PPT

advertisement
Network security and
Hot topics in networking
EECS 489 Computer Networks
http://www.eecs.umich.edu/courses/eecs489/w07
Z. Morley Mao
Wednesday, April 11, 2007
Announcements
 Agenda today:
 Icecream to celebrate almost finishing EECS489
 Finish up network security
 Where to go from here? Hot topics in networks.
 Course evaluation (need volunteer)
 Practice final is posted (announcement page)
 Solution available next Monday
 Mandatory PA3 Demo:
 Starting Thursday (4/12), last day is Friday (4/20),
signup available.
 Next Monday 4/16
 Course summary and review for final
 Final exam: 4/19
Chapter 8 roadmap
8.1 What is network security?
8.2 Principles of cryptography
8.3 Authentication
8.4 Integrity
8.5 Key Distribution and certification
8.6 Access control: firewalls
8.7 Attacks and counter measures
8.8 Security in many layers
8.8.1. Secure email
8.8.2. Secure sockets
8.8.3. IPsec
8.8.4. Security in 802.11
Secure e-mail

Alice wants to send confidential e-mail, m, to Bob.
KS
m
K (.)
S
+
KS
+
.
K B( )
+
KS(m )
KS(m )
+
KB(KS )
-
Internet
+
KB(KS )
KB
Alice:




.
KS( )
generates random symmetric private key, KS.
encrypts message with KS (for efficiency)
also encrypts KS with Bob’s public key.
sends both KS(m) and KB(KS) to Bob.
KS
-
.
K B( )
-
KB
m
Secure e-mail

Alice wants to send confidential e-mail, m, to Bob.
KS
m
K (.)
S
+
KS
+
.
K B( )
+
KS(m )
KS(m )
+
KB(KS )
-
Internet
+
KB(KS )
KB
Bob:
.
KS( )
 uses his private key to decrypt and recover KS
 uses KS to decrypt KS(m) to recover m
KS
-
.
K B( )
-
KB
m
Secure e-mail (continued)
• Alice wants to provide sender authentication
message integrity.
+
-
KA
m
H(.)
-
.
KA( )
-
-
KA(H(m))
KA(H(m))
+
Internet
m
• Alice digitally signs message.
KA
+
.
KA( )
m
H(m )
compare
.
H( )
H(m )
• sends both message (in the clear) and digital signature.
Secure e-mail (continued)
• Alice wants to provide secrecy, sender authentication,
message integrity.
-
KA
m
.
H( )
-
.
KA( )
-
KA(H(m))
+
KS
.
KS( )
+
m
KS
+
.
K B( )
+
Internet
+
KB(KS )
KB
Alice uses three keys: her private key, Bob’s public
key, newly created symmetric key
Pretty good privacy (PGP)
 Internet e-mail
encryption scheme, defacto standard.
 uses symmetric key
cryptography, public key
cryptography, hash
function, and digital
signature as described.
 provides secrecy,
sender authentication,
integrity.
 inventor, Phil
Zimmerman, was target
of 3-year federal
investigation due to US
export regulations.
A PGP signed message:
---BEGIN PGP SIGNED MESSAGE-Hash: SHA1
Alice: I developed a new worm
that can exploit the zeroday flaw on Windows Vista.
Bob
---BEGIN PGP SIGNATURE--Version: PGP 5.0
Charset: noconv
yhHJRHhGJGhgg/12EpJ+lo8gE4vB3
mqJhFEvZP9t6n7G6m5Gw2
---END PGP SIGNATURE---
Secure sockets layer (SSL)
 transport layer
security to any TCPbased app using SSL
services.
 used between Web
browsers, servers for
e-commerce (https).
 security services:



server authentication
data encryption
client authentication
(optional)
 server authentication:
 SSL-enabled browser
includes public keys for
trusted CAs.
 Browser requests server
certificate, issued by
trusted CA.
 Browser uses CA’s public
key to extract server’s
public key from
certificate.
 check your browser’s
security menu to see its
trusted CAs.
SSL (continued)
Encrypted SSL session:
 Browser generates
symmetric session key,
encrypts it with server’s
public key, sends
encrypted key to server.
 Using private key, server
decrypts session key.
 Browser, server know
session key

