Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Transcription

1 Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 8-1

2 roadmap 1 What is network security? 2 Principles of cryptography 3 Message integrity, authentication 4 Securing 5 Securing TCP connections: SSL 6 Network layer security: Ipsec 7 Securing wireless LANs 8 Operational security: firewalls and IDS 8-2

3 Secure v Alice wants to send confidential , m, to Bob. K S m. K S ( ) K S (m ) K S (m ). K S ( ) m K S +. K B ( ) K+ B + K B (K S ) + - Internet + K B (K S ) K- B K S -. K B ( ) Alice: v generates random symmetric private key, K S v encrypts message with K S (for efficiency) v also encrypts K S with Bob s public key v sends both K S (m) and K B (K S ) to Bob 8-3

4 Secure v Alice wants to send confidential , m, to Bob. K S m. K S ( ) K S (m ) K S (m ). K S ( ) m K S +. K B ( ) K+ B + K B (K S ) + - Internet + K B (K S ) K- B K S -. K B ( ) Bob: v uses his private key to decrypt and recover K S v uses K S to decrypt K S (m) to recover m 8-4

5 Secure (continued) v Alice wants to provide sender authentication, message integrity m K A H( ) KA ( ) - K A (H(m)) - K A (H(m)) K+ A +. K A ( ) H(m ) + - Internet compare m m. H( ) H(m ) v Alice digitally signs message v sends both message (in the clear) and digital signature 8-5

6 Secure (continued) v Alice wants to provide secrecy, sender authentication, message integrity. m m - K A. -. H( ) KA ( ) - K A (H(m)) + K S. K S ( ) +. K B ( ) K+ B Alice uses three keys: her private key, Bob s public key, newly created symmetric key K S + + K B (K S ) Internet 8-6

7 roadmap 1 What is network security? 2 Principles of cryptography 3 Message integrity 4 Securing 5 Securing TCP connections: SSL 6 Network layer security: Ipsec 7 Securing wireless LANs 8 Operational security: firewalls and IDS 8-7

8 SSL: Secure Sockets Layer v widely deployed security protocol supported by almost all browsers, web servers https v mechanisms: [Woo 1994], implementation: Netscape v variation -TLS: transport layer security, RFC 2246 v provides confidentiality integrity authentication v original goals: Web e-commerce transactions encryption (especially credit-card numbers) Web-server authentication optional client authentication minimum hassle in doing business with new merchant v available to all TCP applications 8-8

9 SSL and TCP/IP Application TCP IP normal application Application SSL TCP IP application with SSL v v SSL provides application programming interface (API) to applications C and Java SSL libraries/classes readily available 8-9

10 SSL overview v handshake: Alice and Bob use their certificates, private keys to authenticate each other and exchange shared secret v key derivation: Alice and Bob use shared secret to derive set of keys bad to use same key for more than one cryptographic operation use different keys for message authentication and encryption v data transfer: data to be transferred is broken up into series of records v connection closure: securely close connection 8-10

11 roadmap 1 What is network security? 2 Principles of cryptography 3 Message integrity 4 Securing 5 Securing TCP connections: SSL 6 Network layer security: Ipsec 7 Securing wireless LANs 8 Operational security: firewalls and IDS 8-11

12 What is network-layer confidentiality? between two network entities: v sending entity encrypts datagram payload, payload could be: TCP or UDP segment, ICMP message, OSPF message. v all data sent from one entity to other would be hidden: web pages, , P2P file transfers, TCP SYN packets blanket coverage 8-12

13 Virtual Private Networks (VPNs) motivation: v institutions often want private networks for security. costly: separate routers, links, DNS infrastructure. v VPN: institution s inter-office traffic is sent over public Internet instead encrypted before entering public Internet logically separate from other traffic 8-13

14 Virtual Private Networks (VPNs) public Internet IP header IPsec header Secure payload laptop w/ IPsec Secure payload IPsec header salesperson in hotel IP header router w/ IPv4 and IPsec router w/ IPv4 and IPsec headquarters branch office 8-14

15 IPsec services v data integrity v origin authentication v replay attack prevention v confidentiality v two protocols providing different service models: AH ESP 8-15

16 Two IPsec protocols v Authentication Header (AH) protocol provides source authentication & data integrity but not confidentiality v Encapsulation Security Protocol (ESP) provides source authentication, data integrity, and confidentiality more widely used than AH 8-16

17 IPsec transport mode IPsec IPsec v IPsec datagram emitted and received by end-system v Real end-to-end connection mode v Encrypts only IP payload v IP addresses are visible 8-17

18 IPsec tunneling mode IPsec IPsec v edge routers IPsec-aware IPsec IPsec v hosts IPsec-aware v Either gateway-to-gateway mode or end-to-end mode v Encrypts IP header and payload 8-18

