network security-y3 coe new
DESCRIPTION
Network security-y3 coe new.pdfTRANSCRIPT
CIT 3422: NETWORK SECURITY
Mr. Joseph Kaberuka
OVERVIEW
• This course provides an essential study of computer security issues and methods in networking systems.
Course/class policies:
Please turn off/mute your cell phones
(or put them on vibrate – and don’t pick up!)
• Laptops , desktop switched off in class
– Please refrain from reading the news or checking emails in class
• Even though it may not necessarily disrupt the lecture, it is rude!
Course content
• Conventional and modern Encryption
• Advanced encryption standard
• Public Key Encryption and Authentication
• Security Practice
• System Security
EXAMS
CATS 2, Assignments 6, quizzes 3, will contribute to 50% of
your results
Final written Exam will contribute to 50% of your results
If you don’t attend, you will not pass this course
You won’t pass this course if you don’t do your
assignments, CATS, and quizzes on timely fashion
Indicative Resources -NETWORK SECURITY ESSENTIALS: APPLICATIONS AND STANDARDS- FOURTH EDITION, william stallings William Stallings, "Cryptography and Network Security: Principles and Practice" Prentice Hall, New Jersey. Johannes
Buchmann, "Introduction to cryptography", Springer Verlag. Bruce Schiener, "Applied Cryptography".
William Stallings. Network Security Essentials (2nd edition). Prentice Hall. 2003. (ISBN: 0130351288)
Saadat Malik, Saadat Malik. Network Security Principles and Practices (CCIE Professional Development). Pearson Education. 2002. (ISBN: 1587050250)
Introduction
• Network security consists of the provisions made in an underlying computer network infrastructure, policies adopted by the network administrator to protect the network and the network-accessible resources from unauthorized access.
• The terms network security and information security are often used interchangeably, however network security is generally taken as providing protection at the boundaries of an organization, keeping the bad guys (e.g. hackers) out
Why is Network Security Important? • Computer networks have grown in both size and importance in a
very short time.
• If the security of the network is compromised, there could be serious consequences, such as loss of privacy, theft of information, and even legal liability.
• To make the situation even more challenging, the types of potential threats to network security are always evolving.
• As e-business and Internet applications continue to grow, finding
the balance between being isolated and open is critical.
• In addition, the rise of mobile commerce and wireless networks demands that security solutions become seamlessly integrated, more transparent, and more flexible.
..continued
• What is security? Question to the class
SECURITY
What is security?
• “Building systems to remain dependable in the face of malice (desire to harm others), error or mischance”(Ross Anderson)
• In general, security is “the quality or state of being secure—to be free from danger.” Means: protection against adversaries (opponents, third parties), from those who would harm
..continued
Security : • “Security is a process, not a product” (Schneier) – Not something you can buy • Be wary of security consultants – Even though some of you may later choose that line of work ☺ – Something you have to build/engineer into a system – Preferably at system design time (inter-related objects like network)
..continued
All begin with computer security. The need for computer security: that is, the need to secure physical locations, hardware, and software from threats (danger, or attack)
Historically Started during World War II(1939-1945) when the first mainframes (very big machines), developed to aid computations for communication code breaking (ex: enigma used by Germany security intelligence)
..continued
• “old and nowadays”
..continued
..continued
..continued
• Security matters most!! What happened in the history?
• Enigma machine used by Germany security services in World war 2, finally broken by Polish cryptologist and pass the secret to British and Germany army loose the war!!
..continued
At that time Access to sensitive military locations! Was protected by (keys, authorized personnel)
Growing need to maintain national security led to technological sophisticated computer/network security safeguards that we have to day (Again all started with the military).
Primary threats to information security was: theft of equipment, espionage (spying) and sabotage.
..continued
• Multiple layers of security for an organization:
1) Physical security, protecting physical assets, objects, from unauthorized access and misuse
2) Personnel security, protecting individuals/group authorized to access the organization and its operations
3) Operations security, protecting details of operations or series of activities
..continued
4)Communications security, protecting media, technology and content
5)Information security, to protect the confidentiality, integrity and availability of information assets, whether in storage/processing, or transmission. It is achieved via: application of policy, education, training/ awareness, and technology.
..continued
All of these lead to our common goal :
Network security- protect network (inter-related objects) components, connections and content from the danger.
This security can be classified as: protection of information/content and its critical elements, including the systems (h/w and s/w) that use, store, and transmit that information/content (CNSS- Committee on National Security Systems – US security systems – (strong reference)
..continued
• Reference : C.I.A Triad (Confidentiality, integrity and availability), It is based on the three characteristics of information that give it value to organizations:
SECURITY OBJECTIVES • confidentiality, integrity, and availability of
information have evolved into a vast collection of events, including accidental or intentional damage, destruction, theft, unintended or unauthorized modification, or other misuse from human or nonhuman threats
..continued
Now security is known! OSI architecture has given: Security attack: Any action that compromises the security of information owned by an organization. Security mechanism: A process (or a device incorporating such a process) that is designed to detect, prevent, or recover from a security attack. (ex: police against criminals) Security service: A processing or communication service that enhances the security of the data processing systems and the information transfers of an organization. The services are intended to counter security attacks, and they make use of one or more security mechanisms to provide the service. (ex: notion of cryptography in this course)
..continued • Types of security attacks: -Passive attacks: Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions. The goal of the opponent is to obtain information that is being transmitted. Two types of passive attacks are the release of message contents and traffic analysis. • The release of message contents is easily
understood/monitoring a telephone conversation, an electronic mail message, and a transferred file may contain sensitive or confidential information.
Goal : We would like to prevent an opponent (third party) from learning the contents of these transmissions
..continued
..continued
• A second type of passive attack, traffic analysis, is subtler (intend, or indirect method)Suppose that we had a way of masking the contents of messages or other
• information traffic so that opponents, even if they captured the message, could not extract the information from the message.
-Encryption is way of masking the message content
..continued
• Active Attacks
Active attacks involve some modification of the data stream (data) or the creation of a false stream and can be subdivided into four categories: masquerade, replay, modification of messages, and denial of service.
A masquerade (a false show) takes place when one entity pretends to be a different entity
..continued
..continued
• Replay involves the passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect (ex: wrong server on the net does replay attack)
..continued
• Modification of messages simply means that some portion of a legitimate message is altered, or that messages are delayed or reordered, to produce an unauthorized effect
• Ex: For example, a message meaning “Allow John Smith to read confidential file accounts” is modified to mean “Allow Fred Brown to read confidential file accounts.”
..continued
..continued
• The denial of service prevents or inhibits the normal use or management of communications facilities
Used terms • Access: object’s ability to use, manipulate, modify, or affect
another object(ex : authorized users have legal access to a system, whereas hackers have illegal access to a system
• Asset: The organizational resource that is being protected. An asset can be logical ex: a Web site, information, or data.
• Attack: An intentional or unintentional act that can cause damage to or otherwise compromise information and/or the systems that support it.
Examples: 1) Someone casually reading sensitive information not intended for his or her use is a passive attack. 2) A hacker attempting to break into an information system is an intentional attack. 3) A direct attack is a hacker using a personal computer to break into a system.
..continued
..continued
• Control, safeguard, or countermeasure: Security mechanisms, policies, or procedures that can successfully counter attacks, reduce risk, resolve vulnerabilities, and otherwise improve the security within an organization.
• Exploit: A technique used to compromise a system. This term can be a verb or a noun. Threat agents may attempt to exploit a system or other information asset by using it illegally for their personal gain.
• Exposure: A condition or state of being exposed. In network security, exposure exists when a vulnerability known to an attacker is present (ex: non-protected sensitive database information)
..continued
• Loss: A single instance of an information asset suffering damage or unintended or unauthorized modification or disclosure.(ex: When an organization’s information is stolen, it has suffered a loss)
• Protection profile or security posture: The entire set of controls and safeguards, including policy, education, training and awareness, and technology, that the organization implements (or fails to implement) to protect the asset.
LOSS of Security
• Loss of confidentiality : Unauthorized disclosure of information
• Loss of Integrity: Unauthorized modification or destruction of information
• Loss of Availability: Disruption of access to or use of information
..continued • Risk: The probability that something unwanted
will happen. • Subjects and objects: A computer can be either
the subject of an attack (an agent entity used to conduct the attack—or the object of an attack).
• Threat: A category of objects, persons, or other entities that presents a danger to an asset (the potential violation of security). Threats are always present and can be purposeful or undirected.
For example, hackers purposefully threaten unprotected network systems, while severe storms incidentally threaten buildings and their contents
..continued
• Threat agent: The specific instance or a component of a threat. For example, all hackers in the world present a collective threat,
(ex: Kevin Mitnick, who was convicted for hacking into phone systems, is a specific threat agent. Likewise, a lightning strike, hailstorm, or tornado is a threat agent that is part of the threat of severe storms.
• Vulnerability: A weaknesses or fault in a system or
protection mechanism that opens it to attack or damage. Some examples of vulnerabilities are a flaw in a software package (ex: developers fear flaws when using Apache server or an unprotected system port
..continued
Some characteristics of network information: • Availability enables authorized users—persons or
computer systems—to access information without interference or obstruction (obstacle, barrier) and to receive it in the required format. (ex: queue in the library)
• Accuracy Information has accuracy when it is free from mistakes or errors and it has the value that the end user expects, and once modified it’s no longer accurate (ex: bank account)
• Authenticity of information is the quality or state of being genuine or original, rather than a reproduction or fabrication (ex: Notification services
..continued
Confidentiality , Confidentiality ensures that only those with the rights and privileges to access information are able to do so.
Integrity, whole, complete, and uncorrupted (message)
Possession of information is the quality or state of ownership or control. Information is said to be in one’s possession if one obtains it, independent of format or other characteristics. Ex: (System admin’s management of files).
..continued
Components of network information system: a network information system (IS) is much more than computer hardware; it is the entire set of software, hardware, data, people, procedures, and networks that make possible the use of information resources in the organization.
These six critical components enable network information to be: input, processed, output, and stored.
..continued
• Software component of IS comprises: applications, operating systems, and assorted command utilities- S/w is the most component of Information system to secure!
–errors in s/w programming is substantial to severe attacks (ex: Errors in windows firewalls) -it is in s/w that we find holes, bugs, and weaknesses. It carries the life blood of an organization • Hardware is the physical technology that houses
and executes the software, stores and transports the data
..continued • Data stored, processed, and transmitted by a computer
system must be protected. Data is often the most valuable asset possessed by an organization and it is the main target of intentional attacks.
• People Though often overlooked in computer security considerations, people have always been a threat to information security (ex: hackers)
• Procedures Another frequently overlooked component of an IS, is procedures. Procedures are written instructions for accomplishing a specific task. When an unauthorized user obtains an organization’s procedures, this poses a threat to the integrity of the information (ex: unauthorized internal employee).
