An Overview of System and Network Security

1
An Overview of System and Network Security

• CS 8803 Spring 03

2
Introduction to Cryptography
3
Definitions

• Process data into unintelligible form,
  reversible, without data loss
• Usually one-to-one (not compression)
• Analog cryptography example voice changers
• Other services
• Integrity checking no tampering
• Authentication not an imposter
• Plaintext encryption? ciphertext decryption ?
  plaintext

4
Computational Difficulty

• Algorithm needs to be efficient.
• Otherwise only short keys can be used.
• Most schemes can be broken depends on .
• E.G. Try all possible keys.
• Longer key is often more secure
• Encryption O(N1).
• Brute-force cryptanalysis O(2N1), twice as hard
  with each additional bit.
• Cryptanalysis tools
• Special-purpose hardware.
• Parallel machines.
• Internet coarse-grain parallelism.

5
Cryptanalysis Breaking an Encryption Scheme

• Ciphertext only
• Exhaustive search until recognizable plaintext
• Need enough ciphertext
• Known plaintext
• Secret may be revealed (by spy, time), thus
  ltciphertext, plaintextgt pair is obtained
• Great for monoalphabetic ciphers
• Chosen plaintext
• Choose text, get encrypted
• Useful if limited set of messages

6
Models for Evaluating Security

• Unconditional security (perfect secrecy)
• Uncertainty/entropy H(p)H(pc)
• Complexity-theoretic security
• Provable security
• As difficult to break as solving well-known and
  supposedly difficult problem
• Computational security
• Ad hoc security

7
Types of Cryptography

• Hash functions no key
• Secret key cryptography one key
• Public key cryptography two keys - public,
  private

8
Secret Key Cryptography

• Same key is used for encryption and decryption
• Symmetric cryptography
• Ciphertext approximately the same length as
  plaintext
• Substitution codes, DES, IDEA
• Message transmission
• Agree on key (but how?)
• Communicate over insecure channel
• Secure storage crypt

9
Secret Key Cryptography (Contd)

• Strong authentication prove knowledge of key
  without revealing it
• Send challenge r, verify the returned encrypted
  r
• Fred can obtain chosen plaintext, cihpertext
  pairs
• Challenge should chosen from a large pool
• Integrity check fixed-length checksum for
  message
• Send MIC along with the message

10
Public Key Cryptography

• Asymmetric cryptography
• Invented/published in 1975
• Two keys private (d), public (e)
• Encryption public key Decryption private key
• Signing private key Verification public key
• Much slower than secret key cryptography

11
Public Key Cryptography (Contd)

• Data transmission
• Alice encrypts ma using eB, Bob decrypts to ma
  using db.
• Storage
• Can create a safety copy using public key of
  trusted person.
• Authentication
• No need to store secrets, only need public keys.
• Secret key cryptography need to share secret key
  for every person to communicate with.

12
Public Key Cryptography (Contd)

• Digital signatures
• Encrypt hash h(m) with private key
• Authorship
• Integrity
• Non-repudiation cant do with secret key
  cryptography

13
Hash Algorithms

• Message digests, one-way transformations
• Length of h(m) much shorter then length of m
• Usually fixed lengths 48-128 bits
• Easy to compute h(m)
• Given h(m), no easy way to find m
• Computationally infeasible to find m1, m2 s.t.
  h(m1) h(m2)
• Example (mc)2, take middle n digits

14
Hash Algorithms (Contd)

• Password hashing
• Doesnt need to know password to verify it
• Store h(ps), s (salt), and compare it with the
  user-entered p
• Salt makes dictionary attack less convenient
• Message integrity
• Agree on a password p
• Compute h(pm) and send with m
• Doesnt require encryption algorithm, so the
  technology is exportable

15
Key Distribution and Management
16
Key Distribution and Management

• Secret key distribution
• Public key distribution
• Secret key distribution using public key
  encryption

17
Secret Key Distribution

• A and B can establish a secret key by
• Manual delivery.
• Selection and delivery by a trusted third party.
• Using a previous key to encrypt the new key.
• Using encrypted links to a third party to relay.
• Problem
• Need to scale up need for each pair of
  hosts/applications ...

