CSCI-E46: Applied
Network Security
Class 1: Introduction
Welcome to CSCI-E46
Classroom & Schedule
◦
53 Church Street L01
◦
Wednesdays, 5:30pm-7:30pm
Office Hours
◦
Before/after class or by appointment
TA Session
Welcome to CSCI-E46
Expectations
◦
Familiarity with Linux/UNIX CLI and Windows GUI
◦
Understanding of networking topics by way of…
◦
Successful completion of CSCI-E45[ab] or permission
of instructor
Objectives
◦
Provide a solid overview of the concepts, threats,
and controls inherent to network security
Readings
Course Text
◦ “Computer Security: Principles and Practice”, 3rdEdition, William Stallings
Safari Books Online
◦ http://ezp-prod1.hul.harvard.edu/login?url=http://nrs.harvard.edu/urn-3:hul.eresource:safarixx
Canvas
All course material and grading will be posted to the course site
◦ https://canvas.harvard.edu/courses/8096
Each Week…
◦ readings will be available at midnight on Thursday
◦ slides will be posted prior to lecture
◦ live video of the lecture available for streaming
◦ recorded video posted for review 1-2 days after lecture
Discussion forums available for questions and collaborating with your classmates
Class Participation
Wednesdays, 5:30-7:30pm @ 53 Church Street L01
Timely discussion topics to open each lecture
◦ Questions and discussion throughout lecture encouraged!
◦ Be courteous, silence your phones and take calls outside
◦ ~10 minute break at half-way point
On-campus and remote students
Tasks/Assignments
Tasks
◦ Assigned most lecture weeks (10 total)
◦ Majority of class participation score
Assignments
◦ 3 assignments, 1 quiz
Labs
5 labs
Environments
◦
Local (your laptop/desktop)
◦
Amazon Web Services (AWS)
Resources
◦
VirtualBox
◦ https://www.virtualbox.org/wiki/Downloads
◦
AWS Educate
Exams
Midterm Exam
◦
On-line
◦
Week of 03/17
◦
Essay, short answer, true/false, multiple choice
Final Exam
◦
Week of 04/05
◦
Same format as midterm
Grading
Class Participation/Tasks
20%
Labs
20%
Assignments/Quiz
20%
Midterm Exam
20%
Final Exam
20%
Total
100%
Plagiarism and Academic Integrity
Unless otherwise specified, all work must be
completed independently
Please review the Harvard Extension School
Academic Integrity Policy
◦ https://www.extension.harvard.edu/resources-policies/student-conduct/academic-integrity
Do not cheat, you
will
be caught and reported!
◦ If found responsible, no credit for affected material
Course Schedule
Week Dates Topic
1 01/27 Introductions, Cryptography Primer 2 01/28 – 02/03 Networking Primer
3 02/04 – 02/10 Network Security Controls and Architecture 4 02/11 – 02/17 Enterprise Identity and Authentication 5 02/18 – 02/24 (In)Secure Protocols
6 02/25 – 03/02 Network-based Threats
7 03/03 – 03/09 Reconnaissance and Social Attacks 8 03/10 – 03/16 Spring Break
9 03/17 – 03/23 Midterm Exam
10 03/24 – 03/30 Exploitation and Persistence 11 03/31 – 04/06 Instrumenting the Network 12 04/07 – 04/13 Intrusion Detection
13 04/14 – 04/20 Firewalling and Access Control 14 04/21 – 04/27 Wireless Security
15 04/28 – 04/04 Cloud Security and Future Trends 16 04/05 – 05/11 Final Exam
Introductions
About Me
◦
Director, Infrastructure Design & Engineering @ MIT
◦
15+ years of systems, networking, and security
experience
◦
E-mail: [email protected]
◦
Phone: 617.838.3171
Teaching/Lab Assistant
◦
Scott Doliner
◦
Email: TBD
Today...
