COM347 Computer Networking Notes

1
Network Security
2
Introduction

• introduction
• cryptography
• authentication
• key exchange
• intruder may
• eavesdrop
• remove, modify, and/or insert messages
• read and playback messages
• important issues
• cryptography secrecy of info being transmitted

3
Security - Encryption

• user resources
• login passwords often transmitted unencrypted in
  TCP packets between applications (e.g., telnet,
  ftp)
• passwords provide little protection
• network resources
• often completely unprotected from intruder
  eavesdropping, injection of false messages
• mail spoofs, router updates, ICMP messages,
  network management messages
• bottom line
• intruder attaching his/her machine onto network
  can override many system-provided security
  measures

• Encryption
• Plaintext unencrypted message
• ciphertext encrypted form of message
• Intruder may
• intercept ciphertext transmission
• intercept plaintext/ciphertext pairs
• obtain encrypt/decryption algorithms

4
A Simple Encryption Example
substitution cipher

• abcdefghijklmnopqrstuvwxyz
• poiuytrewqasdfghjklmnbvczx
• replace each plaintext character in message with
  matching ciphertext character
• plaintext Charlotte, my love
  --------------- ciphertext iepksgmmy, dz
  sgby
• key is pairing betweenb plaintext characters and
  ciphertext characters
• symmetric key sender and receiver use same key
• 26! (approx 1026) different possible keys
  unlikely to be broken by random trys
• substitution cipher subject to decryption using
  observed frequency of letters
• 'e' most common letter, the' most common word

5
Des Data Encryption Standard

• Encrypts data in 64-bit chunks . The
  encryption/decryption algorithm is a published
  standard - everyone knows how to do it
• Substitution cipher over 64-bit chunks 56-bit
  key determines which of 56! Substitution ciphers
  used. Substitution 19 stages of
  transformations, 16 involving functions of key

• Decryption done by reversing encryption steps
  and sender and receiver must use same key

Key Distribution Problem

• How do communicant agree on symmetric key?
• as N communicants implies N keys..
• trusted agent distribution
• keys distributed by centralised trusted agent
• any communicant need only know key to
  communicate with trusted agent
• for communication between I and j, trusted agent
  will provide a key

6
Public Key Cryptography

• Separate encryption/decryption keys
• receiver makes known (!) its encryption key
• receiver keeps its decryption key secret
• to send to receiver B, encrypt message M
  using B's publicly available key, EB
• send EB(M)
• to decrypt, B applies its private decrypt
  key DB to receiver message
• compute DB( EB(M) ) gives M
• Knowing encryption key does not help with
  decryption decryption is a non-trivial inverse
  of encryption
• only receiver can decrypt message

7
Public key encryption

• Public key encryption uses a combination of a
  private key and a public key. The private key is
  known only to your computer while the public key
  is given by your computer to any computer that
  wants to communicate securely with it.
• To decode an encrypted message, a computer must
  use the public key provided by the originating
  computer and it's own private key. The key is
  based on a hash value.
• This is a value that is computed from a base
  input number using a hashing algorithm.
• The important thing about a hash value is that it
  is nearly impossible to derive the original input
  number without knowing the data used to create
  the hash value.

8
Public Key

• You can see how hard it would be to determine
  that the value of 1525381 came from the
  multiplication of 10667 and 143.
• But if you knew that the multiplier was 143, then
  it would be very easy to calculate the value of
  10667. Public key encryption is much more complex
  than this example but that is the basic idea.
• Public keys generally use complex algorithms and
  very large hash values for encrypting 40-bit or
  even 128-bit numbers. A 128-bit number has a
  possible 2128 different combinations.
• That's as many combinations as there are water
  molecules in 2.7 million olympic size swimming
  pools. Even the tiniest water droplet you can
  image has billions and billions of water
  molecules in it!

