Berkeley ELENG 122 - Introduction to Security - D1604317

Home> Schools> University of California, Berkeley> Electrical Engineering (ELENG) > ELENG 122> Introduction to Security

DOC PREVIEW

Berkeley ELENG 122 - Introduction to Security

School name University of California, Berkeley

Course Eleng 122- Introduction to Communication Networks

Pages 7

This preview shows page 1-2 out of 7 pages.

Save

View full document

Premium Document

Do you want full access? Go Premium and unlock all 7 pages.

Access to all documents

Download any document

Ad free experience

Subscribe for instant access Get instant access

Unformatted text preview:

Examples of Attack Principles Threats Cryptography Security Systems EECS 122 University of California Berkeley EECS122 Contents Index Basic Mechanism Attacker overwrites program stack to force execution of her code Examples Buffer Overflow Denial of Service Attack Email virus ARP attack EECS122 Contents Index SECURITY Virus Corrupt files SECURITY Attacks EECS122 Contents Index SECURITY Attacks Buffer Overflow Protect memory by preventing overwrite of stack either through OS or through language Check validity of request 0 1 2 EECS122 Contents Index SECURITY Attacks Buffer Overflow EECS122 Contents Index SECURITY Attacks Buffer Overflow Basic Mechanism Flood a host with a rapid sequence of SYNs Effect Saturate a link to a host by sending requests from many nodes across the Internet Host sets aside some space to store state of new TCP connection If rapid sequence then host runs out of space and crashes Effect Host is incapacitated Remedies Remedies Verify that source IP exists i e is not spoofed Block packets that DDOS tools use some ICMPs Limit rate of ICMP flows Limit rate of SYNs Trace back from last router upstream to block packets toward that link Check for valid SYNs i e SYNs followed by requests discard invalid SYNs to clear memory Use smart firewall that forwards only valid SYNs to hosts Store state in cookie that comes back with request EECS122 Contents Index SECURITY Attacks DOS SYN EECS122 Contents Index SECURITY Attacks DOS DDOS Basic Mechanism Basic Mechanism Attachment that contains virus Intruder replies to ARP request and performs denial of service on host A ARP Who is IP B C ARP I am IP B DoS B Effect Some email programs execute code in virus without authorization Effect C impersonates B for A Remedies Remedies Firewall to check attachments and remove specific ones Avoid automatic execution of attachments EECS122 Contents Index Distributed Denial of Service Attack Basic Mechanism SECURITY Attacks Email EECS122 Contents Index You would somehow like to have your data or that of others be secure This often means you want to know who really sent it know nobody else read it More specifically protect from eavesdropping masquerading replay traffic analysis exploit based attacks denial of service EECS122 Contents Index Check source of ARP Avoid DoS SECURITY Principles SECURITY Attacks ARP These attacks are often classified as Active somebody actually generates or modifies network traffic easier to detect harder to prevent Passive somebody just collects and analyses network traffic harder to detect easier to prevent EECS122 Contents Index SECURITY Principles 01 2 1 Against Type Protection Computers Physical Infection Intrusion Physical security lock Virus detection Firewall passport control Users Identity Privacy Signature password watermark Encryption relay Documents Integrity Confidentiality Message authentication code Encryption EECS122 Contents Index 3 1 Basic Mechanism Main Issues Secret Key Public Key Hashing SECURITY Threats EECS122 Contents Index 3 1 4 567 4 4 867 4 0 Secret Key E and D are known only to Bob and Alice Public Key Alice advertises E that should be used to encrypt messages