..continued
• Example of a simple hierarchy of Network IS in an organization
1st Homework-assignment
• Draw a sample structure of your chosen organization with a name (ex: hospital)
• List (from your own understanding-don’t loose the opportunity of thinking big and doing research) 15 security rules that you should practice to maintain network security in your organization
• List 15 possible human intentional security attacks against the network in your organization
Major security properties
In some books, they call “Security Services”
• Confidentiality, privacy
• Integrity
• Authentication, identification
• Anonymity
• Certification
• Non-repudiation vs repudiation etc…
Basic security properties
Security properties Goal: Secrecy, privacy and confidentiality Keeping information secret from all but those who are authorized to see it – Alice wants to talk to Bob without Eve or Mallory being able to listen to the conversation Slight differences in terminology: – Privacy = preserving own information secret Alice protects her privacy by not revealing her age to anyone
Security properties
– Confidentiality = obligation to preserve someone else’s information secret Trent ensures confidentiality of Alice and Bob’s (Ex: credit card numbers verified by the trusted server on the network) – Secrecy = effect of mechanisms used to limit the number of principals who can access information
Security properties
• When information is confidential? When it is protected from unauthorized individuals/systems. Confidentiality ensures that “only those with the rights and privileges can access information”
• When confidentiality is breached? Ex: an employee throwing away a doc containing precious info without shredding it!
Security properties
Anonymity
Concealing (preventing from being known)
-keep secret identity of a protocol participant
– Possibly involves concealing the path a message uses to reach its destination,
– Alice decided to use Tor to browse websites anonymously
Security Properties
Data integrity
• Ensuring that information has not been altered
by unauthorized or unknown means
– Alice and Bob ensure the integrity of their
communication by using a secure physical channel
• That prevents Mallory from changing the contents of the messages they exchange
Data integrity • integrity of information is threatened when the information is
exposed to corruption, damage, destruction, or other disruption of its authentic state. Corruption can occur while information is being stored or transmitted.
• Many computer viruses and worms are designed with the explicit
purpose of corrupting data. For this reason, a key method for detecting a virus or worm is to look for changes in file integrity as shown by the size of the file
(Ex: File hashing to compute hash value) –Computing the value of bits from both original and copied file) means-file is read by a special algorithm (ex: SHA-1) that uses the value of the bits in the file to compute a single large number (hash value). If a computer system performs the same hashing algorithm on a file and obtains a different number than the recorded hash value for that file, the file has been compromised(integrity broken)
Security properties
• Identification
Corroboration(evidence which confirms or support a statement) of the identity of an entity
– By stating her mother’s first name and the last 4 digits of her social security number, Alice positively identifies herself to her banker (got served)
– Also sometimes called entity authentication
Security properties
(Message) Authentication
• Corroborating the source of information , Also known as data origin authentication
– Bob authenticates that the phone call he is receiving is from Alice by checking his caller ID
(which of course is a terrible way of enforcing that security property given that caller ID spoofing (tricking) is easy to do)
Security properties
• Non-repudiation vs repudiation, signature
Repudiation (the denial of an entity of having participated in all or part of a communication) Signature:
– Binds data to an identity
– As the document contained Alice’s digital signature,
Bob could prove to the judge that Alice approved to the contents
Security properties
Non-repudiation of origin (NRO) and of receipt (NRR)-protocols
– The signer cannot deny having created the signature
– Alice’s signature provides non-repudiation, preventing her from denying receipt of the document
Security properties
Signature ≠ message authentication
Signature is a mean to authenticate a message
Authentication allows the receiver to verify the origin of a message In addition, signature can be used to convince a third-party of the origin of the message Signature provides authentication
Security properties
Signatures can help establish security properties
such as:
• authentication
• accountability/non-repudiation
• integrity
• verifiability by independent, public or 3rd party
Security properties Authorization, certification, access control, revocation, authentication, witnessing • Authorization – process of determining which permissions a person or system is supposed to have (ex: System admin in Active directory) • Authentication - Authentication is the process of
determining whether someone or something is, in fact, who or what it is declared to be.
• Certification – Endorsement (Approval/seal of approval) of information by a trusted entity
Security properties
• Access control – Restricting access to resources to privileged entities (ex: ACL) • Witnessing – Verifying the creation or existence of information by an entity other than the creator (ex: court witnesses) • Revocation -Retraction of certification or
authorization
Access control
The problem? • A lot of information is stored somewhere – Information may be physically shared on systems Resources may be physically accessible • How do we regulate access? – Saltzer-Schroeder: Access only for computer systems
Access control Definition Access control is a mechanism by which one may restrict access to a resource • How the resource is restricted is described by a policy? Resources Computer files, Communication channels Database records: – Criminal – Medical – Financial Anything on which you can act (read, write, execute, transfer ownership…)
Access control • Policies
Set of statements:
• Specify who can access what
• Under which conditions
– e.g., time boundaries
– acting as a manager?
• Most common type of policy
– Restrict operations available depending on the group to which you belong ex: “User”, “Systems Administrator”, “Guest” …
Access control
Access control • Possible security violations 1. Unauthorized information release 2. Unauthorized information modification 3. Unauthorized denial of use • Principles for access control (1/3) (Saltzer and Schroeder,
1975) Economy of mechanism – Keep It Simple, Stupid! – Any design or implementation error might break the entire System: – 3 lines of code are (relatively) easy to secure, 3 million lines are essentially bound to have bugs: – 3 lines of code can (in general) be formally verified
Access control • Principles for access control (2/3)
Complete mediation:
– Every access to (each) every object must be checked for
Authority (a foolproof method of identifying the source of every request)
Privilege separation:
– Where feasible, ask two principals (or more) to unlock the mechanism
– Avoids single points of failure (A single point of failure (SPOF) is a part of a system that, if it fails, will stop the entire system from working)(ex: redundancy –duplicating objects)
Access control • Principles for access control (3/3) Least privilege: – Every program and every user of the system should operate using the least set of privileges necessary to complete the job (giving a user account only those privileges which are essential to that user’s work and nothing more !) Least common mechanism: – Minimize the amount of shared information (give specific roles) – Every shared mechanism (e.g., shared variables) represents a potential (untrusted) information path (always watch out!!) Psychological acceptability: – Make it easier for users to use system properly, otherwise they are likely to incorrectly use the protection mechanisms (ex: create user in the OS to prevent guessing passwords with Admin user)
Access control
• Access matrices Access control is defined by a triplet: (User, Resource, Access) User – Can correspond to “real” users or to administrative users/programs (mail, bin, …) Resource – E.g., file, device Access – Read, write, execute (r, w, x)
Access control/List
Different types of access control
• Discretionary (not-mandatory) Access Control
– The user owning an object decides how other users
can access the object
Example: UNIX Access Control
• Mandatory Access Control
– Each object has a sensitivity level associated with it,
and users have clearances for different sensitivity levels
Example: Military security clearances (official permission for someone to have access to classified info)
Access control/list Role-based access control Each user acts on objects acting in a given role (e.g., manager, programmer) etc • Permissions are assigned to roles • Adding one level of indirection to the access control
problem • Role: set of transactions that a user can perform – Allowed transactions for each role determined by sys admin – Each user can act in one of several roles • Possible roles determined by sys admin • Active role for a given transaction chosen by user
Homework assignment 2
• Draw an access control matrix of 3 principals: Sam, Alice and Bob. And 4 different resources that they can access : os, medical data, audit data, criminal data
• Sam is the syadmin, has universal access except audit data; which even he should be able to read. Alice the manager needs to execute the os, but she mustn’t have the ability to change os privileges. But she can read and write to other resources. Bob can only read everything.
• Submit Monday 9 2 :00 pm
Analysis on security properties- Cryptography
• Security Mechanism
• Encryption vs decryption (plaintext data-ciphertext data)
• Cryptology is the study of Cryptography and Cryptanalysis
• Cryptography is the study of mathematical techniques to enforce security properties
• Cryptanalysis is the study of how to break cryptographic systems
Cryptographic primitives
• Encryption –using a key (is a piece of information /a parameter that determines the functional output of a cryptographic algorithm or cipher-In encryption, a key specifies the particular transformation of plaintext into ciphertext –without it, no result for any algorithm being used.
• vice versa during decryption
Cryptographic primitives
• Symmetric key cryptography vs Asymmetric key cryptography
• Symmetric cryptography uses the same secret (private) key to encrypt and decrypt its data whereas,
• Asymmetric uses both a public (mathematically linked of separate keys: one public and private key)- Encryption is done with secret key part, and decryption is done with public key part.
Cryptographic primitives
A brief history of cryptography
Recall Anderson:
– First and foremost military use
• Use of crypto has been traced as far back as the Egyptians some 4,500 years ago
• Used to protect national secrets and strategies
Symmetric crypto
Simplified model of symmetric crypto
Caesar Cipher
• Caesar cipher or Caesar shift: The earliest known, and the simplest, use of a substitution cipher was by Julius Caesar.
• The Caesar cipher involves replacing each letter of the alphabet with the letter standing three places further down (forward) the alphabet.
• Substitution technique: is one in which the letters of plaintext are replaced by other letters or by numbers or symbols
Caesar cipher
• The earliest known, and the simplest, use of a substitution cipher was by Julius Caesar.
• The Caesar cipher involves replacing each letter of the alphabet with the letter standing three places further down (forward) the alphabet. For example,
• plain: meet me after the party
• cipher: PHHW PH DIWHU WKH SDUWB
Ceasar cipher
• We can define the transformation by listing all possibilities, as follows:
• plain: a b c d e f g h i j k l m n o p q r s t u v w x y z
• cipher: D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
Caesar Cipher
• Let us assign a numerical equivalent to each letter:
Substitution techniques
• Ceasar cipher belong to substitution techniques:
-Caesar Cipher
-Monoalphabetic Ciphers
-Playfair Cipher
-Hill Cipher
-Polyalphabetic Ciphers
-One-Time Pad
Read them from the book
Frequency Analysis
• Another substitution technique is the Frequency analysis.
• Frequency analysis(the study of letters or groups of letters contained in a cipher text in an attempt to partially reveal the message)
• The English language (as well as most other languages) has certain letters and groups of letters appear in varying frequencies.
Frequency Distribution In English
Frequency distribution • This is a chart of the frequency distribution of
letters in the English alphabet. • As you can see, the letter ‘e’ is the most
common, followed by ‘t’ and ‘a’, with ‘j’, ‘q’, ‘x’, and ‘z’ being very uncommon
• Example: This is a cipher message which is transferred :
UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ
Frequency distribution
Encryption/decryption
There are more other types of ciphers (details in the book):
• Monoalphabetic ciphers which includes: playfair ciphers, and hill cipher
• Polyalphabetic ciphers which includes: Vigenère cipher (the most knows and simple), vernam cipher and one-time pad
Vigenère cipher
• The best known, and one of the simplest, polyalphabetic ciphers is the Vigenère cipher.
• In this scheme, the set of related monoalphabetic substitution rules consists of the 26 Caesar ciphers with shifts of 0 through 25.
Each cipher is denoted by a key letter, which is the cipher text letter that substitutes for the plaintext letter a. Thus, a Caesar cipher with a shift of 3 is denoted by the key value d.
