Notes on Network Security

Issues

From security courses at:

Stern School of Business, NYU
Georgia Tech
Attacks
 An attack occurs when someone attempts to use
a vulnerability
 Kinds of attacks
 Passive (e.g., eavesdropping)
 Active (e.g., password guessing)
 Denial of Service (DOS)
 Distributed DOS – using many endpoints
 A compromise occurs when an attack is
successful
 Typically associated with taking over resources
Eavesdropping - Message Interception
(Attack on Confidentiality)
 Unauthorized access to information
 Packet sniffers and wiretappers
 Illicit copying of files and programs

S R

Eavesdropper
Integrity Attack - Tampering With
Messages
 Stop the flow of the message
 Delay and optionally modify the message
 Release the message again

S R

Perpetrator
Authenticity Attack - Fabrication
 Unauthorized assumption of other’s identity
 Generate and distribute objects under this
identity

S R

Masquerader: from S
Attack on Availability
 Destroy hardware (cutting fiber) or software
 Modify software in a subtle way (alias commands)
 Corrupt packets in transit

S R

 Blatant denial of service (DoS):

 Crashing the server
 Overwhelm the server (use up its resource)
Trust
 Trust refers to the degree to
which an entity is expected to behave
 A trust model describes, for a particular

environment, who is trusted to do what?

 Note: you make trust decisions every day

People - the biggest security risk?

 A CompTIA study identified human error as a

major underlying factor in 63% of security

breaches
What is Authentication?
 Short answer: establishes identity
 Answers the question: To whom am I speaking?
 Long answer: evaluates the authenticity of
identity proving credentials
 Credential – is proof of identity
 Evaluation – process that assesses the
correctness of the association between credential
and claimed identity
 for some purpose
 under some policy
What is Identity?
 That which gives you access … which is largely
determined by context
 We all have lots of identities
 Pseudo-identities
 Really, determined by who is evaluating credential
 Driver’s License, Passport, SSN prove …
 Credit cards prove …
 Signature proves …
 Password proves …
 Voice proves …
Something you know …
 Passport number, mothers maiden name, last 4
digits of your social security, credit card number
 Passwords and pass-phrases
 Note: passwords are generally pretty weak
 University of Michigan: 5% of passwords were goblue
(followed by: love, beer)
 Passwords used in more than one place
 Not just because bad ones selected: If you can remember it,
then a computer can guess it
 Computers can often guess very quickly
Something you have …

 Tokens (transponders, …)
 Speedpass, EZ-pass
 Smartcards

 Digital Certificates (used by Websites to

authenticate themselves to customers)
Something you are …
 Biometrics
 Measures some physical characteristic

 Fingerprint, face recognition, retina scanners, voice, signature,

DNA
 Can be extremely accurate and fast

 Active biometrics authenticate, passive biometrics recognize

 What is the fundamental problem?

 Revocation – lost fingerprint?

 Great for physical security, generally not feasible for on-line

systems
Encryption algorithm
 Algorithm used to make content unreadable by
all but the intended receivers

E(plaintext,key) = ciphertext
D(ciphertext,key) = plaintext

 Algorithm is public, key is private

 Block vs. Stream Ciphers
 Block: input is fixed blocks of same length
 Stream: stream of input
Symmetric key cryptography
 Traditional use of cryptography
 Symmetric keys, where A single key is used is
used for E and D

D( E(p,k1), k1 ) = p

 All (intended) receivers have access to key

 Note: Management of keys determines who
has access encrypted data
 E.g., password encrypted email
 Data Encryption Standard (DES)
 Introduced by the US NBS
(now NIST) in 1972
 Signaled the beginning of
the modern area of
cryptography
 Block cipher
 Fixed sized input
 8-byte input and a 8-byte
key (56-bits+8 parity bits)
DES Top View
56-bit Key
64-bit
48-bitInput
K1
Generate keys
Permutation Initial Permutation
48-bit K1
Round 1
48-bit K2
Round 2
…... 48-bit K16
Round 16

