An Introduction to Computer Networks

1
An Introduction to Computer Networks
Lecture 16 Security

• I have used slides from Mackeown, Stanford, Raj
  Jain, WuStl, etc, to prepare these slides
• University of Tehran
• Dept. of EE and Computer Engineering
• By
• Dr. Nasser Yazdani

2
Outline

• Why Network security
• Network Security Goals
• Security vs. Internet Design
• Attacks
• Defenses
• Encryption

3
Life Just Before Slammer
4
Life Just After Slammer
5
A Lesson in Economy

• Slammer exploited connectionless UDP service,
  rather than connection-oriented TCP.
• Entire worm fit in a single packet! (376 bytes)
• When scanning, worm could fire and forget.
• Stateless!
• Worm infected 75,000 hosts in 10 minutes
  (despite broken random number generator).
• At its peak, doubled every 8.5 seconds
• Progress limited by the Internets carrying
  capacity( 55 million scans/sec)

6
Why Security?

• First victim at 1215am
• By 1245, transcontinental links starting to fail
• 300,000 access points downed in Portugal
• All cell and Internet in Korea failed (27 million
  people)
• 5 root name servers were knocked offline
• 911 didnt respond (Seattle)
• Flights canceled

7
Witty Worm
8
Network Security Goals

• Availability(everyone can reach all network
  resources all the time)
• Protection(protect users from interactions they
  dont want)
• Authenticity(know who you are speaking with)
• Data Integrity(protect data en-route)
• Privacy, Confidentiality
• Confidentiality, Integrity and Availability (CIA)

9
Threats

• Disclosure, alteration, and denial (DAD)
• Disclosure or unauthorized access snooping,
  passive wiretapping,
• Deception or acceptance of false data active
  wiretapping (data modified), man-in-the-middle
  attack, spoofing (impersonation), repudiation of
  origin (denying sending), denial of receipt
• Disruption or prevention of correct operation
• unauthorized control of some part of a system
  Delay, Infinite delay Denial of service

10
Steps in Cracking a Network

• Information Gathering Public sources/tools.
• Port Scanning Find open TCP ports.
• Network Enumeration Map the network. Servers and
  workstations. Routers, switches, firewalls.
• Gaining Access Keeping root/administrator access
• Modifying Using access and modifying information
• Leaving a backdoor To return at a later date.
• Covering tracks

11
Types of Malware

• Viruses Code that attaches itself to programs,
  disks, or memory to propagate itself.
• Worms Installs copies of itself on other
  machines on a network, e.g., by finding user
  names and passwords
• Trojan horses Pretend to be a utility. Convince
  users to install on PC.
• Spyware Collect personal information
• Hoax Use emotion to propagate, e.g., child's
  last wish.
• Trap Door Undocumented entry point for debugging
  purposes
• Logic Bomb Instructions that trigger on some
  event in the future
• Zombie Malicious instructions that can be
  triggered remotely. The attacks seem to come from
  other victims.

12
Types of Attacks

• Denial of Service (DoS) Flooding with
  traffic/requests
• Buffer Overflows Error in system programs.
  Allows hacker to insert his code in to a program.
• Malware
• Brute Force Try all passwords.
• Port Scanning
• Disable unnecessary services and close ports
• Network Mapping

13
Internet Design

• Internet has been designed for connectivity
• Initially, anybody is good, Not true anymore
• Destination routing
• Packet based (statistical multiplexing)
• Global addressing (IP addresses)
• Simple to join (as infrastructure)
• Power in end hosts (end-to-end argument)
• Ad hoc naming system

14
Internet Design vs. Security

• Destination routing
• Keeps forwarding tables small
• Simple to maintain forwarding tables
• How do we know where packets are coming from?
• Probably simple fix to spoofing, why isnt it in
  place?
• Packet based (statistical multiplexing)
• Global addressing (IP addresses)
• Simple to join (as infrastructure)
• Power in end hosts (end-to-end arg)
• Ad hoc naming system

