Anish Arora

1
Lecture 0

• Anish Arora
• CSE 5473
• Network Security

2
Objectives

• Network (cyber-) security threats and
  countermeasures
• Elements of cryptography
• Protocols for security services 
• Network security design using available secure
  solutions
• Some advanced issues and technologies
• (e.g. DDoS attacks, anonymous communications,
  wireless security, device / sensor network /
  cyberphysical security)
• Original research in network security

3
Yes, You will Master Acronyms

• DES, AES, RSA, Blowfish, MD, RC, SHA
• IPSec
• OSPF
• SSL, TLS
• PGP (BGP?), Shibboleth
• DDoS

4
What We Wont Cover

• How to configure and install security solutions
• Forensics
• Comprehensive organization approach to
  information assurance
• Business aspects of network security
• And well only superficially cover
• Mathematics underlying cryptography
• How to crack systems (spyware, malware, adware)
• How to deal with access breaches (firewalls, IDS,
  port knocking)
• Legal issues underlying export and patenting

5
Related Courses that Do Cover What We Omit

• CSE 5473 This course
• Focuses on network aspects of the tip of the
  so-called security pyramid
• CSE 4471 Information Security
• A big picture perspective. From time to time,
  Ill refer you here for background reading or
  access security
• CSE 5351 Introduction to Cryptography
• A reference for details on some of our topics
• Also 5472 (Information Security Projects), 5359
  (Int. Studies in Crypto.)
• All links in lectures are optional reading
  unless otherwise specified

6
What We Will Assume

• You should be familiar with
• Network layers
• Protocols for the transport layer (TCP, UDP), for
  routing (RIP or OSPF), for the application layer
  (http)
• C/C and/or script programming
• I expect from you some mathematical maturity,
  including the ability to learn and use new
  mathematical programming notations (NesC for
  instance)

7
Course Materials

• Webpage http//cse.ohio-state.edu/anish/5473.htm
  l syllabus, slides, notes, assignments,
  announcements
• see also CARMEN (cse_5473_sp2015_31987)
• Text
• William Stallings, Cryptography and Network
  Security Principles Practice either
• 5th Ed., Prent. Hall, 2010, ISBN0136097049
  errata
• 4th Ed., Prent. Hall, 2002, ISBN0131873164
  errata
• References
• Mark Stamp, Information Security Principles
  Practice, Wiley 2011 ISBN0470626399
• Bruce Schneier, Applied Cryptography, 2nd Ed.,
  Wiley 1996 ISBN 0-471-11709-9

8
My Expectations

• Read the material assigned in class, to the point
  that you can answer simple conceptual or what-if
  questions in the quiz. (I dont expect you to
  remember details of crypto algorithms or security
  protocols or usage parameters)
• Work independently and ethically on homeworks and
  labs
• Read lectures before class, we can more time in
  class to discuss flaws, threats, attacks relevant
  to the discussion keep in mind you may know more
  about specific security features and bugs than I
  do

9
Grading Plan

• Homework assignments15 (focus puzzles)
• Laboratory exercises 25 (focus cracking)
• In-class quizzes 10 (focus pay attention in
  class)
• Midterm quiz 20 (focus concepts)
• Research project 30 (focus
  theory/implementation)
• Project will be done by teams of 2
  undergraduates, or one graduate student. Ill
  provide options for programming projects or you
  may consult with me to choose your own (theory,
  analysis, design, or implementation) project
• Grading is relative ? You might get an A at 75

10
Outline of Lecture 0

• Security attacks
• Security mechanisms
• Security models
• Security services
• Background big picture
• 4471 discussion of threats/attack (Read this)

11
Security Attacks
Definition Any action that compromises security
of information Examples
12
Security Attacks (contd.)

• Other attacks include
• Flooding, Denial of Service, Jamming
• Traffic Analysis
• Routing Attacks false routes, configuration
  changes (SNMP)
• Leak Information, Disown Information
• Remote arbitrary code execution, e.g., via
  Viruses or Worms
• Trapdoors, Covert functions, Logic Bombs
• Man in the Middle
• impersonates peers to one another provides
  service via others
• Free Rider or Free Loader
• a peer that gets service but does not provide
  service
• Lazy Middle Man
• a peer that does part of the work but never whole
• Inject faults

13
Number of Security Attacks
14
Trends in Security Attacks
Optional reading Malware, Worms, Phishing,
Botnets, XSS
15
Security Attacks (contd.)

