lecture 0 anish arora cse 5473 network security. objectives network (cyber-) security threats and...
Post on 11-Jan-2016
222 Views
Preview:
TRANSCRIPT
Lecture 0
Anish Arora
CSE 5473
Network Security
Objectives
• Network (cyber-) security threats and countermeasures
• Elements of cryptography
• Protocols for security services
• Network security design using available secure solutions
• Some advanced issues and technologies
(e.g. DDoS attacks, anonymous communications, wireless security, device / sensor network / cyberphysical security)
• Original research in network security
Yes, You will Master Acronyms
• DES, AES, RSA, Blowfish, MD, RC, SHA…
• IPSec
• OSPF
• SSL, TLS
• PGP (BGP?), Shibboleth
• DDoS
What We Won’t Cover
• How to configure and install security solutions
• Forensics
• Comprehensive organization approach to information assurance
• Business aspects of network security
And we’ll only superficially cover:
• Mathematics underlying cryptography
• How to crack systems (spyware, malware, adware)
• How to deal with access breaches (firewalls, IDS, port knocking)
• Legal issues underlying export and patenting
Related Courses that Do Cover What We Omit
• CSE 5473: This course
Focuses on network aspects of the tip of the so-called
security pyramid
• CSE 4471*: Information Security
A big picture perspective. From time to time, I’ll refer you
here for background reading or access security
• CSE 5351: Introduction to Cryptography
A reference for details on some of our topics
Also 5472 (Information Security Projects), 5359 (Int. Studies in Crypto.)
*: All links in lectures are optional reading unless otherwise specified
What We Will Assume
You should be familiar with:
Network layers
Protocols for the transport layer (TCP, UDP), for routing
(RIP or OSPF), for the application layer (http)
C/C++ and/or script programming
I expect from you some mathematical maturity, including
the ability to learn and use new mathematical &
programming notations (NesC for instance)
Course Materials
Webpage: http://cse.ohio-state.edu/~anish/5473.html syllabus, slides, notes, assignments, announcements
see also CARMEN (cse_5473_sp2015_31987)
Text
• William Stallings, Cryptography and Network Security: Principles & Practice ; either: 5th Ed., Prent. Hall, 2010, ISBN:0136097049 errata
4th Ed., Prent. Hall, 2002, ISBN:0131873164 errata
References
• Mark Stamp, Information Security: Principles & Practice, Wiley 2011 ISBN:0470626399
• Bruce Schneier, Applied Cryptography, 2nd Ed., Wiley 1996 ISBN 0-471-11709-9
My Expectations
• Read the material assigned in class, to the point that you
can answer simple conceptual or what-if questions in the
quiz. (I don’t expect you to remember details of crypto
algorithms or security protocols or usage parameters)
• Work independently and ethically on homeworks and labs
• Read lectures before class, we can more time in class to
discuss flaws, threats, attacks relevant to the discussion;
keep in mind you may know more about specific security
features and bugs than I do
Grading Plan
• Homework assignments:15% (focus: puzzles)
• Laboratory exercises: 25% (focus: cracking)
• In-class quizzes: 10% (focus: pay attention in class)
• Midterm quiz: 20% (focus: concepts)
• Research project: 30% (focus: theory/implementation)
Project will be done by teams of 2 undergraduates, or one
graduate student. I’ll provide options for programming
projects or you may consult with me to choose your own
(theory, analysis, design, or implementation) project
Grading is relative You might get an A at 75%
Outline of Lecture 0
• Security attacks
• Security mechanisms
• Security models
• Security services
Background `big picture’ : 4471 discussion of threats/attack (Read this)
Security Attacks
Definition Any action that compromises security of information
Examples :
Security Attacks (contd.)
• Other attacks include: Flooding, Denial of Service, Jamming
Traffic Analysis
Routing Attacks: false routes, configuration changes (SNMP)
Leak Information, Disown Information
Remote arbitrary code execution, e.g., via Viruses or Worms
Trapdoors, Covert functions, Logic Bombs
Man in the Middle impersonates peers to one another; provides service via others
Free Rider or Free Loader a peer that gets service but does not provide service
Lazy Middle Man a peer that does part of the work but never whole
Inject faults
Number of Security Attacks
Trends in Security Attacks
Optional reading: Malware, Worms, Phishing, Botnets, XSS
Security Attacks (contd.)