Discussion
Cryptography Primer
Random numbers
Symmetric encryption
Public-key (asymmetric) encryption
Beyond encryption
◦
Message authentication codes
◦
Hash functions
Random Numbers
random numbers used in cryptographic key generation
requirements:
◦
randomness
◦ based on statistical tests for uniform distribution and
independence
◦
unpredictability
◦ successive values not related to previous
◦ clearly true for “real” random sequences
true random number generators use a nondeterministic
source
Pseudorandom Numbers
an algorithm is used to create pseudorandom
numbers
◦
satisfy statistical randomness tests
◦
likely to be predictable since based on initial
“seed” value
Symmetric Encryption
Same key used for encryption and decryptionSymmetric Encryption
Historical Implementations
◦ Caesar Cipher (ROT13)
◦ Enigma Machine
Modern Implementations
◦ DES
◦ Old US federal standard
◦ 56-bit key
◦ Extremely vulnerable to brute force attacks
◦ Deprecated in favor of 3DES in 1999
◦ Triple DES (3DES)
◦ Encrypt, decrypt, encrypt using DES
◦ Effective 168-bit key (56-bit * 3)
◦ AES
◦ Current US federal standard (2002)
◦ Result of public competition (was “Rijndael”)
◦ 128, 192, and 256-bit key lengths
◦ Blowfish, IDEA, etc.
Symmetric Encryption
Fast, easily implemented in hardware
Key distribution
◦ Difficult to securely transport shared key to recipient
Key management, (n
2-n)/2
◦ 2 participants, 1 key
◦ 3 participants, 3 keys
◦ and then it gets much worse…
1 100 10,000 1,000,000 100,000,000 10,000,000,000 1,000,000,000,000 100,000,000,000,000 10,000,000,000,000,000
Attacking Symmetric Encryption
cryptanalysis
◦ rely on nature of the algorithm
◦ plus some knowledge of plaintext characteristics
◦ even some sample plaintext-ciphertext pairs
◦ exploits characteristics of algorithm to deduce specific
plaintext or key
brute-force attack
◦ try all possible keys on some ciphertext until get an
Public Key Encryption
Two keys (“public” and “private”) are used
◦ Keys are complementary
◦ Private key can decrypt public key encrypted messages
◦ Public key can decrypt private key encrypted messages
In practice…
◦ Public key is used to encrypt messages
◦ Private key is used to decrypt messages
Example:
Bob wants to send Alice a message. He encrypts the message with Alice’s public key. Alice receives the message and decrypts using her private key.
Public Key Encryption
Two different keys used for encryption/decryptionPublic Key Requirements
computationally easy to create key pairscomputationally easy for sender knowing public key to encrypt messages
computationally easy for receiver knowing private key to decrypt ciphertext
computationally infeasible for opponent to determine private key from public key
computationally infeasible for opponent to otherwise recover original message
Public Key Encryption
Originated in the 1970s at British Government Government Communications Headquarters (GCHQ)
◦ This remained secret until 1997
Proposed in 1976 by Whitfield Diffie and Matin Hellman
RSA algorithm published in 1978 by Rivest, Shamir, and Adleman
◦ Patent expired in 2000
DSS/DSA
◦ developed by NSA
◦ useful only in digital signatures, not encryption
Elliptic Curve
◦ based on solutions to y2=x3 + ax + b
Public Key Encryption
RSA
◦ Uses product of two large prime numbers
◦ Keys derived mathematically from product
◦ Depends upon difficulty of factoring large numbers
◦ Not provably unbreakable
◦ Discovery of short-cut in factoring large numbers would undermine entire system
◦ Key lengths can be increased to mitigate increases in
brute-force capabilities
“RSA Laboratories currently recommends key sizes of 1024 bits for
corporate use and 2048 bits for extremely valuable keys like the root key pair used by a certifying authority. Several recent standards specify a 1024-bit minimum for corporate use.” – RSA website
Public Key Encryption
Extremely slow, orders of magnitude slower than
symmetric algorithms
Key distribution
◦ Separate keys eliminates need for secure transport
Key management, 2n total keys, n+1 keys/participant
◦ 2 participants, 4 keys, 3 keys/participant
◦ 10 participants, 20 keys, 11 keys/participant
◦ Only one key (the participant’s private key) need be kept
Asymmetric/Symmetric Hybrid
Public key systems offer major benefits in key
management and distribution, at the cost of speed
Symmetric systems offer speed, but distribution
and management do not scale
In many protocols, the benefits of each are
exploited through use of a session key
◦ Use public-key system to establish secure channel
◦ Transmit symmetric session key to perform bulk
encryption
Beyond Encryption
Message encryption provides confidentiality, but
how to assure integrity and non-repudiation?