18
Key Distribution Center (KDC)

• Responsible for distributing keys to pairs of
  users (hosts, processes, applications)
• Each user must share a unique key, the master
  key, with the KDC
• Use the master key to communicate with KDC to get
  a temporary session key for establishing a secure
  session with another user
• Master keys are distributed in some
  non-cryptographic ways

19
A Typical Key Distribution Scenario
KDC
(1) RequestN1
(2) EKaKsRequestN1EKb(Ks,IDA)
(3) EKbKs,IDA
A
(4) EKsN2
B
(5) EKsf(N2)
Ka, Kb are master keys, Ks is a session key
20
Public Key Distribution

• General schemes
• Public announcement
• Can be forged
• Publicly available directory
• Can be tempered
• Public-key authority
• Public-key certificates

21
Public-key Authority
Public-key authority
(4) RequestT2
(5) EKd_authKe_aRequestT2
(1) RequestT1
(2) EKd_authKe_bRequestT1
(3) EKe_bIDA N1
(6) EKe_aN1N2
A
B
(7) EKe_bN2
22
Public-key Certificates

• A certificate contains a public key and other
  information
• Created by a certificate authority
• Given to the participant with the matching
  private key
• A participant transmits its certificate to convey
  its key information
• Other participants can verify that the
  certificate was created by the authority
• All nodes are pre-configured with the public key
  of the certificate authority (CA)

23
Security Handshake
24
Establishing Session Keys

• Authentication handshakes to securely establish
  session keys
• Using shared secret
• Using public keys
• One-way public key (only Alice needs to have
  keys)
• Lamports hash

25
Session Key Shared Secret

• Alice ? Bob Im Alice
• Bob ? Alice R
• Alice ? Bob KABR
• Use f(KAB) R as the session key
• KABR1 is bad
• Trudy can eavesdrop to know R, then impersonate
  Bob and trick Alice to encrypt R1, hence getting
  the session key btw Alice and Bob

26
Session Key Two-way Public Key

• Alice ? Bob RB
• Trudy can impersonate Alice and send her own RB
  to Bob
• Alice ? Bob RBA
• Trudy can record conversation, break into Bob,
  and decrypt
• Alice ? Bob R1B Bob ? Alice R2A
• R1 ? R2 is session key, Trudy needs to break into
  both Alice and Bob
• Diffie-Hellman with signing

27
Mediated Authentication

• Alice ? KDC I want Bob
• KDC invents KAB
• KDC ? Alice KAliceuse KAB for Bob
• KDC ? Bob KBobuse KAB for Alice
• Avoid race condition
• KDC sends ticket KBobuse KAB for Alice to
  Alice, who then uses the ticket to contact Bob

28
Needham-Schroeder

• Alice ? KDC N1, I want Bob
• KDC ? Alice
• KAN1, Bob, KAB, ticket
• N1 to authenticate KDC
• ticket KBKAB, Alice
• Ensure Bob that it is Alice
• Alice ? Bob ticket, KABN2
• Bob ? Alice KABN2 -1, N3
• Alice ? Bob ticket, KABN3-1

29
IP Security
30
IPSEC Objectives

• Band-aid for IPv4
• Spoofing a problem
• Not designed with security or authentication in
  mind
• IP layer mechanism for IPv4 and IPv6
• Not all applications need to be security aware
• Can be transparent to users

31
Architecture Concepts

• Host or gateway implementation
• Tunnel vs. Transport mode
• Security association (SA)
• Security parameter index (SPI)
• Security policy database (SPD)
• SA database (SAD)
• Encapsulating security payload (ESP)
• Authentication header (AH)

32
Hosts Gateways

• Hosts can implement IPSec to
• Other hosts in transport or tunnel mode
• Gateways with tunnel mode
• Gateways to gateways - tunnel mode

33
Tunnel Mode
Encrypted Tunnel
Gateway
Gateway
Encrypted
Unencrypted
Unencrypted
A
B
34
Transport Mode
IP header
IP options
IPSec header
Higher layer protocol
ESP
Real IP destination
AH