to her 5 9 0 0 3 1 867 Two flavors 9 6 5 9 7 EECS122 Contents Index 567 8 90 0 0 SECURITY Cryptography SECURITY Cryptography Basic Mechanism EECS122 Contents Index SECURITY Cryptography Basic Mechanism 3 4 567 4 4 867 4 For the cryptographer the main issues choice of the transformation D and E 8670 is the underlying mathematical basis efficient for decoding and encoding with keys and hard without them do you publish the algorithm or not 0 567 567 1 4 9 0 2 5 9 0 4 0 5670 4 0 9567 0 0 0 867 4 0 9 0 6 567 7 0 0 0 867 EECS122 Contents Index SECURITY Cryptography Basic Mechanism generation and distribution of keys might like to use random numbers but computers aren t exactly random devices how do you get a secret from one person to another if you don t already have keys EECS122 Contents Index SECURITY Cryptography Main Issues 3 4 3 For the cryptanalyst the main issues 567 56A 7 867 86A 7 what is already known algorithm plaintext ciphertext pairs any information about generation of the keys types of attacks SECURITY Cryptography Main Issues 4 9 0 0 0 0 ciphertext only freq analysis brute force known plaintext chosen plaintext EECS122 Contents Index 0 56 7 EECS122 Contents Index 86 7 SECURITY Cryptography Secret Key 4 EXAMPLE 2 Data Encryption Standard DES EXAMPLE 1 One Time PAD C P K addition bit by bit modulo 2 no carry 9 K random string of bits 50 0 50 1 If used only once this is a perfect code C is perfectly random and contains no information about P Application Top Secret transmissions K is stored in a CD ROM that is delivered securely ahead of time EECS122 Contents Index SECURITY Cryptography Secret Key 4 85 0 0 0 90 0 B CD 0 0 0 EECS122 Contents Index SECURITY Cryptography Secret Key 4 Note DES Modes of Encryption Note DES Modes of Encryption 64 bits 64 bits E 64 bits 64 bits 64 bits E 64 bits Pn n 1 RC n 1E R E Pn n Pn Z n 1 EECS122 Contents Index 64 bits 64 bits E 64 bits Rn 1 Cn Cn D Cn Cn 1 E Pn R P n Zn 1 n P n SECURITY Cryptography Secret Key Pn n 1 RC n 1E R E Pn n Pn Z n 1 EECS122 Contents Index 64 bits 64 bits E 64 bits Rn 1 Cn Cn D Cn Cn 1 E Pn R P n Zn 1 n P n SECURITY Cryptography Secret Key 4 5 4 Note DES Modes of Encryption 5 64 bits 64 bits E 64 bits 64 bits 64 bits E 64 bits Rn 1 Cn 1 n 1 RC n 1E E Pn R Pn R EC D Pn n P n n Zn 1 n P Pn Z n 1 Cn n Cn EECS122 Contents Index SECURITY Cryptography 0 4 EECS122 Contents Index Secret Key EECS122 Contents Index SECURITY Cryptography Public Key Integrity Key Management Identification I SECURITY Cryptography 67 6I 7 Hashing 2 EECS122 Contents Index SECURITY Cryptography Systems 2 Alice sends P H P where H P is protected by Alice sends P H P where H P is protected by a Authentic channel c Digital Signature Alice sends C D P Alice and Bob recovers P E C Alice However if Eve constructs C and computes P E C Alice Bob will think that Alice sent D P Alice Instead Alice should send D P H P Alice because it is unlikely that Eve can find some C so that E C Alice has the form P H P for some P b Message Authentication Code Note that E H P K with K secret may not be secure For instance Z H P R is not secure since then Eve can compute H P from P and R from Z H P and then Eve can send P and H P R Secure H K2 H K1 P where K1 and K2 are secret to Alice and Bob since Eve cannot compute …

View Full Document

Berkeley ELENG 122 - Introduction to Security

Sign up for free to view:

This document and 3 million+ documents and flashcards
High quality study guides, lecture notes, practice exams
Course Packets handpicked by editors offering a comprehensive review of your courses
Better Grades Guaranteed


School:
Email:
New Password:
Confirm Password:

This preview shows page 1-2 out of 7 pages.

Berkeley ELENG 122 - Introduction to Security

Sign up for free to view:

Please select your school