Security in Communication Networks

(1)

S e cu rity in C o m m u N et w or ks W S ‘0

Security in Communication Networks

Prof. Dr. Otto Spaniol

Dipl. Inform. Roland Büschkes Dipl. Inform. Christian Cseh Dipl.-Math. techn. Roland Stenzel

S e cu rity in C o m m un ic ati o n N et w or ks W S ‘00 /0 1

Chapter 1

2 / 33

General Information

Lecture course: Security in Communication Networks Principal lecturer: Prof. Dr. Otto Spaniol

Number of lectures: 4 hours per week Lecture locations: AH II, AH V

Lecture times: Monday, 10.00 (a.m.) 11.30 (a.m.), Tuesday 11.45 (a.m.)

-1.15 (p.m.)

Exercises: Dipl. Inform. Roland Büschkes, Dipl. Inform. Christian Cseh,

Dipl.-Math. techn. Roland Stenzel

Number: 2 hours per week Locations: AH IV

Times: Wednesday 11.45 (a.m.) - 1.15 (p.m.) (Starting date: October 25, 2000) Subject: A basic introduction to contemporary cryptology and computer

(2)

S e cu rity in C o m m u N et w or ks W S ‘00 3 / 33

References

• C. Kaufman, R. Perlman and M. Spencier: Network Security: Private

Communication in a Public World, Prentice-Hall, 1995

• O. Spaniol. M. Günes: Skript der Vorlesung “Sicherheit in Kommunikationsnetze”, 1988

• B. Schneier: Applied Cryptography: Protocols, Algorithms, and Source

Code in C, (2nd Edition), John Wiley & Sons, 1996

• R. Oppliger: Internet and Intranet Security, Artech House, 1998 • D. R. Stinson: Cryptograhy: Theory and Practice, CRC Press, 1995 • W. R. Cheswick and S.M. Bellovin: Firewalls and Internet Security,

Addison-Wesley, 1994

• R. G. Bace: Intrusion Detection, Macmillan Technical Publishing, 2000

Chapter 1

4 / 33

Topics

Topics: – Introduction

– Secret Key Cryptography – Public Key Cryptography – Hash Functions

– Authentication

– Security Handshake Protocols – Anonymity/Privacy

– Network Layer Security

– Transport Layer Security – Application Layer Security – Firewall

– Intrusion Detection – Mobile Agents

– Mobile Communication – Electronic Commerce

(3)

Prologue

Protection of Subscribers

Protection of Network

Designing Security in Layered Protocols (Internet)

Challenging Areas

Chapter 1

6 / 33

Prologue: Security in Communication Networks

This course discusses questions concerning security in data communications The subjects of this lecture include:

– Protection of Subscribers

· Cryptography (Secret Key, Public Key) · Digital Signature

· Authentication/Identification (Security Handshake Protocols) · Anonymity/Privacy

– Protection of Networks

· Access Control · Firewall

· Intrusion Detection

– Designing Security in Layered Protocols (Internet)

· IPSEC, SSL, PGP, ...

(4)

Prologue: Internet

Necessity is the mother of invention, and computer networks are the mother of modern cryptography. - R. L. Rivest

The Story of the Internet:

– During the latter half of the 1980's ARPANET moved from the research domain into a transcontinental reality

– In November 1988 the "Internet worm" brought the ARPANET to its knees – Since then an almost continuous stream of security-related incidents has affected

thousands of computer systems and networks throughout the world (see for more information http://www.cert.org)

– By 2000, the Internet had grown from 60,000 host computer systems to over 93 million (see http://www.nw.com)

– Many companies and private users now rely on the Internet for their daily business and private communication (sharing financial, business, or personal information)

– Attacks: illegal gain of information, unrecognized change of information, disturbance of the functionality (Confidentiality, Integrity, Availability)

Chapter 1

8 / 33

Prologue: Attacks on Computer

Stand-alone computer system (UNIX operating system):

– Only legitimate user with physical access to the computer system is able to log in by providing name and password

– Intruder must have physical access and the login information

Networked computer (UNIX operating system):

– System makes available some basic network services: · telnetd: remote terminal access service, provided at port 23

· sendmail: electronic mail service, provided at port 25

· httpd: WWW, provided at port 80

· nsfd: network file service, provided at port 2049

– Intruder does not need physical access

(5)

Prologue: Attacks on Computer

• Only an intruder, who is able to physically access or connect to a computer system can attack it.

→ By adding more network connections, more vulnerabilities are

added automatically.

• Networked computer system run software that is inherently more complex and error prone.

→ Intruder must know and be able to exploit just one single bug

(administrator or security expert must know and fix each bug).

Chapter 1

10 / 33

Prologue: Attacks on Networks

Passive Attack:

• passive wiretapping attack: the intruder is able to interpret the data and to extract the information

• traffic analysis attack: intruder can observe who communicates with whom (e.g. two companies begin to exchange a large number of messages → merging) • available programs: etherfind, tcpdump, ...