All data sent into TCP
socket (by client or server)
encrypted with session key.
 SSL: basis of IETF
Transport Layer
Security (TLS).
 SSL can be used for
non-Web applications,
e.g., IMAP.
 Client authentication
can be done with client
certificates.
IPsec: Network Layer Security
 Network-layer secrecy:
sending host encrypts the
data in IP datagram
 TCP and UDP segments;
ICMP and SNMP
messages.
 Network-layer authentication
 destination host can
authenticate source IP
address
 Two principle protocols:
 authentication header
(AH) protocol
 encapsulation security
payload (ESP) protocol

 For both AH and ESP, source,
destination handshake:
 create network-layer
logical channel called a
security association (SA)
 Each SA unidirectional.
 Uniquely determined by:
 security protocol (AH or
ESP)
 source IP address
 32-bit connection ID
Authentication Header (AH) Protocol
AH header includes:
authentication, data
 connection identifier
integrity, no
 authentication data:
confidentiality
source-signed message
 AH header inserted
digest calculated over
between IP header, data original IP datagram.
field.
 next header field:
 protocol field: 51
specifies type of data
(e.g., TCP, UDP, ICMP)
 intermediate routers
process datagrams as
usual
 provides source
IP header
AH header
data (e.g., TCP, UDP segment)
ESP Protocol
 provides secrecy, host
 ESP authentication
authentication, data
field is similar to AH
integrity.
authentication field.
 data, ESP trailer encrypted.  Protocol = 50.
 next header field is in ESP
trailer.
authenticated
encrypted
IP header
ESP
ESP
ESP
TCP/UDP segment
header
trailer authent.
IEEE 802.11 security
 War-driving: drive around Bay Area, see what 802.11
networks available?
 More than 9000 accessible from public roadways
 85% use no encryption/authentication
 packet-sniffing and various attacks easy!
 Securing 802.11
 encryption, authentication
 first attempt at 802.11 security: Wired Equivalent
Privacy (WEP): a failure
 current attempt: 802.11i
Wired Equivalent Privacy (WEP):
 authentication as in protocol ap4.0
host requests authentication from access point
 access point sends 128 bit nonce
 host encrypts nonce using shared symmetric key
 access point decrypts nonce, authenticates host
 no key distribution mechanism
 authentication: knowing the shared key is enough

WEP data encryption
 Host/AP share 40 bit symmetric key (semi



permanent)
Host appends 24-bit initialization vector (IV) to
create 64-bit key
64 bit key used to generate stream of keys, kiIV
kiIV used to encrypt ith byte, di, in frame:
ci = di XOR kiIV
IV and encrypted bytes, ci sent in frame
802.11 WEP encryption
IV
(per frame)
KS: 40-bit
secret
symmetric
key
plaintext
frame data
plus CRC
key sequence generator
( for given KS, IV)
k1IV k2IV k3IV … kNIV kN+1IV… kN+1IV
d1
d2
d3 …
dN
CRC1 … CRC4
c1
c2
c3 …
cN
cN+1 … cN+4
Figure 7.8-new1:
802.11encryption
WEP protocol
Sender-side
WEP
802.11
IV
header
WEP-encrypted data
plus CRC
Breaking 802.11 WEP encryption
Security hole:
 24-bit IV, one IV per frame, -> IV’s eventually reused
 IV transmitted in plaintext -> IV reuse detected
 Attack:
 Trudy causes Alice to encrypt known plaintext d1 d2
d3 d4 …
IV
 Trudy sees: ci = di XOR ki
Trudy knows ci di, so can compute kiIV
IV
IV
IV
 Trudy knows encrypting key sequence k1 k2 k3 …
 Next time IV is used, Trudy can decrypt!

