CS 6262 Network Security

1
CS 6262 - Network Security

• Dr. Wenke Lee
• wenke_at_cc.gatech.edu

Materials developed based on lecture notes from
Dr. S. Felix Wu of UC Davis, Dr. Fengmin Gong
of MCNC, and Dr. Henning Schulzrinne of Columbia
University.
2
Course Objectives

• Understanding of basic issues, concepts,
  principles, and mechanisms in information
  security.
• Security goals and threats to networking
  infrastructure and applications.
• Introduction to cryptography.
• Network security applications.
• System security applications.
• Exposure to commercial as well as research
  security technologies.

3
Course Styles

• Descriptive what is out there.
• Critical what is wrong with ...
• Skill oriented homework, projects, papers.
• Explore!
• Interactive discussion and questions encouraged
  and considered in grade.
• Information sharing home page and message
  board/email list.

4
Course Outline

• Background
• Review of networking technologies
• Network security threats and counter measures
• Cryptography
• Secret key cryptography
• Hashes and message digests
• Public key cryptography

5
Course Outline - Contd

• Network and system security applications
• Authentication and security handshakes pitfalls
• Email security
• IP security
• Web and E-commerce, and Java security
• Attacks to routing infrastructures and counter
  measures
• DDoS and traceback
• Virus/worm detection, firewalls, intrusion
  detection.

6
Prerequisites

• Networking, operating systems, discrete
  mathematics, and programming (C or C, Java).
• The right motivations.

7
Textbooks and References

• Required textbooks -.
• Network security PRIVATE communication in a
  PUBLIC world by Kaufman, Perlman, and Speciner.
• This book is very comprehensive. I will follow it
  as much as possible.
• Network security essentials applications and
  standards by William Stallings.
• This book contains more recent technologies and
  will be used for the second half of the course.
• Reference text(s) and papers- see web site.

8
Course Mechanics

• WWW page http//www.cc.gatech.edu/classes/AY2002/
  cs6262_spring/
• For course materials, e.g., lecture slides,
  homework files, papers, tools, etc.
• Grading 40 homework, 25 project, 15 midterm,
  and 20 final
• Course participation 5 extra credits.

9
Course Project

• Can be (a combination of)
• Design of new algorithms and protocols.
• Or new attacks!
• Analysis/evaluation of existing algorithms,
  protocols, and systems.
• Vulnerabilities, efficiency, etc.
• Implementation and experimentation.
• Small team - one to three persons.
• Proposal, work, and final demo/write-up.
• Topics - see web page, but you can define your
  own with my approval.

10
Introduction to Networking and Introduction to
Computer Security

• CS 6262 Spring 02 - Lecture 1
• (Tuesday, 1/8/2002)

11
Networking Technologies
12
Trends by Application Demands

• Hunger for bandwidth
• Wider spectrum of application sophistication
• Best-effort to guaranteed
• Built-in security?
• Drive for ubiquitous access
• Economics/profitability

13
Quest for Speed
WWW enables everyone to do all these!
14
Quest for Better Services

• Real-time audio/video requires guaranteed
  end-to-end delay and jitter bounds.
• Adaptive multimedia application requires minimum
  bandwidth and loss assurance.
• Intelligent application demands reliable feedback
  from the network.
• Security.

15
Quest for Ubiquitous Access ...

• Information age is a reality.
• Everything depends on reliable and efficient
  information processing.
• Quality of our everyday life.
• Development of national/world economy.
• Security of national defense/world peace.
• Networking is one critical part of this
  underlying information infrastructure!

16
Economic Pressure

• Service providers want the most bang on their
  buck - the most profitable technology?
• Cautious adoption of new technologies
• Even for security
• Emphasis on leveraging deployed technologies
• Increased utilization of existing facilities

17
Networking Technologies

• Switching modes.
• Circuit switching.
• Packet switching - Ethernet, HIPPI, fiber
  channel, IP routing, frame relay, ATM, IP
  switching/tag switching.
• High-speed transmission media.
• SONET/SDH, WDM.
• Ubiquitous access media.
• xDSL/cable modem, IEEE802.11, LEOSs.
• We will study the common security issues.

