{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

CSC 607 Meeting 5 Charts

CSC 607 Meeting 5 Charts - Security in Computing – CSC...

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: Security in Computing – CSC 607 Security Wireless Security – WCM 605 Wireless Meeting 5 Tuesday 19 Jan 2010 Pfleeger & Pfleeger Chapter 6 1/19/2010 1/19/2010 1 Week 3 Schedule Tue 1/19 Mid Term Exam Security and the Layered Architecture Form Teams for Breaking WEP Projects Thu 1/21 Week 2 Small Group Project Presentations Security Planning, Policy and Administration Database Security Voice Oriented Wireless Networks Data Oriented Wireless Networks Security in Traditional Wireless Networks Week 3 Reading – Pfleeger & Pfleeger 4th Edition Chapters 6 and 8 Chandra Chapter 3 pp 75­84, Chapter 4, Chapter 5 Written Assignment B due by midnight, Saturday, Jan 23 1/19/2010 1/19/2010 2 Security and the Layered Architecture 1/14/2010 1/14/2010 3 Network Architectures Reference model • describes layers of hardware/software For data transmission between two points For multiple devices / applications to interoperate • Increases likelihood components from different manufacturers can converse Two key models • OSI model • TCP/IP 1/14/2010 1/14/2010 4 Logical and Physical Logical Connections Logical connection • Exists only in the software Physical connection • Exists in the hardware In a network architecture: • Only the lowest layer contains the physical connection • All higher layers contain logical connections 1/14/2010 1/14/2010 5 International Standards International Organization (ISO) Open Systems Interconnection Model Systems Layer 7 6 5 4 3 2 1 Name Applicat ion Present at ion Session Transport Net work Dat a Link Physical Activity User­level dat a St andardized dat a appearance, blocking, t ext compression Logical connect ions bet ween part s of an applicat ion, sequencing Flow­cont rol, end t o end error correct ion Rout ing, decomposit ion/ recomposit ion int o/ from packet s Reliable dat a delivery over physical medium Individual bit t ransmission on physical medium The “Granddaddy” of network protocols – mid­1970s Each layer adds its own services Each layer passes data in three directions Above ­ to a higher layer Parallel – to the same layer in another host (virtual communications) Below – to a lower layer 1/14/2010 1/14/2010 6 OSI Functions 1/14/2010 1/14/2010 7 Network Addressing Network Layer adds logical addresses Data Link layer adds physical addresses 1/14/2010 1/14/2010 8 TCP/IP – The Most Important TCP/IP Protocol Protocol Transmission Control Protocol – TCP • Breaks down messages into packets • Reassembles packets into messages in correct sequence • Calls for retransmission of missing or “bad” packets or drops them Internet Protocol – IP • Sends packets as datagrams (routing) • Flow control – 1/14/2010 1/14/2010 “Wait up … I’m overloaded!” “OK, you can start sending again” 9 TCP/IP TCP/IP Comparison with OSI with 1/14/2010 1/14/2010 10 Some Internet Application Protocols TCP SMTP – Simple Mail Transfer Protocol for email HTTP – Hypertext Transfer Protocol for web pages • FTP – File Transfer Protocol for batch transfer of files • Telnet – Terminal Emulation Protocol • • UDP Protocols • SNMP – Simple Network Monitoring Protocol for control of network devices • Syslog – System Audit Log for entering records in the system log • Time – for synchronization 1/14/2010 1/14/2010 11 Security and the Layered Architecture Fundamental Issue – Where Should Security be Implemented? • Which layer(s)? 1/14/2010 1/14/2010 Ideal Answer – Every Layer 12 Physical Layer Security Layer 1 • Security has not been a major issue in the wired network • Wireless changes things 1/14/2010 1/14/2010 Direct Sequence Spread Spectrum (DSSS) has some inherent security • Not cryptographic, but good, so long as chip sequence is kept secret Frequency Hopping Spread Spectrum (FHSS) has some inherent security • Not cryptographic but hard to defeat, so long as frequency hopping sequence is kept secret DSSS and FHSS provide a deterent • Keeps out casual eavesdroppers • Protects against DoS attacks from attempted frequency jamming 13 Link Layer Security Layer 2 • Security has not been built in • It made more sense