readings&and&souware& chapter 1...
TRANSCRIPT
3/6/12
1
COMP-2000 Collaborative and Emergent Behaviour
Dr. Edward BROWN Dr. Yuanzhu CHEN
Memorial University
These slides are adopted from the textbook of Computer Networking: A Top-Down Approach, by Kurose and Ross
Computer Networks
1
Lectures
• Lecture 1: Introduce network concepts – Protocols and Layering – TCP/IP and packet switching
• Lecture 2: Protocols – Ping, traceroute and wireshark tools: packet sniffing with wireshark – In class exercise: finding things in packets by sniffing your own device
• Lab: wireless packets and mobile devices – Finding things from wireless – Sniffing eveyone’s transmissions – Secure and unsecure traffic
• Lecture 3: WWW – HTML code
• Lecture 4: Reasoning about security – What do intruders do? – How can they steal your data and informaPon? – How can they get control of how your network behaves?
• ObjecPves – Don’t – try to be a networking expert – don’t expect to understand all the details – Do look at some network traffic and understand the basic ideas of protocols and
packets – Reason generally about messages and security in the internet – Relate what you see on the screen to what is happening on the internet
Chapter 1 Introduction
Computer Networking: A Top Down Approach , 5th edition. Jim Kurose, Keith Ross Addison-Wesley, April 2009.
A note on the use of these ppt slides: We’re making these slides freely available to all (faculty, students, readers). They’re in PowerPoint form so you can add, modify, and delete slides (including this one) and slide content to suit your needs. They obviously represent a lot of work on our part. In return for use, we only ask the following: If you use these slides (e.g., in a class) in substantially unaltered form, that you mention their source (after all, we’d like people to use our book!) If you post any slides in substantially unaltered form on a www site, that you note that they are adapted from (or perhaps identical to) our slides, and note our copyright of this material.
Thanks and enjoy! JFK/KWR
All material copyright 1996-2010 J.F Kurose and K.W. Ross, All Rights Reserved
3
Readings and SoUware
• Wikipaedia arPcles – Internet protocol suite – Client-‐Server model
• (Kurose/Ross can be read online for chapter 1) – hZp://www.pearsonhighered.com/educator/academic/product/0,3110,0136079679,00.html
• Three pieces of soUware / network uPliPes – ping – comes with most systems – traceroute – some variaPon comes with most systems – wireshark –down load and install free soUware for network packet analysis
• Wireshark manual, chapter 3 and chapter 6.1-‐6.2 – hZp://www.wireshark.org/docs/wsug_html_chunked/index.html
• If you want to know more about wireshark, there are books available, including – PracPcal Packet Analysis, by Chris Saunders
• hZp://my.safaribooksonline.com/9781593272661
4
3/6/12
2
“Cool” internet appliances
World’s smallest web server http://www-ccs.cs.umass.edu/~shri/iPic.html
IP picture frame http://www.ceiva.com/
Web-enabled toaster + weather forecaster
Internet phones
5
What’s a protocol? a human protocol and a computer network protocol:
Q: Other human protocols?
Hi
Hi
Got the time?
2:00
TCP connection request TCP connection response Get http://www.awl.com/kurose-ross
<file> time
6
A closer look at network structure: network edge:
applications and hosts
access networks, physical media:
wired, wireless communication links
network core: interconnected routers network of networks
7
The network edge: end systems (hosts):
run application programs e.g. Web, email at “edge of network”
client/server
peer-peer client/server model
client host requests, receives service from always-on server
e.g. Web browser/server; email client/server
peer-peer model: minimal (or no) use of dedicated
servers e.g. Skype, BitTorrent
8
3/6/12
3
Access networks and physical media Q: How to connect end
systems to edge router? residential access nets institutional access networks
(school, company) mobile access networks
Keep in mind: bandwidth (bits per second)
of access network? shared or dedicated?