15
Internet Design vs. Security

• Destination Routing
• Packet Based (statistical multiplexing)
• Simple Efficient
• Difficult resource bound per-communication
• How to keep someone from hogging?(remember, we
  cant rely on source addresses)
• Global Addressing (IP addresses)
• Simple to join (as infrastructure)
• Power in End Hosts (end-to-end arg)
• Ad hoc naming system

16
Internet Design vs. Security

• Destination routing
• Packet based (statistical multiplexing)
• Global Addressing (IP addresses)
• Very democratic
• Even people who dont necessarily want to be
  talked to(every psychopath is your next door
  neighbor Dan Geer)
• Simple to join (as infrastructure)
• Power in end hosts (end-to-end arg)
• Ad hoc naming system

17
Internet Design vs. Security

• Destination routing
• Packet based (statistical multiplexing)
• Global addressing (IP addresses)
• Simple to join (as infrastructure)
• Very democratic
• Misbehaving routers can do very bad things
• No model of trust between routers
• Power in End Hosts (end-to-end arg)
• Ad hoc naming system

18
Internet Design vs. Security

• Destination routing
• Packet based (statistical multiplexing)
• Global addressing (IP addresses)
• Simple to join (as infrastructure)
• Power in end-hosts (end-to-end arg)
• Decouple hosts and infrastructure innovation at
  the edge!
• Giving power to least trusted actors
• How to guarantee good behavior?
• Ad hoc naming system

19
Internet Design vs. Security

• Packet Based (statistical multiplexing)
• Destination Routing
• Global Addressing (IP addresses)
• Simple to join (as infrastructure)
• Power in End Hosts (end-to-end arg)
• Ad hoc naming system
• Seems to work OK
• Fate sharing w/ hierarchical system
• Off route more trusted elements

20
IP-level vulnerabilities

• IP addresses are specified by the source
• Spoofing attacks!
• Use of IP address for authentication
• e.g., .rhosts, some web sites
• Some IP features that have been exploited
• Fragmentation Attacks
• Smurf Attacks

21
Routing attacks

• Divert traffic to malicious nodes
• Black-hole attack
• Dropping or Eavesdropping
• How to implement routing attacks?
• Distance-Vector
• Announce low-cost routes
• BGP vulnerabilities
• Prefix hijacking
• Path alteration

22
Denial of Service

• Make a service unusable, usually by overloading
  the server or network
• Disrupt service by taking down hosts
• Consume host-level resources
• E.g., SYN-floods
• Consume network resources
• E.g., UDP/ICMP floods

23
DoS Via Resource Exhaustion
User-time
CPU
Uplinkbandwidth
Downlinkbandwidth
Memory(e.g. TCP TCBexhaustion)
24
DoS Via Resource Exhaustion

• Uplink bandwidth
• Saturate uplink bandwidth using legitimate
  requests (e.g. download large image)
• Solution admission control at the server (not a
  network problem ??)
• CPU time similar to above
• Victim Memory
• TCP connections require state, can try to exhaust
• E.g. SYN Flood (next few slides)

25
TCP Handshake
C
S
SYNC
Listening
Store data
SYNS, ACKC
Wait
ACKS
Connected
26
Example SYN Flooding
C
S
SYNC1
Listening
SYNC2
Store data
SYNC3
SYNC4
SYNC5
27
Protection against SYN Attacks

• SYN Cookies
• Client sends SYN
• Server responds to Client with SYN-ACK cookie
• sqn f(src addr, src port, dest addr, dest port,
  rand)
• Server does not save state
• Honest client responds with ACK(sqn)
• Server checks response
• If matches SYN-ACK, establishes connection
• Drop Random TCB in SYN_RCVD state(likely to be
  attackers)

Bernstein, Schenk
28
Simple DoS

• Attacker generates lots of traffic

Lots of traffic
Attacker
Victim

• Think of a simple solution?

