WIXLIB

CSC4200/5200 – COMPUTER NETWORKINGInstructor: Susmit ShannigrahiNETWORK SECURITY - CONTINUEDsshannigrahi@tntech.eduGTA: dereddick42@students.tntech.edu

Security RoadmapWhat is network security?Principles of cryptographyMessage integrityAuthenticationSecuring TCP connections: SSLNetwork layer security: IPsecOperational security: firewalls and IDSNetwork Security2

What is network security?confidentiality:only sender, intended receiver should“understand” message contents––sender encrypts messagereceiver decrypts messageauthentication:sender, receiver want to confirm identity ofeach othermessage integrity:sender, receiver want to ensure messagenot altered (in transit, or afterwards) without detectionaccess and availability: services must be accessible andavailable to users3

Friends and enemies: Alice, Bob, Trudy Bob and Alice want to communicate “securely”Trudy may intercept, delete, add messagesAliceBobchanneldatasecuresenderdata, controlmessagesssecurereceiverdataTrudy4

Some example problems–––––eavesdrop: intercept messagesactively insert messages into connectionimpersonation: can fake (spoof) source address inpacket (or any field in packet)hijacking: “take over” ongoing connection byremoving sender or receiver, inserting himself in placedenial of service: prevent service from being used byothers (e.g., by overloading resources)5

Symmetric keycrypto: DESDES operationinitial permutation16 identical “rounds” offunction application, eachusing different 48 bits ofkeyfinal permutation6

Public key cryptographyK BBob’s publickeyK - Bob’s privateB keyplaintextmessage, mencryptionalgorithmciphertext BK (m)decryptionalgorithmplaintextmessage- Bm KB (K (m))7

RoadmapWhat is network security?Principles of cryptographyMessage integrityAuthenticationSecuring TCP connections: SSLNetwork layer security: IPsecOperational security: firewalls and IDS8

AuthenticationGoal: Bob wants Alice to “prove” her identity to himProtocol ap1.0: Alice says “I am Alice”“I am Alice”Failure scenario?Network Security9

AuthenticationGoal: Bob wants Alice to “prove” her identity to himProtocol ap1.0: Alice says “I am Alice”“I am Alice”in a network,Bob can not “see” Alice, so Trudysimply declaresherself to be AliceNetwork Security10

Authentication: another tryProtocol ap2.0: Alice says “I am Alice” in an IP packetcontaining her source IP addressAlice’sIP address“I am Alice”Failure scenario?Network Security11

Authentication: another tryProtocol ap2.0: Alice says “I am Alice” in an IP packetcontaining her source IP addressAlice’sIP addressTrudy can createa packet “spoofing”Alice’s address“I am Alice”Network Security12

Authentication: another tryProtocol ap3.0: Alice says “I am Alice” and sends hersecret password to “prove” it.Alice’sIP addrAlice’spassword“I’m Alice”Alice’sIP addrOKFailure scenario?Network Security13

Authentication: another tryProtocol ap3.0: Alice says “I am Alice” and sends hersecret password to “prove” it.Alice’sIP addrAlice’spassword“I’m Alice”Alice’sIP addrAlice’sIP addrOKAlice’spasswordplayback attack: Trudy records Alice’spacketand laterplays it back to Bob“I’m Alice”Network Security14

Authentication: yet another tryProtocol ap3.1: Alice says “I am Alice” and sends herencrypted secret password to “prove” it.Alice’sIP addrencryptedpassword“I’m Alice”Alice’sIP addrOKFailure scenario?Network Security15

Authentication: yet another tryProtocol ap3.1: Alice says “I am Alice” and sends herencrypted secret password to “prove” it.Alice’sIP addrencryptedpassword“I’m Alice”Alice’sIP addrAlice’sIP addrrecordandplaybackstill works!OKencryptedpassword“I’m Alice”Network Security16