Swap Swap 32-bit halves

Permutation Final Permutation

64-bit Output
 Cryptanalysis of DES
 DES has an effective 56-bit key length
 Wiener: 1,000,000$ - 3.5 hours (never built)
 July 17, 1998, the EFF DES Cracker, which was built for
less than $250,000 < 3 days
 January 19, 1999, Distributed.Net (w/EFF), 22 hours and
15 minutes (over many machines)
 We all assume that NSA and agencies like it around the
world can crack (recover key) DES in seconds
 What now? Give up on DES? Try variants Triple
DES etc.
 Diffie-Hellman Key Exchange
 g and p known to both
Alice Bob
pick secret Sa randomly pick secret Sb
randomly
compute TA=gSa mod p compute TB=gSb mod p
send TA to Bob send TB to Alice
compute TBSa mod p compute TASb mod p
Alice and Bob reached the same secret gSaSb mod
p, which is then used as the shared key.
Diffie-Hellman Scheme
 Security factors
 Discrete logarithm very difficult.
 Shared key (the secret) itself never
transmitted.
 Disadvantages:
 Expensive exponential operation
 DoS possible.
 The scheme itself cannot be used to encrypt
anything – it is for secret key establishment.
 No authentication, so you can not sign
anything …
Bucket Brigade Attack...Man In The
Middle Attack
Alice Trudy Bob
gSa=123 gSx =654 gSb =255
123 --> 654 -->
<--654 <--255
654Sa=123Sx 255Sx=654Sb
 Trudy plays Bob to Alice and Alice to Bob
Public Key Cryptography
 Public Key cryptography
 Each key pair consists of a public and private
component: k+ (public key), k- (private key)
D( E(p, k+), k- ) = p
D( E(p, k-), k+ ) = p
 Public keys are distributed (typically) through
public key certificates
 Anyone can communicate secretly with you if they
have your certificate
 E.g., SSL-base web commerce
RSA (Rivest, Shamir, Adelman)
 A dominant public key algorithm
 The algorithm itself is conceptually simple
 Why it is secure is very deep (number thoery)
 Use properties of exponentiation modulo a product of
large primes
 "A method for obtaining Digital Signatures and
Public Key Cryptosystems“, Communications of
the ACM, Feb., 1978 21(2) pages 120-126.
The symmetric/asymmetric key tradeoff

 Symmetric (shared) key systems

 Efficient (Many MB/sec throughput)
 Difficult key management
 Kerberos
 Key agreement protocols
 Asymmetric (public) key systems
 Slow algorithms (so far …)
 Easy key management
 PKI - public key infrastructures
 Webs of trust (PGP)
Hash Algorithms
 Hash algorithm
 Compression of data into a hash value
 E.g., h(d) = parity(d)
 Such algorithms are generally useful in programs
 … as used in cryptosystems
 One-way - (computationally) hard to invert h() , i.e.,
compute h-1(y), where y=h(d)
 Collision resistant hard to find two data x1 and x2 such
that h(x1) == h(x2)
 Q: What can you do with these constructs?
Message Digest 5 (MD5)
512-bit message chunks (16 words)

Initial
128-bit vector

128-bit result
Hashed Message Authentication Code

 HMAC
 Authenticates/integrity for data d
 Uses some key k and hash algorithm h
 To simplify,
hmac(k,d) = h( k+d )
 Why does this provide authenticity?
 Can not produce hmac(k,d) unless you know k
and d
 If you could, then can invert h
 Used in protocols to authenticate content
Digital Signatures
 Models physical signatures in digital world
 Association between private key and document
 … and indirectly identity and document.
 Asserts that document is authentic and non-reputable
 To sign a document
 Given document d, private key k-
 Signature S(d) = E( k-, h(d) )
 Validation
 Given document d, signature S(d), public key k+
 Validate D(k+, S(d)) = H(d)
 Q: Are Digital Signatures Legally binding?
Web security: the high bits
 The largest distributed system in existence
 threats are as diverse as applications and users
 But need to be thought out carefully …
 The stakeholders are …
 Consumers (users, businesses, agents, …)
 Providers (web-servers, IM services, …)
 Another way of seeing web security is
 Securing the web infrastructure such that the integrity,
confidentiality, and availability of content and user
information is maintained
Web Authentication
 Authentication is a bi-directional process
 Client
 Server
 Mutual authentication
 Several standard authentication tools
 Basic (client)
 Digest (server)
 Secure Socket Layer (server, mutual)
 Cookies (indirect, persistent)
Basic Authentication Problems
 Passwords easy to intercept
 Passwords easy to guess
 Passwords easy to share
 No server authentication
 Easy to fool client into sending password to
malicious server
 One intercepted password gives
eavesdropper access to many documents
Challenge and Response
 Challenge (“nonce”): any changing string
 e.g. Random Number, Timestamp etc
 Response: challenge encrypted with hashed
password