• Attacker usually spoofs source address to hide
  origin

29
Distributed DoS (DDoS)

• Attacker compromises multiple hosts
• Installs malicious program to do her
  biding(bots)
• Bots flood (or otherwise attack) victims on
  command Attack is coordinated
• Bot-networks of 80k to 100k have been seen in the
  wild
• Aggregate bandwidth gt 20Gbps (probably more)

30
Distributed DoS
31
Distributed DoS

• Handlers are usually high volume servers
• Easy to hide the attack packets
• Agents are usually home users with DSL/Cable
• Already infected and the agent installed
• Very difficult to track down the attacker
• Multiple levels of indirection!
• Aside How to distinguish DDoS from a
  Flash Crowd?
• Flash Crowd ? Many clients using a service
• Slashdot Effect

32
Smurf Attack
Ping to a broadcast IP from the (spoofed) source
address of the victim
ICMP Ping Dst bcast addr of remote net Src
Victim
Internet
Attacking System
Broadcast Enabled Network
Victim System
33
DNS Vulnerability

• Users/hosts typically trust the host-address
  mapping provided by DNS
• Give somebody else IP address
• Redirect all following traffics

34
Firewalls

• Lots of vulnerabilities on hosts in network
• Users dont keep systems up to date
• Lots of patches
• Solution
• Limit access to the network
• Put firewalls across the perimeter of the network

35
Firewalls (contd)

• Firewall inspects traffic through it
• Allows traffic specified in the policy
• Drops everything else
• Two Types
• Packet Filters, Proxies

Internal Network
Firewall
Internet
36
Packet Filters

• Selectively passes packets from one network
  interface to another
• Usually done within a router between external and
  internal network
• What to filter based on?
• Packet Header Fields
• IP source and destination addresses
• Application port numbers
• ICMP message types/ Protocol options etc.
• Packet contents (payloads)

37
Packet Filters Possible Actions

• Allow the packet to go through
• Drop the packet (Notify Sender/Drop Silently)
• Alter the packet (NAT?)
• Log information about the packet

38
Some examples

• Block all packets from outside except for SMTP
  servers
• Block all traffic to/from a list of domains
• Ingress filtering
• Drop all packets from outside with addresses
  inside the network
• Egress filtering
• Drop all packets from inside with addresses
  outside the network

39
Firewall implementation

• Stateless packet filtering firewall
• Rule ? (Condition, Action)
• Rules are processed in top-down order
• If a condition satisfied action is taken

40
Default Firewall Rules

• Egress Filtering
• Outbound traffic from external address ? Drop
• Benefits?
• Ingress Filtering
• Inbound Traffic from internal address ? Drop
• Benefits?
• Default Deny
• Why?

Dst Port
Dst Addr
Proto
Ack Set?
Action
Src Port
Src Addr
Dir
Rule
Any
Deny
Any
Any
Ext
Any
Ext
Out
Egress
41
Packet Filters

• Advantages
• Transparent to application/user
• Simple packet filters can be efficient
• Disadvantages
• Security
• Overhead (speed)
• Usability
• Very hard to configure the rules
• Doesnt have enough information to take actions
  (Does port 22 always mean SSH? Who is the user
  accessing the SSH?)

42
Alternatives

• Stateful packet filters
• Keep the connection states
• Easier to specify rules
• Problems?
• State explosion
• State for UDP/ICMP?
• Proxy Firewalls
• Two connections instead of one
• Either at transport level
• SOCKS proxy
• Or at application level
• HTTP proxy

43
Proxy Firewall

• Data Available
• Application level information
• User information
• Advantages?
• Better policy enforcement
• Better logging
• Fail closed
• Disadvantages?
• Doesnt perform as well
• One proxy for each application
• Client modification

44
Proxies

• Want to look deeper into packets
• Application type
• Content
• Can do by reconstructing TCP flows and peering
  in, however this is really hard

45
Final Comments

• Internet not designed for security
• Many, many attacks
• Defense is very difficult
• Attackers are smart Broken network aids them!
• Retrofitting solutions often break original
  design principles
• Some of these solutions work, some of the time
• Some make the network inflexible, brittle
• Time to go back to the drawing board?(see Nick
  for details ? )

46
A general view

• Cryptography functions
• Secret key (e.g., DES)
• Public key (e.g., RSA)
• Message digest (e.g., MD5)
• Security services
• Privacy preventing unauthorized release of
  information
• Authentication verifying identity of the remote
  participant
• Integrity making sure message has not been
  altered

47
Encryption

• Change the message such that others can not
  understand it except those who knows mechanism.