9
Physical Media
Bit: propagates between transmitter/receiver pairs
physical link: what lies between transmitter & receiver
guided media: signals propagate in solid
media: copper, fiber, coax unguided media:
signals propagate freely, e.g., radio
Twisted Pair (TP) two insulated copper wires
Category 3: traditional phone wires, 10 Mbps Ethernet
Category 5: 100Mbps Ethernet
10
The Network Core mesh of interconnected
routers the fundamental question: how
is data transferred through net? circuit switching:
dedicated circuit per call: telephone net
packet-switching: data sent thru net in discrete “chunks”
11
Protocol “Layers” Networks are complex! many “pieces”:
hosts routers links of various
media applications protocols hardware,
software
Question: Is there any hope of organizing structure of
network?
Or at least our discussion of networks?
12
3/6/12
4
Internet protocol stack application: supporting network applications
FTP, SMTP, HTTP transport: process-process data transfer
TCP, UDP network: routing of datagrams from source
to destination IP, routing protocols
link: data transfer between neighboring network elements PPP, Ethernet
physical: bits “on the wire”
application
transport
network
link
physical
13
A metaphor: EncapsulaPon as “Packaging”
• Using packaging as a metaphor, we have…
Product:
14
By ScoZ Ehardt (Own work) [Public domain], via Wikimedia Commons
By Rlsheehan (Own work) [Public domain], via Wikimedia Commons
By NASA (hZp://www.grc.nasa.gov/WWW/pbrf/progress-‐04.htm) [Public domain], via Wikimedia Commons
By steve gibson from Airlie Beach, Australia (shipping containers) [CC-‐BY-‐2.0 (www.creaPvecommons.org/licenses/by/2.0)], via Wikimedia Commons
MarPn Addison [CC-‐BY-‐SA-‐2.0 (www.creaPvecommons.org/licenses/by-‐sa/2.0)], via Wikimedia Commons
By Downtowngal (Own work) [CC-‐BY-‐SA-‐3.0 (www.creaPvecommons.org/licenses/by-‐sa/3.0) or GFDL (www.gnu.org/copyleU/fdl.html)], via Wikimedia Commons
By Thegreenj (Own work) [GFDL (www.gnu.org/copyleU/fdl.html) or CC-‐BY-‐SA-‐3.0 (www.creaPvecommons.org/licenses/by-‐sa/3.0/)], via Wikimedia Commons
By Rlsheehan (Own work) [Public domain], via Wikimedia Commons
From manufacture to applicaPon use, the product gets packaged or “encapsulated” several Pmes. The actual product is only manipulated at the beginning (producPon) and end (applicaPon).
What informaPon is added or discarded at each step?
15
Encapsulation source application transport network
link physical
Ht Hn M
segment Ht
datagram
destination application transport network
link physical
Ht Hn Hl M Ht Hn M
Ht M M
network link
physical
link physical
Ht Hn Hl M Ht Hn M
Ht Hn M
Ht Hn Hl M
router
switch
message M
Ht M
Hn frame
16
3/6/12
5
• From wikepedia arPcle “Internet protocol suite”
• Note that internal nodes/routers must interpret some of the encapsulaPon/packaging
By en:User:Kbrose (Prior Wikipedia artwork by en:User:CburneZ) [GFDL (www.gnu.org/copyleU/fdl.html) or CC-‐BY-‐SA-‐3.0 (www.creaPvecommons.org/licenses/by-‐sa/3.0/)], via Wikimedia Commons
17
The protocol stack
• InformaPon is added as “headers” at each layer. The informaPon needed for each protocol is in its header.
Protocol layering is implemented as a combinaPon of soUware and hardware, which varies depending on the parPcular devices. No maZer what the devices are used, the lower layers must eventually involve hardware (routers, controllers, special devices).
SomePmes refer to the idea of another boZom layer “under” the Link layer, called the “physical” layer (it generally deals with hardware devices and physical transmission of informaPon)
18
• Note that many protocols can be running at the same Pme; different computers want to have different “conversaPons” using different protocols for different applicaPons.