to build security into the most dominant layer 3 – IP layer IP Layer designed to binds together multiple layer 2 protocols • Biggest layer 2 deterrent in layer 2 is physical access to media • Several layer 2 protocols have been designed • Key layer 2 security protocol – Extensible Authentication Protocol (EAP) 1/14/2010 1/14/2010 14 Extensible Authentication Extensible Protocol (EAP) Protocol Supports multiple authentication methods • Any authentication method and access technology can work together without a tight integration • EAP over link layer can support >50 authentication methods over an Ethernet network number of methods expected to grow with no changes needed in Link Layer and Physical Layer • Adopted by IEEE 802.1X 1/14/2010 1/14/2010 15 RADIUS and Diameter “Authenticator” also t called Point of es u eq Presence (POP) in t ­R ep ss e cc Also known textbook cc ­A A s es as the c Ac supplicant Client RAS (Remote Access Server) RADIUS Client RADIUS Server Authenti­ cation server Network RADIUS – designed for small networks DIAMETER – developed by IETF as next generation AAA protocol 1. User connects to RAS 2. RAS passes user credentials to Radius Designed to support roaming and mobile IP Server using UDP (Single octet – max 255) networks from the beginning 3. If RAS can authenticate it issues Access­ More flexible in attribute data (3 octets­max Accept 16 million) 4. RAS completes negotiation with client Better transport, proxying, session control 5. If RAS cannot authenticate, it issues and security Access­Reject Uses TCP or SCTP 1/14/2010 1/14/2010 16 EAP (IEEE 802.1X) Architecture Router Radius server Ethernet Port connect Access blocked until authentication EAPOL EAPOL­Start RADIUS EAP­Request/Identity EAP­Response/Identity EAP Request EAP­Response (credentials) EAP­Success 1/14/2010 1/14/2010 RADIUS­Access­Request RADIUS­Access­Challenge RADIUS­Access­Request RADIUS­Access­Accept Authentication can be unidirectional or bidirectional (e.g. client can require network to identify itself to the client) 17 Ports in EAP Model Supplicant EAPoL Switched or Shared Ethernet Uncontrolled Port MAC Enable/D isable Authenticator EAP Authentication Server Port Authorization Controlled Port Authorized LAN Resources Ports are logical entities Controlled port is initially closed • Opened when instructed by Authenticator • Authenticator issues “Open” command ONLY when Auth. Server issues “success” Authentication process carried out over uncontrolled port • Allows ONLY EAP packets to pass through to Auth. Server 1/14/2010 1/14/2010 18 EAP Advantages and Disadvantages Advantages • Any arbitrary authentication protocol can be exchanged between supplicant and authentication server • Authenticator does not have to understand authentication method Can act as a pass­through agent for auth. server • This separation simplifies key and credentials management Concentrated at back­end server Disadvantages • No inherent mechanism in EAP to tie together mutual authentications (A­>B and B­>A) • No protection against a forged “EAP­success” Success message is not cryptographically protected • No mechanism to tie auth. Procedure to the following session 1/14/2010 1/14/2010 Leaves this up to the link layer 19 Security Contexts Two major categories of Authentication Methods • Result in establishment of a security context Example: Transport Layer Security protocol ­ TLS • Do not result in establishment of a security context Examples: MD5, SHA, … EAP does not provide for establishment of a security context therefore … EAP should always be used with an authentication protocol that DOES establish a security context • Good example: EAP­TLS (Transport Layer Security) 1/14/2010 1/14/2010 TLS originally designed (RFC 2246) as library of wrapper functions around socket layer Modified by RFC 2716 to sit over EAP 20 Recall: Diffie-Hellman Key Exchange 1. 2. 3. 4. 