Download
lecture 0 n.
Skip this Video
Loading SlideShow in 5 Seconds..
Lecture 0 PowerPoint Presentation

Lecture 0

128 Views Download Presentation
Download Presentation

Lecture 0

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Lecture 0 Anish Arora CSE 5473 Network Security

  2. Objectives • Network security threats and countermeasures • Elements of cryptography • Protocols for security services  • Network security design using available secure solutions • Some advanced issues and technologies (e.g. DDoS attack detection & containment, anonymous communications, sensor network / cyberphysical security) • Original research in network security

  3. Yes, You will Master Acronyms • DES, AES, RSA, Blowfish, MD, RC, SHA… • IPSec • OSPF • SSL, TLS • PGP (BGP?) • DDoS

  4. What We Won’t Cover • Mathematics underlying cryptography • How to configure and install security solutions • Forensics • Comprehensive organization approach to information assurance • Business aspects of network security And we’ll only superficially cover: • How to crack systems (spyware, malware, adware) • How to deal with access breaches (firewalls, IDS, port knocking) • Legal issues underlying export and patenting

  5. Related Courses that Do Cover What We Omit • CSE 5473: This course • Focuses on network aspects of the tip of the so-called security pyramid • CSE 4471*: Information Security • A big picture perspective. From time to time, I’ll refer you here for background reading or access security • CSE 5351: Introduction to Cryptography • A reference for details on some of our topics Also 5472 (Information Security Projects), 5359 (Int. Studies in Crypto.) *: All links in lectures are optional reading unless otherwise specified

  6. What We Will Assume You should be familiar with: • Network layers • Protocols for the transport layer (TCP, UDP), for routing (RIP or OSPF), for the application layer (http) • C/C++and/or script programming I expect from you some mathematical maturity, including the ability to learn and use new mathematical & programming notations (NesC for instance)

  7. Course Materials Webpage: http://cse.ohio-state.edu/~anish/5473.html (read this) syllabus, slides, notes, assignments, announcements Text • William Stallings, Cryptography and Network Security: Principles & Practice ; either: • 5th Ed., Prent. Hall, 2010, ISBN:0136097049 errata • 4th Ed., Prent. Hall, 2002, ISBN:0131873164 errata References • Mark Stamp, Information Security: Principles & Practice, Wiley 2011 ISBN:0470626399 • Bruce Schneier, Applied Cryptography, 2nd Ed., Wiley 1996 ISBN 0-471-11709-9

  8. My Expectations • Read the material assigned in class, to the point that you can answer simple conceptual or what-if questions in the quiz. (I don’t expect you to remember details of crypto algorithms or security protocols or usage parameters) • Work independently and ethically on homeworks and labs • Discuss flaws, threats, attacks relevant to the discussion in class; keep in mind you may know more about specific security features and bugs than your instructor does

  9. Grading Plan • Homework assignments:15% (focus: puzzles) • Laboratory exercises: 25% (focus: cracking) • In-class quizzes: 10% • Midterm quiz: 20% (focus: concepts) • Research project: 30% (focus: theory/implementation) Project will be done by teams of 2 undergraduates, or one graduate student. I’ll provide options for programming projects or you may consult with me to choose your own (theory, analysis, design, or implementation) project Grading is relative  You might get an A at 75%

  10. Outline of Lecture 0 • Security attacks • Security mechanisms • Security models • Security services Background `big picture’ : • 4471 discussion of threats/attack (Read this)

  11. Security Attacks Definition Any action that compromises security of information Examples :

  12. Security Attacks (contd.) • Other attacks include: • Flooding, Denial of Service, Jamming • Traffic Analysis • Routing Attacks: false routes, configuration changes (SNMP) • Leak Information, Disown Information • Remote arbitrary code execution, e.g., via Viruses or Worms • Trapdoors, Covert functions, Logic Bombs • Man in the Middle • impersonates peers to one another; provides service via others • Free Rider or Free Loader • a peer that gets service but does not provide service • Lazy Middle Man • a peer that does part of the work but never whole • Inject faults

  13. Number of Security Attacks

  14. Trends in Security Attacks Optional reading: Malware, Worms, Phishing, Botnets, XSS

  15. Security Attacks (contd.) • Attacks are comprised of elementary attacks: • Replay • Deletion • Host compromise • Capability compromise • Key compromise • Data Encryption: requires knowledge of key • Data Decryption: requires knowledge of inverse key • Timestamps: requires access to a secure time server • Eavesdropping • IP spoofing (Optional reading: Sniffing, Spoofing, Password tools)

  16. Types of Security Attacks Attacks Attacks Attacks

  17. A Classification of Security Attacks • Passive or Active: • both can access information being communicated, but only the latter can create or modify it • Host Compromise or Communication Compromise: • only the former can obtain knowledge of all information known to the host • Internal or External: • only the former can impersonate a system process, and thus also act as an intermediary • only the former let’s the protocol being executed known • Destructive or Nondestructive: • only the latter allows information to still be correctly communicated to the destination(s)