Homework assignment 3
• From the numeric table below compute the:
-Key, plain text, and cipher text
Thursday 12, 2:00 pm
Network security-Quiz 1/10
1) Give an example of an algorithm used to compute file hashing. 1 Mark
2) Define 3 security ppties: Access control, revocation and authentication 3 Marks
3) Decrypt this cipher: PHHW PH DIWHU WKH WRJD SDUWB 1 Mark 4) Differentiate mandatory access control from not-mandatory access control 2 Marks 5) Draw a picture for modification of messages attack 3 Marks
Public Key Encryption and Authentication
• Recall:
• What are Prime numbers?
Fermat’s and Euler’s theorem
RECAP
Prime Numbers
• A prime number is divisible only by 1 and itself
• For example: {2, 3, 5, 7, 11, 13, 17, …}
RECAP Prime Factorization
• To factor a number n is to write it as a product of other numbers.
• n = a * b * c
• Or, 100 = 5 * 5 * 2 * 2
• Prime factorization of a number n is writing it as a product of prime numbers.
• 143 = 11 * 13
RECAP Relatively Prime Numbers
• Two numbers are relatively prime if they have no common divisors other than 1.
• 10 and 21 are relatively prime, in respect to each other, as 10 has factors of 1, 2, 5, 10 and 21 has factors of 1, 3, 7, 21.
• How do you compute GCD of two +ve integers? Ref: divisors of integers, and point the largest • The Greatest Common Divisor (GCD) of two relatively
prime numbers can be determined by comparing their prime factorizations and selecting the least powers.
A Little Bit Of History
• Pierre de Fermat (1601-1665) was a lawyer by profession and an amateur mathematician.
• Fermat rarely published his mathematical discoveries. • It was mostly through his correspondence with other
mathematicians that his work is known at all. • Fermat was one the inventors of analytic geometry and
came up with some of the fundamental ideas of calculus. • He is probably most famous for a problem that went
unsolved until 1994; that the equation xn + yn = zn has no non-trivial solution when n>2.
History Cont.
• One of Fermat’s books contained a handwritten note in the margin declaring that he had a proof for this equation, but it would not fit in the margin.
• He never published his proof, nor was it found after his death.
• In 1994 Andrew Wiles worked out a proof of this equation using advanced modern techniques.
Fermat’s Little Theorem
• If p is prime and a is an integer not divisible by p, then . . .
ap-1 1 (mod p).
• And for every integer a
• ap a (mod p).
mod means modular arithmetic, what is modular arithmetic?
Recap • When we divide two integers (A/B), we will have
an equation that looks like:
A/B = Q remainder R
A= dividend, B=divisor, Q=quotient, R=remainder
Using this relation, there is an operation called Modulo operator (abbreviated as mod), using the same relation, A,B,Q and R, would have
A mod B =R, so we would say this as A modulo B is Congruent to R, where B is referred to as the Modulus.
Recap
• Ex: 13/5 = 2 remainder 3. Using modulo operator: 13 mod 5 = 3
• 7%5= 2 what is that means?
• When we say mod 5 there are 5 integers counted from 0,1,2,3,4.
• We can use the technique to compute modulo arithmetic by visualizing modulus with clocks (we start at o integer position and go through n integer numbers in a clock wise sequence) NB: negative integer is otherwise
Recap Congruence relation
• Congruence modulo n on the set of integers, for a given positive integer n, two integers a and b are called congruent modulo n,
• a b (mod n) if a-b is divisible (or multiple) by n (or equivalently is a and b ) have the same remainder when divided by n.
• Ex: 37 and 57 are congruent modulo 10 or
37 57 (mod 10)
Recap
1) Is the symbol for congruence, which means A and B are in the same equivalence class
ex: 26 11 (mod 5)
• 26 mod 5 = 1 so it is in the equivalence class 1
• 11 mod 5 = 1 so it is in the equivalence class 1 as well.
• This Fermat’s theorem was useful in public key (RSA) and primarily testing.
Euler Totient Function: (n)
• (n) = how many integers that are less than or equal to n that do not share a common factor with n (totatives of n, that is, the positive integers less than or equal to n that are relatively prime to n) In other words, how many integers n doesn’t share a factor greater than 1 with?
• (4) = 2 (1, 3 are relatively prime to 4)
• (6) = 2 (1, 5 are relatively prime to 6)
• For Prime Numbers (p)=p-1
• (7)=6 , (8)=?
Euler’s Totient Theorem
• This theorem generalizes Fermat’s theorem and is an important key to the RSA algorithm.
• If GCD(a, p) = 1, and a < p, then
• a (p) 1(mod p).
• In other words, If a and p are relatively prime, with a being the smaller integer, then when we multiply a with itself (p) times and divide the result by p, the remainder will be 1.
So What is the use of these theorems?
• Euler’s theorem uses modulus arithmetic which helps to lay the foundation for RSA encryption.
Public Key Encryption and Authentication
• Message Authentication
Message Authentication Requirements
• Message Authentication must be able to verify that: 1. Message came from apparent source or author, 2. Contents have not been altered, 3. Sometimes, it was sent at a certain time or
sequence. • Protection against active attack (falsification of data
and transactions)
Message Authentication Code (MAC)
• In crypto, A message authentication code (MAC) is a short piece of information to authenticate a message.
-To provide integrity and authenticity assurances on the messages
-Integrity here detects accidental and intentional message changes
-Authenticity assurances affirm the message’s origin
Approaches to Message Authentication
• Authentication Using Conventional Encryption Only the sender and receiver should share a key Then a correctly encrypted message should be from the sender Usually also contains error-detection code, sequence number and time stamp
• Message Authentication without Message Encryption
No confidentiality is preferred when:
1. Same message is broadcast to many destinations
2. Heavy load and cannot decrypt all messages – some chosen at random
3. No danger in sending plaintext
An authentication tag is generated and appended to each message
• Message Authentication Code Calculate the MAC as a function of the message and the key. MAC
= F(K, M)
MAC • A MAC is sometimes called Keyed (cryptographic)
hash function (h(x) which is only one of the possible ways to generate MACs). Which means:
- Accepts input a secret key and this key generates a small size-fixed block of data known as MAC appended to the message
- The MAC value protects both a message’s data integrity and authenticity by allowing verifiers (who possess secret key) to detect any changes to the message content. (Sender and receiver must agree on the same key before initiating communication)
MAC • Message Authentication without Message
Encryption
– An authentication tag is generated and appended
to each message-Message Authentication Code
(MAC)
– MAC is generated by using a secret key – Assumes both parties A,B share common secret
key KAB
– Code is function of message and key MACM= F(KAB, M)
– Message plus code are transmitted
MAC
RECAP Hash function H(x) • A hash function is any function f(x) that can
be used to map digital data of arbitrary size to digital data of fixed size.
RECAP
-The values returned by a h(x) are called hash values, hash code, hash sums, or simply
hashes.
-A very good example of h(x) in cryptography is one-way hash function, an algorithm that turns messages or text into a fixed string of digits, for security or data management purposes. “One-way” means that it’s nearly impossible to derive the original text from the string.
Recap
-Ex: A one way hash function is used to create digital signatures ( a digital code that can be attached to an electronically transmitted message that uniquely identifies the sender). Which in turn identify and authenticate the sender and message digitally distributed.
-In one-way hash function , the input is often called the message digest or simply digest.
One-way HASH function
• Alternative to Message Authentication Code
• Accepts a variable size message M as input
and produces a fixed-size message digest H
(M) as output
One-way HASH function
One Way Hash Function
• Ideally We Would Like To Avoid Encryption
• Encryption software is slow
• Encryption hardware costs aren’t cheap
• Hardware optimized toward large data sizes
• Algorithms covered by patents
• Algorithms subject to export control
One-way HASH function
• Secret value is added before the hash and removed before transmission.
Secure HASH Functions • Purpose of the HASH function is to produce a ”fingerprint.
• Properties of a HASH function H :
1. H can be applied to a block of data at any size
2. H produces a fixed length output
3. H(x) is easy to compute for any given x.
4. For any given block x, it is computationally infeasible to find x such
that H(x) = h
5. For any given block x, it is computationally infeasible to find with H(y) = H(x).
6. It is computationally infeasible to find any pair (x, y) such that H(x) = H(y)
Simple Hash Function • General principle
Input is a sequence of n-bit blocks
Input is processed one block at a time to produce an n-bit hash function
A simple example is the bit-by-bit XOR of each block
Ci = bi1 ⊕bi2⊕ … ⊕bim
Ci is ith bit of hash code 1 <= i <= n
m is number of n-bit block in input
bij is ith bit in jth block
⊕ is the XOR operation
SHA-1 Secure Hash Function
• The Secure Hash Algorithm( SHA) was developed by
the National Institute of Standards and Technology and
published in 1993.
• SHA-1 is a 1995 revised version
• It takes as input a message with maximum length < 264
bits and produces a 160-bit message digest.
• It is processed in 512-bit blocks.
SHA-1 Secure Hash Function
SHA-1 Processing of single 512-Bit Block
Other Secure HASH functions
HMAC -keyed-hash message authentication code
• Use a MAC derived from a cryptographic hash code, such as SHA-1.
• a specific construction for calculating a MAC involving a cryptographic hash function in combination with a secret key.
• As for MAC it may be used to find out integrity and authentication of messages. Any H(x) like MD5, SHA-1 may be used to calculate HMAC, results will be: HMAC-MD5 or HMAC-SHA1
• Motivations: – Cryptographic hash functions executes faster in software than
encryption algorithms such as DES – Library code for cryptographic hash functions is widely available
Public-Key Cryptography Principles
• The use of two keys has consequences in:
key distribution,
confidentiality
authentication.
• The scheme has six ingredients – Plaintext
– Encryption algorithm
– Public and private key
– Ciphertext
– Decryption algorithm
Encryption using Public-Key system
Authentication using Public-Key System
Applications for Public-Key Cryptosystems
• Three categories:
Encryption/decryption: The sender encrypts a message with the recipient’s public key.
Digital signature: The sender ”signs” a message with its private key.
Key echange: Two sides cooperate two exhange a session key.
Requirements for Public-Key Cryptography
1. Computationally easy for a party B to generate a pair (public key KUb, private key KRb)
2. Easy for sender to generate ciphertext:
3. Easy for the receiver to decrypt ciphertect using private key:
)]([)( MEDCDM KUbKRbKRb
)(MEC KUb
Public-Key Cryptographic Algorithms
• RSA and Diffie-Hellman
1. RSA - Ron Rives, Adi Shamir and Len Adleman at MIT, in 1977.
RSA is a block cipher The most widely implemented
2. Diffie-Hellman
Echange a secret key securely Compute discrete logarithms
RSA Key Generation
• RSA has become almost synonymous with public key.
• How it works: RSA makes extensive use of arithmetic operations using modulo n arithmetic.