19 Four combinations are possible! Host mode with AH Host mode with ESP Tunnel mode with AH Tunnel mode with ESP most common and most important. Why? 8-19

20 Security associations (SAs) v before sending data, security association (SA) established from sending to receiving entity SAs are simplex: for only one direction v ending, receiving entities maintain state information about SA IP is connectionless; IPsec is connection-oriented! v how many SAs in VPN w/ headquarters, branch office, and n traveling salespeople? 8-20

21 Security associations (SAs) v before sending data, security association (SA) established from sending to receiving entity SAs are simplex: for only one direction v ending, receiving entitles maintain state information about SA IP is connectionless; IPsec is connection-oriented! v how many SAs in VPN w/ headquarters, branch office, and n traveling salespeople? Ans. 2+2n (2 between HQ-BO and 2n for each SP) 8-21

22 Example SA from R1 to R2 headquarters Internet branch office /24 R1 security association R /24 R1 stores for SA: v 32-bit SA identifier: Security Parameter Index (SPI) v origin SA interface ( ) v destination SA interface ( ) v type of encryption used (e.g., 3DES with CBC) v encryption key v type of integrity check used, e.g., HMAC (Hash based MAC) v authentication key 8-22

23 Security Association Database (SAD) v endpoint holds SA state in security association database (SAD), where it can locate them during processing. v SAD: data structure in the entity s OS kernel. v with n salespersons, 2 + 2n SAs in R1 s SAD v when sending IPsec datagram, R1 accesses SAD to determine how to process datagram. v when IPsec datagram arrives to R2, R2 examines SPI in IPsec datagram, indexes SAD with SPI, and processes datagram accordingly. 8-23

24 IPsec datagram focus for now on tunnel mode with ESP enchilada authenticated encrypted new IP header ESP hdr original IP hdr Original IP datagram payload ESP trl ESP auth SPI Seq # padding pad length next header 8-24

25 What happens? headquarters Internet branch office /24 R1 security association R /24 enchilada authenticated encrypted new IP header ESP hdr original IP hdr Original IP datagram payload ESP trl ESP auth SPI Seq # padding pad length next header 8-25

26 R1: convert original datagram to IPsec datagram v appends to back of original datagram (which includes original header fields!) an ESP trailer field. v encrypts result using algorithm & key specified by SA. v appends to front of this encrypted quantity the ESP header, creating enchilada. v creates message authentication code (MAC) over the whole enchilada, using algorithm and key specified in SA; v appends MAC to back of enchilada, forming payload; v creates brand new IP header, with all the classic IPv4 header fields, which it appends before payload. 8-26

27 Inside the enchilada: enchilada authenticated encrypted new IP header ESP hdr original IP hdr Original IP datagram payload ESP trl ESP auth SPI Seq # padding pad length next header v ESP trailer: Padding for block ciphers v ESP header: SPI, so receiving entity knows what to do Sequence number, to thwart replay attacks v MAC in ESP auth field is created with shared secret key 8-27

28 roadmap 1 What is network security? 2 Principles of cryptography 3 Message integrity 4 Securing 5 Securing TCP connections: SSL 6 Network layer security: Ipsec 7 Securing wireless LANs 8 Operational security: firewalls and IDS 8-28

29 WEP design goals WEP - Wired Equivalent Privacy v symmetric key crypto confidentiality end host authorization data integrity v each packet separately encrypted given encrypted packet and key, can decrypt; can continue to decrypt packets when preceding packet was lost (unlike Cipher Block Chaining (CBC) in block ciphers) v Efficient implementable in hardware or software 8-29

30 WEP encryption v v v v v v sender calculates Integrity Check Value (ICV) over data four-byte hash/crc for data integrity each side has 104-bit shared key sender creates 24-bit initialization vector (IV), appends to key: gives 128-bit key sender also appends keyid (in 8-bit field) 128-bit key inputted into pseudo random number generator to get keystream data in frame + ICV is encrypted with RC4 (Ron Rivest Cipher): B\bytes of keystream are XORed with bytes of data & ICV IV & keyid are appended to encrypted data to create payload payload inserted into frame encrypted IV Key ID data ICV MAC payload 8-30

31 WEP decryption overview encrypted IV Key ID data ICV MAC payload v receiver extracts IV v inputs IV, shared secret key into pseudo random generator, gets keystream v XORs keystream with encrypted data to decrypt data + ICV v verifies integrity of data with ICV 8-31

32 roadmap 1 What is network security? 2 Principles of cryptography 3 Message integrity 4 Securing 5 Securing TCP connections: SSL 6 Network layer security: Ipsec 7 Securing wireless LANs 8 Operational security: firewalls and IDS 8-32

33 Firewalls firewall isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others administered network trusted good guys firewall public Internet untrusted bad guys 8-33