• Attacks are comprised of elementary attacks:
Replay
Deletion
Host compromise
Capability compromise
Key compromise
Data Encryption: requires knowledge of key
Data Decryption: requires knowledge of inverse key
Timestamps: requires access to a secure time server
Eavesdropping
IP spoofing
(Optional reading: Sniffing, Spoofing, Password tools)
Types of Security Attacks
Attacks Attacks
Attacks
A Classification of Security Attacks
• Passive or Active: both can access information being communicated, but only the
latter can create or modify it
• Host Compromise or Communication Compromise: only the former can obtain knowledge of all information known to
the host
• Internal or External: only the former can impersonate a system process, and thus also
act as an intermediary only the former let’s the protocol being executed known
• Destructive or Nondestructive: only the latter allows information to still be correctly communicated
to the destination(s)
Security Mechanism
Definition A mechanism that is designed to detect, prevent, or recover from a security attack
Pervasive security mechanisms include: encryption or encipherment digital signatures, notarization traffic padding routing control trusted functionality security labels access controls event detection audit trails firewalls
Types of Keys
Cryptography underlies many security mechanisms. Keys are often used for securing or unsecuring information
• Symmetric, S: Same key is used to encode and decode
• Asymmetric or Public/Private, B/R: Public key is used to encode, private key to decode
• One way function, f: Given x, it is easy to compute f(x), but given f(x) it’s hard tocompute x
• One way function with trapdoor, f: A one way function where given f(x) it is easy to compute x if
one knows a trapdoor function g s.t. g(f(x))=x
Types of Keys (contd.)
• One way permutation, f,g: Both f and g are one way functions and each other's trapdoor
• One way hash function, MD: A hash function MD that is one way(Recall that a hash function may be many-to-one)
• One way weakly collision-free hash function, MD: A one way hash function MD s.t. given x it is hard to computea different y s.t. MD(x)=MD(y)
• One way strongly collision-free hash function, MD: A one way hash function MD s.t. it is hard to computedifferent x and y s.t. MD(x)=MD(y)
Types of Keys (contd.)
• Weak key:
A key in the key-space that does not encode well,
e.g., 0-key, and is thus easy to guess
• Complement key:
A key s.t. Complement(f(x)) = f(Complement(x))
and thus involves considering half the x to guess
• Related keys:
A pair of keys that are related by some difference
which can be exploited to reduce the number of x to guess
Kerchoff’s Principle
• For key based cryptosystems, the property of security should not rely on the secrecy of the mechanism (aka, algorithm)
• In other words, it should rely only on the secrecy of the key
• Interpretation: avoid security by obscurity
Security Models:A Model for Secure Network Communication
Consider information flowing over an insecure communications channel, in the presence of possible opponents
An appropriate security transform (encryption algorithm) can be used, with suitable keys, possibly negotiated using the presence of a trusted third party
Using this model requires us to:
• design a suitable algorithm for the security transformation
• generate the secret information (keys) used by the algorithm
• develop methods to distribute and share the secret information
• specify a protocol enabling the principals to use the transformation and secret information for a security service
A Model for Secure Network Communication
A Model for Network Access Security
Consider controlled access to information or resources on a computer system, in the presence of possible opponents
Appropriate controls are needed on the access and within the system, to provide suitable security. Some cryptographic techniques are useful here also
Using this model requires us to:
• select appropriate gatekeeper functions to identify users
• implement security controls to ensure only authorized users access designated information or resources
• implement trusted computer systems
A Model for Network Access Security
Recall: CSE 651 focuses more on Comm. than Access Model
Security Service
Definition A service that enhances the security of data processing systems and information transfers.
Makes use of one or more security mechanisms
Examples of network security service requirements:• authentication• privacy, confidentiality• integrity• non repudiation• obliviousness• information flow
Authentication
Definition The requirement by which a process securely communicates its identity to another
Thus, if process k receives an identification communication from process j then it must be the case that there is a corresponding send of that identification communication by j
Note that if messages are not all unique, then to deal with replay of old communications from j, we may have to embed counters in the state to capture bad prefixes
Instances of identity communication of j:
k j : n j k : R.j ‹n›
or
k j : n j k : S ‹n ; j›
Privacy
Definition The requirement by which communication is possible that can be decoded only by the processes that agree to communicate
In some cases, source, destination, frequency of communication needs to be protected as well
Instances of private communication from j to k:
• j k : S ‹data›
or
• j k : B.k ‹data›
Integrity
Definition The requirement by which a recipient can prove to itself that the message is what was indeed sent
I.e., the message was not modified or replaced
Instance of integrity of communication from j to k:• j k : data, MD(data; S)
Non Repudiation
Definition The requirement by which a recipient can prove to anyone that the message was indeed sent by the sender
Likewise, a sender can prove that a recipient indeed received the message
Note that non-repudiation implies integrity, but not vice versa. Note that non-repudiation does not necessarily imply authentication, since the message could have been forwarded by a third party
Instance of nonrepudiation of communication from j to k:
• j k : data, R.j ‹data›
or
• j k : data, R.j ‹MD(data)›
Obliviousness
Definition The requirement by which a process may perform a set of operations but not be sure which one (or more) of them was correctly performed
• E.g., a process may send two messages but not be sure which one of them was correctly received
• E.g. (slide 93 onwards), a process may sign one of a set of messages but not know which one it signed, or use one of a set of keys to encrypt with but not know which one was chosen
Information Flow
Definition The requirement by which a high-level process cannot communicate any information to a low-level process, directly or indirectly
Sometimes this is called absence of covert channels or subliminal channels
One sufficient condition for this requirement is called noninterference, which says that the outcome of an action of a low-level process in a computation remains the same even if actions performed by all higher-level processes are added or deleted to the computation
Security services (contd.)