48
Encryption elements

• Encryption/Decryption function It usually
  permute bit/characters
• Ex. move characters, Cesar Method
• Can be solved in at most 25 steps.
• Permute character
• Needs 26! Step to solve
• But it can be solved more easily by
  analyzing/guessing the content
• Key
• Cipher the result after encryption
• cipher E(message, Key)
• message D(cipher, key)

49
Encryption

• Symmetric 1 Key/2 users Secret Key
• Asymmetric Public Key Public and Private Keys
• Block Message broken in to fixed size blocks
• Synchronous Key stream depends on the key and IV
• Asynchronous Key stream depends on key, IV, and
  previous cipher text

50
Secret Key (DES)

• Published by National Bureau of Standards in 1977
  For commercial and unclassified government
  applications
• 8 octet (64 bit) key.
• Each octet with 1 odd parity bit ? 56-bit key
• Efficient hardware implementation
• Used in most financial transactions
• 56-bit was secure in 1977 but is not secure today
• Now we use DES three times ? Triple DES 3DES

51

• 64-bit key (56-bits 8-bit parity)
• 16 rounds

• Each Round

• Documents only specify how to encrypt/
• decrypt not why?

52
Other DES variants

• International Data Encryption Algorithm (IDEA)
• Designed for software implementation
• Encryption and Decryption are identical as in DES
  Key
• Use 128 bit key
• Advanced Encryption Standard (AES)
• Published by NIST in Nov 2001
• Based on a competition won by Rijmen and Daemen
  (Rijndael)
• Rijndael allows many block sizes and key sizes
• AES restricts it to
• Block Size 128 bits
• Key sizes 128, 192, 256 (AES-128,
  AES-192,AES-256)

53
Operation mode

• How to generate cipher
• Different Operation modes
• Electronic Code Book (ECB)
• Cipher Block Chaining (CBC)
• Cipher Feedback Mode (CFB)

54
Electronic Code Book (ECB)
Plaintext
Block Encryption
Ciphertext

• Pad last block, if necessary
• Problem One specific message always creates the
  same cipher

55
Cipher Block Chaining (CBC)
Plaintext
Block Encryption
Ciphertext

• Pad last block, if necessary
• Random Block called IV can be sent in plain
  text. Not a secret just prevents a codebook.
  Often times a timestamp.

56
Cipher Feedback Mode (CFB)
1 unit is 1/N block
Shift Register (1 Block wide)
Block Encryption
Encrypted Register
After each unit, shift input register and insert
the most recently generated unit of ciphertext
Next unit of Ciphertext
Next unit of Plaintext
XOR
output
57
Public Key cipher

• Use two key for encryption and decryption, public
  key and private key.

58
Public Key cipher

• It is a one way channel. Anybody can encrypt and
  send data but only the owner of the private key
  can decrypt it.
• It is symmetric meaning E(KS, M) C gt D(KP, C)
  M
• It is based on the number theory
• It is used for authentication and symmetric key
  distribution

59
Authentication by Public Key

• It is assumed that anybody who has the private
  key has done the encryption.

60
RSA (A Public Key Encryption Scheme)

• Proposed by Rivest, Shamir, Adleman, 1977
• Later known that British knew it around 1970
• NASA (American) knew it around mid 60s.
• It is build on the factoring numbers
• It uses relatively large keys 1024 bits
• It is very hard to break but it is very slow
  compared to symmetric keys.

