Network and Communication SecurityOverviewInternet’s Design: InsecureSecurity: DefinitionBasic ComponentsEavesdropping - Message Interception (Attack on Confidentiality)Eavesdropping Attack: ExampleIntegrity Attack - TamperingAuthenticity Attack - FabricationAttack on AvailabilityImpact of AttacksIntroduction to CryptographyWhat is Cryptography?Cryptographic Algorithms: GoalThree Types of FunctionsCryptographic hash functionsCryptography Hash FunctionsHash Algorithm StructureHash and MAC AlgorithmsHow hard to find collisions? Birthday ParadoxHow Many Bits for Hash?Example useExample use #2: TCP SYN cookiesSlide 24Symmetric (Secret) Key CryptographySymmetric EncryptionSymmetric Cipher ModelRequirementsBlock vs. Stream CiphersPublic-Key CryptographyWhy Public-Key Cryptography?Slide 32Slide 33Security of Public Key SchemesRSARSA AlgorithmIP SecuritySlide 38IPSecIPSec UsesBenefits of IPSecIP Security ArchitectureIPSec ServicesTransport vs. Tunnel Mode ESPDNS SecuritySlide 46Root level DNS attacksDo you trust the TLD operators?Defense: Replication and CachingDNS Amplification AttackSolutionsBut should we believe it? Enter DNSSECPK-DNSSEC (Public Key)Verifying the treeSummaryNetwork and Communication SecurityCOS 461: Computer NetworksSpring 2009 (MW 1:30-2:50 in COS 105)Mike FreedmanTeaching Assistants: Wyatt Lloyd and Jeff Terracehttp://www.cs.princeton.edu/courses/archive/spring09/cos461/1Overview•Network security and definitions•Brief introduction to cryptography–Cryptographyic hash hunctions–Symmetric-key crypto–Public-key crypto•IP-Sec•DNS-Sec (Slides partially from Nick Feamster’s GATech network security course)2Internet’s Design: Insecure•Designed for simplicity•“On by default” design•Readily available zombie machines•Attacks look like normal traffic•Internet’s federated operation obstructs cooperation for diagnosis/mitigation3Security: Definition•Security is a state of well-being of information and infrastructures in which the possibility of successful yet undetected theft, tampering, and disruption of information and services is kept low or tolerable•Security rests on confidentiality, authenticity, integrity, and availability4Basic Components•Confidentiality: concealment of information or resources•Authenticity: identification and assurance of the origin of info•Integrity: the trustworthiness of data or resources in terms of preventing improper and unauthorized changes•Availability the ability to use the info or resource desired•Non-repudiation: offer of evidence that a party indeed is the sender or a receiver of certain information•Access control: facilities to determine and enforce who is allowed access to what resources (host, software, network, …)5Eavesdropping - Message Interception (Attack on Confidentiality)•Unauthorized access to information•Packet sniffers and wiretappers•Illicit copying of files and programsABEavesdropper6Eavesdropping Attack: Example•tcpdump with promiscuous network interface–On a switched network, what can you see?•What might the following traffic types reveal about communications?–DNS lookups (and replies)–IP packets without payloads (headers only)–Payloads7Integrity Attack - Tampering•Stop the flow of the message•Delay and optionally modify the message•Release the message againABPerpetrator8Authenticity Attack - Fabrication•Unauthorized assumption of other’s identity•Generate and distribute objects under this identityABMasquerader: from A9Attack on Availability•Destroy hardware (cutting fiber) or software•Modify software in a subtle way•Corrupt packets in transit•Blatant denial of service (DoS):–Crashing the server–Overwhelm the server (use up its resource)AB10Impact of Attacks•Theft of confidential information•Unauthorized use of–Network bandwidth–Computing resource•Spread of false information•Disruption of legitimate servicesAll attacks can be related and are dangerous!1112Introduction to Cryptography13What is Cryptography?•Comes from Greek word meaning “secret”–Primitives also can provide integrity, authentication•Cryptographers invent secret codes to attempt to hide messages from unauthorized observers•Modern encryption:–Algorithm is public, key is secret and provides security–May be symmetric (secret) or asymmetric (public)plaintextciphertextplaintextencryption decryption14Cryptographic Algorithms: Goal•Given key, relatively easy to compute•Without key, hard to compute (invert)•“Level” of security often based on “length” of key15Three Types of Functions•Cryptographic hash Functions–Zero keys•Secret-key functions–One key•Public-key functions–Two keys16Cryptographic hash functions17Cryptography Hash Functions•Take message, m, of arbitrary length and produces a smaller (short) number, h(m)•Properties–Easy to compute h(m)–Pre-image resistance: Hard to find an m, given h(m)•“One-way function”–Second pre-image resistance: Hard to find two values that hash to the same h(m)•E.g. discover collision: h(m) == h(m’) for m != m’–Often assumed: output of hash fn’s “looks” randomHash Algorithm Structure18Hash and MAC Algorithms•Hash Functions–Condense arbitrary size message to fixed size–By processing message in blocks–Through some compression function–Either custom or block cipher based•Message Authentication Code (MAC)–Fixed sized authenticator for some message–To provide authentication for message–By using block cipher mode or hash function19How hard to find collisions? Birthday Paradox•Compute probability of different birthdays•Random sample of n people taken from k=365 days•Probability of no repetition:–P = 1 - (1)(1 - 1/365)(1 – 2/365)(1 – 3/365) … (1 – (n-1)/365)–P ~ 1 – e^-(n(n-1)/2k–Let k=n, P ~ 2^N/220How Many Bits for Hash?•If m bits, takes 2m/2 to find weak collision–Still takes 2m to find strong (pre-image) collision•64 bits, takes 232 messages to search (easy!)•Now, MD5 (128 bits) considered too little•SHA-1 (160 bits) getting old2122Example use•Password hashing–Can’t store passwords in a file that could be read•Concerned with insider attacks!–Must compare typed passwords to stored passwords•Does hash (typed) == hash (password) ?–Actually, a “salt” is often used: hash (input || salt)•File-sharing software (Freenet, BitTorrent)–File named by Fname = hash (data)–Participants verify that
View Full Document
Unlocking...