• The link layer may support only one or a few of the protocols due to the hardware (devices and transmission media) available at a parPcular place, but the other layers usually have many protocols operaPng simultaneously.
• The TCP/IP protocol pair is used for most of internet/web applicaPons with which we are familiar.
• Devices and computers need to communicate to manage the protocols and hardware configuraPon. They will oUen send messages back and forth without including the “top” layers, because there is no informaPon relevant to those layers.
– For example, a computer can send an ARP message to try to idenPfy other computers connected to the network, without including Internet, Transport or ApplicaPon layer data.
– So don’t expect all the layers to be used all the Pme.
19
Quick notes on some protocols (0)
• ApplicaPon • DHCP • DNS • FTP • HTTP • HTTPS -‐ TLS • IMAP • SMTP • Specialized protocols – e.g. for gaming, voice calls, etc.
• Transport • TCP • UDP
• Internet • IP • IPv6
• Link Layer • MAC • ARP
20
3/6/12
6
Quick notes on protocols..(1) • ApplicaPon
• DHCP = Dynamic Host ConfiguraPon Protocol – To use the internet protocols, most nodes a unique “internet address” that idenPfies the specific node. The IP address is
composed of four numbers, which is usually displayed in this format: 134.153.232.2 (an example IP address)
– DHCP allows IP addresses to be assigned by a DHCP server. The sever can also supply other configuraPon setngs. This means the device can set up automaPcally by communicaPng with a DHCP server (such as a router). This works well for home networking, where you simply want to plug in the device and start using it. In situaPons where you don’t want the internet address of a device to change, (that is you want a “staPc internet address”) DHCP is not used.
• DNS = Domain Name System – Humans like to refer to internet nodes by domain names, like www.mun.ca, rather than using IP numbers – Domain Name servers are available that map domain names (like www.mun.ca) to IP addresses (like 134.153.232.18). This
allows the node to request the address for a domain name. – DNS is hierarchical: if one DNS server doesn’t know the address for a parPcular domain, it passes the request along to another
server. – Domain names can be registered for a small fee, you simply have to apply to get your own domain name and the address you
want associated with it. • FTP = File Transfer Protocol
– For uploading/downloading files between network locaPons. Most web browsers support FTP. • HTTP = Hypertext Transfer Protocol
– For sending and receiving Web data, usually Web pages. This is the protocol used by Web Browsers. – Two of the HTTP acPons you may observe if you examine the internet traffic are:
» GET – this is used (by a Web Browser) to request a resource such as an image or web page from a Web Server » POST– this is used by the Web Browser to send data to a web server. Fill-‐in web forms use this acPon.
• HTTPS -‐ TLS – HTTP (secure) is a variaPon of HTTP – HTTP messages are encrypted using TLS (Transport Layer Security) and sent as TLS messages – Since they are encrypted, you cannot see the content of the message encapsulated inside the TLS layer – it is encrypted – HTTPS will usually require a cerPficate to ensure the site you are talking to is who it claims to be
• IMAP and SMTP are e-‐mail protocols • Specialized protocols – such as mulPplayer online games – can make their own applicaPon protocols 21
Quick notes on protocols (2) • Transport
• TCP = Transmission Control Protocol – TCP establishes a “connecPon” with another machine by requesPng a service at a parPcular “port” at the
remote IP locaPon – The port doesn’t physically exist – it is just a number associated with a type of applicaPon protocol. By using
port numbers, a server can interact with mulPple applicaPons simultaneously. For example, HTTP is usually aZached to port number 80. The online game World of WarcraU uses port 3724.