Authentication: yet another tryGoal: avoid playback attacknonce: number (R) used only once-in-a-lifetimeap4.0: to prove Alice “live”, Bob sends Alice nonce, R. Alicemust return R, encrypted with shared secret key“I am Alice”RKA-B (R)Alice is live, and only Aliceknows key to encrypt nonce,so it must be Alice!Failures, drawbacks?Network Security17

Authentication: ap5.0ap4.0 requires shared symmetric key can we authenticate using public key techniques?ap5.0: use nonce, public key cryptography“I am Alice”RKA(R)“send me your public key”K ABob computes K A (KA (R)) Rand knows only Alice could have theprivate key, that encrypted R suchthat KA(K (R)) RA18Network Security

ap5.0: security holeman (or woman) in the middle attack: Trudy poses as Alice (toBob) and as Bob (to Alice)I am AliceI am AliceRRK (R)TSend me your public keyK (R)A KTSend me your public keyK m K (K (m))AA K (m)A ATrudy gets m K (K (m))TTsends m to Aliceencrypted with Alice’spublic key K (m)TNetwork Security19

ap5.0: security holeman (or woman) in the middle attack: Trudy poses as Alice (toBob) and as Bob (to Alice)difficult to detect: Bobreceives everything that Alice sends, and vice versa. problem is that Trudy receives all messages as well!Network Security20

RoadmapWhat is network security?Principles of cryptographyMessage integrityAuthenticationSecuring TCP connections: SSLNetwork layer security: IPsecOperational security: firewalls and IDS21

SSL: Secure Sockets Layer widelydeployed security protocol supported by almost all browsers, webservers https billions /year over SSL mechanisms:[Woo 1994],implementation: Netscape variation -TLS: transport layersecurity, RFC 2246 provides confidentiality integrity authentication originalgoals: Web e-commerce transactions encryption (especially creditcard numbers) Web-server authentication optional client authentication minimum hassle in doingbusiness with new merchant available to all TCP applications secure socket interfaceNetwork Security22

SSL and TCP/IPApplicationApplicationSSLTCPIPnormal application TCPIPapplication with SSLSSL provides application programming interface(API) to applicationsC and Java SSL libraries/classes readily availableNetwork Security23

Could do something like PGP:m.H( )KAKA(H(m)).KA ( ) .KS( )mKS KS. KB ( ) KB Internet KB(KS )but want to send byte streams & interactive datawant set of secret keys for entire connectionwant certificate exchange as part of protocol: handshake phaseNetwork Security24

Real SSL: handshake (1)Purpose1. server authentication2. negotiation: agree on crypto algorithms3. establish keys4. client authentication (optional)Network Security25

Real SSL: handshake (2)1.2.3.4.5.6.client sends list of algorithms it supports, along with clientnonceserver chooses algorithms from list; sends back: choice certificate server nonceclient verifies certificate, extracts server’s public key,generates pre master secret, encrypts with server’s publickey, sends to serverclient and server independently compute encryption andMAC keys from pre master secret and noncesclient sends a MAC of all the handshake messagesserver sends a MAC of all the handshake messagesNetwork Security26

Real SSLconnectioneverythinghenceforthis encryptedTCP FIN followsNetwork Security27

SSL record protocoldatadatafragmentrecordheaderencrypteddata and MACdatafragmentMACrecordheaderMACencrypteddata and MACrecord header: content type; version; lengthMAC: includes sequence number, MAC key Mxfragment: each SSL fragment 214 bytes ( 16 Kbytes)Network Security28

Application and SSLCisco.com29

SSL and -middle-attacks-arp-part4/30

RoadmapWhat is network security?Principles of cryptographyMessage integrityAuthenticationSecuring TCP connections: SSLNetwork layer security: VPN and IPsecOperational security: firewalls and IDS31

What is network-layer confidentiality ?between two network entities: sending entity encrypts datagram payload, payloadcould be:– all data sent from one entity to other would behidden:– TCP or UDP segment, ICMP message, OSPF message .web pages, e-mail, P2P file transfers, TCP SYN packets “blanket coverage”Network Security32