• Recall: 19 mod 5 = 4
• Mod ppties: [(a mod n)+(b mod n)] mod n= (a+b) mod n; same way for multiplication, subtraction etc…
RSA Key Generator
• Now suppose that Alice wants to send to Bob an RSA encrypted-message, keep in mind that a message is nothing but a bit pattern and every bit pattern can be uniquely represented by an integer number (along with the length of the bit pattern), so a message of bit pattern 1001 is represented by which decimal integer?
• So to generate the public and private RSA keys, Bob has to perform the following steps:
RSA Key Generation
1.Choose two large prime numbers: p and q, how large should p and q be? The larger the values, the more difficult it is to break RSA.
2. Compute n = pq and z= (p-1)(q-1)
3. Choose a number e , less that n, that has no common factors (other than 1) with z (in this case , e and z are said to be relatively prime ) The letter e is used since this value will be used in encryption.
RSA Key Generation
4. Find a number d, such that ed-1 is exactly divisible (that is, no remainder)by z. The letter d is used because this value will be used in decryption. Put another way, given e , we choose d such that ed mod z = 1
5. The public key that Bob makes available to the world is the pair of numbers ( n, e); his private key, is is the pair of numbers (n, d).
RSA key Generation
• The Encryption by Alice and Decryption by Bob are done as follows:
• Suppose Alice wants to send Bob a bit pattern represented by the integer number m (with m<n). To encode, Alice performs the exponentiation is divided by n. In other worlds, the encrypted value, C, of Alice’s plaintext message, m , is
RSA Key Generation
• The bit pattern corresponding to this ciphertext C is sent to Bob.
• To decrypt the received ciphertext message, C, Bob computes
which requires the use of his private key (n, d)
Diffie Hellman Algorithm
• First introduced by Diffie-Hellman in 1976
• Mathematical functions rather than simple
operations on bit patterns
Exchange keys securely
Compute discrete logarithms
Diffie Hellman details
• i.e. if a is a primitive root of prime or a
generator p,
• a mod p, a2 mod p, … ,ap-1 mod p are distinct
and contain 1 through (p-1) in some order.
Diffie Hellman key exchange
Diffie-Hellman Algorithm
Diffie-Hellman Algorithm
• D–H is one of the earliest practical examples of public key exchange implemented within the field of cryptography.
• The Diffie–Hellman key exchange method allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communication channel.
Diffie Hellman Algorithm
• Compare to RSA:
RSA Recall:
• sender encrypts the data to be transferred using his public key
• receiver decrypts the encrypted data using his private key
D-H: a method of exchanging cryptographic keys
• establishes a shared secret key that can be used for secret communication
Diffie Hellman Basics
Diffie Hellman
Other Public-Key Cryptographic Algorithms
• Digital Signature Standard (DSS)
Makes use of the SHA-1
Not for encryption or key echange
• Elliptic-Curve Cryptography (ECC)
Good for smaller bit size
Low confidence level, compared with RSA
Very complex
Digital signatures
• A digital signature is an encryption of a document with the creator’s private key
• It is attached to a document that validates the creator of the document (an attachment to an electronic message used for security purpose)
• Any one can validate it by decrypting the signature with the claimed creator’s public key
Digital signatures
• Recall: • Think a number of the times you’ve signed your
name to a piece of paper during the last week? You signed checks, credit card receipts, legal documents, and letters.
• You signature attests that you (as opposed to someone else) have agreed on the document’s content. In digital world, one often wants to indicate the owner or creator of a document or to signify one’s agreement with a document’s contents.
Digital signatures
• A digital signature Is a cryptographic technique for achieving these goals in a digital world. And just as with handwritten signatures, digital signing should be done in a way that is verifiable.
• Let’s see how we might design a digital signature scheme:
- When Bob signs a message, Bob must put something on the message that is unique to him. Means Bob could consider attaching a MAC for the message where the MAC is created by appending a key (unique to him) to the message and then taking the Hash.
Generic model of digital signature process
Digital signatures
• In other words Digital signature is a mathematical technique used to validate the authenticity and integrity of a message, software or digital document.
• There have been serious concerns behind message authentication thus required digital signature techniques to resolve some of those issues:
Digital signatures Properties • Message authentication protects two parties who exchange
messages from any third party. However, it does not protect the two parties against each other.
• Several forms of dispute between the two are possible. For example, suppose that Bob sends an authenticated message to Alice,
1. Alice may forge a different message and claim that it came from Bob. Alice would simply have to create a message and append an authentication code using the key that Bob and Alice share. 2. Bob can deny sending the message. Because it is possible for Alice to forge a message, there is no way to prove that Bob did in fact send the message.
Digital signatures
• In situations where there is not complete trust between sender and receiver, something more than authentication is needed. The most attractive solution to this problem is the digital signature. The digital signature must have the following
properties: • It must verify the author and the date and time of the
signature. • It must authenticate the contents at the time of the
signature. • It must be verifiable by third parties, to resolve
disputes.
Digital Signatures: The basic idea
Key management
• Distribution of public keys
– Well, what’s the issue?
– Can’t we just trust Mallory if she claims a key as her public key?
Public keys to exchange secret keys
• Using public-keys to exchange secret keys
why exchange secret keys?
aren’t public keys sufficient?
Key Management Public-Key Certificate Use
Certificate Authority
• In cryptography, a certificate authority or certification authority (CA) is an entity that issues digital certificates (public key certificate) is an electronic document used to prove ownership of a public key.
• Common Application: Trusted certificates from trusted CAs are typically used to make secure connections to a server over the Internet,
• The client uses the CA certificate to verify the CA signature on the server certificate, as part of the checks before establishing a secure connection
Certificate Authority
Analogy : Internet Security means not just making sure that data is not intercepted or corrupted, but that a computer user is who they say they are. Just as in real life you may need a passport from a trusted source to prove who you are, a Certificate Authority server can be set up to issue certificates to prove who people are online.
Certificate Authority
• A Certificate Authority is an organization or individual that provides certificates and a mechanism for verifying their authenticity. Large companies such as Microsoft issue certificates to guarantee downloaded software, and companies like Verisign.
• Users are sometimes concerned receiving messages that "certificates have expired", however this just means the default valid period for the certificate is over — not that you are suddenly at any risk attack.
Certificates
• Certificates are an important component of Transport Layer Security (TLS, sometimes called by its older name SSL, Secure Sockets Layer), where they prevent an attacker from impersonating a secure website or other server. They are also used in other important applications, such as email encryption.
Homework Assignment 4/RSA
• Given a Message m=85 • Choose your prime numbers p and q • Calculate your n • Calculate z • Choose your e and Find a number d • Show the public key pair • Show the private key pair • Compute encryption and decryption • Deadline 31st March , 2:00 pm, copy and paste is
seriously handled
2nd CATs Schedule
• 2nd Cats are mandatory to every one
• 27th April 2015 – 2nd Cat Network security 2:00 pm
• 6th May 2015 - 2nd Cat Mobile Computing
• 8th May 2015 - Project Presentation (Mobile computing and Last lecture)
• Before exam dates make sure that your cat marks, homeworks and quizzes are matching with the marks you’ve got.
Security Practice
Authentication Applications
Authentication Applications
Authentication Overview
• We are taking a network-based view of user authentication
• User authentication is the first line of defence of a network
• It aims to prevent un authorized access to a network
• It is the basis of setting access controls
• It is used to provide user accountability
Verifying User Identity
• User authentication has two steps: Identification – presenting the user to the security system
• Identification is the means by which a user claims to be a
specific identity
Verification – providing information that binds the entity to the identity
• Verification is the method used to prove that claim
Means of Authentication
• Something the individual knows E.g. password, PIN • Something the individual possesses (tokens) • A security token (sometimes called an authentication token) is a small
hardware device that the owner carries to authorize access to a network service. The device may be in the form of a smart card
E.g. cryptographic key, smartcard • Something the individual is E.g. fingerprint, retina
• Something the individual does E.g. handwriting pattern, speech pattern
Authentication Problems
• Guess or steal passwords, PIN, etc
• Forget passwords, PIN
• Steal or forge smartcards
• Lose smartcard
• False positives in biometrics
• False negatives in biometrics
• The most common method of network
• authentication uses passwords and cryptographic keys
User authentication security technologies
The following Technologies will be discussed:
• Password-Based Authentication
• Token-Based Authentication
• Remote-user Authentication
• Biometric authentication
Password-Based Authentication
• Password-based authentication is the most common means of authentication.
• It requires no special hardware.
• Its typical authentication by password only,
• where the user supplies a username and password then the system looks up the username in the relevant database table,
• it checks that username, password pair exists and finally it provides system access to the user
Password Strength • Users tend to pick weak passwords if allowed. These kinds of
passwords can be easily to cracked via dictionary attack • (A dictionary attack is a technique or method used to breach the
computer security of a password-protected machine or server. A dictionary attack attempts to defeat an authentication mechanism by systematically entering each word in a dictionary as a password or trying to determine the decryption key of an encrypted message or document)
• Users should be forced to create more complex passwords. • System can also supply users with a strong password however, with
this method, many users will tend to write down a stronger password and this can be a greater security risk.
• One of the best methods of creating strong password is by using the Challenge – Response method.
• Here the systems are used that request specific characters in a password rather than the whole password. This is commonly used in online banking
Example Challenge-Response Method:
• The password is “MyPassword” • The system asks for the 2nd, 3rd and 8th
characters • The user enters “y”, “P” and “o” • The idea is that it would take an eavesdropper
many sessions to determine the whole password
Attacks on Password-Based
authentication • Eavesdropping: Here the attacker can “listen” in
and gain password information. Encrypting messages will prevent this
• Offline dictionary attack: A direct attack on the database storing passwords can be used to discover or change passwords. Normally strong access controls are applied to protect the databases storing password files. However, some hackers can bypass these control measures and access the password files
Cont’d • Specific account attack: The hacker can be determined to guess a
password for a specific account until the correct password for that specific account is discovered. The best method to prevent this is by implementing the account lockout mechanism. This will disable the account after a number of failed login attempts.
• Popular password attack: The attacker will deploy different
popular password to different user ID’s. Normally users tend to use password which are easily remembered, i.e., the name of your girlfriend/boyfriend, the capital city of your country, etc. So the hacker will guess these kind of passwords and apply them to different user IDs. This can be prevented by implementing policies to reduce the selection by users of common passwords and scanning the IP addresses of authentication requests and client cookies for submission patterns
Cont’d • Workstation and session hijacking; the attacker can
monitor when the workstation is not being used or a hacker can disconnect the session of the user and they connect themselves. The main prevention mechanism is to automatically logging the workstation out after a period of inactivity. Intrusion detection schemes can be used to detect changes in user behavior
• Exploiting user mistakes: Some systems will provide passwords to the users. These kind of passwords are very difficult to remember, so users tend to write them somewhere. So this would make it easier for the hackers to read it. Prevention mechanisms include user training, intrusion detection, and simpler passwords combined with another authentication mechanism.
