Chapter 8 Network Security

Transcription

1 8: Network Security 81 and Intranet Protocols and pplications Lecture 7: Security 2 Feb 21, 2006 rthur Goldberg oputer Science Departent New York University artg@csnyuedu ssuing that you ve learned the rest fro the reading, in class we will only cover slides with titles in italics 8: Network Security 82 hapter 8 Network Security note on the use of these ppt slides: We re aking these slides freely available to all (faculty, students, readers) They re in PowerPoint for so you can add, odify, and delete slides (including this one) and slide content to suit your needs They obviously represent a lot of work on our part In return for use, we only ask the following: If you use these slides (eg, in a class) in substantially unaltered for, that you ention their source (after all, we d like people to use our book!) If you post any slides in substantially unaltered for on a www site, that you note that they are adapted fro (or perhaps identical to) our slides, and note our copyright of this aterial Thanks and enjoy! JFK/KWR ll aterial copyright JF Kurose and KW Ross, ll Rights Reserved oputer Networking: Top Down pproach Featuring the, 3 rd edition Ji Kurose, Keith Ross ddisonwesley, July : Network Security 83 RS: another iportant property Trusted Interediaries Key Distribution enter (KD) The following property will be very useful later: K (K ()) = = K (K ()) use key first, followed by private key use private key first, followed by key Result is the sae! Syetric key proble: How do two entities establish shared secret key over network? Solution: trusted key distribution center (KD) acting as interediary between entities Public key proble: When lice obtains ob s key (fro web site, eail, diskette), how does she know it is ob s key, not Trudy s? Solution: trusted certification authority () lice, ob need shared syetric key KD: server shares different secret key with each registered user (any users) lice, ob know own syetric keys, K KD KD, for counicating with KD KD K PKD K KD KD K K PKD KD K XKD K YKD K ZKD KD 8: Network Security 84 8: Network Security 85 8: Network Security 86

2 8: Network Security 87 Key Distribution enter (KD) Q: How does KD allow ob, lice to deterine shared syetric secret key to counicate with each other? lice knows R1 K KD (,) K KD (R1, KD (,R1) ) KD (,R1) KD generates R1 lice and ob counicate: using R1 as session key for shared syetric encryption ob knows to use R1 to counicate with lice ertification uthorities ertification authority (): binds key to particular entity, E E (person, router) registers its key with E provides proof of identity to creates certificate binding E to its key certificate containing E s key digitally signed by says this is E s key certificate ob s digital containing signature ob s key K (encrypt) key, signed by ob s private identifying key K inforation 8: Network Security 88 ertification uthorities When lice wants ob s key: gets ob s certificate (ob or elsewhere) apply s key to ob s certificate, get ob s key digital signature (decrypt) key K ob s key 8: Network Security 89 certificate contains: Serial nuber (unique to issuer) info about certificate owner, including algorith and key value itself (not shown) info about certificate issuer valid dates digital signature by issuer hapter 8 roadap 81 What is network security? 82 Principles of cryptography 83 uthentication 84 Integrity 85 Key Distribution and certification 86 ccess control: firewalls 87 ttacks and counter easures 88 Security in any layers Firewalls firewall isolates organization s internal net fro larger, allowing soe packets to pass, blocking others adinistered network firewall 8: Network Security 810 8: Network Security 811 8: Network Security 812

3 8: Network Security 813 Firewalls: Why prevent denial of service attacks: flooding: attacker establishes any bogus TP connections, no resources left for real connections prevent illegal odification/access of internal data eg, attacker replaces I s hoepage with soething else allow only authorized access to inside network (set of authenticated users/hosts) two types of firewalls: applicationlevel packetfiltering Packet Filtering Should arriving packet be allowed in? Departing packet let out? internal network connected to via router firewall router filters packetbypacket, decision to forward/drop packet based on: source IP address, destination IP address TP/UDP source and destination port nubers IMP essage type TP and K bits 8: Network Security 814 Packet Filtering Exaple 1: block incoing and outgoing datagras with IP protocol field = 17 and with either source or dest port = 23 ll incoing and outgoing UDP flows and telnet connections are blocked Exaple 2: lock inbound TP segents with K=0 Prevents external clients fro aking TP connections with internal clients, but allows internal clients to connect to outside 8: Network Security 815 pplication gateways Filters packets on application data as well as on IP/TP/UDP fields Exaple: allow select internal users to telnet outside hosttogateway telnet session application gateway gatewaytoreote host telnet session router and filter 1 Require all telnet users to telnet through gateway 2 For authorized users, gateway sets up telnet connection to dest host Gateway relays data between 2 connections 3 Router filter blocks all telnet connections not originating fro gateway 8: Network Security 816 Liitations of firewalls and gateways IP spoofing: router can t know if data really coes fro claied source if ultiple app s need special treatent, each has own app gateway client software ust know how to contact gateway eg, ust set IP address of proxy in Web browser filters often use all or nothing policy for UDP tradeoff: degree of counication with outside world, level of security any highly protected sites still suffer fro attacks 8: Network Security 817 hapter 8 roadap 81 What is network security? 82 Principles of cryptography 83 uthentication 84 Integrity 85 Key Distribution and certification 86 ccess control: firewalls 87 ttacks and counter easures 88 Security in any layers 8: Network Security 818

