
Stream RC
Two RC algorithms are defined in stream mode.

Block RC
One RC algorithm is defined in block mode.

DES
All DES algorithms are defined in block mode.
 SELF STUDY:
Differentiations
between RC4, IDEA and
Fortezza algorithms
Hash Algorithm

Hash algorithms for message integrity

17.118
 Cipher Suite

The combination of key exchange, hash, and
encryption algorithms defines a cipher suite for each
SSL session.

17.119
 Compression Algorithms

Compression is optional in SSLv3. No specific
compression algorithm is defined for SSLv3.
Therefore, the default compression method is NULL.
Cryptographic Parameter Generation

Calculation of master secret from pre-master secret
Calculation of key material from master secret
Extractions of cryptographic secrets from key material
 Sessions and Connections

Note

In a session, one party has the role of a client
and the other the role of a server;
in a connection, both parties have equal
roles, they are peers.
A session and connections
 Session State

Session state parameters

17.12
 Connection State

Connection state parameters

17.12
Note

The client and the server have six different
cryptography secrets: three read secrets
and three write secrets.
The read secrets for the client are the same
as the write secrets for the server and vice
versa.
 Four Protocols

We have discussed the idea of SSL without showing
how SSL accomplishes its tasks. SSL defines four
protocols in two layers,

1. Handshake Protocol
2. ChangeCipher Spec Protocol
3. Alert Protocol
4. Record Protocol

17.12
Four SSL protocols

17.130
Handshake Protocol
Handshake Protocol

17.131
Phase I of Handshake Protocol

17.132
 Note

After Phase I, the client and server know
the following:
❏ The version of SSL
❏ The algorithms for key exchange,
message authentication, and encryption
❏ The compression method
❏ The two random numbers for key
generation
17.13
Phase II of Handshake Protocol

17.134
 Note

After Phase II,
❏ The server is authenticated to the client.
❏ The client knows the public key of the
server if required.

17.13
Four cases in Phase II
Phase III of Handshake Protocol

17.137
 Note

After Phase III,
❏ The client is authenticated for the server.
❏ Both the client and the server know the
pre-master secret.

17.13
Four cases in Phase III
Phase IV of Handshake Protocol
Note

After Phase IV, the client and server are
ready to exchange data.
Movement of parameters from pending state to active state
Alert Protocol

Alerts defined for SSL
Record Protocol

Processing done by the Record Protocol
Calculation of MAC
 SSL MESSAGE FORMATS

As we have discussed, messages from three protocols
and data from the application layer are encapsulated
in the Record Protocol messages.

1. ChangeCipherSpec Protocol
2. Alert Protocol
3. Handshake Protocol
4. Application Data
Record Protocol general header
ChangeCipherSpec Protocol

ChangeCipherSpec message
Alert Protocol

Alert message
Handshake Protocol

Generic header for Handshake Protocol
Types of Handshake messages
Virtual tributary types
ClientHello message
ServerHello message
Certificate message
ServerKeyExchange message
CertificateRequest message
ServerHelloDone message
CertificateVerify message
Hash calculation for CertificateVerify message
ClientKeyExchange message
Finished message
Hash calculation for Finished message
Application Data

Record Protocol message for application data
Transport Layer Security (TLS)

The Transport Layer Security (TLS) protocol is the
IETF standard version of the SSL protocol. The two
are very similar, with slight differences.
 Cipher Suite

Another minor difference between SSL and TLS is the
lack of support for the Fortezza method. TLS does not
support Fortezza for key exchange or for
encryption/decryption.
Cipher Suite for TLS
Master secret generation
Key material generation
 Alert Protocol

TLS supports all of the alerts defined in SSL except for
NoCertificate. TLS also adds some new ones to the list.
Table 17.7 shows the full list of alerts supported by
TLS.
Handshake Protocol

Hash for CertificateVerify message in TLS
Hash for Finished message in TLS
Record Protocol
HMAC for TLS
Introduction

