intro to secure comm. exercise 7
DESCRIPTION
Intro To Secure Comm. Exercise 7. Solution (review of last lesson). Assuming CEO1:10.0.0.1 CEO2:11.0.0.1 Use both transport mode and tunnel mode IPSec. First use Transport mode IPSec CEO1 SP : To CEO2 -> Encrypt Transport Mode CEO2 SP : To CEO1 -> Encrypt Transport Mode. - PowerPoint PPT PresentationTRANSCRIPT
Intro To Secure Comm.Exercise 7
Solution (review of last lesson)
Assuming CEO1:10.0.0.1 CEO2:11.0.0.1
Use both transport mode and tunnel mode IPSec.
First use Transport mode IPSec CEO1 SP : To CEO2 -> Encrypt Transport Mode CEO2 SP : To CEO1 -> Encrypt Transport Mode
Solution (review of last lesson)
Second, use IPSec tunnel mode between routers such that ALL messages are encrypted using tunnel mode (no differentiation between CEO messages and users’ messages)
This way, messages between CEOs are protected from being noticed from the internet (this is because the messages are designated to the routers)
Inside the network, the messages are still encrypted.
Scenario
Problem
The company enables IPSec in tunnel mode between each branch of the company.
Users are allowed to browse the internet freely.
How can a virus expose information sent from branch A to B?
Solution
By sniffing the network, the virus can sniff packets sent between the branches.
The virus can then send the information to a host located on the internet.
Since the information between the branches is sent on the clear (until it reaches the VPN host) it is easily viewed.
Attack explanation
Say computer A from office A send information to computer B in office B.
The virus sniffs the network and gets a hold of the message.
The virus sends the message using a connection to the internet, to an internet host.
Problem
What if the routers are configured only to allow secured IPSec communication? i.e. no internet forwarding.
Is the attack viable now?
Solution
YES!!! Through subliminal channels, the virus can
communicate with the sniffer Through timings Through length of packets
In conjunction with the SPI field. Assuming the SPI is different than other programs. The eavesdropper can then identify the messages
from the virus and identify them using timings/length of packets.
Problem (Test Question)
,חברה מעונינת להבטיח מספר יישומים קריטיים (משכורות, כח אדםדו"חות מכירות) מפני תוקף חיצוני או פנימי. ההנחה היא שהתוקף עלול להשתלט על מחשב אחד או מחשבים מעטים, ובפרט מניחים שלא יוכל
להשתלט על שרתים (שמאובטחים היטב) אלא רק על תחנות עבודה. מעונינים למנוע מהתוקף, אפילו אם הוא שולט על מחשב אחד שנמצא
ברשת מקומית מסוימת, מלחשוף או לשנות הודעות בין מחשבים ברשת שאינם נשלטים על ידיו ובין אחד משרתי היישומים הקריטיים. מוצע להגן
, בין כל תחנת עבודה Transport ומצב ESP בשיטת IP-secע"י שימוש ב-לבין השרתים שמריצים את אותם שירותים קריטיים.
הראה שפתרון זה עשוי שלא למנוע התקפה, ותוקף ששולט במחשב אחדברשת עלול להיות מסוגל להתחזות לשרת היישום הקריטי. רמז: שרתים
-IPאחרים ברשת, שאינם מריצים את היישומים הקריטיים, אינם מריצים sec .
Solution
The key idea is that only application servers are protected with IPSec.
What about DNS servers? (or any other naming servers) The following attack may happen
ADV takes control over some computer (a client/DNS) which are not protected.
ADV changes DNS record to point to the controlled computer By spoofing reply from DNS server
When the application needs to transmit information, it transmits to the wrong IP thus not protecting the data with IPSec.
The application is UNAWARE of it.
From Class
Detection is computationally infeasible… Identify malicious programs / viruses Identify programs that erase the disk, etc. Identify programs that may output programsGiven programs P and Q, was Q output of P?
Prove! (hint: think of computation theory)
Solution
For example, take: Given programs P and Q, was Q output of P
Detection shall be done by analyzing program P run on input I in time t giving output Q’ Reduction to H
{Machine which has the language i.e. no language} Reduction steps:
Combine P, I into machine Hpi by integrating input I into the code of P. Hard code output Q into Hpi Run P on hard coded I When stopped, verify Q’=Q. If Q’!=Q Stop, otherwise loop inifnitely.
Insert Hpi into machine H. If says YES, then Hpi never stops, thus output NO. Otherwise output YES
Solution
From reduction we can clearly see that when the machine doesn’t stop on the output or the output is not identical, the constructed machine will never stop.
Since H is undecidable… thus can’t decide weather Q output of P
From lecture
Assume the following network
A
B
C
src:B dest:A payload
??
Encrypted!
Boot
Problem
Compare the use of SSL, IPSec and link level security.
Solution
SSL is NOT a good solution.SSL secures the transport layerSSL is used for connection oriented
applications.Applications must be aware of SSL.Some applications DO NOT work with SSL
(ftp, telnet, …)
Solution
Link Layer Good only for small networks Good only for bridged networks Not good for networks which consist of routers, i.e. internet
Thus, network size is restricted
IPSec Good for many types of applications. Applications are unaware of IPSec IPSec secures both connection oriented/connectionless
applications Not bounded by network size/topology
Problem
Which IPSec modes should we use? What headers should we use?
Solution
Transport mode may be suitable if we use one device per computer.Easier to implementNo need for additional IP addresses.
Using AH may be suitable since we need authentication between device and PC.We want protection for the header.
Problem
Suppose the solution is for a large corporate network and the device has very small memory capacity
how can the master device use different shared key with each computer's device
avoid PK (why?)
Solution
Avoid PK because of computational cost (the device has limited memory and/or CPU)
Use PRF with master key stores in a master device (a KDC like solution) Good solution for an attacker that can extract the
keys from SOME of the devices, i.e. derive keys for certain devices.
In case we assume attacker can’t extract any keys, use one symmetric key for all the devices. (a very strong assumption)