Basic Internet Security Concepts

1
Basic Internet Security Concepts

• J.W. Ryder
• RyderJ_at_Oneonta.Edu

2
Introduction

• The internet is a vast wilderness, an infinite
  world of opportunity
• Exploring, e-mail, free software, chat, video,
  e-business, information, games
• Explored by humans

3
Internet Security Concepts

• Introduction of several basic security concepts
• General mechanisms for protection

4
Sniffing and Spoofing

• 1
• Sniffing
• The ability to inspect IP Datagrams which are not
  destined for the current host.
• Spoofing
• After sniffing, create malicious havoc on the
  internet

5
1
Unprotected Internet node
Private Network node
Gabrielle Poirot (C)
Secure Gateway node
A Guy
Bank (I)
Steve Burns (C)
Sears
Wall Street (N)
A Guys Swiss Bank
Ramon Sanchez (A)
6
A Guy has no integrity

• Swiss Bank Scam
• Integrity - The guarantee that, upon receipt of a
  datagram from the network, the receiver will be
  able to determine if the data was changed in
  transit

7
Ramon springs for sound

• Sears solid state stereos
• Authentication - The guarantee that, upon receipt
  of a datagram from the network, the receiver will
  be able to determine if the stated sender of the
  datagram is, in fact, the sender

8
A guy sniffs success

• Gabrielle and Steve almost strike it rich
• Confidentiality - Ensure that each party, which
  is supposed to see the data, sees the data and
  ensure that those who should not see the data,
  never see the data.

9
Wall Street Woes

• A guy spots a hot stock tip
• Non-repudiation - Once a host has sent a
  datagram, ensure that that same host cannot later
  claim that they did not send the datagram

10
A guy becomes desperate

• Bring Wall St. to its knees
• Denial of Service Attack - Flood a given IP
  Address (Host) with packets so that it spends the
  majority of its processing time denying service

11
2
One Way Hash Functions (MD5, SHA1)
Application
In Comm. Stack
Key Mgmt. Functions
IP
Crypto Functions (DES, CDMF, 3DES)
Physical Adapter
12
Protocol Flow

• 2, 3
• Through layers, each layer has a collection of
  responsibilities
• ISO OSI Reference Model - (Open Systems
  Interconnection)
• IP Datagram

13
3
IP Hdr.
Data
IP Datagram
Data
MAC Fn
Digest
MAC Function
IP Hdr.
Data
Digest
Integrity
14
Keys

• Bit values fed into cryptographic algorithms and
  one way hashing functions which provide help
  provide confidentiality, integrity, and
  authentication
• The longer the better - 40, 48, 56, 128
• Brute force attacks can win with small keys

15
Symmetric Keys

• Have qualities such as life times, refresh rates,
  etc.
• Symmetric - Keys that are shared secrets on N
  cooperating, trusted hosts

16
Asymmetric

• Public / Private key pairs
• Public key lists kept on well known public key
  servers
• Public key is no secret. If it is, the strategy
  will not work.
• Public and Private keys inverse functional values
• Private key is only known to you and must remain
  secret

17
Concept

• Sender encrypts data with private key
• Receiver decrypts data with public key
• Receiver replies after encrypting with public key
• Sender receives response and decrypts with
  private key

18
4
Data
Crypto Fn.
Encrypted Data
Key
Encryption Function
Encrypted Data
IP Hdr.
Confidentiality
19
5
Encrypted Data
Crypto Fn.
Data
Key
Decryption Function
Data
Confidentiality
20
MACs

• Message Authentication Codes, One Way Hashing
  Functions
• A function, easy to compute but computationally
  infeasible to find 2 messages M1 and M2 such that
• h (M1) h (M2)
• MD5 (Rivest, Shamir, Adleman) RSA SHA1 (NIST)
• MD5 yields a 128 bit digest 3

21
DES

• Data Encryption Standard
• U.S. Govt. Standard
• 56 bit key - originally 128 bits
• Absolute elimination of exhaustive search of key
  space
• U.S. Security Agency Request - Reduce to 56 bits
• Export CDMF (40 bits)
• Keys are secrets to algorithms, not algorithms
  themselves 4, 5

22
Encrypted Data
IP Hdr.
Digest
Confidentiality Integrity
Digital Signature (Enc. Digest)
Encrypted Data
IP Hdr.
Confidentiality, Integrity,
Authentication
23
Data
EM
CF
DS
MAC
Key
Digest
MAC_Time lt CF _Time Why would a guy prefer a
Digital Signature over a Keyed Digest ? Why
not? What types of Security are provided with EM,
DS, Digest, Keyed Digest?
Keyed Digest
24
No Security Integrity Confidentiality Conf.
Integrity Integrity Auth. Conf., Int.,
Auth. Integrity Auth. Conf., Int., Auth.
Msg
Msg
MD
EM
EM
MD
Msg
DS
EM
DS
Msg
KD
EM
KD
25
Purpose

• Some ideas on Internet Security
• Classes of mischief on Internet, definitions
• Tools to fight mischief
• Combinations of these tools

26
Purpose continued

• Very high level
• Good starting point for further study about
• General networking strategies
• Cryptography
• Key Management
• Algorithm Analysis

27
Post Presentation Results

• Should be familiar with concepts terms such as
• Integrity, Authentication, Non-repudiation,
  Confidentiality
• Keys, MACs, Cryptography, Digest, Digital
  Certificates, Datagram
• High level understanding of some methods to
  combat some the above types of Internet mischief