Security Service
- Authentication (they are who they claim
to be)
- Access control (prevention of
unauthorized use)
- Data confidentiality (unauthorized
disclosure)
- Data integrity (unauthorized
modification)
- Nonrepudiation (no party can deny that
they did something)
Symmetric Cryptography
- Stream ciphers read byte-by-byte, use
XOR, no need for padding, have keyreuse problem (two ciphertexts XOR’d is
plaintexts XOR’d), mitigated by random
nonce & counter
- Block ciphers read blocks of data at a
time
- DES is not secure because of key
length, architecture (Feistel structure) is
fine
- Feistel structure is symmetric with
encryption & decryption
- Symmetric ciphers are 2^n strong, with
n being key length in bits
- AES: SubBytes, ShiftRows,
MixColumns, AddRoundKey
- ECB encrypts identical input to
identical outputs (not good for images or
documents)
- CBC uses IV, last encrypted block used
as next IV, can be used as hash function
- CTR allows parallel enc/dec, uses
incremental counter and random nonce
- Confusion hides relationship between
ciphertext and key, diffusion between
ciphertext and plaintext
Asymmetric Cryptography
- Relies on trap-door one-way function
- RSA is secure because of factoring
problem, has a faster “Square-andMultiply” algorithm
- Used for enc/dec (RSA, ECC), key
exchange (Diffie-Hellman), and digital
signatures (DSS)
- Digital signatures used for
authentication
- Diffie-Hellman (paint mixing) used for
key exchange most commonly, but
vulnerable to MitM because public key
has no authentication
- Avoid MitM in TLS via public key
certificate, in SSH via local known hosts
Secure Hash Functions
1. Can be applied to data of any size
2. Produces fixed-length output
3. Relatively easy to compute H(x),
making implementation practical
4. Computationally infeasible to find x
such that H(x) = h for any given h
5. For any given x, infeasible to find y =
x with H(y) = H(x) (pre-image resistance)
6. Infeasible to find any pair x, y such
that H(x) = H(y) (collision resistance)
- Creates a message digest, but not a
MAC!
- Security is bit length of output/2
IPsec
- Transport mode encrypts, but doesn’t
hide IP addresses; tunnel mode protects
entire IP packet
- Encrypts both transport and network
layers (transport & tunnel mode)
- Can hide original IP addresses for
enhanced privacy and VPN support
(tunnel mode)
- Provides transparent security, can be
implemented in firewall/router
TLS Handshake
1. Client Hello (available crypto suite,
public key)
2. Server Hello (selected algorithm,
public key)
3. Certificate (server provides public key
cert which client uses to verify
authenticity)
4. Server Key Exchange (server begins
asymmetric encryption by sending premaster keys via ECDHE, for example)
5. Server Hello Done (server done with
its exchange)
6. Client Key Exchange (client begins
asymmetric encryption by sending back
client pre-master keys)
7. Change Cipher Spec (both now have
symmetric key, so switch to symmetric
encryption)
8. Finished (client is done, shares digest
of exchange signed with shared secret,
which allows server to verify
authenticity)
9. Change Cipher Spec (server switches
to symmetric and confirms symmetric
cipher)
10. Finished (server sends digest of
exchange, symmetrically encrypted, for
client to verify)
- Provides confidentiality, integrity, data
origin authentication
User Authentication
- What you know (passwords, secret
questions), where you are (IP address,
geolocation), what you are (biometrics),
or what you have (MFA, token, mobile
device)
- Many-to-one = many users
authenticating against one server; use
passwords or two-factor (Duo)
- Many-to-many = many users requesting
services from many machines on a
network; use a trusted 3rd party
(Kerberos, SSO)
Kerberos
- User proves identity, requests ticket for
service; user receives ticket; ticket is used
to access service
- Tickets prove a user has been
authenticated; encrypted ticket includes
username, server name, user’s
workstation address, ticket lifetime, and
session specifics
- Start by authenticating with AS, get
encrypted TGS ticket. Then, request
service ticket from TGS using TGS
ticket, get encrypted service ticket.
Finally, use service ticket with SS to use
service.
