Chapter 9 Networking - PowerPoint PPT Presentation

1 / 24
About This Presentation
Title:

Chapter 9 Networking

Description:

Link encryption occurs at layer 1 (physical) or layer 2 (data link) in the ... J., Neuman, C., and J. Schiller, 1988] 'Kerberos: An Authentication Service for ... – PowerPoint PPT presentation

Number of Views:55
Avg rating:3.0/5.0
Slides: 25
Provided by: tandre
Learn more at: http://sce.uhcl.edu
Category:

less

Transcript and Presenter's Notes

Title: Chapter 9 Networking


1
Chapter 9Networking Distributed Security
(Part B)
2
Outline
  • Overview of Networking
  • Threats
  • Wiretapping, impersonation, message
    interruption/modification, DoS
  • Controls
  • Encryption, authentication, distributed
    authentication, traffic control, integrity
    control
  • Email privacy PEM, PGP
  • Firewalls
  • Multilevel networks

3
Network Security Controls Encryptions
  • Host-level (link) encryption Fig. 9-16, p.406
  • Link encryption occurs at layer 1 (physical) or
    layer 2 (data link) in the OSI model.
  • Data is encrypted before the system places it on
    the physical communication link.
  • Data is decrypted when entering the destination
    host.
  • Encryption is performed by efficient and
    reliable hardware.
  • Encryption is invisible to the OS and the
    application.
  • Data are in the clear at the higher layers
    (layer 3 and above).
  • Data need to be decrypted by the intermediate
    hosts.
  • Q How many intermediate hosts are there?

4
Network Security Controls Encryptions
  • Application-level (end-to-end) encryption Fig.
    9-18
  • Encryption is performed between the sending
    application and the receiving application.
  • The encryption can be done by hardware device
    (between the user and the host) or by software.
  • A message is transmitted in encrypted form
    throughout the network. ? a secure virtual
    tunnel
  • No cleartext exposure in any host. Is this
    true?
  • No exposure in intermediate hosts.
  • slower than link level encryption
  • If symmetric keys are used, totally n (n-1) / 2
    keys are needed between every n applications.

5
Network Security Controls Encryptions
  • Comparison of link and end-to-end encryption
  • Table 9-2 p.409
  • Any other encryption-based network controls?

6
VPN (Virtual Private Network)
  • There are two common types of VPNs
  • Remote-Access
  • Also called a Virtual Private Dial-up Network
    (VPDN)
  • a user-to-LAN connection used by a company that
    has employees who need to connect to the private
    network from various remote locations
  • Typically, a corporation that wishes to set up a
    large remote-access VPN provides some form of
    Internet dial-up account to their users using an
    ISP.
  • Site-to-Site
  • Through the use of dedicated equipment and
    large-scale encryption, a company can connect
    multiple fixed sites over a public network such
    as the Internet.
  • Use of VPN to secure wireless LAN

7
VPN Encryptions
  • Most VPNs use one of the following protocols to
    provide encryption IPSec, PPTP/MPPE, and
    L2TP/IPSec.
  • IPSec - Internet Protocol Security Protocol
    (IPSec).
  • Tunnel mode encrypts the header and the payload
    of each packet while transport mode only encrypts
    the payload.
  • All devices must use a common key or certificate
    and must have very similar security policies set
    up.
  • IPSec supports either 56-bit (single DES) or
    168-bit (triple-DES) encryption.
  • PPTP/MPPE Point-To-Point Tunneling Protocol
  • PPTP supports multi-protocol VPNs, with 40-bit
    and 128-bit encryption using a protocol called
    Microsoft Point-to-Point Encryption (MPPE).
  • PPTP by itself does not provide data encryption.

