Security in Communication Networks Lehrstuhl für Informatik 4 RWTH Aachen Prof. Dr. Otto Spaniol Dr. rer. nat. Dirk Thißen Page 1
Organization Lehrstuhl für Informatik 4 Lecture Lecture takes place on Thursday, 13:15 14:45 Exercises Fortnightly Exercise is given on Monday, 16:45 18:15 Frontal exercise Exact dates depend upon the lecture dates Exercise sheets are provided on the web page two weeks before an exercise date Planned exercise dates: 23.4. 7.5. 4.6. 25.6. 9.7. Page 2
Organization Lehrstuhl für Informatik 4 Slide Copies Copies to the lecture slides as well as exercise sheets are placed on the web page to the lecture: http://www-i4.informatik.rwth-aachen.de/content/teaching/lectures/sub/sikon/sikonss07/index.html Written Exam At the end of summer term Contact Information for questions regarding lecture/exercises Prof. Dr. Otto Spaniol, Dr. Dirk Thißen Lehrstuhl für Informatik 4, RWTH Aachen Ahornstraße 55, 52074 Aachen Phone: 0241 / 80 21400/21450 email: {spaniol, thissen}@informatik.rwth-aachen.de Page 3
Literature Lehrstuhl für Informatik 4 Kaufman, Charlie; Perlman, Radia; Speciner, Mike: Network Security Private Communication in a Public World. Prentice-Hall, 2002 Schneier, Bruce: Applied Cryptography - Protocols, Algorithms, and Source Code in C. John Wiley & Sons, 1996 Mao, Wenbo: Modern Cryptography. Prentice Hall, 2004 Spaniol, Otto; Güneş, Mesut: Skript zur Vorlesung Sicherheit in Kommunikationsnetzen. Mainz-Verlag, 2000 Page 4
Evolution of the Internet Necessity is the mother of invention, and computer networks are the mother of modern cryptography - R. L. Rivest The Story of the Internet: During the latter half of the 1980's ARPANET moved from the research domain into a transcontinental reality In November 1988 the "Internet worm" brought the ARPANET to its knees Since then an almost continuous stream of security-related incidents has affected thousands of computer systems and networks throughout the world (see for more information http://www.cert.org) By 2005, the Internet had grown from 60,000 host computer systems to over 350 million Many companies and private users now rely on the Internet for their daily business and private communication (sharing financial, business, or personal information) Attacks: illegal gain of information, unrecognized change of information, disturbance of the functionality (Confidentiality, Integrity, Availability) Page 5
Attacks on Computer Stand-alone computer system (UNIX operating system): Only legitimate user with physical access to the computer system is able to log in by providing name and password Attacker must have physical access and the login information Networked computer (UNIX operating system): System makes available some basic network services: telnetd: remote terminal access service, provided at port 23 sendmail: electronic mail service, provided at port 25 httpd: WWW, provided at port 80 nsfd: network file service, provided at port 2049 Attacker does not need physical access Attacker can use any TCP/IP service offered by the system Page 6
Attacks on Computer Only an attacker who is able to physically access or connect to a computer system can attack it By adding more network connections, more vulnerabilities are added automatically A networked computer system runs software that is inherently more complex and error prone An attacker must know and be able to exploit just one single bug (administrator or security expert must know and fix each bug) Security Goal: protect networked computers by separating a company network from the Internet (e.g. by a Firewall) Page 7
Attacks on Communication Processes Passive Attack: Passive wiretapping attack: the attacker is able to interpret the data and to extract information Traffic analysis attack: attacker can observe who communicates with whom (e.g. two companies begin to exchange a large number of messages and combines them) Available programs: etherfind, tcpdump,... Active Attack: Modify, extend, delete, and replay data units Influence or modify routing tables Denial of service attack (flood a server) Network Router Alice attacker Page 8
Security in Communication Processes Confidentiality Message contents should be kept confidential; i.e., only the communication partners may see it Sender and/or receiver of messages should remain anonymous, and third parties (including the network operators) should be unable to observe their communication Neither potential communication partners nor third parties (including the network operators) should be able to locate mobile stations Integrity Forging message contents (including sender s address) should be detected The recipient of a message should be able to prove that a particular message has been sent, and if that the addressee has received the message Nobody can cheat the network operators in terms of usage fees. On the other hand, the network operators can only charge fees for correctly delivered services Availability The communication network enables communication between all parties who wish to communicate and who are allowed to do so Page 9
Security Techniques Known techniques for Confidentiality: Data encryption, anonymity techniques Integrity: Data encryption, digital signatures, access control and authentication Availability: Fault-tolerant systems, access control, firewall, intrusion detection Important term: Cryptography Secrecy Steganography: Hide message, e.g. in a picture Encryption: enc_algorithm: (plaintext, key) ciphertext Authentication Identification, entity authentication: Who is currently on the other end of this connection? Message authentication: Who created this message? Digital Signature: Convince a third party about who created this message. Page 10