Active Attack:

• modify, extend, delete, and replay data units • influence or modify routing tables

• denial of service attack (flood a receiver)

Netwo rk

router

intruder

(6)

Prologue: Security Requirements

Protection of Confidentiality:

• Message contents should be kept confidential; i.e., only the communication partners may see it.

• Sender and/or addressee of messages should remain anonymous, and third parties (including the network operator(s)) should be unable to observe their communication. • Neither potential communication partners nor third parties (including the network

operator(s)) should be able to locate mobile stations or their users.

Protection of Integrity:

• Forging message contents (including sender’s address) should be detected.

• The recipient of a message should be able to prove that a particular message has been sent, and if that the addressee has received the message.

• Nobody can cheat the network operator(s) in terms of usage fees. On the other hand, the network operator(s) can only charge fees for correctly delivered services.

Protection of Availability

• The communication network enables communication between all parties who wish to communicate and who are allowed to do so.

Chapter 1

12 / 33

Prologue: Realization of Data Protection Requirements

Known techniques for

– Confidentiality: Cryptography, anonymity techniques

– Integrity: Cryptography, digital signatures, access control and authentication codes

– Availability: Fault-tolerant systems, access control, firewall, intrusion detection

Cryptography

– Secrecy

· Steganography: Hide message, e.g., in a picture

· Encryption: enc_algorithm: (plaintext, key) → ciphertext

– Authentication

· Identification, entity authentication: Who is currently on the other end of this connection?

· Message authentication: Who created this message?

(7)

Prologue: Trusted Domains

• Protection against every possible attacker is impossible.

• Before the design of a protection technique it is necessary to identify trusted domains.

• A trusted domain comprises systems or parts of systems (e.g. security module).

• No attackers are assumed within a trusted domain (restriction of the attacker). • A trusted domain is always related to a single user or group of users.

Source Trusted Domain Protection technique Destination Trusted Domain Protection technique Untrusted Area S e cu rity in C o m m un ic ati o n N et w or ks W S ‘00 /0 1

Chapter 1

14 / 33

Protection of Subscribers

(8)

Protection of subscribers: Shared-key Encryption Scheme

• One-time pad, DES, IDEA etc.

• Can handle data volumes of several Gigabyte/s, but security is questionable • Key sizes of 56-128 bit

• Key distribution: secret channel needs key distribution center or public-key scheme Encryption algorithm Secret Channel ( Key generator Decryption algorithm or „error“ ra n d o m se cu r. p a ra m. Trusted Domain S e cu rity in C o m m un ic ati o n N et w or ks W S ‘00 /0 1

Chapter 1

16 / 33

Protection of subscribers: Shared-key Authentication Scheme

• Message authentication codes

• Specific constructions, or based on block ciphers or keyed hash functions • Limitation: third party cannot check authenticity

Test algorithm Secret Channel “ok” or “error” Key generator Auth. algorithm ra n d o m se cu r. p a ra m. Trusted Domain

(9)

Protection of subscribers: Cryptographic Hash Functions

• Hash Function H:

– variable length in, – fixed length out (≥128 bit)

• One-way:

– easy to compute – infeasible to invert

• Collision resistant • Practical hash functions:

– SHA, MD5, etc.

• Cryptographic primitive

– H: collision-resistant one-way hash-function – fixed H: H(x) “simulates” a random oracle

– variable H: Keyed hash functions, family of hash functions

H

≠

easy infeasible S e cu rity in C o m m un ic ati o n N et w or ks W S ‘00 /0 1

Chapter 1

18 / 33

Protection of subscribers: Public-key Encryption Scheme

• RSA, Diffie-Hellman/El Gamal

• ca. 10-times slower than symmetric schemes • “Key size” of 512-2048 bit for RSA

• Typically used to exchange a shared key for a symmetric scheme

Encryption algorithm Authenticated Channel ( Key generator Decryption algorithm or „error“ ra n d o m se cu r. p a ra m. Trusted Domain Trusted Domain

(10)

Protection of subscribers: Digital Signature Scheme

• Digital Signature: A hash value (collision-resistant) of a message is encrypted with the secret key of a public-key encryption scheme.

• RSA, El Gamal, etc.

• Asymmetry allows third party to check authenticity (since public key is known to all). Test algorithm Authenticated Channel Key generator Signature algorithm ra n d o m se cu r. p a ra m. Trusted Domain Trusted Domain “ok” or „error“ S e cu rity in C o m m un ic ati o n N et w or ks W S ‘00 /0 1

Chapter 1

20 / 33

Protection of subscribers: Anonymity

Multi-party protocol: collectively use of cryptographic protocols

Anonymity:

– The sender and/or the recipient of a communication can remain anonymous.

Unobservability

– Nobody (not even the network operator) can trace communication relations.

Untraceability

Unobservable by Outsiders

(11)

Protection of networks

Chapter 1

22 / 33

Protection of networks: Access Control

General: Authentication refers to the process of verifying the claimed identity of a principal

User → Computer

– knows (proof of knowledge) – possesses (proof of possession)

– biometric characteristics (proof by property)

User → System (via network)

– password-Based (Name A, Password B) – address-Based (Name A, Address B) – cryptographic:

Name: A Challenge: X Response: Y=f(X)

(12)

Protection of networks:

Firewall

A Firewall represents a barrier between a privately owned and protected network and another network (e.g. the Internet).