8
VPN Encryptions
  • L2TP/IPSec - Commonly called L2TP over IPSec
  • This provides the security of the IPSec protocol
    over the tunneling of Layer 2 Tunneling Protocol
    (L2TP).
  • Primarily used for remote-access VPNs with
    Windows 2000 operating systems, since Windows
    2000 provides a native IPSec and L2TP client.
  • Internet Service Providers can also provide L2TP
    connections for dial-in users, and then encrypt
    that traffic with IPSec between their
    access-point and the remote office network
    server.
  • VPN References
  • http//www.cisco.com/warp/public/471/how_vpn_works
    .shtmlintro
  • http//pptpclient.sourceforge.net/

9
Network Security Controls Authentication /
Access Control
  • Two goals of access control in a network
  • To protect a single system from unauthorized
    users
  • To prevent unauthorized users to access a
    computer by passing through another computer
    (distributed authentication)
  • Protection of dial-in ports
  • a special case of distributed user authentication
  • Automatic call-back
  • Differentiated access rights depending on access
    methods (local vs remote)
  • Silent modem
  • Q Any other methods for dial-in port protection?

10
Network Security Controls Distributed
authentication
  • Two issues
  • To protect a single system from unauthorized
    remote users ?distributed user authentication
  • To protect a network node from unauthorized
    access coming from other nodes ?
    computer-to-computer authentication
  • Several approaches
  • Distributed Authentication (by Digital, DEC)
  • Kerberos (by MIT)
  • DCE - Distributed Computing Environment (by OSF)
  • SESAME (a European RD project)
  • CORBA Common Object Request Broker Architecture
    (by OMG)

11
Digital Distributed Authentication
  • 1989, 1990
  • Gasser, Morrie, and Ellen McDermot. An
    Architecture for Practical Delegation in a
    Distributed System. Proceedings of the 1990
    IEEE Symposium on Security and Privacy. 5/1990.
  • Issues to be resolved
  • Impersonation of a server by a rogue process
  • Interception / modification of data exchanged
    btwn servers
  • Replay of a previous authentication
  • Approach
  • Creation of a session key using public keys
  • The session key is used to encrypt further
    communications between the servers.
  • Implementation issues public key distribution
    certification

12
Kerberos
  • Kerberos (Greek) a 3-headed dog that in Greek
    mythology guards the entrance to Hades
  • Steiner, J., Neuman, C., and J. Schiller, 1988
    "Kerberos An Authentication Service for Open
    Network Systems", pp. 191-202 in Usenix
    Conference Proceedings, 2/1988.
  • Kohl, J. and C. Neuman, 1993 The Kerberos
    Network Authentication Service (V5). RFC1510.
    9/1993.
  • Purpose authentication in distributed systems
  • Two types of servers
  • A Kerberos server (KS) establish a session key
    btwn a user and the TGS
  • A ticket granting server (TGS) grant a ticket
    to a user request access to a resource

13
Kerberos
  • Using Kerberos
  • The user obtains a session key (SG)and a ticket
    (TG)from the KS. The KS also sends the session
    key and the users id to the TGS. (Fig. 9-21,
    p.413)
  • Q. What is the session key for?
  • Q. What information are contained in the ticket?
  • Q. To whom would the user present the ticket?
  • Q. Does the user transmit his password to the KS?
  • The user requests access to an object by
    obtaining from the TGS a ticket (TF) and a
    session key (SF). (Fig. 9-22)
  • Q. What is the session key for?
  • Q. What information are contained in the ticket?
    SF (p.414)
  • Q. To whom would the user present the ticket?
    Fig. 9-23
  • Q. Can the ticket be read, modified or forged?
    Why or why not?

14
Kerberos
  • Strength
  • No passwords are transmitted on the network.
  • Cryptographic protection against spoofing
    Every access is checked by the TGS and the
    respective resource server.
  • Limited period of validity Every ticket has a
    time stamp.
  • Time stamps to prevent replay attack Use of a
    reliable universal clock is required.
  • Mutual authentication A secure channel btwn a
    user and a server can be established, via the use
    of a ticket and a session key. Both the serve
    and the user can authenticate each other. How?

15
Kerberos
  • Weakness
  • A continuously available TGS is required. Both
    reliability and performance may be potential
    problems.
  • Trust between the TGS and every server is
    required. Trust in a distributed environment is
    hard to establish.
  • Timely transactions are required.
  • A subverted workstation can save and later replay
    user passwords.
  • Password guessing works.
  • Kerberos does not scale well. Why? Fig. 9-23,
    p.415.
  • To enable the use of Kerberos in a distributed
    system, it is required that all applications use
    Kerberos.
  • Q. Can the Kerberos server and the TGS be
    combined? Yes (see DCE).
  • Q. What are the trade-offs?