• ESP protects higher layer payload only
• AH can protect IP headers as well as higher layer
  payload

35
Tunnel Mode
Outer IP header
Inner IP header
IPSec header
Higher layer protocol
ESP
Real IP destination
Destination IPSec entity
AH

• ESP applies only to the tunneled packet
• AH can be applied to portions of the outer header

36
Security Association - SA

• One way relationship
• Determine IPSec processing for senders
• Determine IPSec decoding for destination
• SAs are not fixed! Generated and customized per
  traffic flows

37
Outbound Processing
Is it for IPSec?If so, which policy entry to
select?
IPSec processing
Determine the SA and its SPI
38
Inbound Processing
Use SPI to index the SAD
Was packet properly secured?
Original IP Packet
un-process
39
Firewalls
40
What is a firewall?

• Device that provides secure connectivity between
  networks (internal/external varying levels of
  trust)
• Used to implement and enforce a security policy
  for communication between networks

41
Firewalls

• From Websters Dictionary a wall constructed to
  prevent the spread of fire
• Internet firewalls are more the moat around a
  castle than a building firewall
• Controlled access point

42
Firewalls can

• Restrict incoming and outgoing traffic by IP
  address, ports, or users
• Block invalid packets

43
Convenient

• Give insight into traffic mix via logging
• Network Address Translation
• Encryption

44
Firewalls Cannot Protect

• Traffic that does not cross it
• routing around
• Internal traffic
• When misconfigured

45
Access Control
Corporate Network

• Security Requirement
• Control access to network information and
  resources
• Protect the network from attacks

DMZ Net Web Server Pool
46
Filtering

• Packets checked then passed
• Inbound outbound affect when policy is checked

47
Filtering

• Packet filtering
• Access Control Lists
• Session filtering
• Dynamic Packet Filtering
• Stateful Inspection
• Context Based Access Control

48
Intrusion Detection Systems
49
Definitions

• Intrusion
• A set of actions aimed to compromise the security
  goals, namely
• Integrity, confidentiality, or availability, of a
  computing and networking resource
• Intrusion detection
• The process of identifying and responding to
  intrusion activities

50
Elements of Intrusion Detection

• Primary assumptions
• System activities are observable
• Normal and intrusive activities have distinct
  evidence
• Components of intrusion detection systems
• From an algorithmic perspective
• Features - capture intrusion evidences
• Models - piece evidences together
• From a system architecture perspective
• Audit data processor, knowledge base, decision
  engine, alarm generation and responses

51
Components of Intrusion Detection System
system activities are observable
normal and intrusive activities have distinct
evidence
52
Intrusion Detection Approaches

• Modeling
• Features evidences extracted from audit data
• Analysis approach piecing the evidences together
• Misuse detection (a.k.a. signature-based)
• Anomaly detection (a.k.a. statistical-based)
• Deployment Network-based or Host-based
• Development and maintenance
• Hand-coding of expert knowledge
• Learning based on audit data

53
Misuse Detection
Example if (src_ip dst_ip) then land attack
Cant detect new attacks
54
Anomaly Detection
probable intrusion
activity measures
Relatively high false positive rate -
anomalies can just be new normal activities.
55
Monitoring Networks and Hosts
Network Packets
tcpdump
BSM
Operating System Events
56
Key Performance Metrics

• Algorithm
• Alarm A Intrusion I
• Detection (true alarm) rate P(AI)
• False negative rate P(AI)
• False alarm rate P(AI)
• True negative rate P(AI)
• Bayesian detection rate P(IA)
• Architecture
• Scalable
• Resilient to attacks

57
Bayesian Detection Rate

• Base-rate fallacy
• Even if false alarm rate P(AI) is very low,
  Bayesian detection rate P(IA) is still low if
  base-rate P(I) is low
• E.g. if P(AI) 1, P(AI) 10-5, P(I)
  210-5, P(IA) 66
• Implications to IDS
• Design algorithms to reduce false alarm rate
• Deploy IDS to appropriate point/layer with
  sufficiently high base rate