Requirement: Trusted Domains Nearly no security technique is perfect: you mostly need to trust somebody: Protection against every possible attacker is impossible Before the design of a protection technique it is necessary to identify trusted domains A trusted domain comprises systems or parts of systems (e.g. security module) No attackers are assumed within a trusted domain (restriction of the attacker) A trusted domain is always related to a single user or group of users Trusted Domain Source Untrusted Area Trusted Domain Destination Protection technique Protection technique Page 11
Shared-key Encryption Scheme One-time pad, DES, IDEA etc. Can handle data volumes of several Gigabyte/s, but security is questionable Key sizes of 56-128 bit Key distribution: secret channel needs a key distribution center or public-key scheme random secur. param. Key generator k k Secret Channel Trusted Domain k m or error Decryption algorithm enc(k, m) Encryption algorithm m m = message, k = key Page 12
Shared-key Authentication Scheme Message authentication codes Specific constructions, or based on block ciphers or keyed hash functions Limitation: third party cannot check authenticity random secur. param. m Key generator k Auth. algorithm k Secret Channel Trusted Domain m, auth(k, m) Test ok algorithm or error k m = message, k = key Page 13
Cryptographic Hash Functions Hash Function H: variable length in fixed length out ( 128 bit) One-way: easy to compute infeasible to invert Collision resistant Practical hash functions: SHA, MD5, etc. Cryptographic primitive H: collision-resistant one-way hash-function fixed H: H(x) simulates a random oracle easy variable H: Keyed hash functions, family of hash functions H infeasible Page 14
Public-key Encryption Scheme RSA, Diffie-Hellman/El Gamal About 10 times slower than symmetric schemes Key size of 512-2048 bit for RSA Typically used to exchange a shared key for a symmetric scheme random secur. param. m or error Trusted Domain Key generator sk Decryption algorithm pk Authenticated Channel enc(pk, m) Trusted Domain pk Encryption algorithm m m = message, sk = secret key, pk = public key Page 15
Digital Signature Scheme Digital Signature: A hash value (collision-resistant) of a message is encrypted with the secret key of a public-key encryption scheme. RSA, El Gamal, etc. Asymmetry allows third party to check authenticity (since public key is known to all). random secur. param. m Trusted Domain Key generator sk Signature algorithm pk Authenticated Channel m, sign(sk, H(m)) Trusted Domain pk Test algorithm ok or error m = message, sk = secret key, pk = public key, H = hash function Page 16
Access Control Lehrstuhl für Informatik 4 In general: authentication refers to the process of verifying the claimed identity of a principal User Computer Knows (proof of knowledge) Possesses (proof of possession) Biometric characteristics (proof by property) User System (via network) Password-Based (Name A, Password B) Address-Based (Name A, Address B) Cryptographic: Name: A Challenge: X Response: Y=f(X) Page 17
Security in Layered Protocols There are always alternative ways to provide a (security) service Higher layers are more application dependent and technology independent End-to-end security is easier provided at higher layers; link (point-to-point) security at lower layers Higher layers are more likely implemented in software; lower layers in hardware Higher layer encryption cannot protect lower layer headers; lower layer encryption may have to trust intermediate nodes Security services may need to be provided at more than one layer Application PGP, PEM,... Application Transport SSH, SSL,... Transport IP AH, ESP IP PGP = Pretty Good Privacy, PEM = Privacy Enhanced Mail, SSH = Secure Shell, SSL= Secure Socket Layer, AH = Authentication Header, ESP = Encapsulating Security Payload Page 18
Anonymity Lehrstuhl für Informatik 4 Multi-party protocol: collectively use of cryptographic protocols The sender and/or the recipient of a communication can remain anonymous Nobody (not even the network operator) can trace communication relations Untraceability Alice Bob Unobservable by Outsiders Page 19
Protection of Networks: Firewall A firewall represents a barrier between a privately owned and protected network and another network (e.g. the Internet) Purpose: prevent unwanted and unauthorized communication into or out of the protected network Assume: Firewall is a trusted domain Intranet Internet Firewall Accessibility Security Page 20
Protection of Networks: Intrusion Detection System (IDS) IDS is a burglar alarm for computers and networks Functional components An analysis engine that finds signs of intrusion A response component that generates reactions based on the outcome of the analysis engine Analysis engine: Offline: analysis of stored log data Online: on the fly analysis of observed data Response capabilities after analysis: Alarm Deny operation Attack Recognition: learning of attack patterns or usual habit of users Privacy problem Page 21
Content Lehrstuhl für Informatik 4 Chapter 2: Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter 3: Security on Network and Transport Layer e.g. IPsec, SSL, TLS, Chapter 4: Security on the Application Layer e.g. Kerberos, PGP Chapter 5: Security Concepts for Networks e.g. Firewalls, Intrusion Detection Page 22