  18. Security Mechanism Definition A mechanism that is designed to detect, prevent, or recover from a security attack Pervasive security mechanisms include: • encryption or encipherment • digital signatures, notarization • traffic padding • routing control • trusted functionality • security labels • access controls • event detection • audit trails • firewalls

  19. Types of Keys Cryptography underlies many security mechanisms. Keys are often used for securing or unsecuring information • Symmetric, S: Same key is used to encode and decode • Asymmetric or Public/Private, B/R: Public key is used to encode, private key to decode • One way function, f: Given x, it is easy to compute f(x), but given f(x) it’s hard to compute x • One way function with trapdoor, f: A one way function where given f(x) it is easy to compute x if one knows a trapdoor function g s.t. g(f(x))=x

  20. Types of Keys (contd.) • One way permutation, f,g: Both f and g are one way functions and each other's trapdoor • One way hash function, MD: A hash function MD that is one way (Recall that a hash function may be many-to-one) • One way weakly collision-free hash function, MD: A one way hash function MD s.t. given x it is hard to compute a different y s.t. MD(x)=MD(y) • One way strongly collision-free hash function, MD: A one way hash function MD s.t. it is hard to compute different x and y s.t. MD(x)=MD(y)

  21. Types of Keys (contd.) • Weak key: A key in the key-space that does not encode well, e.g., 0-key, and is thus easy to guess • Complement key: A key s.t. Complement(f(x)) = f(Complement(x)) and thus involves considering half the x to guess • Related keys: A pair of keys that are related by some difference which can be exploited to reduce the number of x to guess

  22. Kerchoff’s Principle • For key based cryptosystems, the property of security should not rely on the secrecy of the mechanism (aka, algorithm) • In other words, it should rely only on the secrecy of the key • Interpretation: avoid security by obscurity

  23. Security Models:A Model for Secure Network Communication Consider information flowing over an insecure communications channel, in the presence of possible opponents An appropriate security transform (encryption algorithm) can be used, with suitable keys, possibly negotiated using the presence of a trusted third party Using this model requires us to: • design a suitable algorithm for the security transformation • generate the secret information (keys) used by the algorithm • develop methods to distribute and share the secret information • specify a protocol enabling the principals to use the transformation and secret information for a security service

  24. A Model for Secure Network Communication

  25. A Model for Network Access Security Consider controlled access to information or resources on a computer system, in the presence of possible opponents Appropriate controls are needed on the access and within the system, to provide suitable security. Some cryptographic techniques are useful here also Using this model requires us to: • select appropriate gatekeeper functions to identify users • implement security controls to ensure only authorized users access designated information or resources • implement trusted computer systems

  26. A Model for Network Access Security Recall: CSE 651 focuses more on Comm. than Access Model

  27. Security Service Definition A service that enhances the security of data processing systems and information transfers. Makes use of one or more security mechanisms Examples of network security service requirements: • authentication • privacy, confidentiality • integrity • non repudiation • obliviousness • information flow

  28. Authentication Definition The requirement by which a process securely communicates its identity to another Thus, if process k receives an identification communication from process j then it must be the case that there is a corresponding send of that identification communication by j Note that if messages are not all unique, then to deal with replay of old communications from j, we may have to embed counters in the state to capture bad prefixes Instances of identity communication of j: k  j : n j  k : R.j ‹n› or k  j : n j  k : S ‹n ; j›

  29. Privacy Definition The requirement by which communication is possible that can be decoded only by the processes that agree to communicate In some cases, source, destination, frequency of communication needs to be protected as well Instances of private communication from j to k: • j  k : S ‹data› or • j  k : B.k ‹data›

  30. Integrity Definition The requirement by which a recipient can prove to itself that the message is what was indeed sent I.e., the message was not modified or replaced Instance of integrity of communication from j to k: • j  k : data, MD(data; S)

  31. Non Repudiation Definition The requirement by which a recipient can prove to anyone that the message was indeed sent by the sender Likewise, a sender can prove that a recipient indeed received the message Note that non-repudiation implies integrity, but not vice versa. Note that non-repudiation does not necessarily imply authentication, since the message could have been forwarded by a third party Instance of nonrepudiation of communication from j to k: • j  k : data, R.j ‹data› or • j  k : data, R.j ‹MD(data)›

  32. Obliviousness Definition The requirement by which a process may perform a set of operations but not be sure which one (or more) of them was correctly performed • E.g., a process may send two messages but not be sure which one of them was correctly received • E.g. (slide 93 onwards), a process may sign one of a set of messages but not know which one it signed, or use one of a set of keys to encrypt with but not know which one was chosen

  33. Information Flow Definition The requirement by which a high-level process cannot communicate any information to a low-level process, directly or indirectly Sometimes this is called absence of covert channels or subliminalchannels One sufficient condition for this requirement is called noninterference, which says that the outcome of an action of a low-level process in a computation remains the same even if actions performed by all higher-level processes are added or deleted to the computation