Cont’d
• Exploiting multiple password use: Some users use same password for different devices, so once the attacker gets to know the password, all the devices can be easily attacked. Never use the same password for different applications or devices
TOKEN-BASED AUTHENTICATION
• Objects that a user possesses for the purpose of user authentication are called tokens.
• There are mainly two types of tokens that are widely used; these are cards that have the appearance and size of bank cards i.e.
Memory card
smart card
Smartcards
• These are tamper-resistant devices that have a small amount of memory and a small processor.
• They are difficult to duplicate and are easily transferable.
• They can use the combination of PIN/password and have Simple computations, e.g. encryption/decryption, digital signatures.
Smartcard Examples
• Bank/ATM cards
• Credit cards
• Travel cards
• Pass cards for a workplace
SMARTCARD
Memory Cards • Memory cards have the capability to store data but cannot process
it.
• The most common example of a memory card is the bank card which has a magnetic stripe on the back.
• This magnetic stripe at the back can store only a simple security code. These codes can be read and reprogrammed by an inexpensive card reader.
• Other kinds of memory cards include an internal electronic memory. Memory card can be used for physical access, such as a hotel room.
• Regarding computer user authentication, memory cards are used with some form of password or personal identification number (PIN). The best example is the automatic teller machine (ATM).
BOIMETRIC AUTHENTICATION
• Biometric-based authentication is the Measurement of body’s unique characteristics or behavior.
• These behaviors are of different types such as; Voice, Signature, Facial, Palm, Eye, Fingerprint etc.
• Compared to passwords and tokens, biometric authentication is both technically complex and expensive
• Ex: Biometric palm
Physical Characteristics Used in Biometric
Applications • Facial Behaviors: This is one of the most common
means of human to human identifications. It is based on some key features such as relative location and shape of key facial characteristics, such as eyes, eyebrows, nose, lips, and chin shape.
• Fingerprints: . A fingerprint is the pattern of ridges
and furrows on the surface of the fingertip. This approach has been around for a long time and is mostly used as means of identification for law enforcement purposes. This method is believed to be unique across the entire human population
Cont’d
• Hand geometry: This method involves the hand geometry systems identify features of the hand, such as; shape, and lengths and widths of fingers.
• Retinal pattern: It is believed that the pattern formed by the veins beneath the retinal surface is unique and therefore suitable for identification. The biometric system gets the digital image of the retinal by projecting a low-intensity beam of visual or infrared light into the eye.
Cont’d
• Iris: This is the detailed structure of the iris. It is also another unique feature that can be used for identification
• Signature: A signature is frequently written sequence. Every person has a different style of handwriting and this is reflected mainly in their signatures. So this method can also be used as means of identification.
• Voice: This is another means of identification where voice patterns are more closely tied to the physical and anatomical characteristics of the speaker.
Operation of a Biometric Authentication
System • In order to be an authorized user, you must first be enrolled in the
database system of authorized users.
• This is similar to assigning password to a specific user ID. With regards to the biometric system, the user gives the name and password or PIN to the system.
• At the same time, the system senses some biometric features for this user i.e, Iris, Fingerprints, etc.
• All these inputs are digitized and the system extracts a set of characteristics that can be stored as a number or set of numbers representing this unique biometric characteristic; this set of numbers is referred to as the user’s template.
• The user is now enrolled in the system, which maintains for the user a name (ID), perhaps a PIN or password, and the biometric value.
Cont’d
Figure showing enrollement process
Cont’d
• Depending on application, user authentication on a biometric system involves two methods:
Verification
Identification
Verification
• This method is similar to a user logging on to a system by using a memory card or smart card coupled with a password or PIN.
• For biometric verification, the user enters a PIN and also uses a biometric sensor.
• The system extracts the corresponding feature and compares that to the template stored for this user.
• If there is a match, then the system authenticates this user
Cont’d
Figure showing Verification process
Identification
• In this method, the user uses the biometric sensor with no any other additional information presented.
• The system then compares the presented template with the set of stored templates.
• If there is a match, then this user is identified. Otherwise, the user is rejected.
Cont’d
Figure showing identification process
Why Biometrics ?
• Unique
• Authentication: 1-to-1 matching
• Identification: 1-to-M matching
• Convenient
• Non-repudiable
• Fast, accurate, non-transferable
• Nothing to remember and nothing to forget
Areas of Biometrics Application
• Physical access control
• Data access security
• Time and attendance
• ID theft prevention
• Privacy protection
• Fraud reduction
• Cost-effective and high security
Types of Fingerprint Sensor
• Semiconductor
– Capacitive
– Thermal
– RF
• Optical
– Traditional
– SEIR (Surface Enhanced Irregular Reflection)
• Thin Film Technology
Semiconductor Sensors
Semiconductor Finger Print Sensor Characteristics
• Small and low profile
• Cost - expensive at low volume and large sensing area
• Physical and electrical Unstable
• Metal discharge pathway
• Surface coating required
• Low tolerance to abuse
Traditional Optical Sensor
How to Select a Fingerprint Biometrics?
• User friendliness
• Durability
• Cost
• Size
• Ease of integration
• Choice of application products
• Third-party SW support
Traditional Optical FP Sensor Characteristics
• Plastic platen with soft coating
• Nonlinear distortion
• Low contrast image
• Stray light interference
• High power consumption
• Assembly required mirror for compensation
• Integration relatively difficult
• Production- labor intensive
New Generation Optical FP Sensors Characteristics
• SEIR: Surface Enhanced Irregular Reflection- a break through optical finger-scanning technology
• High contrast and virtually distortion-free image
• High performance for extreme skin condition
• Scratch-proof surface with robust and compact housing
• Low power consumption
• Integration relatively easy
• Mass production capable at low cost
Biometrics Applications
Biometrics Overview
Financial Sector
Point of Sale
ATM
Online Banking
Passport Control
Border Control
Medical Records Mgt
Door Lock
Time-Attendance
Computer Security
Access Control
Network Security
e-Commerce
Mobile Phone
Call Center
Internet Phone
Immigration
Telecommunication
Medical Facility and Attendance
National ID
Correctional Facility
Social Security
Welfare Payment
Missing Child
Access Control
Ticket-less Travel
Anti-terrorist security
Public Sector Social Service Aviation & Travel
Biometrics Application • Physical Access Control
• Time and Attendance
• PC/Enterprise/Network Security
• Internet & e-Commerce
• Financial: on-line banking, ATM
• Medical information system
• Distant Learning
• e-Publishing
• Smart card/Digital Certificate
• Any password-based application
• etc
Distant Learning
• Physical Access Control
• Time and Attendance
• PC/Network Security/IT
• Student registration/verification
• On-line testing
Healthcare
• Physical Access Control
• Time and Attendance
• PC/Network Security/IT
• Patient registration and Identification
• e-Claim processing
• Document Management
• Privacy Protection
• etc
Benefits of Biometrics Implementation
• Maximize network security
• Ensure users’ privacy
• Protect institution physical assets
• Provide user authentication
• Allow non-repudiable transaction
• Deter hackers and ID fraud
• Eliminate password frustration
• Cut IT cost in password maintenance
• Increase corporation image, productivity and profitability
REMOTE-USER AUTHENTICATION
• The form of authentication is where an individual tends to access the system which is locally present i.e. a stand-alone office PC or an ATM machine.
• This is one of the simplest forms of user authentication.
• The more complex case is when remote user authentication, happens over the Internet, a network, or a communications link.
• Remote user authentication raises additional security threats, such as an eavesdropper being able to capture a password, or an adversary replaying an authentication sequence that has been observed.
• To prevent these kinds of threats, the systems normally apply some form of challenge-response protocol
Electronic Mail security
Importance of Email • Business has come to rely on email as a means of
communication: Fast cost-effective easy collaboration and information-sharing
• Email has become the primary method for
corresponding with colleagues, customers, and business partners
Email Security Threats
• Viruses can corrupt mission-critical documents and applications
• Hackers will try to obtain confidential information
• Spam can greatly deteriorate the performance of other components within the communications infrastructure
• Threats can stop business systems and mission critical activities
Viruses
• Viruses are very sophisticated and often appear to be harmless correspondence:
personal communication jokes marketing promotions
• Most viruses require recipients to download
attachments in order to spread • Some are designed to launch automatically, with
no user action required
Protection from Viruses
• Email security solutions offer highly advanced virus protection:
automatically scan all ingoing and outgoing messages
automatically scan all attachments automatic update capabilities
• New threats emerge all the time and updates
offer protection from all the latest threats
Spam
• A large proportion of all corporate email is spam
• Spam costs US business billions of dollars in lost productivity and system slow-downs annually
• Most spam is annoying and slows down the network
• Hackers may sometimes disguise viruses, spyware, and malware as innocent-looking spam
Protection from Spam
• Email security packages usually contain spam filters that:
Identify non-relevant communications
Use key words and phrases
May also use format, size, or ratio of graphics to text
Spam is moved to a separate folder or deleted from email server
May also block email addresses that are known to have sent spam, preventing further disruptive emails
Phishing • Phishing is an e-mail fraud method in which the perpetrator sends
out legitimate-looking email in an attempt to gather personal and financial information from recipients.
- (fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers, online.)
• Used for identity theft and fraud
• Posing as authorised emails from trustworthy institutions • Attempt to get recipients to surrender personal information such
as bank account details • Most are aimed at individuals • Some have targeted smaller businesses
Protection from Phishing
• Email security packages provide anti-phishing protection
• Combination of methods: Authentication Detection Prevention Reporting
• Enables threat analysis, attack prioritisation and
response to minimise risk and impact of phishing
Spyware
• Enables hackers to record activities and data from the infected computer
• Done via a program that dynamically gathers information and transmits it via an Internet connection
• Often bundled in with shareware and freeware programs
• Usually installs and runs without user knowledge
Protection from Spyware
• Firewalls alone are insufficient
• Email security packages will scan devices regularly for spyware programs
• Blocks known spyware programs before they can be downloaded and installed
Email Authentication • Aims to provide enough information to the recipient
so that they know the nature of the email
• A valid identity on an email is a vital step in stopping spam, forgery, fraud, and other serious crimes
• SMTP was not designed with security in mind and thus had no formal verification of the sender
• Signing emails identifies the origin of a message, but not if it should be trusted
Authenticating Source IP Address
• TCP allows an email recipient to automatically verify the message sender’s IP address
• This does not verify the identity of the sender
• Forged headers can be used to create a spam message that appears to be real
• The sending IP address may belong to a zombie
machine under the control of a hacker
Blacklisting IP Addresses
• The IP addresses originating spam and phishing emails can be blacklisted so that future email from them is not received but either quarantined or deleted
• Many IP addresses are dynamic Change frequently An organisation has a block of IP addresses IP addresses are allocated when needed May get a new address every time a connection is made
• Therefore, spammer will not have a permanent IP address
Controlling Traffic
• Some ISPs use techniques to prevent spamming by their customers:
Port 25 can be blocked so that port 587 is used and that requires authentication
Limiting the number of received headers in relayed mail
Infected computers can be cleaned and patched Outgoing email can be monitored for any sudden
increase in flow or in content (a typical spam signature)
Awareness
• Always remember : security-related transformation (remember encryption of your channel-transform it into something tricky to opponent) –
• to make sure that your information is secured (secret from opponent)-ex: a network model
At Network level
Awareness
• Taken as a society (because of the people who use it) internet is now full of people proud of vandalism like intentional hackers
Awareness • Intrusion • Intruders are now ready!