5. A selects large prime n, generator g, and random number x A computes: Sx = gx mod n A sends Sx, g and n to B B generates random y, computes gy mod n and sends result (Sy) to A A computes (Sy)x = gxy mod n B computes (Sx)y = gxy mod n Now A and B both know Sxy = gxy mod n, the shared secret key (Alice) 1/14/2010 1/14/2010 •Only A knows x •Only B knows y •g, n, Sx, and Sy are not kept secret •It is very hard for E to compute x or y (requires discrete logarithms) (Bob) 21 EAP-TLS Mutual Auth Using DH 1. EAP­Request: ID 2. EAP­Response ID 3. EAP­Request: TLS_Start 4. EAP­Response: TLS_Client_Hello EAP­Request: TLS_Server_Hello TLS_Server_Cert, TLS_Server_Hello_Done 5. EAP­Response: TLS_Client_Key_Exchange TLS_Client_Change, TLS_Client_Finished 6. EAP­Request: TLS_Server_Change_CS TLS_Server_Finished 7. EAP­Response: Null Data 8. (A) Master Key derived from TLS is not used during this session • 1/14/2010 1/14/2010 Has already been used in “handshake session” • (B) Details in textbook, p 75 New Keys are derived from the TLS master secret 22 Network Layer Security Network Layer (Layer 3) is responsible for end­ to­end connectivity Internet Protocol Security (IPSec) Protocol works at Layer 3 Layer 3 sits inside the operating system IPSec code is generally bundled inside the OS • Centralizes responsibility for security at the OS 1/19/2010 1/19/2010 23 OS Security Alternatives A. Combined Security Kernel/Operating System B. Separate Security Kernel 1/19/2010 1/19/2010 24 OS Security Alternatives II C. Layered Operating System Another way to achieve encapsulation 1/19/2010 1/19/2010 25 What is IPSec? Protects communications between two IP nodes • Operates on the network layer One IP address may be communicating with multiple other IP addresses • Each session will have separate security parameters • Parameters for multiple sessions maintained in Security Association database Per entry: remote ID, current crypto key, crypto services and algorithms in use, sequence number, … Created to work with IPv4, • Built into IPv6 1/19/2010 1/19/2010 26 Key Management and Security Key Association Internet Key Exchange (IKE) Protocol: • • • • Provides authentication Establishes key exchange Negotiates Security Association Offers protection from replay attacks Security Association: Creates cryptographically protected connection Unidirectional Is the way that both sides agree to communicate and both must support IPSec • Makes header authentication and payload encapsulation possible • • • 1/19/2010 1/19/2010 27 IPSec Headers IPSec AH and ESP carry information needed to decrypt and verify encrypted and/or integrity­protected IP packet Authentication Header (AH): • • • Inserts a separate header Provides data origin authentication, integrity Does not provide confidentiality of the packet data, or payload Encapsulating Security Payload (ESP): • Encrypts the payload therefore providing confidentiality • Also supports integrity 1/19/2010 1/19/2010 ESP is sufficient for most practical purposes 28 0 IPSec Authentication Header 8 Next header 16 24 Payload Length Reserved Security parameters index (SPI) Sequence number field Authentication data … IPSec ESP Header 0 Payload data (contd) 8 16 24 Security parameters index (SPI) Sequence number field Payload data Padding (0-255 bytes) Pad length Next Header Authentication data … 1/19/2010 1/19/2010 29 IPSec Two Modes IPSec Transportation mode: • IPSec headers inserted between IP header and packet payload/ data • In this mode only the payload is encrypted, usually used in end­ to­end communication Tunnel Mode: • Typically used in VPNs • IPSec headers inserted around IP packet and another new IP header is inserted around the encapsulated packet • This mode is usually between communication end points or for intranet gateway to intranet gateway communication 1/19/2010 1/19/2010 Old packet restored at the gateway 30 IPSec Encapsulation Example 1/19/2010 1/19/2010 31 IKE Internet Key Exchange (IKE) Protocol: • Provides mutual authentication • Negotiates Security Association (SA) SA includes keys for authentication and/or encryption • Offers protection from replay attacks Eight Variations • Four types of keys Preshared Secret Key (SKC) Public Encryption Key (original) (private decryption key) Public Encryption Key (revised) Public Signature Key (private verification key) • Two Modes for each of the four keys Main Mode • More security features Identify protection Secure negotiation of crypto parameters Aggressive Mode • • • More efficient in terms of number of messages exchanged Less bandwidth required Less time consumed Extreme flexibility makes IKE (too?) complex 1/19/2010 1/19/2010 32 IKE Phases Phase 1 • • • Mutual Authentication Establish Session Keys Usually (not always) based on PKC Phase 2 • Establish Security Association(s) (SAs) • Session Keys may be based on SKC! Very important for wireless communications • Remember that PKC requires 10,000 times more computation 1/19/2010 1/19/2010 33 IKE Phase 1 Exchange (Main Mode) 1. 