61
RSA (Procedure)

• Select two large prime numbers at random p , q
• Compute Npq
• ø(N) (p-1)(q-1)
• Discard p and q COMPLETELY!
• Select an e lt N such that e ,ø(N) relatively
  prime
• Find 0 ? d ? N such that ed 1 mod ø(N)
• Public encryption key is K e ,N
• Encryption Algorithm is c me mod N
• Private decryption key is K-1 d, N
• Decryption Algorithm is m cd mod N

62
RSA Example (simple)

• p 5 and q 11 (destroy after computing e ,
  d )
• N pq 55 modulus
• ø(N) 410 40
• e 3 public exponent relatively prime to 40
• d 27 private exponent 327 1 mod 40
• Say we want to transmit the message m 4
• E(4) (43) mod 55 64 mod 55 9
• D(4) 927 mod 55
• 58149737003040059690390169 mod 55 4

63
RSA Example (not so simple)

• p 61 and q 53 (destroy after computing e ,
  d )
• N pq 3233 modulus
• ø(N) 6052 3120
• e 17 public exponent relatively prime to 3120
• d 2753 private exponent 172753 1 mod 3120
• Say we want to transmit the message m 123
• E(123) (12317) mod 3233
• 337587917446653715596592958817679803 mod 3233
  855
• D(855) 8552753 mod 3233
• (eight thousand digit plus number) mod 3233
  123
• THE POINT
• It is VERY DIFFICULT to compute d from e and
  N . Factoring large numbers is a computation
  intensive process.

64
Data integrity

• It is possible to send cipher which sounds OK.
  How do we know we get the message from the right
  person.
• We need athuntication
• We append some redundant information like CRC,
  message digest.
• We do so by cryptographic Hash functions

65
Hash Functions

• Usually operate on an arbitrary length message to
  give a fixed length message digest.
• Properties of a good hash function
• Pre-image Resistant given f(x) cannot find x
• 2nd Pre-image Resistant given x and f(x), it is
  difficult to find x? x such that that f(x)
  f(x)
• Collision Resistant it is difficult to find any
  x, x such that that x? x and f(x) f(x)
• If 1,2 are satisfied, the function is said to be
  one way

66
Hash Collisions

• Arbitrary length message gt Fixed length hash
  gtMany messages will map to the same hash
• Given 1000 bit messages gt 21000 messages
• 128 bit hash gt 2128 possible hashes
• gt21000/2128 2872 messages/hash value
• n-bit hash gt Need avg 2n/2 tries to find two
  messages with same hash
• 64 bit hash gt 232 tries (feasible)
• 128 bit hash gt 264 tries (not feasible)

67
Hash functions

• MD5
• 128-bit hash using 512 bit blocks
• Invented by Ron Rivest in 1991
• Described in RFC 1321
• Commonly used to check the integrity of files
  (easy to fudge message and the checksum)
• Also used to store passwords
• March 2006 collisions within 1 minute on a
  single notebook

68
Hash functions

• Secure Hash Algorithm (SHA)
• SHA-1 is used in TLS, SSL, PGP, SSH, S/MIME, and
  IPsec

69
Data integrity

• MAC Message Authentication code
• They use only Hash function instead of encrypting
  hash

70
Why Hash and One Way Functions?

• Message Authentication
• Password Storage ?
• Key Generation

71
Digital Signatures

• Authenticity non-repudiation
• Which cryptographic protocol could you use for
  this purpose?

• Alice signs the document with her private key
• SA(m)
• Alice sends the signed document to Bob
• Bob verifies the signature by decrypting it with
  Alices public key
• VA(SA(m)) m
• Only Alice knows her private key. This proves
  that
• m is from Alice
• Alice cant deny she sent m

72
Key Distribution

• Have network with n entities
• Add one more
• Must generate n new keys
• Each other entity must securely get its new key
• Big headache managing n2 keys!
• One solution use a central keyserver
• Needs n secret keys between entities and
  keyserver
• Generates session keys as needed
• Downsides
• Only scales to single organization level
• Single point of failure

73
How Useful is a KDC?

• Must always be online to support secure
  communication
• KDC can expose our session keys to others!
• Centralized trust and point of failure.
• In practice, the KDC model is mostly used within
  single organizations (e.g. Kerberos) but not more
  widely.