34 Firewalls: why prevent denial of service attacks: v SYN flooding: attacker establishes many bogus TCP connections, no resources left for real connections prevent illegal modification/access of internal data v e.g., attacker replaces homepage with something else allow only authorized access to inside network v set of authenticated users/hosts three types of firewalls: v stateless packet filters v stateful packet filters v application gateways 8-34

35 Stateless packet filtering Should arriving packet be allowed in? Departing packet let out? v internal network connected to Internet via router firewall v router filters packet-by-packet, decision to forward/drop packet based on: source IP address, destination IP address TCP/UDP source and destination port numbers ICMP message type TCP SYN and ACK bits 8-35

36 Stateless packet filtering: example v example 1: block incoming and outgoing datagrams with IP protocol field = 17 and with either source or dest port = 23 result: all incoming, outgoing UDP flows and telnet connections are blocked v example 2: block inbound TCP segments with ACK=0. result: prevents external clients from making TCP connections with internal clients, but allows internal clients to connect to outside. 8-36

37 Stateless packet filtering: more examples Policy No outside Web access. No incoming TCP connections, except those for institution s public Web server only. Prevent Web-radios from eating up the available bandwidth. Prevent your network from being used for a smurf DoS attack. Prevent your network from being tracerouted Firewall Setting Drop all outgoing packets to any IP address, port 80 Drop all incoming TCP SYN packets to any IP except , port 80 Drop all incoming UDP packets - except DNS and router broadcasts. Drop all ICMP packets going to a broadcast address (e.g ). Drop all outgoing ICMP TTL expired traffic 8-37

38 Access Control List v ACL - firewall rules on router: an example of an ACL for an organization /16 (for an interface that connects the router to the organization s external ISPs. ) action source address allow /16 allow outside of /16 allow /16 allow outside of /16 dest address outside of / /16 outside of / /16 protocol source port dest port TCP > flag bit any TCP 80 > 1023 ACK UDP > UDP 53 > deny all all all all all all 8-38

39 Explanation of the Prev ACL v Rules are applied to each datagram that passes through the interface. v The first two rules allow internal users to surf the Web: The first rule allows any TCP packet with destination port 80 to leave the organization s network; the second rule allows any TCP packet with source port 80 and the ACK bit set to enter the organization s network. v Note that if an external source attempts to establish a TCP connection with an internal host, the connection will be blocked, even if the source or destination port is

40 Explanation of the Prev ACL v The second two rules together allow DNS packets to enter and leave the organization s network. v In summary, this rather restrictive access control list blocks all traffic except Web traffic initiated from within the organization and DNS traffic. 8-40

41 Stateful packet filtering v stateless packet filter: admits packets that make no sense, e.g., dest port = 80, ACK bit set, even though no TCP connection established: action source address dest address protocol source port dest port flag bit allow outside of / /16 TCP 80 > 1023 ACK v stateful packet filter: track status of every TCP connection track connection setup (SYN), teardown (FIN): determine whether incoming, outgoing packets makes sense timeout inactive connections at firewall: no longer admit packets 8-41

42 Stateful packet filtering v ACL augmented to indicate need to check connection state table before admitting packet action source address allow /16 allow outside of /16 dest address outside of / /16 proto source port dest port TCP > flag bit any check connection TCP 80 > 1023 ACK x allow /16 outside of /16 UDP > allow outside of / /16 UDP 53 > x deny all all all all all all 8-42

43 Application gateways v filter packets on application data as well as on IP/TCP/UDP fields. host-to-gateway telnet session application gateway router and filter v Application gateway: appspecific server through which all application data (in/out) must pass. gateway-to-remote host telnet session case: allow certain internal users to telnet outside 1. Require telnet users to telnet through application gateway. 2. for authorized users, gateway sets up telnet connection to dest host. Gateway relays data between 2 connections 3. router filter blocks all telnet connections not originating from gateway. 8-43

44 Limitations of firewalls, gateways v IP spoofing: router can t know if data really comes from claimed source v if multiple app s. need special treatment, each has own app. gateway v client software must know how to contact gateway. e.g., must set IP address of proxy in Web browser v filters often use all or nothing policy for UDP v many highly protected sites still suffer from attacks 8-44

45 Intrusion detection systems v packet filtering: operates on TCP/IP headers only no correlation check among sessions v IDS: intrusion detection system deep packet inspection: look at packet contents (e.g., check character strings in packet against database of known virus, attack strings) examine correlation among multiple packets port scanning network mapping DoS attack 8-45

46 Intrusion detection systems v multiple IDSs: different types of checking at different locations high security zone firewall internal network Internet IDS sensors Web server FTP server DNS server demilitarized zone 8-46

47 Network Security (summary) basic techniques... cryptography (symmetric and public) message integrity end-point authentication. used in many different security scenarios secure secure transport (SSL) IP sec operational security: firewalls and IDS 8-47