• Intruders are an individual or individuals who gains or
attempt to gain unauthorized access to a computer system (can be :Insiders, Outsiders). 3 forms of intruder: Masquerade, misfeasor, clandestine.
• The misfeasor is a legitimate user who accesses data, programs, or resources for which such access is not authorized for him, or who is authorized for such access but misuses his or her privileges ( ex: A DB control user trying to behave like system admin)
Internet security
Internet security : Measures taken to guard against, crimes, attack, sabotage on the electronic communications network that connects computer networks and organizational computer facilities around the world
Internet security
• The Internet of today uses the Internet Protocol Version 4 (IPv4) to route and deliver packets between computers Packets can have reliable delivery using the Transmission Control Protocol (TCP) or non-guaranteed delivery using the User Datagram Protocol (UDP)
• An IP address is used to deliver a packet to the right • computer and the port or protocol is used to send the
packet to the appropriate computer service or application • Email (port 25, smtp) • Web (port 80, http) • Domain Name System (port 53, DNS)-
www.somewhere.com maps to the IP address 192.168.10.1
Internet security
• “ZeuS” is active trojan horse widely used to steal banking and other financial institute information first seen on 2007, still in use today
• A virus : A program that can replicate itself and send copies from computer to computer across network connections with human intervention (ex: Randex, BigBear, SoBig, Klez, SirCam, Mankex, Fizzer etc…)
• A worm: A program that can replicate itself and send copies from computer to computer across network connections without human intervention
Internet security
• Worms that has cause serious loss up to know:
• Code Red - July 19, 2000 -450000+ hosts effected, 2.4 billion dollars* • Nimda - September 18, 2001 550000+ hosts effected Slapper - October 21, 2002 root and .com name servers unavailable • SQL Slammer - January 25, 2003 80000+ hosts effected
Cybercrimes
• Cybercrimes : - Pharming and phishing • Pharming is a way hackers attempt to manipulate users on
the Internet. While phishing attempts to capture personal information by getting users to visit a fake website, pharming redirects users to false websites without them even knowing it.
• So One way that pharming takes place is via an e-mail virus that "poisons" a user's local DNS cache. It does this by modifying the DNS entries,
• For example, instead of having the IP address 17.254.3.183 direct to www.apple.com, it may direct to another website determined by the hacker.
• Pharmers can affect the entire DNS server, even if DNS has security features to fight against (security is vague!!)
Cybercrimes
• Phishing is similar to fishing in a lake, but instead of trying to capture fish, phishers attempt to steal your personal information.
• They send out e-mails that appear to come from legitimate websites such your banking institutions (ex: email from BK).
• The e-mails state that your information needs to be like updated or ask that you enter your credentials: after clicking a link included in the e-mail, Some e-mails will ask that you enter even more info (ex: full name, credit card number, address, phone) and at that time
• the phisher may be able to gain access to more information by just logging in to you account.
Phishing vs Pharming
• So : Phishing and pharming are two different ways hackers attempt to manipulate users via the Internet.
• Phishing involves getting a user to enter personal information via a fake website (–most of the time from a wrong email link)
• While Pharming involves modifying DNS entries (routes), which causes users to be directed to the wrong website when they visit a certain Web address.
Phishing • Example: Hi Junior! We sent you an email a while ago, because you now qualify for a new mortgage. You could get $200,000 for as little as $500 a month! Bad credit is not a problem, you can pull cash out or refinance! Please click on this link for FREE consultation without obligations: http://cutrate-loan.info/ ! Best Regards, Ninsiima Geoffrey
Web Security
Overview of web security
• The Web presents us with some security issues that may not be present in other networks:
Two-way systems
Multiple types of communication
Importance to business
Complex software
Multiple connections to a server
Untrained users
Two-way Systems
• The Web works on a client-server model that allows communication in both directions:
Server sends files to clients Clients send files to servers
• Servers must be protected from malicious
content uploaded by clients:
Deliberate upload Accidental upload, e.g. unwittingly uploading an
infected file
Multiple Types of Communication • The web does not deal with a limited small
number of file types: Text Image Video Sound …
• The web delivers real-time content.
• Multiple file types = multiple security threats
Importance to Business • Used to supply corporate information
• Used to supply product/service information
• Used for business transactions including financial
transactions: banking, online shops, ordering systems, etc.
• If web servers are compromised, there may be
very serious consequences to a business: Loss of money & trade Loss of reputation
Complex Software
• Servers are relatively easy to set up and configure.
• It is simple to create web content: Even complex looking web applications are often simple to
create
• This simplicity is made possible by complex underlying software.
• Complex software often has undetected security holes: You can be sure that someone will detect them!
Multiple Connections • The Web works because there are multiple
connections to a server.
• Different servers are connected to each other.
• What happens if a server is subverted and a malicious attacker gains control?
How many clients will be affected? How many other servers will be affected?
• An attack could have widespread consequences.
Untrained Users
• The Web is used by many, many clients with no training or understanding of security issues.
How many people surf the Internet without antivirus software?
Add in the people who have out of date virus definitions
• Many people do not have the tools or knowledge to deal with threats on the Web.
• These same people will be interacting with servers around
the world.
Traffic Security • Maintaining the security of a server as a piece of
hardware is not fundamentally different to general computer security.
• We will concentrate on the security of Web traffic:
At the Network level (IPSec)
At the Transport level (Secure Socket Layer (SSL)/Transport Layer Security(TLS))
Network Level Security (IPSec)
Transport Level Security (SSL/TLS)
IP Security (IPSec)
• Provides security services at the IP layer for other TCP/IP protocols and applications to use
• Provides the tools that devices on a TCP/IP
network need in order to communicate securely: When two devices wish to securely
communicate, they create a secure path between themselves that may traverse across many insecure intermediate systems.
IPsec
• IPsec sits “on top of” the network layer. IPSec is an Internet Engineering Task Force (IETF) standard suite of protocols.
• it provides data authentication (origin of the packet) integrity, and confidentiality as data is transferred between communication points across IP networks.
• IPSec provides data security at the IP packet level. – All applications are “protected” by default, without
requiring any change to applications or actions on behalf of users
– Can only authenticate hosts, not users – User completely unaware that IPsec is running
Steps for an IPSec Connection 1. Agree on a set of security protocols to use
so that data is in a format both parties can understand.
2. Decide on an encryption algorithm to use in encoding data.
3. Exchange the keys that are used to decrypt the cryptographically encoded data.
4. Use the protocols, methods and keys agreed upon to encode data and send it across the network.
IPSec Core Protocols
• IPSec Authentication Header (AH) Provides authentication services Verifies the originator of a message Verifies that the data has not been changed on route Provides protection against replay attacks • Encapsulating Security Payload (ESP) AH ensures integrity but not privacy Datagram can be further protected using ESP Encrypts the payload of the IP datagram
IPSec Authentication Header (AH)
ESP Packet
AH & ESP
Ipsec Standard Algorithms
• IPsec relies on existing algorithms to implement encryption, authentication, and key exchange.
• Some of the standard algorithms that IPsec uses are as follows:
DES : Encrypts and decrypts packet data.
3DES: Provides significant encryption strength over 56-bit DES.
AES: Provides stronger encryption, depending on the key length used, and faster throughput.
MD5: Authenticates packet data, using a 128-bit shared secret key.
Support Protocols & Mechanisms
• The core protocols are quite generic and rely on other protocols and mechanisms to be agreed.
• Common algorithms used are MD5 and SHA-1
• IPSec provides flexibility in letting devices decide how they want to implement security.
Security policies and security associations are created.
• Devices need a way to exchange security information. The Internet Key Exchange (IKE) provides this.
IPSec Applications
• Securing a company’s Virtual Private network (VPN) over the Internet
• Securing remote access over the Internet
• Establishing connections with partners via an
Extranet
• Enhancing eCommerce security by adding to the security mechanism in the application layer
IPSec Advantages
• Can be applied to a firewall or router and apply to all traffic across that boundary
• It is transparent to applications.
• It is transparent to end users.
• It can provide security for individual users if required.
Secure Socket Layer (SSL)
• Originally developed by Netscape in 1995 to provide secure and authenticated connections between browsers and servers
• Provides transport layer security
• Transport Layer Security (TLS) Version 1 is essentially SSLv3.1
SSL Architecture
• SSL uses TCP to provide a reliable and secure end to end service.
• It is not a single protocol but two layers of protocols
• The Hypertext Transfer Protocol (HTTP) used for server/client interaction on the Internet can operate on top of the SSL Record Protocol.
SSL Architecture
SSL Connections
• A connection is defined by the OSI model as a transport that provides a suitable service.
• SSL connections are peer-to-peer relationships.
• These SSL connections are transient.
They only last for a certain length of time.
• Each connection is associated with a session.
SSL Connections
• SSL(secure socket layer)/TLS overview
Goal (ex: Perform secure e-commerce across Internet)
– Secure bank transactions
– Secure online purchases
– Secure web login
Security requirements
– Secrecy to prevent eavesdroppers to learn sensitive
information
– Entity and message authentication to prevent
message alteration / injection
SSL Connections
• SSL/TLS sits “on top of” the transport layer
– End-to-end security, best for connection-oriented sessions
– User does not need to be involved
– The OS does not have to be changed
– If SSL rejects packet accepted by TCP, then TCP rejects “correct” packet when it arrives!
• SSL must then close the connection…
SSL Connections
SSL Sessions • A session in SSL is an association between a client and
a server.
• Such sessions are created by the SSL Handshake Protocol.
• A session defines the security parameters.
• A session may be shared by multiple connections.
Allows the same settings to be used by many connections without the need for repeatedly sending the security parameters
SSL Record Protocol - 1
• Provides two services for SSL connections: Confidentiality Integrity • Transmitted data:
Fragmented into manageable blocks Compressed (optional) Encrypted Header added and transmitted in a TCP segment
SSL Record Protocol - 2
• Received data:
Decrypted
Verified
Decompressed
Reassembled
Delivered to higher level users
SSL Alert Protocol • Used to convey SSL alerts to the peer entity
• Alert messages are compressed and encrypted as
specified by the session.
• Each message consists of two bytes: The first values indicates a warning or fatal alert The second indicates the type of alert • A fatal alert will cause SSL to immediately
terminate the connection, but not other connections on the same session.
SSL Alert Types
• There are a number of alerts including the following.
unexpected_message
decompression_failure Fatal alerts:
handshake_failure
illegal_parameter
close_notify
no_certificate
certificate_revoked
SSL Handshake Protocol - 1 • The most complex part of SSL
• Allows server and client to authenticate each other
• Allows server and client to negotiate the encryption algorithms and keys that be used to protect data in an SSL record
• This protocol is used before any application data is sent.