– Once TCP has established a “connecPon”, it can start exchanging data messages between the two connected nodes
– If the message is too long for a packet, TCP can divide it up into segments to be sent in order, one at a Pme as separate packets
– The receiving node must reassemble the arriving TCP segments (separate packets) into its complete message – AUer all messages have been exchanged, TCP “closes” the connecPon. – TCP is responsible for assembling the arriving segments in order – TCP is responsible for acknowledging the message “got though” and re-‐sending anything lost or corrupted
(lost bits) in delivery. This is called “reliable data service”. – TCP also does flow control. This means it responds to how busy the network is, and can slow the rate of
sending packets or make smaller segments, for example. – All the connecPng, acknowledging and re-‐sending produces many messages including protocol acPons such
as: » ACK (Acknowledgement) » SYN (Syncronize – used to align segment sequence numbers)
• UDP = User Datagram Protocol – Also uses the concept of connecPons and ports – Main difference from TCP is that delivery is not reliable. If a packet is lost or corrupted, UDP keeps going with
the next packet. Delivery is not acknowledged, and missed packets are not re-‐sent. This is good for applicaPons where speed (or to “keep going”) is more important than some missed informaPon. Live music or video streaming are good examples of this situaPon. This is not so good for banking transacPons. 22
Quick notes on protocols (3)
• Internet/Network • IP = Internet Protocol
– IP allows for rouPng messages (which are referred to as packets at this layer). This includes assigning addresses (like 134.153.232.18) to hosts. – Typically, a router in the network will forward a packet to the next known gateway, based on the IP address prefix where it is trying to send the packet.
Gateways are network nodes that are intended to provide packet rouPng to parts of a network. – Certain address prefixes are reserved for special purposes. For example, the 192.168 prefix is reserved for private networks, which means the nodes cannot be
seen across the internet. Since these addresses are never used to idenPfy hosts “out there” on the global network, they can be re-‐used in everybody’s home network without causing confusion. That’s why addresses on everyone’s home router usually starts with 192.168.
– IP is not designed to be reliable – packets may be lost or undelivered by IP. This is why it can be called a datagram service. The transport layer has to deal with reliability.
• IPv6 = Internet Protocol Version 6 – IP version 6 is an update to the more commonly used IP version 4 – A major reason for the update was IPv4 was running out of numbers to assign to hosts – IPv6 addresses use a different format than IPv4, as follows:
» 134.153.232.18 (an example IPv4 address) » 00:23:df:8f:01:76 (an example of an IPv6 address)
– You might see either type of address when examining packets.
• Link Layer • MAC = Media Access Control
– Protocols at this level are concerned with node-‐to-‐node communicaPons (that is, the next “hop” in the network). – MAC is usually considered its own layer or “sublayer” rather than a protocol. – The data encapsulaPon chunks at this level are oUen referred to as frames instead of packets or segments or messages – The two devices have to be synchronized to communicate in terms of sending and receiving frames over media that may be shared with other devices. – IP addresses do not exist at this layer, so some protocols may use the MAC (Media Access Control) address instead. A MAC address is provided for each internet
device that is manufactured, like a serial number for the device.
• ARP = Address ResoluPon Protocol – ARP is used to determine node addresses from internet addresses (that is, MAC addresses from IP addresses) in order to locate the physical device’s MAC
address corresponding to an IP internet address. From this informaPon, the frame data can be sent to the correct node.
23
Wireshark
• Is a comprehensive packet analysis tool • Records the packets arriving at your machine (the machine Wireshark is running on) • Tries to show the encapsulated protocols and data in each packet
– Tries to show header and data/content informaPon – Tries to assemble individual frames and packets into complete messages – Decodes simple text based (UTF) content, but not other content such as video, images, etc. – It can’t figure out encrypted and compressed packets
• Used by networking specialists to troubleshoot network problems, such as: – Poor configuraPon – Too many correcPon/error packets clogging the network traffic – Why things aren’t working
• How we will use it – Don’t become a network expert – Don’t worry about all the details you don’t know – Observe some of the packets and view the traffic – Explore a few things about packet construcPon and network traffic – Reason from what you learn about network configuraPon, intrusion and security
• Before the lab (in class) – Look at some network traffic and explore how the layers are constructed
• In the lab – Examine some wireless traffic from mobile devices and consider the difference from wired traffic
• WARNING! Viewing traffic without authorizaPon or permission is a form of wiretapping and is subject to criminal code provisions. This material is not an invitaPon to become a network intruder!