Purpose: prevent unwanted and unauthorized communication into or out of the protected network.

Assume: Firewall is a trusted domain.

intranet Internet Accessibility Security Firewall S e cu rity in C o m m un ic ati o n N et w or ks W S ‘00 /0 1

Chapter 1

24 / 33

Protection of networks: Intrusion Detection System (IDS)

IDS is a “ burglar alarm for computers and networks” Functional components

– An analysis engine that finds signs of intrusion.

– A response component that generates reactions based on the outcome of the analysis engine.

Analysis engine:

– Offline: analysis of stored log data.

– Online: “on the fly analysis” of observed data.

Response capabilities after analysis:

– Alarm

– Deny operation

Attack Recognition: learning of attack patterns or usual habit of users

(13)

Design Security in Layered Protocols

Chapter 1

26 / 33

Design Security in Layered Protocols

There are always alternative ways to provide a service ... Services may need to be provided at more than one layer.

Security functionality should not duplicate communications functionality.

Application Presentation Session Transport Network Data Link Physical Application TCP & UDP IP, ICMP Data Link Physical User Programs Operating System Peripherals and network equipment

The OSI reference model

The TCP/IP reference model

(14)

Design Security in Layered Protocols

Higher layers are more application dependent and technology independent. End-to-end security is easier provided at higher layers; link (point-to-point) security at lower layers.

Higher layers are more likely implemented in software; lower layers in hardware.

Higher layer encryption cannot protect lower layer headers; lower layer encryption may have to trust intermediate nodes.

Application Transport IP PGP, PEM, ... SSH, SSL, ... AH, ESP Application Transport IP

PGP = Pretty Good Privacy, PEM = Privacy Enhanced Mail, SSH = Secure Shell, SSL= Secure Socket Layer, AH = Authentication Header, ESP = Encapsulating Security Payload

Chapter 1

28 / 33

Challenging Areas

(15)

Challenging Areas: mobile agents

Development of applications in distributed systems:

– Yesterday: Host-based computing. – Today: Client/server computing.

– Tomorrow: Agent-based computing (most promising).

A software agent is a program that acts on behalf of a (human) user A mobile agent is a program which

– represents a user in a computer network,

– is capable of migrating autonomously (under its own control) from node to node in the network,

– is able to perform some computation on behalf of the user.

Application: online shopping, real-time device control, distributed scientific computing , etc.

→ Major problem: security

Chapter 1

30 / 33

Challenging Areas: mobile agents - security problems

Insecure Networks (protection of users)

– Privacy: Sensitive data contained within an agent dispatched by a user may be compromised, due to eavesdropping on insecure networks, or if the agent executes on a malicious server.

– Integrity: The agent's code, control flow and results could be altered by servers for malicious purposes.

Threats to host resources (protection of network):

– unauthorized access – damage to resources – denial of service – “annoyance” attacks

Security mechanisms:

– privacy and integrity mechanisms (to protect secret data and code),

– authentication mechanisms (to establish the identities of communicating parties) – authorization mechanisms (controlled access to server resources).

(16)

Challenging Areas: electronic commerce

Electronic commerce (e-commerce) use networks (typically the Internet) to market goods and services without the need to be physically present at the point of sale.

What will be used in the digital world?

– The same types as in the paper world

· cash, for small and anonymous payments, · cheques, credit cards,

· money transfer orders,

· payment-like systems: vouchers, coupons.

– Same metaphor, i.e.,

· same “business model”, · at least as cost-effective,

· at least as secure, privacy protecting.

Security problems: payment integrity and privacy

Chapter 1

32 / 33

Challenging Areas: mobile communication

Mobile phones have become a mass product (very soon: ≈100% coverage).

GSM (Global System for Mobile Communication) is the best known and most widely used mobile communication standard.

Emphasis on security functions dealing with eavesdropping and unauthorized use:

– Protection of Subscriber

· encryption of communication on the radio interface, i.e. between mobile station and base station,

· concealing the users’ identity on the radio interface, i.e. temporary valid identity code (TMSI) is used for the identification of a mobile user.

– Protection of Network

· access control by means of a personal smart card (called subscriber identity module, SIM) and PIN (personal identification number),

· authentication of the users towards the network carrier and generation of a session key in order to prevent abuse.

(17)

Challenging Areas: mobile communication

Security Problems and known attacks on GSM:

– IMSI Catcher: discloses the identities of all users within a radio cell.

– SIM Cloning and interception of authentication data: attempts to make phone calls at the expense of other users.

– Billing and Privacy (who communicates with whom and how long). – Protection of location information.

Future: The Universal Mobile Telecommunication System (UMTS) integrates

the existing mobile radio networks and the Internet. UMTS supports new services with higher data rates.

The standardization process for UMTS remains open → chance to define

appropriate security function (better than in GSM).

The installation of appropriate security functions after standardization would result in higher costs and unnecessary compromises.

Security in Communication Networks