SSL Handshake Protocol - 2 • Consists of a series of messages, all with the
same format
• Each message has 3 fields
Type (1 byte) indicates 1 of 10 message types
Length (3 bytes) – the length of the message in bytes
Content (0 or more bytes) – parameters associated with the message
Messages
• The series of messages are initiated by the client.
• The first phase establishes the security credentials.
• The second phase involves authenticating the server and exchanging keys.
• The third phase involves authenticating the client and exchanging keys.
• The fourth phase is completing the exchange.
HTTPS • HTTP over SSL/TLS
• Used to create secure communications between
a Web browser and Web server
• Built into modern browsers • Requires server to support HTTPS
communication For example, at the time of writing, the Google
search engine does not support connections via HTTPS
HTTPS Compared to HTTP
• URL begins with https:// rather than http://
• HTTPS connections use port 443 whereas HTTP uses port 80.
• Port 443 invokes SSL
• If all is well, the browser will typically show a padlock or some other symbol to indicate the use of SSL/TLS.
HTTPS and Encryption • The following elements of an HTTPS communication are
encrypted:
URL of the requested document Contents of the document Contents of browser forms
• The fields filled in by the user in the browser Cookies • From server to browser
• From browser to server Contents of the HTTP header
SSL Advantages • It is independent of the applications once a
connection has been created.
After the initiating handshake, it acts as a secure tunnel through which you can send almost anything.
• Has several implementation packages, both
commercial and freely available
All major platforms (Windows, Linux, etc.) support SSL
No requirement for extra software packages
SSL Disadvantages
• The extra security comes with extra processing overhead.
• This overhead is largely at the server end.
• Means communications using SSL/TLS are a slower than those without it
Some sources suggest that HTTPS communication can be up to three time slower than HTTP.
With modern browsers, servers and connection speeds, this should not cause significant problems
Secure Electronic Transaction (SET)
• SET is a standard protocol for securing credit card transactions over insecure networks, specifically, the Internet.
• SET is not itself a payment system, but rather a set of security protocols and formats that enables users to employ the existing credit card payment infrastructure on an open network in a secure fashion.
• SET was developed by VISA and MasterCard (involving other companies such as GTE, IBM, Microsoft, Netscape, RSA and
VeriSign) starting in 1996.
The SET Protocol Operation
• People today pay for online purchases by sending their credit card details to the
merchant.
• A protocol such as SSL or TLS keeps the card details safe from eavesdroppers, but does nothing to protect merchants from dishonest customers or vice-versa.
• SET addresses this situation by requiring cardholders and merchants to register before they may engage in transactions.
• A cardholder registers by contacting a certificate authority, supplying security details and the public half of his proposed signature key.
• Registration allows the authorities to examine an applicant, who if approved receives a certificate confirming that his signature key is valid.
• All orders and confirmations bear digital signatures, which provide authentication
and could potentially help to resolve disputes.
System Security
Intrusion Detection
Intrusion Detection Systems (IDS)
• Monitors network traffic for suspicious activity
• Alerts the network administrator if suspicious activity discovered
• May also respond to suspicious traffic by: blocking the user from accessing the network blocking the IP address from accessing the network
• Different types that use different methods to detect
suspicious activity
IDS Types
• Network based intrusion detection systems (NIDS)
• Host based intrusion detection systems (HIDS)
• IDS that look for signatures of known threats
• IDS that compare traffic patterns against a network baseline and look for anomalies in the patterns
NIDS • Positioned in strategic locations in the network
• Monitor all traffic to and from network devices
• In a perfect world all traffic would be monitored
• This would create a bottleneck in the network with a huge processing overhead
It would deteriorate network speed
HIDS • Operate on individual hosts or network
devices
• Monitors all inbound and outbound packets but only to and from the device it operates on
• If suspicious activity is detected it usually alerts the user and/or network administrator of that activity
Signature-based IDS • Monitors packets on the network
• Compare packets against a stored database of known malicious threats
Similar to the operation of antivirus software
• When a new threat appears there is a period of time before this is added to the database
• Any new threat is undetected until such time as the database is updated to include this threat
Similar to the operation of antivirus software
Anomaly-based IDS
• Monitors network traffic
• Compare network traffic with a baseline
• Baseline is “normal” traffic for that network:
Bandwidth
Protocols
Ports
Devices
• User and/or network administrator is alerted if there is a significant change from the baseline
IDS Overview • Ideal for monitoring and protecting a network
• Can be prone to false alarms
• Must be correctly set up to recognize what is normal traffic on the network
• Network administrators and users must:
Understand the alerts
Know the most effective course of action upon receiving an alert
Response to an intrusion
Responding to an intrusion • Communicate with appropriate parties (trusted services-
parties) to secure the network
• Once compromised by intruders (remember to back up –as usual for non-compromised systems
• Isolate Compromised System from the rest of the network ( and make system’s tangible files as read-only by super user–an intruder may be an internal threat agent
• Install regular software patches to eliminate vulnerability in the software ,
Response to an intrusion
• Response to an intrusion: • Analysis of the attacker: How the attack has been
conducted?, there have been modifications on the data accessed in the attack?
• Search for additional intrusions: Understand that the intrusion may expose additional vulnerabilities in other systems and Careful review of other systems
• Credentials: Change all authentication credentials on compromised systems (username & pwds, certificates, and private keys)
Complexity
• Complexity of the problem:
• Many intrusions go undetected!!!
• Because intruders may be smart than us, system and network administrator, lack of adequate infrastructure, Lack of time and money in monitoring systems status.
• Most intrusion can be prevented: poor configuration (ex: windows firewall turned off), human error (intentional –unintentional) , known software vulnerabilities (un-patched).
System Security
Vulnerabilities and Threats
Vulnerabilities and Threats
Network Security Vulnerabilities • Technology – weaknesses in protocols or systems (e.g. OS vulnerabilities)
• Configuration – insecure default configuration, e.g open ports, user accounts/passwords: ‘admin/admin’
• Policy – allowing insecure passwords, not logging events, lack of Acceptable Use Policy, or education of users.
Network Security Threats
• There are four general categories of security threats to the network:
Unstructured threats
Structured threats – these have a definite objective
External threats
Internal threats
Three Classes of Network Attacks
• Reconnaissance attacks
• Access attack
• Denial of service attacks
Specific Attacks
• Packet sniffers • IP weaknesses • Password attacks • DoS or DDoS • Man-in-the-middle attacks • Application layer attacks • Trust exploitation • Port redirection • Virus • Trojan horse • Operator error • Worms NB: All these listed attacks can be used to comprise a system
Network Reconnaissance
• Network reconnaissance refers to the overall act of learning information about a target network by using publicly available information and applications.
• This is often also referred to as Footprinting.
Network Reconnaissance Mitigation • Network reconnaissance cannot be prevented entirely.
• Intrusion Detection System (IDSs) at the network and host
levels can usually notify an administrator when a reconnaissance gathering attack (for example, ping sweeps and port scans) is under way.
• Ping sweeps and port scans can be dangerous, but can also be prevented. Ping sweeps is when an intruder sends an ICMP ECHO to a range of machines on a network
• (Then the machines on the network send a signal back to the intruder to let him/her know that they are on, The machines that are not on or available do not send a signal. This is an easy way for the intruder to know where to start on his/her intrusion)
Ping sweep and port scan • Now, pings sweeps is not 100% for intruders, but
rather it is for network administrators on their own network.
• The ping sweeps are to determine which machines are alive and which ones are not. This could be for trouble shooting purposes or for licenses issues.
• Ping sweeps are a good tool unless you have a malicious person out there wanting to do damage.
• Port scans are the most common probing tool available. Port scans take ping sweeps to a different level.
Port scan
• Port scans actually “look” at a machine that is alive and scan for an open port.
• Once the open port is found, it scans the port to find the service it is running. Once it finds the service the port is running, it gives the intruder power and knowledge about your system.
• It basically gives him/her an edge in taking over your machine. Protecting ourselves can be very easy.
Port scan and ping sweep protection
• Keep up to date with readings about security prevention and download the latest security patches from your operating system or your Internet Security software
• Firewalls are a must to keep open ports and machines protected
• Keep your software up to date and hire ethical people to watch the networks will decrease your chances of being hacked.
Packet Sniffers • A packet sniffer is a software application that uses a network adapter card in
promiscuous mode (looking at everything that comes through) to capture all network packets.
• A program that can see all of the information passing over the network it is connected to.
• As data streams back and forth on the network, the program looks at, or "sniffs," each packet
• The following are the packet sniffer features: Packet sniffers exploit information passed in clear text. Protocols that pass information in the clear include the following: – Telnet – FTP – SNMP – POP – HTTP • Packet sniffers must be on the same collision domain.
Packet Sniffer Mitigation
• The following techniques and tools are used to mitigate packet sniffer:
Authentication: Using strong authentication, such as one-time passwords, is a first option for defense against packet sniffers.
Switched infrastructure: Deploy a switched infrastructure to counter the
use of packet sniffers in your environment. Anti-sniffer tools: Use these tools to employ software and hardware
designed to detect the use of sniffers on a network. Cryptography: The most effective method for countering packet sniffers does not prevent or detect packet sniffers, but rather make them
irrelevant.
IP Spoofing
• IP spoofing occurs when a hacker inside or outside a network impersonates the conversations of a trusted computer.
• Two general techniques are used during IP spoofing:
A hacker uses an IP address that is within the range of trusted IP addresses.
A hacker uses an authorized external IP address that is trusted • Uses for IP spoofing include the following:
IP spoofing is usually limited to the injection of malicious data or commands into
an existing stream of data.
A hacker changes the routing tables to point to the spoofed IP address, then the hacker can receive all the network packets that are addressed to the spoofed address and reply just as any trusted user can.
IP Spoofing Mitigation
• The threat of IP spoofing can be reduced, but not eliminated, through the following measures:
• Access control—The most common method for preventing IP spoofing is to properly configure access control.
• Request for Comments (RFC) 2827 filtering—You can prevent users of your network from spoofing other networks (and be a good Internet citizen at from spoofing other networks (and be a good Internet citizen at the same time) by preventing any outbound traffic on your network that does not have a source address in your organization's own IP range.
• Additional authentication that does not use IP-based authentication, Examples of this include the following:
Cryptographic (recommended) Strong, two-factor, one-time passwords
DoS: Denial of Service
• DOS attacks prevent authorized people from using a service by using up system resources
Resource overload: • Disk space, bandwidth, buffer, etc •Ping floods: Smurf (smurf attack is a type of denial of service attack in which a system is flooded with spoofed ping messages )etc •Packet storms: UDP bombos, etc
DDoS – Distributed DoS
• In a distributed DOS, a hacker tricks other machines into flooding the target machine with nuisance traffic that robs system performance
DoS Mitigation
• The threat of DoS attacks can be reduced through the following three methods:
Anti-spoof features—Proper configuration of anti-
spoof features on your routers and firewalls Anti-DoS features—Proper configuration of anti-DoS
features on routers and firewalls Traffic rate limiting—Implement traffic rate limiting
with the networks ISP
Password Attacks
• Hackers can implement password attacks using several different methods:
Brute-force attacks
Dictionary Attacks
Trojan horse programs
IP spoofing
Packet sniffers
Password Attacks Mitigation
• The following are mitigation techniques:
Do not allow users to use the same password on multiple systems.