24
3/6/12
7
In-‐class exercise • Use PING and TRACEROUTE uPliPes to determine the route and delay to a popular site (google,
ebay, etc..) • Set up Wireshark
– Capture some traffic • Learn to:
– Start capture – Stop capture – Save your capture to a file – Use the search dialogue – Sort the wireshark capture data according to different columns
• IdenPfy as many protocols as you can from the traffic • Examine a packet and idenPfy the protocols and headers from the layers used in that single packet • Find a packet that does not use the ApplicaPon layer • Find a packet that does not use the Transport Layer • Explain what purpose could be served for frames or packets that do not use the transport or applicaPon layers. • Find out your machine’s IP number from the traffic • Find out your device’s MAC address from examining the traffic • Browse the internet loading some pages while capturing packets with wireshark
– AUer capturing this data, examine the captured packet data and find out the following: » Locate an HTTP request and reply packets corresponding to one of your web pages you browsed » Locate at least one HTTP GET acPon corresponding to a web page access » Examine how many levels of protocols are encapsulated in one HTTP request » Find the HTTP response that carries web page data to your machine. Try to find some text data inside the packet that
corresponds to what the web browser displays. • Browse a secure site on the internet that uses the secure HTTPS protocol (such as the paypal.com site)
– Capture and examine the packets again – What informaPon is hidden this Pme? What part of the packet is hidden or encrypted so you sniff it?
• If you have other programs that access the internet, (email, itunes, games) you can examine the traffic they generate as well.
25
Network Setup Issues
• If you set up a home network, (or even configure your machine) you will deal with some of these terms:
– Interface/Device/NIC • MAC address and device configuraPon issues are involved
– ISP – internet service provider – the company or enPty that provide your internet connecPon service, which usually includes specifying the rest of the items on this slide
– DNS server – what is the DNS server your system to which your system will make requests – IP address
• Will your system accept a dynamically assigned address using DHCP, or does it have to be a fixed number
– Gateway • The gateway is where packets for the “global” internet (outside your home network) are sent. Traffic
for all your devices on your home network pass through a gateway in order to reach sites not on your local network.
– Proxy Server • A proxy server provides services by “standing in” for other servers elsewhere on the network. It can
manage or modify request and response packets before forwarding them to the real server. ISPs may use proxies to beZer control of customer traffic
– Firewall • A firewall can be established anywhere network traffic handled, at a host or other network node. The
firewall blocks the transmission of packets according to parPcular characterisPcs, such as source, packet content,
26
Client-‐Server Architecture
• One popular alternaPve to client/server is peer-‐to-‐peer designs: we won’t delve into these in detail, but it is important to recognize alternaPves
• Client-‐server is the typical configuraPon: the client makes requests to a server, and the server responds to the request
• The server is expected to be always-‐up and reliable • In web browsing, your web browser is the client so.ware
running on the local machine, making requests for pages from various web servers
• In the case of web resources, the requested informaPon for web resources is usually specified in a URL (Uniform Resource Locator)
27
URL
• The format of a URL (Uniform Resource Locator) is
scheme://domain/resource path • scheme is usually the HTTP or HTTPS protocol, but can be others
• domain is usually the internet domain name corresponding to an internet node
• resource path is interpreted by the server found at the domain locaPon. It oUen refers to a file or program on the remote domain computer.
Examples:
http://www.canada.gc.ca/home.html
https://www.paypal.com/ca/cgi-bin/webscr?cmd=_home&country_lang.x=true
28
3/6/12
8
URL Examples:
http:// www.canada.gc.ca /home.html
https:// www.paypal.com /ca/cgi-bin/webscr?cmd=_home&country_lang.x=true
29
WWW Client
• A web browser program – such as internet explorer or netscape – accesses the network to request WWW documents using HTTP, and is also responsible for displaying the web pages. The web pages retrieved are usually coded in HTML.