9
Advantages Disadvantages

• Advantages The private key must be kept secret
  only by the holder of the key and does not need
  to be sent to anyone else.
• A public/private key pair can remain unchanged
  for a long time.
• Public-key encryption methods also can be used to
  develop efficient digital signature systems.
• Disadvantages Public-key encryption can be used
  to send a symmetric key from a sender to a set of
  receivers. The computational complexity of
  public-key systems is several orders of magnitude
  higher than most symmetric-key systems.
• The key length of public-key systems must be much
  higher than symmetric-key systems. This is
  because public-key cryptography relies upon the
  presumed difficulty of solving some
  number-theoretic problems..
• No public-key system has been shown to be secure
  (also true of block ciphers).
• In fact, some future mathematician may be able to
  solve the number theory problems utilized by some
  of these systems, thereby rendering those systems
  useless and permitting the decryption of all
  messages sent using those systems

10
Digital Signatures using Public Keys

• Goals of digital signature sender can not
  repudiate message never sent ("I never sent
  that") gt receiver can not fake a received
  message
• Suppose A wants B to "sign" a message M
• B sends DA(M) to A
• If A computes if EA ( DA(M)) M then A has
  signed M
• Digital certificates - To implement public key
  encryption on a large scale, such as a secure Web
  server might need, requires a different approach.
  This is where digital certificates come in. A
  digital certificate is essentially a bit of
  information that says the Web server is trusted
  by an independent source known as a Certificate
  Authority.
• The Certificate Authority acts as the middleman
  that both computers trust. It confirms that each
  computer is in fact who they say they are and
  then provides the public keys of each computer to
  the other.
• The Digital Signature Standard (DSS) is based on
  a type of public key encryption method that uses
  the Digital Signature Algorithm (DSA). DSS is the
  format for digital signatures that has been
  endorsed by the US government. The DSA algorithm
  consists of a private key that only the
  originator of the document knows and a public key.

11
Protection against Intruders Firewalls

• firewall network components (host/routersoftware
  ) sitting between inside ("us") and outside
  ("them)
• packet filtering firewalls drop packets on
  basis of source or destination address (i.e., IP
  address, port)

• application gateways application specific code
  intercepts, processes and/or relays
• application specific packets
• e.g., email of telnet gateways
• Application gateway code can be security hardened
  
• Can log all activity

12
Finally.Internet Activity

• IP layer
• Authentication of header receiver can
  authenticate sender using message authentication
  code (MAC)
• Encryption of contents DES, RFC 1829
• API
• SSL - secure socket layer support for
  authentication and encryption
• port numbers 443 for http with SSL, 465 for
  smtp with SSL
• Application Layer
• Privacy Enhanced Mail
• Secure http supports many authentication,
  encryption schemes
• A good reason for security Check out
  http//www.youtube.com/watch?vkH8cS1AkqiI

13
WWW Server Security

• The moment you install a Web server at your
  site, you've opened a window into your local
  network that the entire Internet can peer
  through.
• Most visitors are content to window shop, but a
  few will try to peek at things you don't intend
  for public consumption

• Others, not content with looking without
  touching, will attempt to force the window open
  and crawl in. executed on the server's side of
  the connection in response to remote requests.
• Any CGI script installed at your site may
  contain bugs, and every such bug is a potential
  security hole.
• Misconfigured databases will also be risky
• Strive to keep OS updated and patcheddaily almost

• Content extracted from the WWW FAQ at
  http//www.w3.org/Security/faq/wwwsf1.htmlGEN-Q1

14
Results of Intrusion

• The results can range from the merely
  embarrassing, for instance the discovery one
  morning that your site's home page has been
  replaced by an obscene parody, to the damaging,
  for example the theft of your entire database of
  customer information.
• It's a maxim in system security circles that
  buggy software opens up security holes. It's a
  maxim in software development circles that large,
  complex programs contain bugs. Unfortunately, Web
  servers are large, complex programs that can (and
  in some cases have been proven to) contain
  security holes.
• Furthermore, the open architecture of Web servers
  allows arbitrary CGI scripts to be executed on
  the server's side of the connection in response
  to remote requests. Any CGI script installed at
  your site may contain bugs, and every such bug is
  a potential security hole.

15
Poor Configuration

• From the point of view of the network
  administrator, a Web server represents yet
  another potential hole in your local network's
  security.
• The general goal of network security is to keep
  strangers out. Yet the point of a Web site is to
  provide the world with controlled access to your
  network.
• A poorly configured Web server can punch a hole
  in the most carefully designed firewall system. A
  poorly configured firewall can make a Web site
  impossible to use.
• Things get particularly complicated in an
  intranet environment, where the Web server must
  typically be configured to recognize and
  authenticate various groups of users, each with
  distinct access privileges.