 Server-specific implementation options

 One-time nonces
 Time-stamped nonces
 Method authentication digests
Advantages of Digest over Basic
 Cleartext password never transmitted across
network
 Cleartext password never stored on server
 Replay attacks difficult
 Intercepted response only valid for a single URL
 Shared disadvantages
 Vulnerable to man-in-the-middle attacks
 Document itself can be sniffed
What is a Digital Certificate?
 A certificate …
 … makes an association between a user
identity/job/attribute and a private key
 … contains public key information {e,n}
 … has a validity period
 … is signed by some certificate authority (CA)
 Issued by CA for some purpose
 Verisign is in the business of issuing certificates
 People trust Verisign to vet identity
 What is a Public Key Infrastructure?
 Rooted tree of CAs Root
 Cascading issuance
 Any CA can issue cert
CA1 CA2 CA3
 Parent CAs issue certs
for child CAs

CA11 CA12 … CA1n CA21 … CA22 …

Cert11a Cert11b Cert11c … … … …

Secure Socket LAYER

 Used to authenticate servers

 Uses certificates, “root” CAs
 Can authenticate clients HTTP
 Inclusive security protocol
SSL
 Security at the socket layer
 Transport Layer Security
TCP

IP
SSL Operation

 Phase 1: the SSL Handshake

 Establishes algorithms used throughout
 Authenticates parties
 Establishes master secret
 Used to create other secrets
1. Encryption Key (client-server)
2. Encryption Key (server- client)
3. Authentication Key (client-server)
4. Authentication Key (server-client)
Advantages of SSL

 Confidential session
 Server authentication*
 GUI clues for users
 Built into every browser
 Easy to configure on the server
 Protocol has been analyzed like crazy
 Seems like you are getting security “for free”
Secure Electronic Transaction
 An open encryption and security
specification for credit card transaction on
the Internet
 Main requirements
 Confidentiality of payment and ordering
information
 Integrity of all transmitted data
 Authentication of cardholder
 Authentication of merchant
Basic Workflow

buyer 5 ship order payment

gateway
3 OI + PI
2 order form 6 payment req
1 browse
merchant
4 auth req
Network security: the high bits
 The network is …
 … a collection of interconnected computers
 … with resources that must be protected
 … from unwanted inspection or modification
 … while maintaining adequate quality of service.
 Another way of seeing network security is
 Securing the network infrastructure such that the
integrity, confidentiality, and availability of the
resources is maintained.
 Q: How do we do this?
 Filtering: the threats
 Adversary 1: some external
network entity attempting to gain access to
internal resources
 Adversary 2: some internal, but malicious
entity (or software) trying to expose sensitive
data
 Adversary 3: some internal or external entity
that is preventing access to internal resource
(DOS)
What is a firewall?

• Device that provides secure connectivity between networks

(internal/external; varying levels of trust)
• Used to implement and enforce a security policy for
communication between networks

Untrusted Networks
Trusted Networks Firewall & Servers
Untrusted Users

Internet
Router
Intranet

DMZ Public Accessible

Servers & Networks
Trusted Users
Firewall Policies
 Specifies what traffic is (not) allowed
 Maps attributes to address and ports
 Example: HTTP should be allowed to any external host, but
inbound only to web-server

Source Destination
Protocol Flags Actions
Address Port Address Port

* * 1.1.1.1 80 TCP SYN Accept

1.1.1.* * * 80 TCP SYN Accept

* * * 80 TCP Accept

* * * * TCP Deny
Packet Filters / Application Gateways

 Decisions made on a  Relay for connections

per-packet basis  Client  Proxy  Server
 No state information  Recognizes application
saved protocol such as HTTP
 Processing intensive  Can implement
 Lower level monitoring authentication and
access rules on per
protocol basis
Communications Security
 A host wants to establish a secure channel to
remote hosts over an untrusted network
 Not Login – end-users may not even be aware that
protections in place
 Remote hosts may be internal or external
 The protection service must …
 Authenticate the end-points (each other)
 Negotiate what security is necessary (and how)
 Establish a secure channel
 Process the traffic between the end points
IPsec (not IPSec!)
 Host level protection service
 IP-layer security (below TCP/UDP)
 De-facto standard for host level security
 Developed by the IETF (over many years)
 Now available in most operating systems
 E.g., Available in XP, OS X, Linux, BSD*, …
 Implements a wide range of protocols and cryptographic
algorithms
 Provides ….
 Confidentiality, integrity, authenticity, replay protection,
DOS protection
IPsec Protocol Suite
Policy/
Configuration Key Management Packet Processing
Managent