2. 3. 4. 5. 6. A sends cryto parameters (DES, 3DES, AES, …; MD5, SHA, …SKC or PKC, …) B responds with selections A computes: Sx = gx mod n A sends Sx, g and n to B B generates random y, computes gy mod n and sends result (Sy) to A A computes (Sy)x = gxy mod n B computes (Sx)y = gxy mod n Secret key Sxy = gxy mod n, now established 1. 2. (A) 1/19/2010 1/19/2010 ESxy(“ I am A and here’s proof”, proof) ESxy(“ I am B and here’s proof”, proof) Shared secret key established at end of step 6 is used to protect messages 7 & 8 (B) 34 Transport Layer Security (TLS) TLS uses “Hello” messages • Agree on cipher­suites (algorithms) • Exchange random numbers • Check for session resumption Followed by client/server message exchange • • • Exchange certificates Exchange crypto parameters to authenticate themselves Independently (client and server separately) derive premaster secret Endpoints (client and server) derive master secret • Used for the remainder of the session 1/19/2010 1/19/2010 35 Secure Sockets Layer (SSL) Allows two communicating parties (think “client” and “server”) to: • • Authenticate Establish session key for crypto protection of rest of session Technically sits between transport layer and application layer • Applications interface to SSL, rather than to Transport Layer Applications use SSL sockets SSL is a layer around the socket interface • Library of wrapper functions SSL runs a user process on top of TCP port number 443 • Use SSL library functions for networking Do not call socket functions directly Both parties must be using SSL/TLS 1/19/2010 1/19/2010 36 SSL/TLS Message Exchange SSL/TLS (DH) (DH) (B) (A) Client Hello (Rnd No , SID, CipherSuites) SID Generated by B if new session Client Hello (Rnd NoA , SID, CipherSuites) Server Hello (Rnd NoB, SID, SelCipherSuites) 2. Server Certificate:: g, n, gx mod n (if DH) 4. Server Hello Done () 5. Client Key Exchange (A’s public key) Pre­master secret key established 1. Change CipherSpec (A using master key) 2. Finished (PRF(master_secret, “client finished”, MD5(handshake_msgs) + SHA1(handshake_msgs))) 3. Change CipherSpec (B using master key) 4. Finished (PRF(master_secret, “server finished”, MD5 (handshake_msgs) + SHA1(handshake_msgs))) 3. 1/19/2010 1/19/2010 •PRF = PseudoRandom Function used in generation of master key •This example assumes Diffie­Hellman key exchange algorithm in 3. ­ Other algorithms (e.g. RSA) may require additional messages Can be preceded by “Hello Request” from B 1. 0 init, can be used to resume 37 SLS/TLS Observations Session ID • Only becomes valid upon completion of handshake (“Finished” message) Contents of handshake • Protected by the “Finished” message • Cannot be spoofed by malicious eavesdropper 1/19/2010 1/19/2010 38 SSL/TLS Known Security SSL/TLS Loophole Loophole SSL runs on top of TCP • • Relies on TCP for communication with remote end TCP uses checksum to find transmission errors Checksum is not cryptographically protected • Assume attacker inserts malicious packets that pass checksum • TCP passes to SSL • SSL drops, because packet fails integrity check SSL does not know packet was bogus • “Real” packet arrives at TCP with same packet number as bogus packet TCP drops the real packet • SSL closes the connection (after timeout), because it is missing the real packet • Result is a successful Denial of Service (DoS) attack 1/19/2010 1/19/2010 • Illustrates the problem with adding security to OSI layers as an afterthought instead of integrated into OSI • IPv6 should be better 39 Security Above Transport Layer 1/19/2010 1/19/2010 Above IP/TCP, layers are normally combined into the application Each application has unique securty requirements Application designers must address security needs on a “per application” basis 40 ...
View Full Document

{[ snackBarMessage ]}