• Attacks are comprised of elementary attacks
• Replay
• Deletion
• Host compromise
• Capability compromise
• Key compromise
• Data Encryption requires knowledge of key
• Data Decryption requires knowledge of inverse
  key
• Timestamps requires access to a secure time
  server
• Eavesdropping
• IP spoofing
• (Optional reading Sniffing, Spoofing, Password
  tools)

16
Types of Security Attacks
Attacks
Attacks
Attacks
17
A Classification of Security Attacks

• Passive or Active
• both can access information being communicated,
  but only the latter can create or modify it
• Host Compromise or Communication Compromise
• only the former can obtain knowledge of all
  information known to the host
• Internal or External
• only the former can impersonate a system process,
  and thus also act as an intermediary
• only the former lets the protocol being executed
  known
• Destructive or Nondestructive
• only the latter allows information to still be
  correctly communicated to the destination(s)

18
Security Mechanism

• Definition A mechanism that is designed to
  detect, prevent, or recover from a security
  attack
• Pervasive security mechanisms include
• encryption or encipherment
• digital signatures, notarization
• traffic padding
• routing control
• trusted functionality
• security labels
• access controls
• event detection
• audit trails
• firewalls

19
Types of Keys

• Cryptography underlies many security mechanisms.
  Keys are often used for securing or unsecuring
  information
• Symmetric, S
• Same key is used to encode and decode
• Asymmetric or Public/Private, B/R
• Public key is used to encode, private key to
  decode
• One way function, f
• Given x, it is easy to compute f(x), but given
  f(x) its hard to
• compute x
• One way function with trapdoor, f
• A one way function where given f(x) it is easy
  to compute x if
• one knows a trapdoor function g s.t. g(f(x))x

20
Types of Keys (contd.)

• One way permutation, f,g
• Both f and g are one way functions and each
  other's trapdoor
• One way hash function, MD
• A hash function MD that is one way
• (Recall that a hash function may be
  many-to-one)
• One way weakly collision-free hash function, MD
• A one way hash function MD s.t. given x it is
  hard to compute
• a different y s.t. MD(x)MD(y)
• One way strongly collision-free hash function,
  MD
• A one way hash function MD s.t. it is hard to
  compute
• different x and y s.t. MD(x)MD(y)

21
Types of Keys (contd.)

• Weak key
• A key in the key-space that does not encode
  well,
• e.g., 0-key, and is thus easy to guess
• Complement key
• A key s.t. Complement(f(x)) f(Complement(x))
• and thus involves considering half the x to
  guess
• Related keys
• A pair of keys that are related by some
  difference
• which can be exploited to reduce the number of
  x to guess

22
Kerchoffs Principle

• For key based cryptosystems, the property of
  security should not rely on the secrecy of the
  mechanism (aka, algorithm)
• In other words, it should rely only on the
  secrecy of the key
• Interpretation avoid security by obscurity

23
Security ModelsA Model for Secure Network
Communication

• Consider information flowing over an insecure
  communications channel, in the presence of
  possible opponents
• An appropriate security transform (encryption
  algorithm) can be used, with suitable keys,
  possibly negotiated using the presence of a
  trusted third party
• Using this model requires us to
• design a suitable algorithm for the security
  transformation
• generate the secret information (keys) used by
  the algorithm
• develop methods to distribute and share the
  secret information
• specify a protocol enabling the principals to use
  the transformation and secret information for a
  security service

24
A Model for Secure Network Communication
25
A Model for Network Access Security

• Consider controlled access to information or
  resources on a computer system, in the presence
  of possible opponents
• Appropriate controls are needed on the access and
  within the system, to provide suitable security.
  Some cryptographic techniques are useful here
  also
• Using this model requires us to
• select appropriate gatekeeper functions to
  identify users
• implement security controls to ensure only
  authorized users access designated information or
  resources
• implement trusted computer systems