802.11i: improved security
 numerous (stronger) forms of encryption
possible
 provides key distribution
 uses authentication server separate from
access point
 Wi-Fi Protected Access (WPA)

implements the majority of this standard
802.11i: four phases of operation
STA:
client station
AP: access point
AS:
Authentication
server
wired
network
1 Discovery of
security capabilities
2 STA and AS mutually authenticate, together
generate Master Key (MK). AP servers as “pass through”
3 STA derives
Pairwise Master
Key (PMK)
4 STA, AP use PMK to derive
Temporal Key (TK) used for message
encryption, integrity
3 AS derives
same PMK,
sends to AP
EAP: extensible authentication protocol
 EAP: end-end client (mobile) to authentication
server protocol
 EAP sent over separate “links”
mobile-to-AP (EAP over LAN)
 AP to authentication server (RADIUS over UDP)

wired
network
EAP TLS
EAP
EAP over LAN (EAPoL)
IEEE 802.11
RADIUS
UDP/IP
SSH (rfc4251)
 Establishes a secure channel between a local
and remote computer
 Uses public-key crypto to authenticate remote
host and user
 Provides confidentiality, integrity
 Authentication
Password-based
 Public-key based

• Public and private key pair generation using ssh-keygen
Host keys
 ssh liberty.eecs.umich.edu
 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@













@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle
attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
00:61:14:7c:76:02:5a:94:42:a1:8e:ce:e1:ef:d7:9a.
Please contact your system administrator.
Add correct host key in /n/edinburgh/x/zmao/.ssh/known_hosts to get rid
of this message.
Offending key in /n/edinburgh/x/zmao/.ssh/known_hosts:276
Password authentication is disabled to avoid man-in-the-middle attacks.
Keyboard-interactive authentication is disabled to avoid man-in-the-middle
attacks.
Enter passphrase for key '/n/edinburgh/x/zmao/.ssh/id_rsa':
One time
password
RSA SecurID tokens
(has a built-in accurate clock)
 Opposite of static passwords
 constantly altering passwords
 Password generation algorithms
math algorithm: generates next password based on the
previous one, e.g., hash chain.
 time sychronization btw. client and authentication server
 math algorithm: next password based on a challenge and
counter (e.g., used by smart cards).

Network Security (summary)
Basic techniques…...
cryptography (symmetric and public)
 authentication
 message integrity
 key distribution

…. used in many different security scenarios
secure email
 secure transport (SSL)
 IP sec
 802.11

What are hot topics in networking?
 Information sharing
 Fighting Coordinated Attackers with CrossOrganizational Information Sharing
 Social networks
 SPACE: Secure Protocol for Address Book based
Connection Establishment
 Exploiting Social Networks for Internet Search
 Detect Sybil Attacks
 Revisiting Internet design
 Decongestion control
 IP multicast
 Evolutionary PKI, security through publicity
What are hot topics in networking?
 next-generation Internet

new addressing, routing schemes
 Churn in distributed systems
 Troubleshooting, diagnosis, mitigation
 Detecting Evasion Attacks at High Speeds
without Reassembly
 New network applications
Internet is not the only network
 “New” networks
 vehicular networks
 sensor networks
 wireless networks
 cellular networks
 delay-tolerant networks
 networks in rural areas
 integration with Internet
 Biggest problem with today’s Internet:
 Lack of security
 Lack of manageability and QoS assurance
 Other desirable properties: mobility, faultresilience.
Network security is an ongoing
arms race
 Measuring Internet-scale Adversaries
 Endemic worms, malicious scanning
 Huge dataset headache
 Huge privacy/legal/policy/commercial hurdles
 Attacks on passive monitoring
• state, analysis flooding
• bugs in analyzers: adversary crafts such a packet, overruns
buffer, causes analyzer to execute arbitrary code
• evasion, confuse monitoring analysis algorithms
 Defense
 Automated response
Unwanted traffic
 spam
 reconnaissance, probe traffic
 attack traffic
 misconfigurations
Download