⚫ Network Security ⚫ System Security
− Protecting − User access
⚫ Network − Authentication
equipment. controls
⚫ Network servers − Assignment of
and transmissions. privilege
⚫ Eavesdropping. − Maintaining file and
− Data Integrity file system integrity
− Monitoring processes
− Log-keeping
− Backups
Definitions
⚫ Intrusion
− A set of actions aimed to compromise the
security goals, namely
⚫ Integrity, confidentiality, or availability, of a
computing and networking resource
⚫ Intrusion detection
− The process of identifying and responding to
intrusion activities
⚫ Intrusion prevention
− Extension of ID with exercises of access
control to protect computers from exploitation
Intrusion Detection System

⚫ IDS - Definition
− Monitors either a Network boundary
(Network IDS) or a single host (Host IDS) in
real-time, looking for patterns that indicate
Attacks.
⚫ Functional Blocks..
− Sensor
− Monitor
− Resolver
− Controller
Contd...

⚫ Sensor
⚫ System Specific Data Gathering Component.
⚫ Track Network traffic, Log files, System
behaviour
⚫ Monitor
⚫ Monitor Components, Get Events from Sensor.
⚫ Correlates Events against Behaviour-Model
⚫ Produce Alerts.
⚫ Resolver
⚫ Determine Response against Alerts.
⚫ E.g. Logging, Changing System Mechanism,
Setting Firewall Rule etc.
⚫ Controller - Coordination and Administration
Elements of Intrusion Detection

⚫ Primary assumptions:
− System activities are observable
− Normal and intrusive activities have distinct
evidence
⚫ Components of intrusion detection
systems:
− From an algorithmic perspective:
⚫ Features - capture intrusion evidences
⚫ Models - piece evidences together
− From a system architecture perspective:
⚫ Various components: audit data processor,
knowledge base, decision engine, alarm
generation and responses
Components of Intrusion Detection
System

Audit Records
system activities are
observable
Audit Data
Preprocessor

Activity Data

Detection normal and intrusive
Models
Detection Engine activities have distinct
evidence
Alarms
Action/Report
Decision Decision Engine
Table
Intrusion Detection Approaches

⚫ Modeling
− Features: evidences extracted from audit data
− Analysis approach: piecing the evidences
together
⚫ Misuse detection (a.k.a. signature-based)
⚫ Anomaly detection (a.k.a. statistical-based)
⚫ Deployment: Network-based or Host-based
− Network based: monitor network traffic
− Host based: monitor computer processes
⚫
Misuse Detection

pattern
matching
Intrusion
Patterns: intrusion
Sequences of
system calls,
patterns of activities
network traffic,
etc.
⚫

Example: if (traffic contains “x90+de[^\r\n]{30}”) then “attack detected”
Problems?
Can’t detect new attacks
Anomaly Detection
probable
intrusion
activity
measures
⚫ Define a profile
describing “normal”
behavior, then detects
deviations.
Any problem ?
Relatively high false positive rates
Anomalies can just be new normal activities.
Anomalies caused by other element faults
E.g., router failure or misconfiguration, P2P misconfig
Host-Based IDSs

⚫ Use OS auditing and monitoring mechanisms to find
applications taken over by attacker
− Log all relevant system events (e.g., file/device accesses)
− Monitor shell commands and system calls executed by user
applications and system programs
⚫ Pay a price in performance if every system call is filtered
⚫ Problems:
− User dependent: install/update IDS on all user machines!
− If attacker takes over machine, can tamper with IDS
binaries and modify audit logs
− Only local view of the attack
⚫
Network IDSs
⚫ Deploying sensors at strategic locations
− For example, Packet sniffing via tcpdump at routers
⚫ Inspecting network traffic
− Watch for violations of protocols and unusual
connection patterns
− Look into the packet payload for malicious code
⚫ Limitations
− Cannot execute the payload or do any code analysis !
− Even DPI gives limited application-level semantic
information
− Record and process huge amount of traffic
− May be easily defeated by encryption, but can be
mitigated with encryption only at the gateway/proxy
−
Comparison