18
The Internet
19
Layered Store-and-forward
User A
User B
Application
Transport
Network
Link
20
Security Implications

• Vulnerabilities - from weak design, to
  feature-rich implementation, to compromised
  entity
• Heterogeneous networking technologies adds to
  security complexity
• Higher-speed communication puts more information
  at risk in given time period
• Easier to defend than to defend
• Ubiquitous access increases exposure to risks

21
The Good News ...

• Plenty of basic means for end-user protection -
  privacy, authentication, integrity
• Intensive RD effort on security solutions
  (government sponsored research private
  industry)
• Increasing public awareness of security issues
• New crops of security(-aware) researchers and
  engineers
• YOU!

22
The Bad News ...

• Information infrastructure as a whole is very
  vulnerable, which makes all critical national
  infrastructure vulnerable
• e.g., Denial-of-service attacks are particularly
  dangerous to the Internet infrastructure
• Serious lack of effective technologies, policies,
  and management framework

23
Computer Security
24
The Definition

• Security is a state of well-being of information
  and infrastructures in which the possibility of
  successful yet undetected theft, tampering, and
  disruption of information and services is kept
  low or tolerable
• Security rests on confidentiality, authenticity,
  integrity, and availability

25
The Basic Components

• Confidentiality is the concealment of information
  or resources.
• Authenticity is the identification and assurance
  of the origin of information.
• Integrity refers to the trustworthiness of data
  or resources in terms of preventing improper and
  unauthorized changes.
• Availability refers to the ability to use the
  information or resource desired.

26
Security Threats and Attacks

• A threat is a potential violation of security.
• Flaws in design, implementation, and operation.
• An attack is any action that violates security.
• Active adversary.

27
Eavesdropping - Message Interception (Attack on
Confidentiality)

• Unauthorized access to information
• Packet sniffers and wiretappers
• Illicit copying of files and programs

R
S
Eavesdropper
28
Integrity Attack - Tampering With Messages

• Stop the flow of the message
• Delay and optionally modify the message
• Release the message again

R
S
Perpetrator
29
Authenticity Attack - Fabrication

• Unauthorized assumption of others identity
• Generate and distribute objects under this
  identity

R
S
Masquerader from S
30
Attack on Availability

• Destroy hardware (cutting fiber) or software
• Modify software in a subtle way (alias commands)
• Corrupt packets in transit
• Blatant denial of service (DoS)
• Crashing the server
• Overwhelm the server (use up its resource)

31
Impact of Attacks

• Theft of confidential information
• Unauthorized use of
• Network bandwidth
• Computing resource
• Spread of false information
• Disruption of legitimate services
• All attacks can be related and are dangerous!

32
Close-knit Attack Family
Active Attacks
Passive attacks
re-target
jam/cut it
sniff for content
capture modify
re-target
traffic analysis - who is talking
pretend
who to impersonate
I need to be Bill
33
Security Policy and Mechanism

• Policy a statement of what is, and is not
  allowed.
• Mechanism a procedure, tool, or method of
  enforcing a policy.
• Security mechanisms implement functions that help
  prevent, detect, and respond to recovery from
  security attacks.
• Security functions are typically made available
  to users as a set of security services through
  APIs or integrated interfaces.
• Cryptography underlies many security mechanisms.

34
Security Services

• Confidentiality protection of any information
  from being exposed to unintended entities.
• Information content.
• Parties involved.
• Where they are, how they communicate, how often,
  etc.

35
Security Services - Contd

• Authentication assurance that an entity of
  concern or the origin of a communication is
  authentic - its what it claims to be or from
• Integrity assurance that the information has not
  been tampered with
• Non-repudiation offer of evidence that a party
  indeed is the sender or a receiver of certain
  information

36
Security Services - Contd

• Access control facilities to determine and
  enforce who is allowed access to what resources,
  hosts, software, network connections
• Monitor response facilities for monitoring
  security attacks, generating indications,
  surviving (tolerating) and recovering from attacks

37
Security Services - Contd

• Security management facilities for coordinating
  users service requirements and mechanism
  implementations throughout the enterprise network
  and across the Internet
• Trust model
• Trust communication protocol
• Trust management infrastructure