Other important security services include:
• authorization: access is enabled if that access is allowed
• availability: permanence, non-erasure
• verifiability: a sort of integrity, revealing originality not content
• unforgeability: a sort of integrity, forged messages must be
independent of original messages
• distinguishability: can guess whether encrypted msg is m0/m1
• detectability: can guess whether encrypted msg is valid
Optional reading: Firewalls (upto slide 37), Intrusion Detection
An aside on hashing
• Length of hash << length of message, & often fixed at 48-128
• Some other names of hashing: finger printing, message
integrity check (MIC), message digest, cryptographic
checksum, manipulation detection code
• Hash functions are wellknown. So hashing, unlike encryption
algorithms, is exportable; often used to communicate
programs securely over the web
• MD‹key;data› is a message authentication code (MAC) or data
authentication code (DAC); knowing key
More on hashing: Relative costs
Using 0 keys (MD) is cheaper that using 1 key (S), which in turn is cheaper than using 2 keys (B, R)
Privacy by j k: S‹data› is cheaper than j k: B.k‹data›
Authentication by j k: MD‹j;n;S› is cheaper than j k: S‹j;n›
Non-repudiation via R.j‹MD‹data›› is cheaper than R.j‹data›
Often 2 keys are used in rare modes and 1 key is used in common modes
Ethical, social, policy and legal issues
• Some software we will study may be under export restriction, it is your responsibility to obey the applicable laws
• Many of the algorithms we will discuss are protected by patents, which makes it illegal to make and sell (or give away) computer programs that use those algorithms
• I expect you to work individually. Cheating/undisclosed collaboration will be dealt with severely
• Background `Big Picture’ Reading: From CSE4471 on Ethics/Law (optionally this, this)
Patent issues
• Many cryptographic techniques & algorithms are patented
• Some are nonetheless royalty free (DES), at least for public
use
• Software licenses are necessary in these cases
Export issues
• Some governments consider encryption a dangerous technology
• USA, Australia, New Zealand, France and Russia control export
• Export licenses are needed for export to a government
• Import always ok; cannot export to Cuba, Iran, Iraq, Libya, North Korea,
Sudan, Syria
• Previously:
Technical review needed for export to non-government
Open source did not need review but must have deposited source code
Less than 64 bit encryption generally ok for export
Illegal to carry abroad encryption software on your laptop!
Elements of cryptography:Types of security
• unconditional security
no matter how much computation is available, cipher cannot be
broken since ciphertext provides insufficient information to
uniquely determine the corresponding plaintext
one-time pad: a truly random key as long as the message
is unbreakable: ciphertext bears no statistical relationship to plaintext
can only use the key once though
have problem of safe distribution of key
• computational security
given limited computing resources (e.g. time needed for calculations is
greater than age of universe), the cipher cannot be broken
Terminology
• cryptography - study of encryption principles/methods
characterize by: number of keys used
o single-key or private / two-key or public
type of encryption operations usedo substitution / transposition / product
way in which plaintext is processedo block / stream
• cryptanalysis (codebreaking) - study of principles/ methods of deciphering ciphertext without knowing key
• cryptology - the field of both cryptography and cryptanalysis
• brute force attacks – search-based alternative to cryptanalaysis: attacker tries every possible key to decipher ciphertext
• always possible to simply try every key • most basic attack, proportional to key size • assume either know / recognise plaintext
• not all key sizes equal: • 80 bit DES ~ 1024 bit RSA• as of 2010, neither regarded as secure
Brute force attacks
Types of cryptanalysis attacks
• ciphertext only only know ciphertext / algorithm, statistical, can identify plaintext
• known plaintext attack cipher by knowing / suspecting plaintext & ciphertext
• chosen plaintext attack cipher by selecting plaintext and obtaining ciphertext,
useful if limited set of messages
• chosen ciphertext attack cipher by selecting ciphertext and obtaining plaintext
• chosen text attack cipher by selecting either plaintext or ciphertext to
en/decrypt
Things we won’t really talk about
Substitution ciphers:
where letters of plaintext are replaced by others: b e, c f
or where if plaintext is viewed as a sequence of bits, then bit
patterns are replaced with ciphertext bit patterns
monoalphabetic: arbitrary mapping of letter to letter; 26!
multiletter coding: mapping from multiple letters
polyalphabetic techniques: multiple mappings e.g. position based
subject to brute force search and frequency attacks
Transposition (permutation) ciphers:
where the letter order is rearranged without altering the letters
subject to frequency attacks
Things we won’t really talk about
Product ciphers:
use several ciphers in succession to make harder
especially if a substitution is followed by a transposition
number of rounds should suffice to make output look random
each input bit in “block” should affect every output bit
this is bridge from classical to modern ciphers
Cryptanalysis tools:
special hardware
supercomputers or parallel machines
Internet coarse-grain parallelism
Things we won’t really talk about (contd.)
Steganography an alternative to encryption
hides existence of message
uses only subset of letters/words in longer msg marked in some way
using invisible ink
hiding in LSB in graphic image or sound file
drawback: high overhead to hide relatively few info bits
top related