Host Based
Network Based
 Narrow in scope (watches only
 Broad in scope (watches all
specific host activities)
network activities)
 More complex setup
 Easier setup
 Better for detecting attacks from
 Better for detecting attacks from
the inside
the outside
 More expensive to implement
 Less expensive to implement
 Detection is based on what any
 Detection is based on what can be
single host can record
recorded on the entire network
 Does not see packet headers
 Examines packet headers
 Usually only responds after a
 Near real-time response
suspicious log entry has been made
 OS-independent
 OS-specific
 Detects network attacks as payload
 Detects local attacks before they hit
is analyzed
the network  Detects unsuccessful attack
 Verifies success or failure of attacks
attempts
Hybrid Intrusion Detection
 Are systems that combine both Host-based
IDS, which monitors events occurring on the
host system and Network-based IDS, which
monitors network traffic, functionality on the
same security platform.
 A Hybrid IDS, can monitor system and
application events and verify a file system’s
integrity like a Host-based IDS, but only
serves to analyze network traffic destined for
the device itself.
 A Hybrid IDS is often deployed on an
organization’s most critical servers.
Honeypots
 Are decoy servers or systems setup to gather
information regarding an attacker of intruder
into networks or systems.
 Appear to run vulnerable services and capture
vital information as intruders attempt
unauthorized access.
 Provide you early warning about new attacks
and exploitation trends which allow
administrators to successfully configure a
behavioral based profile and provide correct
tuning of network sensors.
 Can capture all keystrokes and any files that
might have been used in the intrusion
attempt.
Passive System
 Detects a potential security breach
 Logs the information
 Signals an alert on the console
 Does not take any preventive measures to
stop the attack
Passive System Contd...
Reactive/ Active System

 Responds to the suspicious activity like a
passive IDS by logging, alerting and
recording, but offers the additional ability to
take action against the offending traffic.
Reactive/ Active System Contd...
Architecture of Network IDS

Signature matching
(& protocol parsing when needed)

Protocol identification

TCP reassembly

Packet capture libpcap

Packet stream
Signature Based IDS

 Monitor network or server traffic and match bytes or packet
sequences against a set of predetermined attack lists or
signatures.
 Should a particular intrusion or attack session match a signature
configured on the IDS, the system alerts administrators or takes
other pre-configured action.
 Signatures are easy to develop and understand if you know what
network behavior you’re trying to identify.
 However, because they only detect known attacks, a signature
must be created for every attack.
 New vulnerabilities and exploits will not be detected until
administrators develop new signatures.
 Another drawback to signature-based IDS is that they are very
large and it can be hard to keep up with the pace of fast moving
network traffic.
Anomaly Based IDS

 Use network traffic baselines to determine a “normal” state
for the network and compare current traffic to that baseline.
 Use a type of statistical calculation to determine whether
current traffic deviates from “normal” traffic, which is either
learned and/or specified by administrators.
 If network anomalies occur, the IDS alerts administrators.
 A new attack for which a signature doesn’t exist can be
detected if it falls out of the “normal” traffic patterns.
 High false alarm rates created by inaccurate profiles of
“normal” network operations.
Issues

False Negatives
 When an IDS fails to detect an False Positives
attack  Described as a false alarm.

 False negatives occur when  When an IDS mistakenly

the pattern of traffic is not reports certain “normal”
identified in the signature network activity as malicious.
database, such as new attack  Administrators have to fine

patterns. tune the signatures or
 False negatives are deceptive heuristics in order to prevent
because you usually have no this type of problem.
way of knowing if and when
they occurred.
 You are most likely to identify
false negatives when an
attack is successful and
wasn’t detected by the IDS.
Pros

 Can detect external hackers, as well as,
internal network-based attacks
 Scales easily to provide protection for the
entire network
 Offers centralized management for
correlation of distributed attacks
 Provides defense in depth
 Gives administrators the ability to quantify
attacks
 Provides an additional layer of protection
Cons

 Generates false positives and negatives
 Reacts to attacks rather than preventing them
 Requires full-time monitoring and highly skilled
staff dedicated to interpreting the data
 Requires a complex incident response process
 Cannot monitor traffic at higher network traffic
rates
 Generates an enormous amount of data to be
analyzed
 Cannot deal with encrypted network traffic
 It is expensive