  34. Security services (contd.) Other important security services include: • authorization: access is enabled if that access is allowed • availability: permanence, non-erasure • verifiability: a sort of integrity, revealing originality not content • unforgeability: a sort of integrity, forged messages must be independent of original messages • distinguishability: can guess whether encrypted msg is m0/m1 • detectability: can guess whether encrypted msg is valid Optional reading: Firewalls (upto slide 37), Intrusion Detection

  35. An aside on hashing • Length of hash << length of message, & often fixed at 48-128 • Some other names of hashing: finger printing, message integrity check (MIC), message digest, cryptographic checksum, manipulation detection code • Hash functions are wellknown. So hashing, unlike encryption algorithms, is exportable; often used to communicate programs securely over the web • MD‹key;data› is a message authentication code (MAC) or data authentication code (DAC); knowing key

  36. More on hashing: Relative costs Using 0 keys (MD) is cheaper that using 1 key (S), which in turn is cheaper than using 2 keys (B, R) Privacy by j  k: S‹data› is cheaper than j  k: B.k‹data› Authentication by j  k: MD‹j;n;S›is cheaper than j  k: S‹j;n› Non-repudiation via R.j‹MD‹data››is cheaper than R.j‹data› Often 2 keys are used in rare modes and 1 key is used in common modes

  37. Ethical, social, policy and legal issues • Some software we will study may be under export restriction, it is your responsibility to obey the applicable laws • Many of the algorithms we will discuss are protected by patents, which makes it illegal to make and sell (or give away) computer programs that use those algorithms • I expect you to work individually. Cheating/undisclosed collaboration will be dealt with severely • Background `Big Picture’ Reading: • From CSE4471 on Ethics/Law (optionally this, this)

  38. Patent issues • Many cryptographic techniques & algorithms are patented • Some are nonetheless royalty free (DES), at least for public use • Software licenses are necessary in these cases

  39. Export issues • Some governments consider encryption a dangerous technology • USA, Australia, New Zealand, France and Russia control export • Export licenses are needed for export to a government • Import always ok; cannot export to Cuba, Iran, Iraq, Libya, North Korea, Sudan, Syria • Previously: • Technical review needed for export to non-government • Open source did not need review but must have deposited source code • Less than 64 bit encryption generally ok for export • Illegal to carry abroad encryption software on your laptop!

  40. Elements of cryptography:Types of security • unconditional security • no matter how much computation is available, cipher cannot be broken since ciphertext provides insufficient information to uniquely determine the corresponding plaintext • one-time pad: a truly random key as long as the message • is unbreakable: ciphertext bears no statistical relationship to plaintext • can only use the key once though • have problem of safe distribution of key • computational security • given limited computing resources (e.g. time needed for calculations is greater than age of universe), the cipher cannot be broken

  41. Terminology • cryptography - study of encryption principles/methods • characterize by: • number of keys used • single-key or private / two-key or public • type of encryption operations used • substitution / transposition / product • way in which plaintext is processed • block / stream • cryptanalysis (codebreaking) - study of principles/ methods of deciphering ciphertext withoutknowing key • cryptology - the field of both cryptography and cryptanalysis • brute force attacks – search-based alternative to cryptanalaysis: attacker tries every possible key to decipher ciphertext

  42. Brute force attacks • always possible to simply try every key • most basic attack, proportional to key size • assume either know / recognise plaintext • not all key sizes equal: • 80 bit DES ~ 1024 bit RSA • as of 2010, neither regarded as secure

  43. Types of cryptanalysis attacks • ciphertext only • only know ciphertext / algorithm, statistical, can identify plaintext • known plaintext • attack cipher by knowing / suspecting plaintext & ciphertext • chosen plaintext • attack cipher by selecting plaintext and obtaining ciphertext, useful if limited set of messages • chosen ciphertext • attack cipher by selecting ciphertext and obtaining plaintext • chosen text • attack cipher by selecting either plaintext or ciphertext to en/decrypt

  44. Things we won’t really talk about Substitution ciphers: • where letters of plaintext are replaced by others: b  e, c  f • or where if plaintext is viewed as a sequence of bits, then bit patterns are replaced with ciphertext bit patterns • monoalphabetic: arbitrary mapping of letter to letter; 26! multiletter coding: mapping from multiple letters polyalphabetic techniques: multiple mappings e.g. position based • subject to brute force search and frequency attacks Transposition (permutation) ciphers: • where the letter order is rearranged without altering the letters • subject to frequency attacks

  45. Things we won’t really talk about Product ciphers: • use several ciphers in succession to make harder • especially if a substitution is followed by a transposition • number of rounds should suffice to make output look random • each input bit in “block” should affect every output bit • this is bridge from classical to modern ciphers Cryptanalysis tools: • special hardware • supercomputers or parallel machines • Internet coarse-grain parallelism

  46. Things we won’t really talk about (contd.) Steganography • an alternative to encryption • hides existence of message • uses only subset of letters/words in longer msg marked in some way • using invisible ink • hiding in LSB in graphic image or sound file • drawback: high overhead to hide relatively few info bits