4 8: Network Security 819 Mapping: before attacking: case the joint find out what services are ipleented on network Use ping to deterine what hosts have addresses on network Portscanning: try to establish TP connection to each port in sequence (see what happens) nap ( apper: network exploration and security auditing Mapping: countereasures record traffic entering network look for suspicious activity (IP addresses, ports being scanned sequentially) Packet sniffing: broadcast edia proiscuous NI reads all packets passing by can read all unencrypted data (eg passwords) eg: sniffs s packets ountereasures? 8: Network Security 820 ountereasures? src: dest: payload 8: Network Security 821 Packet sniffing: countereasures all hosts in organization run software that checks periodically if host interface in proiscuous ode one host per segent of broadcast edia (switched Ethernet at hub) IP Spoofing: can generate raw IP packets directly fro application, putting any value into IP source address field receiver can t tell if source is spoofed eg: pretends to be IP Spoofing: ingress filtering routers should not forward outgoing packets with invalid source addresses (eg, datagra source address not in router s network) great, but ingress filtering can not be andated for all networks src: dest: payload 8: Network Security 822 ountereasures? src: dest: payload 8: Network Security 823 src: dest: payload 8: Network Security 824

5 8: Network Security 825 hapter 8 roadap Denial of service (DOS): flood of aliciously generated packets swap receiver Distributed DOS (DDOS): ultiple coordinated sources swap receiver eg, and reote host attack ountereasures? Denial of service (DOS): countereasures filter out flooded packets (eg, ) before reaching host: throw out good with bad traceback to source of floods (ost likely an innocent, coproised achine) 8: Network Security What is network security? 82 Principles of cryptography 83 uthentication 84 Integrity 85 Key Distribution and certification 86 ccess control: firewalls 87 ttacks and counter easures 88 Security in any layers 881 Secure eail 882 Secure sockets 883 IPsec 884 Security in : Network Security 827 Secure eail Secure eail Secure eail (continued) lice wants to send confidential eail,, to ob ( ) ( ) ( ) ( ) lice: generates rando syetric private key, encrypts essage with (for efficiency) also encrypts with ob s key sends both () and ( ) to ob ( ) ( ) ( ) ( ) 8: Network Security 828 lice wants to send confidential eail,, to ob ob: ( ) ( ) ( ) ( ) ( ) ( ) ( ) ( ) uses his private key to decrypt and recover uses to decrypt () to recover 8: Network Security 829 lice wants to provide sender authentication essage integrity K Ā H( ) K ( ) K (H()) K (H()) K ( ) H( ) lice digitally signs essage sends both essage (in the clear) and digital signature K H( ) copare H( ) 8: Network Security 830

6 8: Network Security 831 Secure eail (continued) Pretty good privacy (PGP) Secure sockets layer (SSL) lice wants to provide secrecy, sender authentication, essage integrity K Ā H( ) K (H()) K ( ) ( ) lice uses three keys: her private key, ob s key, newly created syetric key ( ) ( ) eail encryption PGP signed essage: schee, defacto standard EGIN PGP SIGNED MESSGE uses syetric key Hash: SH1 cryptography, key ob:my husband is out of town cryptography, hash tonightpassionately yours, function, and digital lice signature as described EGIN PGP SIGNTURE provides secrecy, sender Version: PGP 50 authentication, integrity harset: noconv inventor, Phil Zieran, yhhjrhhgjghgg/12epjlo8ge4v3qjh FEvZP9t6n7G65Gw2 was target of 3year END PGP SIGNTURE federal investigation transport layer security to any TPbased app using SSL services used between Web browsers, servers for ecoerce (shttp) security services: server authentication data encryption client authentication (optional) server authentication: SSLenabled browser includes keys for trusted s rowser requests server certificate, issued by trusted rowser uses s key to extract server s key fro certificate check your browser s security enu to see its trusted s 8: Network Security 832 8: Network Security 833 SSL (continued) Encrypted SSL session: rowser generates syetric session key, encrypts it with server s key, sends encrypted key to server Using private key, server decrypts session key rowser, server know session key ll data sent into TP socket (by client or server) encrypted with session key SSL: basis of IETF Transport Layer Security (TLS) SSL can be used for nonweb applications, eg, IMP lient authentication can be done with client certificates 8: Network Security 834