Network Security. Outline of the Tutorial

Transcription

1 Network Security Dr. Indranil Sen Gupta Head, School of Information Technology Professor, Computer Science & Engg. Indian Institute of Technology Kharagpur 1 Outline of the Tutorial Security attacks and services Cryptography: basic concepts Private key cryptography Public key cryptography Network security principles in use Penetration testing and ethical hacking 2 1

2 Security Attacks and Services 3 Security Attacks Any action that compromises the security of information. Four types of attack: 1. Interruption 2. Interception 3. Modification 4. Fabrication Basic model: S Source D Destination 4 2

3 Interruption: Attack on availability S D Interception: Attack on confidentiality S D I 5 Modification: Attack on integrity S I D Fabrication: Attack on authenticity S D I 6 3

4 Passive and Active Attacks Passive attacks Obtain information that is being transmitted (eavesdropping). Two types: Release of message contents:- It may be desirable to prevent the opponent from learning the contents of the transmission. Traffic analysis:- The opponent can determine the location and identity of communicating hosts, and observe the frequency and length of messages being exchanged. Very difficult to detect. 7 Active attacks Involve some modification of the data stream or the creation of a false stream. Four categories: Masquerade:- One entity pretends to be a different entity. Replay:- Passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect. Modification:- Some portion of a legitimate message is altered. Denial of service:- Prevents the normal use of communication facilities. 8 4

5 Security Services Confidentiality Authentication Integrity Non-repudiation Access control Availability Denial of Service Attacks Virus that deletes files 9 Network Access Security Model 10 5

6 Cryptography: Basic Concepts 11 Introduction Most important concept behind network security is encryption. Two forms of encryption are in common use: Private (or Symmetric) Single key shared by sender and receiver. Examples: DES, AES, IDEA Public-key (or Asymmetric) Separate keys for sender and receiver. Examples: RSA, Diffie-Hellman 12 6

7 Some Terminologies Plaintext: the data that is to be encrypted Ciphertext: the encrypted form of the data Encryption/Decryption algorithm the algorithm used to carry out the transformation. Key Usually a secret entity. Used as parameter to the encryption/decryption algorithm. 13 Private Key Cryptography 14 7

8 Simplified Model of Conventional Encryption Shared Key K Shared Key K Plaintext P Encryption Algorithm Ciphertext C Decryption Algorithm Plaintext P 15 Classical Techniques Broadly falls under two categories: 1. Substitution ciphers Each letter of group of letters of the plaintext are replaced by some other letter or group of letters, to obtain the ciphertext. 2. Transposition ciphers Letters of the plaintext are permuted in some form. 16 8

9 Substitution Ciphers 1. Caesar Cipher Earliest known substitution cipher. Replace each letter of the alphabet with the letter three places after that alphabet. Alphabets are assumed to be wrapped around ( Z is followed by A, etc.). P: H A P P Y N E W Y E A R C: K D S S B Q H Z B H D U 17 We can generalize the idea by replacing each letter by the k th following letter. If we assign a number to each letter (A=1, B=2, etc), then C = E (P) = (P + k 1) % P = D (C) = (C k + 25) % Drawback: Brute force attack is easy Try out all the 25 possible keys 18 9

10 2. Mono-alphabetic Cipher Allow any arbitrary substitution. There can be 26! or 4x10 26 possible keys. A typical key may be: (ZAQWSXCDERFVBGTYHNMJUIKLOP) Drawback: We can make guesses by observing the relative frequency of letters in the text. Compare it with standard frequency distribution charts in English (say). Also look at the frequency of digrams and trigrams, for which tables are also available. Easy to break in general Poly-alphabetic Cipher Use different mono-alphabetic substitutions as we proceed through the plaintext message. Vigenere cipher is the best known cipher of this class. Consists of 26 Caesar ciphers, with shifts of 0 to 25. Each cipher is denoted by a key letter, which is the ciphertext letter that substitutes for the plaintext letter a. To encrypt a message, a key is needed that is as long as the message (usually, a repeating keyword). Decryption is just the reverse