• This means the “Web” is built on the infrastructure provided by “the internet” • HTML (Hypertext Markup Language) is the content language for describing web
pages (the pages are HTML “documents”) • HTML content is the data typically packaged for delivery by HTTP messages • HTML is constantly being revised with new features and capabiliPes so that web
design is a moving target • HTML can make reference to other resources, such as images, sounds, programs
and web pages stored elsewhere as part of the document. This is in the form of an URL (Uniform Resource Locator)
• Links are also described according to the “web” locaPon by a URL.
30
HTML
• This language idenPfies document elements by using <tags> • Over Pme, different vendors have added more elements to the
language, which do not always agree, so it is a very “messy” language, which is changing with frequent version updates
• You can edit HTML directly (hand-‐code) or get a program (like a word processor) to produce it for you – The hand-‐coded version can be edited by people if you want to learn
the details of using HTML. – The code produced by a program is oUen difficult to understand – it is
not formaZed with the intent to be read by humans. – Most browers provide a menu opPon to look at the HTML descripPon
of a page directly.
31
Some HTML language tags
• Document structure tags include header, Ptle, and body of the document <html> <head> <Ptle> </Ptle> </head> <body> </body> </html>
• Text markup tags include – <B> bold </B>, <EM>italics</EM>, <p>new paragraph </p>, <li> lists </li> and many more
• Links are included with <a> anchor </a> and <link> tags that specify URL web locaPons where those resources can be found
• Programs can be embedded in HTML code using <script> tags • And many more... • Visit hZp://www.w3.org/standards/webdesign/htmlcss for more details on web
technologies
32
3/6/12
9
WWW Server
• The server has to respond to HTTP requests from various clients
• The server can run programs or use other servers to obtain the informaPon to deal with client requests
• But the simplest approach is to serve up an HTML encoded file stored on the server.
33
www.cs.mun.ca
• This domain name is registered to the computer science web server
• the popular web server soUware apache responds to requests at this locaPon
• Among other things, the server soUware maps resource requests (requests sent by a client) to services (such as files) that are available
34
www.cs.mun.ca server resources
http:// www.cs.mun.ca /~username/filename
35
• The server can treat the resource requests any way it wants, but there are convenPons it should observe.
• The apache server at www.cs.mun.ca is configured to look for the file with the given filename in the a special directory-‐folder on the corresponding LabNet username account
• Note the Plde ~ in front of the username in the URL resource path
• The special folder apache looks for is “.www” (not the dot as part of the folder name). Every user can have their own such folder full of files
• So to put material on this server, the Labnet user merely has to put a file in this special folder and make sure the apache server can access that file.
The server has to find and serve up this resource
In class exercise – create a web site
• Examine html code as it is delivered to a web server by using the “view source” menu opPon while examining web pages. This shows what html “looks like” on arrival to the web browser before it is rendered.
• You’re used to using clients.. Now you’ll use our sever • Now turn to the server by logging onto your LabNet account • Create a “.www” folder in your LabNet home directory
– In window,s your home directory corresponds to the “H:” device under “my computer” – You can copy a “.www” folder from the “S:” drive found at the file path courses-‐>cs-‐>cs2000-‐>.www. Copy it onto your H: device
• Create html file(s) in your .www directory – You can use a word processor to create an html file. Make sure it is saved in html format – You can download pages from the web and put the in your own site, but this could violate copyright – You can alter or create files by hand-‐coding the html
• Change access permissions to the folder and the files in the folder your created so that “group” and “others” can access it. In windows, this can be altered under file file explorer window in the properPes-‐>security dialog, and allowing group and others to read, execute the folder ad to read the file. These setng ensure the apache server is permiZed to access the files in order to serve them.
– File security is a different concept than internet security. On a muli-‐user file system, as with labnet, file security sets which users can access a file. These opPons are specified for the file owner, user groups and for everyone else.
• Now to test your setngs and files to see if they are now “on the web”, try browsing the file you created in a web browser with the corresponding URL
• As a further experiment, try adding different kinds of files (image files for example) to you web site and see If a browser can open access them over the internet.
