CH 4
CH 4
Lecture Notes
Alice:
• generates random symmetric private key,
KS Bob:
• encrypts message with KS (symmetric • uses his private key to decrypt and recover
encryption is more efficient) KS
4
• also encrypts KS with Bob’s public key • uses KS to decrypt and recover m
Network Security
4.2 What is Network Security?
• In today’s highly networked world, we can’t talk of
computer security without talking of network security
• Although there are many types of networks, the focus is
this course is on
– Internet and intranet security (TCP/IP based networks)
– Attacks that use security holes of the network protocols and
their defenses
• We do not discuss attacks that use networks to perform
some crime based on human weaknesses (such as scams)
5
Network Security
4.2 What is Network Security?
Security Features in the TCP/IP Protocol Stack
9
Network Security
4.3.1 Link Layer: ARP Spoofing
• ARP Spoofing (also called ARP cache poisoning or ARP poison
routing) is a link layer attack
• It is a technique by which an attacker sends (spoofed) Address
Resolution Protocol (ARP) messages onto a local area network
• The aim is to associate the attacker's MAC address with the IP
address of another host, such as the default gateway, causing any
traffic meant for that IP address to be sent to the attacker instead
• ARP spoofing may allow an attacker to intercept data frames on
a network, modify the traffic, or stop all traffic
• Often the attack is used as an opening for other attacks, such as
denial of service, man in the middle, or session hijacking attacks
10
Network Security
4.3.1 Link Layer: ARP Spoofing
• How does it happen?
– Because ARP is a stateless protocol
– Hosts will automatically cache any ARP replies they receive,
regardless of whether they requested them. Even ARP entries
which have not yet expired will be overwritten when a new ARP
reply packet is received
– There is no method in the ARP protocol by which a host can
authenticate the peer from which the packet originated
– This behavior is the vulnerability which allows ARP spoofing to
occur
11
Network Security
4.3.2 Network Layer Security: IPSec
• IP is vulnerable
• IP packets can be intercepted
– In the LAN broadcast
– In the router, switch
• Since the packets are not protected they can be easily read
• Since IP packets are not authenticated they can be easily modified
• Even if the user encrypts his/her data it will still be vulnerable to
traffic analysis attack
• Information exchanged between routers to maintain their routing
tables is not authenticated
• All sorts of problems can happen if a router is compromised 12
Network Security
4.3.2 Network Layer Security: IPSec
• IP Security (IPSec) Overview
– There are application-specific security mechanisms for a number of
application areas .
– However, security concerns cut across protocol layers
– By implementing security at the IP layer, an organization can ensure secure
networking not only for applications that have security mechanisms but also
for the many security-ignorant applications
– IPSec provides
• Origin authentication
• Confidentiality
• Message integrity
• Replay detection
• Key management
13
at the level of IP packets
Network Security
4.3.2 Network Layer Security: IPSec
• IPSec is a set of security algorithms plus a general framework that allows
a pair of communicating entities to use whichever algorithms provide
security appropriate for the communication
• IPsec provides the capability to secure communications across a LAN,
across private and public WANs, and across the Internet
– Secure branch office connectivity over the Internet (secure virtual private network
over the Internet or over a public WAN)
– Secure remote access over the Internet
– Establishing intranet connectivity with partners: IPsec can be used to secure
communication with other organizations, ensuring authentication and
confidentiality and providing a key exchange mechanism
– Enhancing electronic commerce security: Even though some Web and electronic
commerce applications have built-in security protocols, the use of IPsec enhances
15
that security
Network Security
4.3.2 Network Layer Security: IPSec
• Benefits of IPSec
– It is transparent to applications since it is below the transport layer (TCP):
– IPsec can be transparent to end users
– Provides security for individual users
• In addition to supporting end users and protecting premises systems and
networks, IPSec has a role in routing. It assures that
– A router advertisement (a new router advertises its presence) comes from an
authorized router
– A neighbor advertisement (a router seeks to establish or maintain a neighbor
relationship with a router in another routing domain) comes from an authorized
router
– A redirect message comes from the router to which the initial IP packet was sent
– A routing update is not forged 16
Network Security
4.3.2 Network Layer Security: IPSec
• IP Security Scenario
18
Network Security
4.3.3 Transport Layer Security
• In a SYN flood attack, the attacker sends repeated SYN packets to every port
on the targeted server, often using a fake IP address
• The server, unaware of the attack, receives multiple, speciously legitimate
requests to establish communication
• It responds to each attempt with a SYN-ACK packet from each open port
• The attacker either does not send the expected ACK, or - if the IP address is
spoofed - never receives the SYN-ACK in the first place. Either way, the
server under attack will wait for acknowledgement of its SYN-ACK packet
for some time
19
Network Security
4.4 Web Security
Types of Web threats and counter measures
• Integrity
– Data, memory and/or message modification
– Trojan horse browser
⇒ Cryptographic checksums
• Confidentiality
– Eavesdropping
– Theft of data from client & information from server
– Access to information about network configuration
– Access to information about which client is communicating
⇒ Encryption
21
Network Security
4.4 Web Security
• Denial of Service
– Killing of user thread
– Machine flooding with bogus requests
– Filling up disk/memory
– Isolating machine by DNS attacks
⇒ Detection and action (suspicious pattern)
• Authentication
– Impersonation of legitimate users
– Data forgery
⇒Cryptographic techniques
22
Network Security
4.4 Web Security
• Types of threats faced in using the Web can also be classified in terms of the
location of the threat
• Web server (computer system security)
• Web browser (computer system security)