- C & SS trust AS & TGS; AS & TGS
don’t trust C & SS; C & SS don’t trust
each other
- Long-term (C, TGS, SS) derive shortterm session keys (CSA, CSR)
- Proof of identity based on
authenticators
- Symmetric cryptography only
- Kerberos-aware: Telnet, SSH, NES,
IMAP
- Solution w/ only AS means ticket is
enc, can’t be altered & opponent from
another workstation won’t work, but need
to send password to AS and re-enter
password for each service request (can’t
re-use ticket)
Wireless Security
- APs broadcast SSID periodically w/
security level
- Subscriber stations listen to beacons,
can probe
- AP authenticates subscriber stations
using shared keys
- WEP: meant to be equal to wired
network privacy, single key shared by all
users and access points (challenge &
response)
- WPA: Software mod to WEP systems,
generates per-packet key, protects against
replay attacks, uses same RC4 encryption
- WPA2: requires new hardware, use
counter mode w/ cipher block chaining
message authentication code protocol,
and AES w/ CTR mode
Wireless Access Control
- NAC authenticates users logging into
network to determine what they can
access and perform
- 802.1X: auth framework for IEEE 802
(Wi-Fi) networks (client, AP, auth
server), uses uncontrolled port for control
channel & controlled for data; user can’t
send data until auth’d
- EAP: encapsulates various
authentication methods between client
and AS; operates over a variety of
network & link-level facilities,
accommodates authentication needs of
links and networks
- EAP-TLS, EAP-TTLS (tunneled TLS),
EAP-GPSK (generalized pre-shared key),
EAP-IKEv2, LEAP (lightweight EAP),
EAP-AKA (authentication & key
agreement)
TCP Attacks
- SYN Flooding: Send SYN packets and
don’t respond to SYN/ACK return
packets, server stores the half-open TCBs
in queue, fill queue and stop new
connections
- SYN flooding countered by SYN
cookies: hash packet info, send back with
hash as SEQ, expect H+1 as ACK, but
don’t store in half-open queue
- TCP Reset: Attacker sends a spoofed
RST packet to instantly close connection
by getting proper IP, ports, and SEQ from
sniffed packets
- TCP Session Hijacking: similar
approach, use sniffed packets to spoof
new packet that delivers data you want
injected into the receiver
- Defend against reset and hijacking via
randomizing port numbers, SEQ
numbers, or encrypting via IPsec, but not
effective against local attacks, only
remote!
DNS Attacks
- DoS: DNS servers cannot respond to
queries
- DNS Spoofing: intercept/re-route traffic
to fake DNS server that answers
maliciously, or modify /etc/hosts or
/etc/resolv.conf
- Spoofing DNS replies: if on user’s
machine, can immediately catch and
return malicious spoofed reply; can also
poison local DNS servers by sending out
spoofed replies to queries before actual
replies arrive (DNS cache poisoning)
- Remote poisoning: spoofing replies
more difficult because source port and
transaction ID must be guessed, must
wait if attempt fails for cache to timeout
before trying again
- Kaminsky attack: get random site on
domain, spoof reply with attacker’s DNS
server in Authority section, all future
queries sent to attacker’s DNS server
which can then be spoofed
- DNSSEC can be used to protect against
spoofing, uses public keys and signatures
to verify chain of responses; uses DNS
zone hierarchy
- Use TLS/SSL public key certificates to
verify owner of IP address is actually
who they claim to be; uses Cas
- Root servers are robust and highly
distributed, DoS attacks must be heavy
and long-lasting to have a significant
effect
- TLDs are easier to attack; gov, com, net
are more resilient, but certain TLDs are
weaker (think .fr)
Firewalls
- Provides perimeter defense for a
network; choke point of control &
monitoring
- User control: controls data access based
on role of user (inside perimeter)
- Service control: controls access by type
of service offered by host (network
address, protocol of connection, port
numbers)
- Direction control: inbound vs. outbound
- Accepted, denied (without reason), or
rejected (with reason)
- Packet filtering: controls traffic based
on packet headers, doesn’t look at
payload data (stateless); simplest, can be
implemented via Netfilter, iptables
- Stateful: monitors all connection
interactions until closed using a
connection state table
- Application/proxy: impersonates
intended recipient, two separate
connections (acts as proxy), data
analyzed up to application layer, needs
separate proxies for each service
- Can’t protect against threats inside
network, insider threats, or malware
- Can use SSH Tunneling to evade
firewalls, use dynamic port forwarding
via SOCKS proxy, or VPN to create
tunnel
IP Attacks
- IP address spoofing: change source IP to
impersonate, since IP has no state
tracking, can use scapy or libnet;
mitigated via packet filtering, TTL,
IPsec, etc.
- ICMP echo, redirect, & destination
unreachable attacks
- IP fragmentation: end hosts have to hold
all fragments until others arrive
- Ping of death (DoS): offset of last
segment creates datagram larger than
max allowed size, causing buffer
overflow
ARP Attacks
- ARP messages in underlying link-level
protocol, used to map IP address to linklevel address for direct delivery
- Spoofing: ARP is stateless, so replies
w/o a request will be accepted, attacker
sends spoofed ARP messages to victims
to poison caches, attacker starts acting as
a router; spoofing tools continuously
send spoofed replies to prevent cache
from updating