Disable accounts after a certain number of unsuccessful login attempts unsuccessful login attempts.
Do not use plain text passwords. OTP or a cryptographic password is recommended.
Use “strong” passwords. Strong passwords are at least eight characters long and contain uppercase letters, lowercase letters, numbers, and special characters.
Man-in-the-Middle Attacks
• A man-in-the-middle attack requires that the hacker have access to network packets that come across a network.
• A man-in-the-middle attack is implemented using the following:
Network packet sniffers Routing and transport protocols • Possible man-in-the-middle attack uses include the following: Theft of information Hijacking of an ongoing session Traffic analysis DoS Corruption of transmitted data Introduction of new information into network sessions
Man-in-the-Middle Mitigation
• Man-in-the-middle attacks can be effectively mitigated only through the use of cryptography (encryption).
Application Layer Attacks
• Application layer attacks have the following characteristics: Exploit well known weaknesses, such as protocols, that are
intrinsic to an application or system (for example HTTP, and FTP)
Often use ports that are allowed through a firewall (for example, TCP port 80 used in an attack against a web server behind a firewall)
Can never be completely eliminated, because new
vulnerabilities are always being discovered
Application Layer Attacks Mitigation
• Some measures you can take to reduce your risks are as follows:
Read operating system and network log files, or have them analyzed by log analysis applications.
Subscribe to mailing lists that publicize vulnerabilities.
Keep your operating system and applications current with
the latest patches.
IDS/IPSs can scan for known attacks, monitor and log attacks, and in some cases, prevent attacks.
Virus and Trojan Horses
• Viruses refer to malicious software (malware) which attach themselves to another program to execute a particular unwanted function on a user’s workstation.
• End-user workstations are the primary targets of virus
infection.
• A Trojan horse is different only in that the entire application was written to look like something else, when in fact it is an attack tool.
• A Trojan horse is mitigated by antivirus software at the user level and possibly the network level.
What Is a Security Policy?
• “A security policy is a formal statement of the rules by which people who are given access to an organization’s technology and information assets must abide.”
(RFC 2196, Site Security Handbook)
Why Create a Security Policy?
• To create a baseline of your current security posture
• To set the framework for security implementation
• To define permitted and non permitted behaviors
• To help determine necessary tools and procedures
• To communicate consensus and define roles
• To define how to handle security incidents
Network Security as a Continuous Process
• Network security is a continuous process
built around a security policy
Step 1: Secure
Step 2: Monitor
Step 3: Test
Step 4: Improve
Secure the Network
• Implement security solutions to stop or prevent unauthorized access or activities , and to protect information:
Authentication
Encryption
Firewalls
Vulnerability patching
Monitor Security
• Detects violations to the security policy
• Involves system auditing and and real-time intrusion detection
• Validates the security implementation in Step 1
Test Security
• Validates effectiveness of the security policy through system auditing and vulnerability scanning
Improve Security
• Use information from the monitor and test phases to make improvements to the security implementation.
• Adjust the security policy as security vulnerabilities and risks are identified.
Firewalls
• A firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.
Firewalls
Network Firewall
• A firewall is the first line of defence for your network
• The purpose of a firewall is to keep intruders from gaining access to your network
• Usually placed at the perimeter of network to act as a gatekeeper for incoming and outgoing traffic
• It protects your computer from Internet threats by erecting a virtual barrier between your network or computer and the Internet
How Does a Firewall Work?
• Examines the traffic sent between two networks e.g. examines the traffic being sent between your network
and the Internet • Data is examined to see if it appears legitimate: if so the data is allowed to pass through If not, the data is blocked
• A firewall allows you to establish certain rules to
determine what traffic should be allowed in or out of your private network
Creating Rules
• Traffic blocking rules can be based upon:
Words or phrases Domain names IP addresses Ports Protocols (e.g. FTP) • While firewalls are essential, they can block
legitimate transmission of data and programs
Common Firewall Types
• In general there are software firewalls and hardware firewalls
Even in home networks
• Hardware firewalls are typically found in routers, which distribute incoming traffic from an Internet connection to computers
• Software firewalls reside in individual computers
• Ideally a network has both
Software Firewall
• Protect only the computer on which they are installed
• Provide excellent protection against threats (viruses, worms, etc.)
• Have a user-friendly interface
• Have flexible configuration
Hardware firewalls /Router Firewall
• Protect your entire network or part of a network
• Located on your router
• Protect network hardware which cannot have a software firewall installed on it
• Allows the creation of network-wide rules that govern all computers on the network
Firewall Operation
• Can be divided into three main methods:
Packet filters Application gateways Packet inspection
• Individual vendors of firewalls may provide
additional features • You should look at their products for details
Application Gateways
• Application-layer firewalls can understand the traffic flowing through them and allow or deny traffic based on the content
• Host-based firewalls designed to block objectionable Web content based on keywords are a form of application-layer firewall
• Application-layer firewalls can inspect packets bound for an internal Web server to ensure the request isn’t really an attack in disguise
Advantages of Application Gateways
• Provide a buffer from port scans and application attacks
if an attacker finds a vulnerability in an application, the attacker would have to compromise the application/proxy
firewall before attacking devices behind the firewall • Can be patched quickly in the event of a vulnerability
being discovered
This may not be true for patching all the internal devices
Disadvantages
• Needs to know how to handle traffic to and from your specific application
If you have an application that's unique, your application layer firewall may not be able to support it without making some significant modifications
• Application firewalls are generally much slower than packet-filtering or packet-inspection firewalls
They run applications, maintain state for both the client and server, and also perform inspection of traffic
Packet Inspection Firewalls
• Examine the session information between devices:
Protocol New or existing connection Source IP address Destination IP address Port numbers IP checksum Sequence numbers Application-specific information
Outbound Internet Traffic
• Client initiates connection to IP address of the web server destined for port 80 (HTTP)
• Firewall determines whether that packet is allowed through the firewall based on the current rule-set
• Firewall looks into the data portion of the IP packet and determine whether it is legitimate HTTP traffic
• If all the requirements are met, a flow entry is created in the firewall based on the session information, and that packet is allowed to pass
Inbound Internet Traffic
• Web server receives the packet and responds Return traffic is received by the firewall
• Firewall determines if return traffic is allowed by comparing the session information with the information contained in the local translation table
• If return traffic matches the previous requirements, payload is inspected to validate appropriate HTTP
• Then it is forwarded to the client
Advantages
• Generally much faster than application firewalls
They are not required to host client applications
• Most of the packet-inspection firewalls today also offer deep-packet inspection
The firewall can dig into the data portion of the packet
and also: Match on protocol compliance Scan for viruses Still operate very quickly
Disadvantages
• Open to certain denial-of-service attacks
• These can be used to fill the connection tables with illegitimate connections
Firewall Architecture • Firewalls are used to protect the perimeter of
a network and the perimeter of sections of networks
• A key question for a network administrator is where firewalls should be located
• The positioning of firewalls in relation to other network elements is the firewall architecture
Firewall Architecture
• The following are common firewall architectures:
Screening router
Screened host
Dual homed host
Screened subnet
Screened subnet with multiple Demilitarized Zone (DMZs)
Dual firewall
Screening Router
• Simplest of firewall architectures
• Traffic is screened by a router Packet filtering Using ACLs
• Traffic is screened according to: Source or destination IP address Transport layer protocol Services requested
Screening Router
• Usually deployed at the perimeter of the network
• May be used to control access to a Demilitarized Zone (DMZ)
• More often used in conjunction with other firewall technologies
Untrusted Network Packet Filter Trusted Network
Advantages & Disadvantages
• Advantages
Simple Cheap • Disadvantages
No logging No user authentication Difficult to hide internal network structure
Demilitarised Zones (DMZ) A DMZ is part of the internal network but separated from the rest of the
internal network (a DMZ ) is a computer host or small network inserted as a "neutral zone" between a company's private network and the outside public network. It prevents outside users from getting direct access to a server that has company data.
• DMZ is an optional and more secure approach to a firewall and effectively acts as a proxy server as well
• Traffic moving between the DMZ and other interfaces on the protected
side of the firewall still goes through the firewall
• This traffic has firewall protection policies applied • Common to put public-facing servers on the DMZ: Web servers Email servers
Screened Host Firewall
• Adds an extra layer of protection in comparison to a screening router
• Has a Bastion Host/Firewall between networks
• Bastion Host/Firewall has two NICs
• Bastion Host/Firewall connects the trusted network to the untrusted network
Stateful and proxy technologies are used to filter traffic up to the application layer
Bastion Host
• A special purpose computer specifically designed and configured to withstand attacks
• The router is the first line of defence
packet filtering/access control is carried out at the router
• The bastion host is the server that connects to the unsecure network through the router
Untrusted Network Packet Filter Trusted Network
Bastion Host
Advantages & Disadvantages
• Advantages
Security is distributed between two points
Greater security than screening router
Transparent outbound access/restricted inbound access
• Disadvantages
Difficult to hide internal structure
There is a single point of failure in the network
Dual-Homed Host
• A Bastion Host/Firewall is surrounded with packet filtering routers Dual-homed - outside world and protected network (Dual-homed is a
general term for proxies, gateways, firewalls, or any server that provides secured applications or services directly to an untrusted network).
Multi-homed - outside world and multiple protected networks (host that has multiple IP addresses to connected networks)
• Routers filter traffic to the Bastion Host
• Bastion Host adds additional filtering capabilities
• Bastion Host has no routing capabilities (Dual-homed firewalls are not able to forward IP datagrams)
Advantages & Disadvantages
• Advantages Hides internal network structure • Disadvantages Requires users to log onto bastion host or the use of proxy servers
Untrusted Network Packet Filter Trusted Network
Bastion Host
Packet Filter
Screened Subnet DMZ
• Bastion Host is surrounded with packet filtering routers
• These control traffic into and out of the trusted and untrusted network sections
• Has an extra layer of functionality with a DMZ
• Traffic from DMZ to trusted network must go through Bastion Host and packet filtering router
Advantages & Disadvantages
• Advantages
Provides services to outside without compromising inside
Internal network hidden
• Disadvantage
Single point of failure
Screened Subnet Multiple DMZs
• Allows configuration of varying levels of security between:
DMZs and the untrusted network
Different DMZs
DMZs and the trusted network
Dual Firewall Architecture
• Using two or more firewalls enhances security
• Can be used to create DMZs
• Using technology from multiple vendors can enhance security
Self-Study
• Go and Read on the following Advanced Concepts of Network Security
Socket programming
Concurrent and iterative
Master and Slave Networks with algorithms
Kerberos & X.509