Computer Networks & Security 2014/2015

Transcription

1 Computer Networks & Security 2014/2015 Introduction (01) Security and Embedded Networked Systems

2 What is a network? An interconnected configuration of system components designed to communicate and share A connected system of things or people e.g. a network of gossip or spies Slide 2

3 What is a computer network? Physically: An infrastructure interconnecting end-devices End-devices PC s, game consoles, smart TV s, smart phones Network Interface Cards (NIC) and OS are included Infrastructure Communication links (e.g. fiber cable, radio) Packet switches (e.g. routers, link layer switches) Logically: A facility providing information exchange between applications that are not sharing memory. Slide 3

4 What is the Internet? Physically: A public network of computer networks millions of end-devices, networks Logically: A network infrastructure that provides services to (globally) distributed applications e.g. , world-wide web (www), instant messaging, online games, VoIP, smart TV apps, smart home apps etc. Mobile network Global ISP Home network Regional ISP Institutional network Slide 4

5 Number of Internet hosts estimated by pinging a sample of all possible host addresses > 1 billion hosts (pc s, smart phones, tablets etc) as of Jan 2015!!! (only 500 hosts in 1983) Metcalfe s Law (Ethernet co-inventor): The value, usefulness, or utility of a network equals the square of the number of users (or connected devices). Slide 5

6 CISCO report on the Internet of Things (IoT) Today, there are more devices connected to the Internet than there are humans on the planet. Over 12.5 billion devices in 2010! 25 billion devices by 2015! 50 billion devices by 2020! by CISCO Slide 6

7 Network structure network edge access networks network core Slide 7

8 Network edge End systems (hosts): run applications at edge of network e.g. worldwide web, client/server model client host requests, receives service from always-on server, e.g. Web browser/server; client/server peer-to-peer model: minimal (or no) use of dedicated servers, e.g. Skype, BitTorrent peer-peer client/server Slide 8

9 Access networks An access network connects end devices to a router. mobile, wireless access networks, wired access networks for residential, institutional areas etc. Slide 9

10 Network core Interconnected routers Fundamental question: How is data transferred from edge to edge? circuit switching packet-switching Slide 10

11 Circuit switching Provides: dedicated circuit per call/session resources dedicated for the call (no sharing) e.g. link bandwidth, switch capacity circuit-like (guaranteed) performance call setup needed resources not used by call are idle How to create such circuits? Network logically divided into pieces Slide 11

12 Circuit switching examples: FDM and TDM FDM: Frequency Division Multiplexing frequency Example: 4 users TDM: Time Division Multiplexing time frequency time Slide 12

13 Packet switching Each end-to-end data stream divided into packets packets share network resources each packet uses full link bandwidth prevents idle time resources used as needed (no reservations) Bandwidth division into pieces Dedicated allocation Resource reservation Result: Resource contention bandwidth demand can exceed amount available (congestion): too many packets store and forward behavior: packets move one hop at a time Node receives complete packet before forwarding Slide 13

14 Packet switching: Statistical multiplexing Sequence of A & B packets does not have a fixed pattern, bandwidth shared on demand statistical multiplexing. A 100 Mb/s Ethernet statistical multiplexing C B queue of packets waiting for output link 1.5 Mb/s D E Slide 14

15 Packet switching: Store-and-forward takes L/R seconds to transmit (push out) packet of L bits on to link at R bps store and forward: entire packet must arrive at router before it can be transmitted on next link delay = 3L/R (assuming zero propagation delay) L R R R Example: L = 7.5 Mbits R = 1.5 Mbps transmission delay = 15 sec more on delay shortly Slide 15

16 Packet switching vs. circuit switching Packet switching allows more users to use the network! Example: 1 Mb/s link Each user: 100 kb/s when active active 10% of time HOW MANY users can be supported? N users 1 Mbps link Slide 16

17 Packet switching vs. circuit switching Packet switching allows more users to use the network! Example: 1 Mb/s link Each user: 100 kb/s when active active 10% of time circuit-switching: 10 users packet switching: with 35 users, probability > 10 active at same time is less than.0004 N users 1 Mbps link Exercise: How did we get value ? Slide 17

18 Internet structure: Network of networks roughly hierarchical at center: tier-1 ISPs (e.g., Verizon, Sprint, AT&T), national/ international coverage treat each other as equals Tier-1 providers interconnect (peer) privately Tier 1 ISP Tier 1 ISP Tier 1 ISP Slide 18

19 Internet structure: Network of networks Tier-2 ISPs: smaller (often regional) ISPs Connect to one or more tier-1 ISPs, possibly other tier-2 ISPs Tier-2 ISP pays tier-1 ISP for connectivity to the rest of the Internet Tier-2 ISP Tier 1 ISP Tier-2 ISP Tier-2 ISPs also peer privately with each other. Tier-2 ISP is customer of tier-1 provider Tier 1 ISP Tier 1 ISP Tier-2 ISP Tier-2 ISP Tier-2 ISP Slide 19