16
Active Content

• Active content, such as ActiveX controls and Java
  applets, introduces the possibility that Web
  browsing will introduce viruses or other
  malicious software into the user's system.
• Active content also has implications for the
  network administrator, insofar as Web browsers
  provide a pathway for malicious software to
  bypass the firewall system and enter the local
  area network. Even without active content, the
  very act of browsing leaves an electronic record
  of the user's surfing history, from which
  unscrupulous individuals can reconstruct a very
  accurate profile of the user's tastes and habits.
  
• Finally, both end-users and Web administrators
  need to worry about the confidentiality of the
  data transmitted across the Web.
• The TCP/IP protocol was not designed with
  security in mind hence it is vulnerable to
  network eavesdropping.
• When confidential documents are transmitted from
  the Web server to the browser, or when the
  end-user sends private information back to the
  server inside a fill-out form, someone may be
  listening in.

17
Risk 1 Bugs

• There are basically 3 overlapping types of risk
• 1. Bugs or misconfiguration problems in the
  Web server that allow unauthorized remote users
  to
• Steal confidential documents not intended for
  their eyes.
• Execute commands on the server host machine,
  allowing them to modify the system.
• Gain information about the Web server's host
  machine that will allow them to break into the
  system.
• Launch denial-of-service attacks, rendering the
  machine temporarily unusable.

18
Risks 2 3

• Browser-side risks, including
• Active content that crashes the browser, damages
  the user's system, breaches the user's privacy,
  or merely creates an annoyance.
• The misuse of personal information knowingly or
  unkowingly provided by the end-user.
• Interception of network data sent from browser to
  server or vice versa via network eavesdropping.
  Eavesdroppers can operate from any point on the
  pathway between browser and server including
• The network on the browser's side of the
  connection.
• The network on the server's side of the
  connection (including intranets).
• The end-user's Internet service provider (ISP).
• The server's ISP.
• Either ISPs' regional access provider.

19
Securing Both Sides.
It's important to realize that "secure" browsers
and servers are only designed to protect
confidential information against network
eavesdropping. Without system security on both
browser and server sides, confidential documents
are vulnerable to interception.

• As a rule of thumb, the more features a server
  offers, the more likely it is to contain security
  holes.
• Simple servers that do little more than make
  static files available for requests are probably
  safer than complex servers that offer such
  features as on-the-fly directory listings, CGI
  script execution, server-side include processing,
  and scripted error handling.

• Servers also vary in their ability to restrict
  browser access to individual documents or
  portions of the document tree.
• Some servers provide no restriction at all,
  while others allow you to restrict access to
  directories based on the IP address of the
  browser or to users who can provide the correct
  password.
• A few servers, primarily commercial ones provide
  data encryption as well.
• CGI scripts are a major source of security
  holes. Although the CGI (Common Gateway
  Interface) protocol is not inherently insecure,
  CGI scripts must be written with just as much
  care as the server itself.

20
CGI Scripts

• Server side includes, snippets of server
  directives embedded in HTML documents, are
  another potential hole.
• A subset of the directives available in
  server-side includes instruct the server to
  execute arbitrary system commands and CGI
  scripts.
• Unless the author is aware of the potential
  problems it's easy to introduce unintentional
  side effects. Unfortunately, HTML files
  containing dangerous server-side includes are
  seductively easy to write.
• Some servers, including Apache and NCSA, allow
  the Web master to selectively disable the types
  of includes that can execute arbitrary commands.

21
Written Security Policy

• The single most important step one can take to
  increase a site's security is to create a written
  security policy. This security policy should
  succinctly lay out the organization's policies
  with regard to
• who is allowed to use the system
• when they are allowed to use it
• what they are allowed to do (different groups may
  be granted different levels of access)
• procedures for granting access to the system
• procedures for revoking access (e.g. employee
  leaving)
• what constitutes acceptable use of the system
• remote and local login methods
• system monitoring procedures
• protocols for responding to suspected security
  breaches

22
Written Security Policy

• This policy need not be complicated. It need only
  be a concise summary of how the information
  system work, reflecting your organization's
  technological and political realities. There are
  several benefits to having a written security
  policy
• You yourself will understand what is and is not
  permitted on the system. If you don't have a
  clear picture of what is permitted, you can never
  be sure when a violation has occurred.
• Others in your organization will understand what
  the security policy is. The written policy raises
  the level of security consciousness, and provides
  a focal point for discussion.
• The security policy serves as a requirements
  document against which technical solutions can be
  judged. This helps guard against the "buy first,
  ask questions later" syndrome.
• The policy may help bolster your legal case
  should you ever need to prosecute for a security
  violation.