11 Drawback: Key and the plaintext share the same frequency distribution of letters. The best thing would have been to use a keyword which is as large as the plaintext, and has no statistical relationship to it. 21 Transposition Cipher Many techniques were proposed under this category. A simple scheme: Write out the plaintext in a rectangle, row by row, and read the message column by column, by permuting the order of the columns. Order of the column becomes the key

12 An example P: we have enjoyed the workshop in jadavpur Key: w e h a v e e n j o y e d t h e w o r k s h o p i n j a d a v p u r - C: howpv ayoip ejeoa wnhhd vernu edkjr etsa- 23 Drawback: The ciphertext has the same letter frequency as the original plaintext. Guessing the number of columns and some probable words in the plaintext holds the key

13 Some Important Issues Security of the scheme Depends entirely on the secrecy of the key. Does not depend on the secrecy of the algorithm. (Has to be public for criticism!) So, the assumptions that we make: Algorithms for encryption/decryption are known to the public. Keys used are kept secret. 25 What is meant by Security lies in the Keys Key Size (bits) Number of Alternative Keys 2 32 = 4.3 x = 7.2 x = 3.4 x = 3.7 x Time required at 10 6 decryptions / µs 2.15 milliseconds 10 hours 5.4 x years 5.9 x years 26 13

14 Practical Encryption Algorithms Data Encryption Standard (DES) Block size is 64 bits. Key is 56 bits. IDEA Block size is 64 bits. Key size is 128 bits. Advanced Encryption Standard (AES) Also known as Rijndael cryptosystem. Block size can be 128, 192, or 256 bits. Key size can be 128, 192, or 256 bits. 27 Block Encryption Algorithms Data Encryption Standard (DES) The most widely used encryption scheme. Known as the Data Encryption Algorithm (DEA). It is a block cipher. The plaintext is 64-bits in length. The key is 56-bits in length. Longer plaintexts are processed in 64-bit blocks

15 P (64-bit) K (56-bit) Initial Permutation Permuted Choice 1 Round 1 K 1 Permuted Choice 2 Left circular shift Round 2 K 2 Permuted Choice 2 Left circular shift Round 16 K 16 Permuted Choice 2 Left circular shift 32-bit Swap Reverse Inverse Permutation C (64-bit) General Schematic of DES Algorithm 29 Single Iteration of DES Algorithm 30 15

16 DES The overall processing at each iteration: L i = R i-1 R i = L i-1 F(R i-1, K i ) Fiestel Structure Concerns about: The algorithm and the key length (56-bits) Longer key lengths essential for critical applications 31 Problems with DES 56-bit key size considered to be too small for providing acceptable level of security for most applications. Broken by various cryptanalysis groups

17 Hence, Triple DES! Use three keys and three executions of the DES algorithm (encrypt-decryptencrypt). C = E K3 [D K2 [E K1 [P]]] C = ciphertext P = Plaintext E K [X] = encryption of X using key K D K [Y] = decryption of Y using key K Effective key length of 168 bits. 33 Triple DES: Illustration K 1 K 2 K 3 P E D E X Y C K 3 K 2 K 1 C D E D Y X P 34 17

18 Some Points to Observe Key distribution problem of secret key systems: Establish key before communication. Need n(n-1)/2 keys with n different parties. A B E C D 35 Key Distribution Two parties A and B trying to communicate. A key could be selected by A and physically delivered to B. A third party could select the key and physically deliver it to both A and B. If A and B have previously used a key, one party could transmit the new key to the other, encrypted using the old key. If A and B each have an encrypted connection to a third party C, C could deliver a key on the encrypted links to A and B

19 Key Distribution (contd.) Session key: Data encrypted with a one-time session key. At the conclusion of the session the key is destroyed Permanent key: Used between entities for the purpose of distributing session keys. 37 Public Key Cryptography 38 19

20 Basic Concept Uses two keys for every simplex logical communication link. a) Public key b) Private key Every communication node will have a pair of keys. For n number of nodes, total number of keys required is 2n. 39 Encryption using Public Key System B s public key KU B B s private key KR B Plaintext P Encryption Algorithm Ciphertext C Decryption Algorithm Plaintext P A B 40 20