(SPS)
(SPS) (ESP)
(ESP)
Security
SecurityPolicy
Policy Manual
Manual Encapsulating
Encapsulating
System
System Security
SecurityPayload
Payload

(IKE)
(IKE) (AH)
(AH)
Internet
InternetKey
Key Authentication
Authentication
Exchange
Exchange Header
Header
 IPsec in Tunnel Mode

Encrypted Tunnel

Gateway Gateway

Encrypted Unen
ry pted crypt
ed
A Une
nc B

New IP AH or ESP Orig IP TCP Data

Header Header Header
Network Isolation: VPNs
 Idea: I want to create a collection of hosts which
operate in a coordinated way
 E.g., a virtual security perimeter over physical network
 Hosts work as if they are isolated from malicious hosts
 Solution: Virtual Private Networks
 Create virtual network topology over physical network
 Use communications security protocol suites to secure virtual
links “tunneling”
 Manage networks as if they are physically separate
 Hosts can route traffic to regular networks (split-tunneling)
Intrusion Detection System
 IDS systems claim to detect adversary when they
are in the act of attack
 Monitor operation
 Trigger mitigation technique on detection
 Monitor: Network, Host, or Application events
 IDS systems really refer to three kinds of
detection technologies
 Anomaly Detection
 Misuse Detection QuickTime™ and a TIFF (Uncompressed) decompressor are needed to see this picture.

 Intrusion Detection
Anomaly Detection
 Compares profile of normal systems operation to
monitored state
 Hypothesis: any attack causes enough deviation from
profile (generally true?)
 Q: How do you derive normal operation?
 AI: learn operational behavior from training data
 Constructive: construct profile from domain knowledge
 Q: Will a profile from one environment be good
for others?
Misuse Detection
 Profile signatures of known attacks
 Monitor operational state for signature
 Hypothesis: attacks of the same kind has enough
similarity to distinguish from normal behavior
 Q: Where do these signatures come from?
 Record: recorded progression of known attacks
 Comprise: domain knowledge
 AI: Learn by negative and positive feedback

Event Stream Write Read Write Send Send

Attack Profile Read Write Send
Intrusion Detection
 Monitor for illegal or inappropriate access or use of
resources
 Reading, writing, or forwarding of data
 DOS
 Hypothesis: resources are not adequately protected by
infrastructure
 Often less effective at detecting attacks
 Buttress existing infrastructure with checks
 Validating/debugging policy
 Detects inadvertent, often catastrophic, human errors
 “rm -rf /” issue
 Q: Who is the intruder?
Denial of Service
 Intentional prevention of access to valued
resource
 CPU, memory, disk (system resources)
 DNS, print queues, NIS (services)
 Web server, database, media server (applications)
 This is an attack on availability
 Note: launching DOS attacks is easy
 Note: preventing DOS attacks is hard
 Mitagation the path most frequently traveled
Distributed denial of service
 DDOS: Network oriented attacks aimed at
preventing access to some network, host or
service
 Saturate the target’s network with traffic
 Consume all network equipment resources
 Overload a service with requests
 Use “expensive” requests (e.g., “sign this data”)
 Can be extremely costly (e.g, Amazon)
 Result: service/host/network is unavailable
 Frequently distributed via other attack
Time to Think About Building Secure
Software
 Common mistakes
 Forget to make the software secure
 Adding security as an afterthought
 Why these mistakes
 Security is boring
 Security gets in the way
 Security is difficult to measure
 Security is not the primary skill or interest of
designers and developers
Security Principles to Live By

 Establish a security process

 Define the product security goals
 Consider security as a product feature
 Learn from mistakes
 Use defense in depth
 Assume external systems are insecure
Security Design by Threat Modeling

 Use a taxonomy of threats, e.g., STRIDE:

 Spoofing identity
 Tampering with data
 Repudiation
 Information disclosure
 Denial of service
 Elevation of privilege
 Consider target, chance, criticality, attack
techniques, mitigation techniques, etc.