• Network traffic security between browser and server (network security)
• Different Web security approaches provide similar services but differ with
respect to their scope of applicability and their relative location in the TCP/IP
protocol stack
23
Network Security
4.4 Web Security
• There are three standardized schemes that are becoming increasingly
important as part of Web commerce and that focus on security at the transport
layer: SSL/TLS, HTTPS, and SSH
• SSL/TLS
– Provides security services between TCP and applications that use TCP
– Provides confidentiality using symmetric encryption and message integrity using a
message authentication code
– It includes protocol mechanisms to enable two TCP users to determine the security
mechanisms and services they will use
• HTTPS (HTTP over SSL) refers to the combination of HTTP and SSL to
implement secure communication between a Web browser and a Web server
• Secure Shell (SSH) provides secure remote login and other secure
client/server facilities
24
Network Security
4.4.1 Secure Sockets Layer
• SSL consists two layers of protocols: SSL Record Protocol Layer and Upper
Layer Protocols (SSL Handshake, SSL Change Cypher Spec, SSL Alert)
• SSL Handshake: Allows the server and the client to authenticate each other
and negotiate on MAC (message authentication code) algorithm and
cryptographic key
• SSL Change Cypher Spec:
Allows pending state to be
copied into the current state
• SSL Alert: Used to transfer SSL
related alerts to the peer object
25
Network Security
4.4.1 Secure Sockets Layer
SSL Handshake Protocol Action
• Allows the server and client to
authenticate each other
• Negotiate encryption, MAC
(Message Authentication Code)
algorithm and cryptographic
keys
• Used before any application
data are transmitted
26
Network Security
4.4.1 Secure Sockets Layer
Security-Enhanced Application Protocols
• Solution to most application layer security problems are tackled by developing
security-enhanced application protocols
• Examples
– For FTP - FTPS
– For HTTP - HTTPS
– For SMTP - SMTPS
– For DNS - DNSSEC
27
Network Security
4.4.2 Secure Electronic Transaction (SET)
E-commerce (Electronic Payment)
• Payment involves a customer, a merchant, and often banks
• How does the customer ensure that the merchant gets paid?
• Payment systems can be organized based on cash (Fig. a), check (Fig. b), and
credit card (Fig. c)
28
Network Security
4.5 Application Layer Security
DNS Spoofing
• If the attacker has access to a name server it can modify it so that it gives false
information
e.g., redirecting www.ebay.com to map to own (attacker’s) IP address
• The cache of a DNS name server can be poisoned with false information
using some simple techniques
Web Browsers as Threats
• We obtain most of our browsers on-line
• Potential problems that can come from malicious code within the browser
– Inform the attacker of the activities of the user
– Inform the attacker of passwords typed in by the user
– Downgrade browser security (e.g., reduce key length used in SSL)
29
Network Security
SET - Secure Electronic Transaction
• Helper applications are used by browsers
– A helper application is an external viewer program to display content retrieved using a web
browser. Some examples include JPEGview, Windows Media Player, QuickTime Player, Real
Player and Adobe Reader
– The helpers can have Trojan horse code
– Downloaded data can exploit vulnerabilities of helpers
Mobile Code: Java applets and ActiveX controls
• Migrating code is an interesting feature
• However, there is a risk of malicious use of resources of the machine that is
running the code
• Normally run within a controlled environment and access to local resources is
strictly controlled by a security manager
• However, an Applet may escape from the controlled environment due to some
bugs in the implementation of the Java Virtual Machine, for example Cookies and
30
Server Side Risks
Network Security
SET - Secure Electronic Transaction
Cookies
• Cookies are set by web servers and stored by web browsers
• A cookie set by a server is sent back to the server when the browser visits the
server again
• Cookies can be used to track what sites the user visits (can lead to serious
privacy violation!)
Server Side Risks
• Interactive web sites are based on forms and scripts
• By writing malicious scripts, the client can
– Crash the server (e.g., buffer overflow)
– Gain control over the server
31
Network Security
4.6 E-mail Security
• E-mails transit through various servers before reaching their
destinations
• By default, they are visible by anybody who has access to the
servers
• SMTP protocol has security holes and operational limitations
• E-mail security can be improved using tools and protocols like
PGP and S/MIME
– PGP: Pretty Good Privacy
– S/MIME: Secure Multi-Purpose Internet Mail Extension
32
Network Security
4.6 E-mail Security
PGP
• Philip R. Zimmerman is the creator of PGP
• PGP is an open-source, freely available software package for e-mail security
• There are several software implementations available as freeware for most
desktop operating systems
• PGP provides confidentiality and authentication services that can be used for
e-mail and file storage applications
• It provides authentication through the use of digital signature, confidentiality
through the use of symmetric encryption, compression using the ZIP
algorithm, and e-mail compatibility using the radix-64 (Base 64) encoding
scheme
• PGP incorporates tools for developing a public-key trust model and public-key
certificate management 33
Network Security
4.6 E-mail Security
SMTP
• SMTP Limitations - Can not transmit, or has a problem with
– Executable files, or other binary files (e.g., JPEG image) “national
language” characters (non-ASCII)
– Messages over a certain size
– ASCII to EBCDIC translation problems
– Lines longer than a certain length (72 to 254 characters)
• Multipurpose Internet Mail Extension (MIME) is intended to
address some of the problems and limitations of the use of SMTP
34
Network Security
4.6 E-mail Security
S/MIME Functions
• S/MIME is an Internet standard approach to e-mail security that
incorporates the same functionality as PGP
• Enveloped Data: Encrypted content and encrypted session keys for
recipients
• Signed Data: Message Digest encrypted with private key of
“signer”
• Clear-Signed Data: Signed but not encrypted
• Signed and Enveloped Data: Various orderings for encrypting and
signing
35
Thank you !
36