26
A Model for Network Access Security
Recall CSE 651 focuses more on Comm. than Access
Model
27
Security Service

• Definition A service that enhances the security
  of data processing systems and information
  transfers.
• Makes use of one or more security mechanisms
• Examples of network security service
  requirements
• authentication
• privacy, confidentiality
• integrity
• non repudiation
• obliviousness
• information flow

28
Authentication

• Definition The requirement by which a process
  securely communicates its identity to another
• Thus, if process k receives an identification
  communication from process j then it must be the
  case that there is a corresponding send of that
  identification communication by j
• Note that if messages are not all unique, then to
  deal with replay of old communications from j, we
  may have to embed counters in the state to
  capture bad prefixes
• Instances of identity communication of j
• k ? j n
• j ? k R.j n
• or
• k ? j n
• j ? k S n j

29
Privacy

• Definition The requirement by which communication
  is possible that can be decoded only by the
  processes that agree to communicate
• In some cases, source, destination, frequency of
  communication needs to be protected as well
• Instances of private communication from j to k
• j ? k S data
• or
• j ? k B.k data

30
Integrity

• Definition The requirement by which a recipient
  can prove to itself that the message is what was
  indeed sent
• I.e., the message was not modified or replaced
• Instance of integrity of communication from j to
  k
• j ? k data, MD(data S)

31
Non Repudiation

• Definition The requirement by which a recipient
  can prove to anyone that the message was indeed
  sent by the sender
• Likewise, a sender can prove that a recipient
  indeed received the message
• Note that non-repudiation implies integrity, but
  not vice versa. Note that non-repudiation does
  not necessarily imply authentication, since the
  message could have been forwarded by a third
  party
• Instance of nonrepudiation of communication from
  j to k
• j ? k data, R.j data
• or
• j ? k data, R.j MD(data)

32
Obliviousness

• Definition The requirement by which a process
  may perform a set of operations but not be sure
  which one (or more) of them was correctly
  performed
• E.g., a process may send two messages but not be
  sure which one of them was correctly received
• E.g. (slide 93 onwards), a process may sign one
  of a set of messages but not know which one it
  signed, or use one of a set of keys to encrypt
  with but not know which one was chosen

33
Information Flow

• Definition The requirement by which a high-level
  process cannot communicate any information to a
  low-level process, directly or indirectly
• Sometimes this is called absence of covert
  channels or subliminal channels
• One sufficient condition for this requirement is
  called noninterference, which says that the
  outcome of an action of a low-level process in a
  computation remains the same even if actions
  performed by all higher-level processes are added
  or deleted to the computation

34
Security services (contd.)

• Other important security services include
• authorization access is enabled if that access
  is allowed
• availability permanence, non-erasure
• verifiability a sort of integrity, revealing
  originality not content
• unforgeability a sort of integrity, forged
  messages must be independent of original messages
  
• distinguishability can guess whether encrypted
  msg is m0/m1
• detectability can guess whether encrypted msg is
  valid
• Optional reading Firewalls (upto slide 37),
  Intrusion Detection

35
An aside on hashing

• Length of hash ltlt length of message, often
  fixed at 48-128
• Some other names of hashing finger printing,
  message integrity check (MIC), message digest,
  cryptographic checksum, manipulation detection
  code
• Hash functions are wellknown. So hashing, unlike
  encryption algorithms, is exportable often used
  to communicate programs securely over the web
• MDkeydata is a message authentication code
  (MAC) or data authentication code (DAC) knowing
  key

36
More on hashing Relative costs

• Using 0 keys (MD) is cheaper that using 1 key
  (S), which in turn is cheaper than using 2 keys
  (B, R)
• Privacy by j ? k Sdata is cheaper than j ? k
  B.kdata
• Authentication by j ? k MDjnS is cheaper
  than j ? k Sjn
• Non-repudiation via R.jMDdata is cheaper than
  R.jdata
• Often 2 keys are used in rare modes and 1 key is
  used in common modes