36
3/6/12
10
Security Concepts
• Firewalls – A firewall denies network transmission based on a set of rules. In internet security, this usually means packets are stopped (not
forwarded) by a node based on some property of the packet, such as IP address or port number. • EncrypPon
– For applicaPons with informaPon that is intended to be private, the message can be encrypted by the sending host and decrypted by the receiving host
– The encrypPon “keys” should be known only by the end hosts so no intermediate or intruder can see the content – Protocols such as HTTPS have encrypPon mechanisms as part of the protocol
• Public Key encrypPon – In public key encrypPon, a public key is used to encrypt (“lock”) the message, but only the desPnaPon should have the private key
which will decrypt (“unlock”) the message – This allows desPnaPon sites to publish or circulate their public key for everyone to use to send messages, but only the desPnaPon
site has the private key so they can unlock the message. – The private key need never be released to anyone.
• AuthenPcaPon and CerPficates – AuthenPcaPon is the process of idenPfying an enPty (usually the site or host to which you want to communicate.) You may have a
secure encrypted connecPon, but sPll cannot be sure you know who is at the other end of the connecPon. – Digital cerPficates are used by internet protocols to cerPfy that a parPcular public key is owned by a parPcular enPty or web site.
Using a web browser with HTTPS, for example, may produce a complaint if you do not have a cerPficate for the desPnaPon site. – The cerPficate has to be issued by someone you trust – a “cerPficate authority”. This Is related to the concept of a “trusted third
party” to authenPcate a connecPon. The “third party” – Once a cerPficate is received, it can be stored for re-‐use by a host.
37
EncrypPon
• The problem: send a message from A to B so no-‐one in between (that might see the message) is able to understand the message
• The simplest encrypPon scheme: a subsPtuPon cipher – ROT13 is a well-‐known subsPtuPon cipher, so the key is obvious
• Modern encrypPon schemes are more complex than simple subsPtuPon, and use long keys to make them very difficult to “break” the encrypPon
• But we can use simple subsPtuPon ciphers to explain some of the ideas: – An encrypPon system must have a method, or algorithm for encrypPon. In our case, the scheme is leZer subsPtuPon – Within the system or scheme, you can change the encrypPon key to have a secret encoding of a message. For example:
– A B C D E F G H I J K L M N O P Q R S T U V W X Y Z!– N O P Q R S T U V W X Y Z A B C D E F G H I J K L M (the rot13 “key”) – P E H I N L S F Q C V T O G R B M U W A Y K X Z J D (the “key”)
– The message: “Meet at Joe’s house at five-‐thirty” – The cyphertext: “Onna pa Crn’u frywn pa lqkn-‐afquaj”
• Breaking a subsPtuPon cipher is a common puzzle game known as a “cryptogram” – you can finds lots of them on line.
• Breaking an encrypPon is harder with • A more complex encrypPon algorithm or method • A longer key (this oUen depends on the method) • Less sample (shorter) encrypted text (the ciphertext) to work with
38
From Wikipedia entry on subsPtuPon ciphers
Fyvtugyl zber ba Rapelcgvba
• Public key encrypPon allows secure communicaPons without having to pass secret keys around. This uses a type of encrypPon we haven’t examined – one that has two keys.
• In a subsPtuPon cipher, the same key can be used to encrypt (lock) and decrypt (unlock). Public key mechanisms use different keys for encrypPon and decrypPon.
• In public key encrypPon, the desPnaPon’s public key is used by the source to encrypt a message, and a separate private key is used by the source to decrypt the message.
– An easy analogy is to think of the public key as a “lock” instead of a key. The desPnaPon gives you a lock to use, but the desPnaPon keeps the key to the lock. So you can lock messages, but you can’t unlock them.