21 Authentication using Public Key System A s private key KR A A s public key KU A Plaintext P Encryption Algorithm Ciphertext C Decryption Algorithm Plaintext P A B 41 Applications Three categories: a) Encryption/decryption: The sender encrypts a message with the recipient s public key. b) Digital signature / authentication: The sender signs a message with its private key. c) Key exchange: Two sides cooperate to exhange a session key

22 Requirements Computationally easy for a party B to generate a key pair Public key KU B Private key KR B Easy for sender to generate ciphertext: C = E (M, KU B ) Easy for the receiver to decrypt ciphertext using private key: M = D (C, KR B ) = D (E (M, KU B ), KR B ) 43 Computationally infeasible to determine KR B knowing KU B. Computationally infeasible to recover message M, knowing KU B and ciphertext C. Either of the two keys can be used for encryption, with the other used for decryption: M = D (E (M, KU B ), KR B ) = D (E (M, KR B ), KU B ) 44 22

23 The RSA Public Key Algorithm RSA Algorithm Developed by Ron Rivest, Adi Shamir and Len Adleman at MIT, in A block cipher. The most widely implemented. 45 The RSA Algorithm Key Generation 1. Select p,q p and q both prime 2. Calculate n = p x q 3. Calculate Φ( n) = ( p 1)( q 1) 4. Select integer e gcd( Φ( n), e) = 1;1 < e < Φ( n) 1 5. Calculate d d = e mod Φ( n) 6. Public Key KU = {e,n} 7. Private key KR = {d,n} φ(n) is the number of positive numbers less than n and relatively prime to n (called Euler totient)

24 The RSA Algorithm - Encryption Plaintext: M < n Ciphertext: C = M e (mod n) 47 The RSA Algorithm - Decryption Ciphertext: C Plaintext: M = C d (mod n) 48 24

25 Example Select two prime numbers, p=7 and q=17. Calculate n = pq = 7 17 = 119. Calculate φ(n) = (p-1)(q-1) = 96. Select e such that e is relatively prime to φ(n)=96, and less than φ(n). In this case, e=5. Determine d such that de = 1 (mod 96) and d<96. d=77, because 77 5 = 385 = Public key KU = {5,119} Private key KR = {77,119} 49 Example (contd.) 50 25

26 The Security of RSA RSA is secure since We use large number of bits in e and d. The problem of factoring n into two prime factors is computationally very difficult. Knowing p and q will allow us to know Φ(n). This will help an intruder to know the values of e and d. Until recently, this was felt to be infeasible for numbers in the range of 100 decimal digits or so (approximately 300 bits). A worldwide team cooperating over the internet and using 1600 computers recently cracked the code in eight months. Currently, a 1024-bit key size (about 300 decimal digits) is considered strong enough for virtually all applications. Key sizes in the range of 1024 to 2048 bits seems safe. 51 Private and Public Key Systems: a Comparison Symmetric encryption/decryption is much faster than asymmetric encryption/ decryption: RSA: kilobits/second DES: megabits/second DES is about 100 times faster than RSA 52 26

27 Network Security Principles in Use 53 Authentication Application:: KERBEROS Users wish to access services on servers. Three threats exist: User pretend to be another user. User alter the network address of a computer. User eavesdrop on exchanges and use a replay attack

28 Provides a centralized authentication server (AS) to authenticate users to servers and servers to users. Relies on conventional encryption. Makes no use of public-key encryption. Two versions: version 4 and 5. Version 4 makes use of DES

29 Electronic Mail Security:: Pretty Good Privacy (PGP) PGP provides a confidentiality and authentication service that can be used for electronic mail and file storage applications. Why popular? It is availiable free on a variety of platforms. Based on well known algorithms. Wide range of applicability 57 Summary of PGP services: Function Digital Signature Message Encryption Compression Compatibility Algorithm Used DSS/SHA or RSA/SHA CAST or IDEA or 3- key Triple DES with Diffie-Hellman or RSA ZIP Radix-64 Conversion 58 29

30 PGP Cryptographic Functions 59 Secure Socket Layer (SSL) SSL was first used by Netscape. To ensure security of data sent through HTTP, LDAP or POP3. Uses TCP to provide reliable end-to-end secure service. In general, SSL can be used for secure data transfer for any network service running over TCP/IP