◦ Encryption of the message does not provide either
◦ Reordering of the encrypted blocks may result in a
properly decrypted, coherent, and incorrect message
Message authentication guarantees:
◦ contents unaltered
◦ from authentic source
◦ timely and in correct sequence
Message Authentication Codes
Parties agree upon a secret key
Use the secret key and the input message to generate a small block of data (MAC)
Transmit message and MAC
Recipient uses input message and secret key to regenerate MAC If they match…
◦ The receiver is assured that the message has not been altered.
◦ The receiver is assured that the message is from the alleged sender.
◦ If the message includes a sequence number, then the receiver can be assured of the proper sequence.
Message Authentication Codes
Note that the message/MAC bundle is unencryptedHash Functions
A hash function generates a fixed length value (
“fingerprint”) from a variable length input
◦ MD5, 128-bits
◦ SHA1, 160-bits
◦ SHA-256, 256-bits
◦ SHA-384, 384-bits
Secure Hash Functions
A secure hash function has the following properties
◦ applied to any size data
◦ H produces a fixed-length output
◦ H(x) is relatively easy to compute for any given x
◦ one-way property (pre-image resistance)
◦ computationally infeasible to find x such that H(x) = h
◦ weak collision resistance (second pre-image resistance)
◦ given x, computationally infeasible to find y ≠ x such that H(y) = H(x)
◦ strong collision resistance
◦ computationally infeasible to find any pair (x, y) such that H(x) = H(y)
Since there is no secret key involved in generation of the hash value, additional steps are necessary to provide message
Keyed Hash
A secret key (previously agreed upon) is added to the input message before hash function is performed
Recipient adds same key to message before computing hash value No encryption necessary
◦ Bypasses any encryption export issues
◦ Lower CPU requirements
Digital Signatures
A digital signature is a hash value encrypted with the private key of the sender
Leverages hash function and public key encryption to provide message authentication
Example:
◦ Bob wants to send Alice a message. He generates a hash value of the message and encrypts it with his private key. This digital signature is appended to the message.
◦ Alice receives the message, removes the digital signature, and decrypts it using Bob’s public key.
◦ If the hash values match, Alice can be assured that the message was received intact, in order, and from Bob.
Attacks Against Hashes
attack approaches
◦ birthday attack
◦ name comes from the observation that there is a probability of > 1/2 that ≥ 2 people in a group of 23 share a birthday
◦ attack works where hash output is not evenly distributed
◦ cryptanalysis
◦ exploit logical weakness in algorithm
◦ brute-force attacks
◦ collision attack
◦ create two inputs that generate same hash value
◦ pre-image attack
◦ create input based on known hash value
References
Various images and content from:
◦ Computer Security: Principles and Practice, Third Edition. William Stallings, Pearson, 2014
◦ Chapters 1, 2
See Chapter 21 in Stallings for more in-depth information on public-key cryptography and message authentication
Task 1: VirtualBox, Kali, and Introductions
1) Download and install VirtualBox
2) Download, verify, and install Kali Linux
3) Introduce yourself! Please say hello in the “Introductions” discussion forum and let me us know what you hope to take from the class.
For next class…
Topic
◦
Networking Refresher
Readings
◦
Computer Security, Principles and Practice
◦ Appendix F
◦
TCP/IP Illustrated, Vol. 1: The Protocols (Safari)
◦ Chapters 2, 4, 8 (ICMPv4 only), 10, 11, 12
◦ Background/reference material, review as appropriate