20 Internet structure: Network of networks Tier-3 ISPs and local ISPs last hop ( access ) network (closest to end systems) Local and tier- 3 ISPs are customers of higher tier ISPs connecting them to the rest of the Internet local ISP Tier 3 ISP Tier-2 ISP local ISP Tier 1 ISP local ISP Tier-2 ISP local ISP local ISP Tier 1 ISP Tier-2 ISP local ISP Tier 1 ISP Tier-2 ISP local ISP Tier-2 ISP local ISP Slide 20

21 Internet structure: Network of networks A packet passes through many networks! local ISP Tier 3 ISP Tier-2 ISP local ISP local ISP Tier-2 ISP local ISP Tier 1 ISP local ISP Tier 1 ISP Tier-2 ISP local ISP Tier 1 ISP Tier-2 ISP local ISP Tier-2 ISP local ISP Slide 21

22 Networks under attack: A day s worth of security news (14/4/15 Meeste Brabanders geven geen toestemming voor inzage EPD Directeur Tor Project vertrekt naar internetbedrijf Europese campagne om netneutraliteit te beschermen VS waarschuwt voor verkeerd geconfigureerde DNS-servers Franse tv-zender TV5 gehackt via besmette s Onderzoek: 23% gebruikers opent phishingmails RTF meest gebruikte bestandstype bij gerichte aanvallen Zero day-lek in Adobe Flash Player gepatcht Criminelen stelen bijna 1 miljoen dollar via Android-malware Malafide Hugo Boss-advertentie verspreidt ransomware Overheden kunnen broncode Microsoft in Brussel testen Microsoft schakelt SSL 3.0 in Internet Explorer 11 uit Microsoft waarschuwt voor einde SQL Server 2005 Windows Server 2003 populair bij Nederlandse bedrijven Paspoortscanners op vliegveld Brussel zouden defect zijn Security goals: PRIVACY AVAILABILITY Security threats: CONFIG FLAWS, HACKING, PHISHING, MALWARE Security Mechanisms HTTPS ( SSL/TLS ), AUTHENTICATON MAINTANCE Slide 22

23 Security on the network Goals, threats & countermeasures Confidentiality EHR Privacy Integrity Availability Slide 23

24 Most common attributes: C-I-A Confidentiality Keep your secret data / message /... hidden from those who are not supposed to see it. Integrity Your data / message /... has not been altered by those who are not supposed to change it. Availability Your data / messages / resources can be used by those who are supposed to use (read/change/...) it. Others; authenticity, non-repudiation, etc. Slide 24

25 Privacy Online Peter Steiner 1993 Nik Scott 2008 Slide 25

26 Security in context Policies, Models & Attackers Security policy; what the system should achieve what is allowed in which context, (+ how to enforce, etc.) level of abstraction varies; `need to know vs `drwxr-xr-x security model in which to express & interpret policies; for example relations on Users - Objects - Permissions - Groups. Attacker Model Attacker capabilities & goals; these impact security https connection is `secure if attacker is eavesdropper, not if attacker is the web site or its administrator. Slide 26

27 A chain is as strong as its weakest link Need to address Security for whole system & context from the start; adding on later does not work Looking at single aspect is looking at single link system design (no HTTPS support for website) implementation (Heartbleed bug in OpenSSL) strength of mechanism (old SSL instead of TLS) system usage (user does not check for HTTPS) attacker model (website or its admin as attacker) Slide 27

28 Implementation flaws Basic idea buffer overflow call routine CheckPin routine CheckPin { char pin[ 4 ]; pin <= userinput; User enters: 1234<AddressY>... Put return address on stack: <addressx> (return address) Local variables on stack:???? (four empty bytes) <addressx> (return address) User input copied to stack (user entry) <addressy> (return address) } return; Remove local vars, return to: <addressy> Slide 28

29 CCWAPSS: Security Scoring Criteria Checklist 1. Authentication 2. Authorization 3. Input check 4. Error handling 5. Password Quality 6. Privacy 7. Sessions 8. Patching 9. Admin access 10. Encryption 11. Third parties 8.3/10 (source: ccwapss 1.1 whitepaper) 29 Slide 29

30 Security Engineering & Trade-offs Techniques to address specific threats cryptography, authentication, access control, etc. each imposes trade-offs; availability vs confidentiality, integrity vs cost, etc. no `absolute security but: find right trade-offs Combine into comprehensive security architecture: identify requirements, risks & threats, select trade-offs and combine techniques Slide 30

31 Requirements Elicitation External but also Internal (the Actors) Liu et al. 2003] Security and Privacy Requirements Analysis within a Social Setting. Slide 31

32 Conclusions Computer networks (also the Internet) are well-structured. network edge, access networks, network core The Internet adds sub-structure to this: ISP hierarchy Security is not an `add-on feature Needs to be taken into account from the start Requires looking at the `complete picture Consider whole system & context not just isolated parts Try to place treated security techniques in context What is their role in a security architecture What goals can they achieve What trade-offs need to be made Slide 32