31 HTTP LDAP POP3 Application Layer SSL TCP/IP Network Layer 61 The main objectives of SSL are: Authenticate the client and server to each other. Ensure data integrity. Ensure data privacy. Required for both the protocol data and also the application data

32 SSL Architecture SSL consists of two layers of protocols: SSL Record Protocol Ensures data security and integrity. Protocols required to establish SSL connection. Three protocols used in this layer: SSL Handshake Protocol SSL ChangeCipherSpec Protocol SSL Alert Protocol 63 SSL Handshake Protocol SSL ChangeCipherSpec Protocol SSL Alert Protocol Application Protocol (HTTP, etc.) SSL Record Protocol TCP IP 64 32

33 SSL Record Protocol Mainly responsible for data encryption and integrity. Basic function: Take an application message to be sent. Fragment the application message data. 16 Kbytes or smaller. Encapsulate it with appropriate headers and create an object called a record. Encrypt the record and forward it to TCP. 65 Application Data Fragments Compressed data Add MAC MAC Encrypt data TCP packet H H: SSL record header 66 33

34 The Higher Layer Protocols SSL Alert Protocol Used to send session messages associated with data exchange and functioning of the protocol. Each message consists of two bytes: First byte is either 1 (warning) or 2 (fatal). If fatal, the SSL session is terminated. Second byte contains one of the defined error codes. 67 SSL ChangeCipherSpec Protocol Consists of a single message that carries the value of 1. Purpose of this message is to cause the pending session state to be established as a fixed state. Define the set of protocols to be used. Must be sent from client to server, and vice versa

35 SSL Handshake Protocol Used to initiate a session between the server and the client. Within the application data, algorithms and keys used for data encryption can be negotiated. Provides mutual authentication. Process of negotiation divided into four phases. 69 Client sends to the server SSL version Random (used to protect key exchange) Session ID CipherSuite Server sends back SSL version Random (a different number is generated) Session ID CipherSuite 70 35

36 Transport Layer Security (TLS) Extension of SSL. Aim is to provide security and data integrity features at the transport layer between two web applications. Supported my most web servers and browsers today. 71 Secure Shell (SSH) Originally developed in As a secure replacement for telnet, rlogin, rcp, etc. Allows port forwarding (tunneling over SSH) Built-in support for proxies/firewalls. Widely used nowadays

37 In SSHv1 protocol, the server uses two keys: Long-term server identification key. Binds the connection to the server bit RSA. Short-term encryption key, changed every hour. Makes later recovery impossible. Short-term keys are regenerated as a background task. 768 bit RSA. 73 Multiple authentication mechanisms Straight passwords (protected by SSH encryption). RSA based authentication. Client decrypts a challenge from the server; returns the hash to the server. Plug-in mechanisms (biometrics, smartcard, etc.)

38 IP Security (IPSec) Security built into the IP layer. Provides host-to-host (or firewall-to-firewall) encryption and authentication. Required for IPv6, but optional for IPv4. Consists of two parts: IPSec proper (for encryption and authentication). IPSec key management. 75 IPSec Provides two modes of protection Tunnel Mode Transport Mode Authentication and Integrity Confidentiality Replay Protection 76 38

39 Protection in Tunnel Mode Encapsulates the entire IP packet within IPSec protection. Tunnels can be created between several different node types: Firewall to firewall Host to firewall Host to host 77 Protection in Transport Mode Encapsulates only the transport layer information within IPSec protection. Can only be created between host nodes. Authentication and Integrity Verifies the origin of data. Assures that data sent is the data received. Assures that the network headers have not changed since the data was sent

40 Confidentiality Encrypts data to protect against eavesdropping. Can hide data source when encryption is used over a tunnel. Replay Prevention Causes transmitted packets to be dropped. 79 Problems with IPSec Excessively complex and difficult to use. Does now allow use of NAT. Routers need to be made IPSec aware