– For a illustraPon of this analogy for public key encrypPon (the example is not quite right) see: • hZp://www.youtube.com/watch?v=jJrICB_HvuI
• The client and server have to negoPate an encrypPon method (algorithm/scheme) and exchange keys using a “handshaking” stage to establish the secure connecPon. Then each end of the connecPon can encrypt their outgoing messages and decrypt the incoming messages.
– If you want a rundown on the handshaking details, you can try this video (not assigned viewing) • hZp://www.youtube.com/watch?feature=endscreen&v=iQsKdtjwtYI&NR=1
• Modern encrypPon techniques are more complex, are very hard to break, so that the majority of data security problems do not involve breaking the encrypPon; they use some other kind of social or technical weakness – modern encrypPon methods take a lot of effort to break.
39
In-‐class exercise: Intrusion
• Imagine a nefarious person has the following resources: – An Internet connecPon and network node
• It can receive and put informaPon on the internet • It will put any packets you can construct on the internet
– A computer specialist that is knowledgeable about networks • He can examine and look at different packet informaPon (using tools like wireshark) and create the data formaZed for any
protocols, given the right informaPon – A programmer who can write programs to automate whatever the network specialist can do
• The programmer can also change the behavior of your network node so it does things other than what its supposed to do
– Other typical resources any individual might have (phones, personal contacts, money for bribes, etc…) • What kind of mischief (intrusion and others) could someone with these resources create on the
internet? – How could they try and shut-‐down a compePtor’s server so it cannot do business? – How might they try to capture important informaPon or steal personal data? – How might they try and provide incorrect informaPon or data to the compePPon?
• Describe the packets they could send out to get informaPon they shouldn’t have… where would they harvest or collect the informaPon needed to construct the packets?
– What informaPon would be needed for these intrusion methods and how would they get it? • How does one defend against each type of aZack?
40
3/6/12
11
Eavesdropping
• If traffic is transmiZed through the aZacker’s node, or wireless, and unencrypted, you can get the traffic informaPon… – How?
• What if the traffic is not passing through the aZacker’s node, what can they do to get it? – How will they manage to get the traffic re-‐directed to their node?
• If the traffic is encrypted, what can they do to circumvent the encrypPon? – What if it is encrypted at the physical link layer (between routers), as
in the lab? – What of it is encrypted at the applicaPon layer (between end hosts),
as ?
41
AZack Technique #1: Man-‐in-‐the-‐middle
• AZacker makes both ends of the conversaPon believe they are talking over a secure connecPon, but the MITM is collecPng all the informaPon passing through his node..
• Can even inject new content or requests.. • What informaPon do you need?
– This can be done even with a secure connecPon.. by the MITM requesPng the connecPon or responding to the request to form a connecPon
– Most of the informaPon is available in the packet headers themselves
• Reliable authenPcaPon of the host applicaPons is a defense against MITM
42
AZack Technique #2: Spoofing
• Spoofing (in the internet context) refers to forging informaPon in a packet, usually to make the desPnaPon believe you are a different site than you actually are
• For IP address spoofing, the aZacker can replace informaPon in packet (such as the IP address) with its own IP address.
• If this is done at the stage where the IP address is requested, the aZacker can try to send out false responses to the request.
43
AZack Technique #3: Denial-‐of-‐Service
• This aZacks denies service by flooding server with requests
• The server is overloaded with requests • “ping” requests are one way to perform this aZack -‐ badly formed ping packets can even cause some networks to crash
• This can be combined with spoofing to create the so-‐called “smurf” aZack; the aZacker spoofs the vicPm’s IP address, and then send out mulPple requests for service. Many servers respond (to what appears to be a legiPmate request) by sending replies to the vicPm, overloading the vicPm server.
44
3/6/12
12
Test
Protocol Stack and Protocol Analysis with wireshark (5 quesPons) Understand the protocol stack and encapsulaPon Know what these protocols are: DNS, TCP, UDP, IP, HTTP, HTTPS Know the difference between wireless and wired transmission
Client-‐server applicaPons (1 quesPon) WWW, HTML, and URLs (2 quesPons) Reasoning about security (2 quesPons)
45