16
Distributed Computing Environment
  • An OSF project, 1992 (now the Open Group,
    http//www.opengroup.org/dce/)
  • OSF DCE provides a foundation on which other
    distributed services and applications may be
    built. Fig. 9-24, p.416.
  • DCE is called "middleware" or "enabling
    technology. It is not intended to exist alone,
    but instead should be bundled into a vendor's
    operating system offering, or integrated in by a
    third-party vendor.
  • DCE is not an application in itself, but is used
    to build custom applications or to support
    purchased applications.
  • The security service in DCE is based on Kerberos,
    with the KS and the TGS combined into a Security
    Server.
  • A cell is an administrative domain, consisting of
    the set of subjects and objects managed together.
  • OSF Distributed Computing Environment FAQ
  • DCE RFCs

17
SESAME
  • A European Commissions RD project
  • Similar to DCE
  • It uses Kerberos extensively.
  • It preceded both Kerberos and DCE in use of
    public key technology for secure authentication
    and distributing privilege attributes and tickets
    to users.
  • Note Both Kerberos and DCE used symmetric keys
    initially, but have moved to support public keys.

18
CORBA
  • Common Object Request Broker Architecture
  • An OMG specification, http//www.omg.org/corba/
  • An ORB is a traffic director that joins clients
    requests to appropriate servers.
  • Cross-platform interoperability
  • Using the standard protocol IIOP (Internet
    Inter-ORB Protocol), a CORBA-based program from
    any vendor, on almost any computer, operating
    system, programming language, and network, can
    interoperate with a CORBA-based program from the
    same or another vendor, on almost any other
    computer, operating system, programming language,
    and network. (http//www.omg.org/gettingstarted/c
    orbafaq.htmWhatIsIt)

19
CORBA
  • The separation of interface from implementation,
    enabled by OMG IDL, is the essence of CORBA.

20
CORBA Security Services
  • Viega McGraw p.54
  • OMG standards define two levels of CORBA security
    services.
  • Level 1 is intended for applications that may
    need to be secure, but where the code itself need
    not be aware of security issues.
  • In such a case, all security operations should be
    handled by the underlying ORB.
  • Level 2 supports other advanced security
    features, and the application is likely to be
    aware of these.
  • Most CORBAs security features are built into the
    underlying IIOP protocol, which supports secure
    communication using cryptography.
  • Mutual authentication is possible between the
    server and the user.

21
CORBA
  • Strength of CORBA
  • Flexibility of security policy Any security
    policy may be supported, at the level of the ORB.
  • Independence of security technology security
    technology neutral
  • Interoperability
  • Drawback
  • CORBA specifications describe the means by which
    security functionality can be linked to a CORBA
    object, but there is no requirement to do so.
  • Implementations of the CORBA specification vary
    widely in terms of supported functionalities.
    (Example tunneling connections through a
    firewall. See VM, p.56.)

22
Network Security Controls Traffic control
  • Traffic (flow) analysis
  • an attack launched by an interceptor who examines
    the traffic of a network to gather and/or to
    infer information
  • The mere existence of messages flowing from one
    point to another can be sensitive information.
  • Examples p.418
  • Control against traffic analysis
  • Spurious messages between points of low traffic

23
Network Security Controls Data Integrity Control
  • The goal To ensure that data is correctly
    stored, communicated, and modified in the network
  • Types of controls
  • Cryptographic checksums
  • Parity bits
  • Byte parity bit 1 if the sum of bits in a byte
    is even 0 otherwise
  • Longitudinal parity bit byte parity bit p.421
  • Other error checking codes hash value, message
    digest
  • Digital signatures In a network, digital
    signatures are used to check authenticity of a
    message and also to enable auditability/traceabili
    ty of data change.
  • Notarization a 3rd party authority (notary)
    between two users in a network

24
Summary
  • Next
  • Email privacy PEM, PGP
  • Firewalls
Write a Comment
User Comments (0)
About PowerShow.com