37
Ethical, social, policy and legal issues

• Some software we will study may be under export
  restriction, it is your responsibility to obey
  the applicable laws
• Many of the algorithms we will discuss are
  protected by patents, which makes it illegal to
  make and sell (or give away) computer programs
  that use those algorithms
• I expect you to work individually.
  Cheating/undisclosed collaboration will be dealt
  with severely
• Background Big Picture Reading
• From CSE4471 on Ethics/Law (optionally this,
  this)

38
Patent issues

• Many cryptographic techniques algorithms are
  patented
• Some are nonetheless royalty free (DES), at least
  for public use
• Software licenses are necessary in these cases

39
Export issues

• Some governments consider encryption a dangerous
  technology
• USA, Australia, New Zealand, France and Russia
  control export
• Export licenses are needed for export to a
  government
• Import always ok cannot export to Cuba, Iran,
  Iraq, Libya, North Korea, Sudan, Syria
• Previously
• Technical review needed for export to
  non-government
• Open source did not need review but must have
  deposited source code
• Less than 64 bit encryption generally ok for
  export
• Illegal to carry abroad encryption software on
  your laptop!

40
Elements of cryptographyTypes of security

• unconditional security
• no matter how much computation is available,
  cipher cannot be broken since ciphertext provides
  insufficient information to uniquely determine
  the corresponding plaintext
• one-time pad a truly random key as long as the
  message
• is unbreakable ciphertext bears no statistical
  relationship to plaintext
• can only use the key once though
• have problem of safe distribution of key
• computational security
• given limited computing resources (e.g. time
  needed for calculations is greater than age of
  universe), the cipher cannot be broken

41
Terminology

• cryptography - study of encryption
  principles/methods
• characterize by
• number of keys used
• single-key or private / two-key or public
• type of encryption operations used
• substitution / transposition / product
• way in which plaintext is processed
• block / stream
• cryptanalysis (codebreaking) - study of
  principles/ methods of deciphering ciphertext
  without knowing key
• cryptology - the field of both cryptography and
  cryptanalysis
• brute force attacks search-based alternative to
  cryptanalaysis attacker tries every possible key
  to decipher ciphertext

42
Brute force attacks

• always possible to simply try every key
• most basic attack, proportional to key size
• assume either know / recognise plaintext
• not all key sizes equal
• 80 bit DES 1024 bit RSA
• as of 2010, neither regarded as secure

43
Types of cryptanalysis attacks

• ciphertext only
• only know ciphertext / algorithm, statistical,
  can identify plaintext
• known plaintext
• attack cipher by knowing / suspecting plaintext
  ciphertext
• chosen plaintext
• attack cipher by selecting plaintext and
  obtaining ciphertext, useful if limited set of
  messages
• chosen ciphertext
• attack cipher by selecting ciphertext and
  obtaining plaintext
• chosen text
• attack cipher by selecting either plaintext or
  ciphertext to en/decrypt

44
Things we wont really talk about

• Substitution ciphers
• where letters of plaintext are replaced by
  others b ? e, c ? f
• or where if plaintext is viewed as a sequence of
  bits, then bit patterns are replaced with
  ciphertext bit patterns
• monoalphabetic arbitrary mapping of letter to
  letter 26! multiletter coding mapping from
  multiple letters
• polyalphabetic techniques multiple mappings
  e.g. position based
• subject to brute force search and frequency
  attacks
• Transposition (permutation) ciphers
• where the letter order is rearranged without
  altering the letters
• subject to frequency attacks

45
Things we wont really talk about

• Product ciphers
• use several ciphers in succession to make harder
• especially if a substitution is followed by a
  transposition
• number of rounds should suffice to make output
  look random
• each input bit in block should affect every
  output bit
• this is bridge from classical to modern ciphers
• Cryptanalysis tools
• special hardware
• supercomputers or parallel machines
• Internet coarse-grain parallelism

46
Things we wont really talk about (contd.)

• Steganography
• an alternative to encryption
• hides existence of message
• uses only subset of letters/words in longer msg
  marked in some way
• using invisible ink
• hiding in LSB in graphic image or sound file
• drawback high overhead to hide relatively few
  info bits