Virtual Private Networks (VPNs)motivation: institutions often want private networks forsecurity.–costly: separate routers, links, DNS infrastructure. VPN:institution’s inter-office traffic is sent overpublic Internet instead––encrypted before entering public Internetlogically separate from other trafficNetwork Security33

Virtual Private Networks (VPNs)laptopw/ IPsecpublicInternetsalespersonin hotelrouter w/IPv4 and IPsecheadquartersrouter w/IPv4 and IPsecbranch officeNetwork Security34

IPsec services data integrityorigin authenticationreplay attack preventionconfidentialitytwo protocols providing different service models:––AHESPNetwork Security35

IPsec transport modeIPsec IPsecIPsec datagram emitted and received by end-systemprotects upper level protocolsNetwork Security36

IPsec – tunneling modeIPsec IPsecedge routers IPsecawareIPsecIPsec hosts IPsec-awareNetwork Security37

Two IPsec protocols Authentication Header (AH) protocol– provides source authentication & data integrity butnot confidentialityEncapsulation Security Protocol (ESP)––provides source authentication, data integrity, andconfidentialitymore widely used than AHNetwork Security38

Four combinations are possible!Host modewith AHHost modewith ESPTunnel modewith AHTunnel modewith ESPmost common andmost importantNetwork Security39

IPsec datagramfocus for now on tunnel mode with ESP“enchilada” authenticatedencryptednew IPheaderESPhdrSPIoriginalIP hdrSeq#Original IPdatagram ork Security40

What happens?Internetheadquarters200.168.1.100branch office193.68.2.23security �� authenticatedencryptednew IPheaderESPhdrSPIoriginalIP hdrSeq#Original IPdatagram ork Security41

RoadmapWhat is network security?Principles of cryptographyMessage integrityAuthenticationSecuring TCP connections: SSLNetwork layer security: VPN and IPsecOperational security: firewalls and IDS42

Firewallsfirewallisolates organization’s internal net from larger Internet,allowing some packets to pass, blocking otherspublicInternetadministerednetworktrusted “good guys”firewalluntrusted “bad guys”Network Security43

Firewalls: whyprevent denial of service attacks: SYN flooding: attacker establishes many bogus TCP connections,no resources left for “real” connectionsprevent illegal modification/access of internal data e.g., attacker replaces CIA’s homepage with something elseallow only authorized access to inside network set of authenticated users/hoststhree types of firewalls: stateless packet filters stateful packet filters application gatewaysNetwork Security44

Stateless packet filteringShould arriving packet beallowed in? Departing packetlet out? internal network connected to Internet via router firewallrouter filters packet-by-packet, decision to forward/droppacket based on:– source IP address, destination IP address– TCP/UDP source and destination port numbers– ICMP message type– TCP SYN and ACK bitsNetwork Security45

Stateless packet filtering: example example 1: block incoming and outgoing datagrams with IPprotocol field 17 and with either source or dest port 23– result: all incoming, outgoing UDP flows and telnetconnections are blockedexample 2: block inbound TCP segments with ACK 0.– result: prevents external clients from making TCPconnections with internal clients, but allows internalclients to connect to outside.Network Security46

Stateless packet filtering: more examplesPolicyFirewall SettingNo outside Web access.Drop all outgoing packets to any IP address, port80No incoming TCP connections, except those forinstitution’s public Web server only.Drop all incoming TCP SYN packets to any IPexcept 130.207.244.203, port 80Prevent Web-radios from eating up the availablebandwidth.Drop all incoming UDP packets - except DNS androuter broadcasts.Prevent your network from being used for a smurf Drop all ICMP packets going to a “broadcast”DoS attack.address (e.g. 130.207.255.255).Prevent your network from being traceroutedDrop all outgoing ICMP TTL expired trafficNetwork Security47