41 Secure HTTP (S-HTTP) An extension to the HTTP protocol to support sending data securely over the web. Difference from SSL: SSL is designed to establish a secure connection between two hosts. s-http is designed to send individual messages securely. 81 Some Features: Provides a variety of security mechanisms to HTTP clients and servers. Does not require client-side public certificates (or public keys), as it supports symmetric key-only operation modes. Provides full flexibility of cryptographic algorithms. s-http and HTTPS are not the same. HTTPS is an alternative to s-http. HTTP runs on top of SSL or TSL

42 Penetration Testing and Ethical Hacking 83 What is a Penetration Test? A process of actively evaluating the information security measures in an organization. Most common procedure: The security measures are actively analyzed for design weaknesses, technical flaws and vulnerabilities. Results are delivered in a comprehensive report

43 Ethical Hacking. Definition of ethical hacking A situation where a computer and network expert attacks a security system on behalf of its owners, seeking vulnerabilities that a malicious hacker could exploit. To test a security system, ethical hacking uses the same methods as their less principled counterparts (hackers), but report problems instead of taking advantage of them. Also called penetration testing. 85 Why is it Required? There are several reasons why organizations choose to perform a penetration test. To identify the threats facing the information assets of the organization. Reduce the IT security costs by identifying and resolving vulnerabilities and weaknesses. Provide the organization with information assurance. Gain and maintain certification to an industry regulation (BS7789, HIPAA, etc.)

44 Types of Tests 1. External Penetration Testing This is the traditional approach. The testing is focused on servers, infrastructure, and the underlying software (OS, database, etc.). Two broad approaches: Black box testing: performed with no prior knowledge of the infrastructure to be tested. White box testing: performed with full disclosure of the topology and the environment. 87 This basically involves the following: Comprehensive analysis of publicly available information about the target. Identification and analysis of the target hosts. Analysis of the behavior of security devices like screening routers and firewalls. Identification and analysis of the vulnerabilities within the target hosts

45 2. Internal Penetration Testing Follows a methodology similar to external testing. Provides a more complete view of the site security. Testing is typically carried out from a number of network access points, representing each logical and physical segment. Can include DMZ, VPNs, subnets, etc Application Security Assessment To identify and assess threats to the organization through proprietary applications or systems. The application must not expose the underlying servers and software to attack. A malicious user should not be able to access, modify, or destroy data or services within the system. Even in a well-deployed and secured infrastructure, a weak application can expose the organization s assets to risk

46 4. Remote Access Security Assessment This addresses the security risks associated with an increasingly mobile workforce. Working from home Broadband always-on Internet access wireless networking Increased exposure by extending the traditional perimeter of the organization. 91 Some of the Typical Areas Network Security Network surveying Port scanning System identification Services identification Router testing Firewall testing Intrusion detection system testing Trusted systems testing Password cracking Denial of service testing 92 46

47 Wireless Security Wireless networks testing WEP security testing Infrared systems testing Cordless communications testing Other areas include Information Security, Social Engineering, Physical Security, etc. 93 About the Tools to be Used Tools are essential for automating the penetration testing process. Where to find the tools? A number of commercial tools are available. They work by using sets of thousands of pre-defined signatures that can identify vulnerabilities in a system. Signatures need to be updated on a regular basis. Open-source tools that are freely available. Also called hacker tools, and are often made available on hacker web sites

48 May range from very professionally developed and maintained tools, to poorly documented scripts meant to perform specific tasks. Special care must be taken to ensure that the tools themselves do not contain virus or any other malicious contents. Specialist penetration testing providers can develop their own tools. Because available tools are mostly incomplete, and multiple tools need to be used. Many vulnerabilities are not covered by them. 95 Hacker Web SItes Some pointers. there are many many more

49

50

51 References 1. Cryptography and Network Security: Principles and Practice, 2 nd Edition, William Stallings, Prentice Hall, New Jersey, Network Security Essentials: Applications and Standards, William Stallings, Pearson Education Asia, Applied Cryptography, B. Schneier, Wiley, New York, Internet Cryptography, R. Smith, Addison Wesley, MA, Handbook of Applied Cryptography, A.J. Menezes, et al Journals IEEE Transactions on Information Theory Computer Security Communications of the ACM IEEE Communications Magazine Computer Communications Review 7. The Internet