itis 6167/8167: network and information security weichao wang
Post on 21-Dec-2015
223 views
TRANSCRIPT
2
Security overview
• Risks– Computers have controlled our lives
• Medical, ATM, banking, business• Air traffic control
– Why there are risks• Adversaries
– Smart and dedicated– Many of them– Hiding in the dark– From fun to profit (worm self-changing botnet)
3
Examples in real life
• Attack on Twitter– Hack into the victim’s email account– DDoS to paralyze Twitter, facebook, etc
• Data mining attacks on public database– In Tenn, a newspaper generates a database
about all residents that have CCW permits. – In CA, there is a webpage listing all people
that donate to Proposition 8 ballot measure
4
Security overview
• Physical security is not enough (can you be sure that your physical security methods are sound and enough?)
• Networked computers can be accessed remotely
5
Security overview
• Defending methods– Prevention
• Prevent (password, salt, private salt, searching)• Deter: raising the bar (password guessing, login slow)• Deflect: making other target more attractive• Diversify
– Detection• Monitoring (who, what, and how)• Intrusion detection (signature based, anomaly based)• IP telephony track
6
Security Overview
• Recovery– Recover data (check point)– Identify the damage– Forensics– Containment
• Tolerance– Maintain a decent service quality – Automatically degrade video quality while
reserving bandwidth for voice
7
Security overview
• How prevention works– Policies– Encryption
• Digital cash, time-stamp, secure multiparty computation, e-voting, e-bidding
– Access control and authorization• Hardware control (interaction free authentication)• Software control (RFID credit card)• Information disclosure (write prevention)
8
Security overview
• What can go wrong with prevention– Design, implement, configuration– Mal-code transfer (enterprise level security)– Attackers are smart and dedicated– Uncle Tom wants it to be safe against
terrorists, but not to him
9
Security overview
• Some additional methods to improve security– Least privilege– Writing good code– Security testing– Embed security from beginning instead of as
a patch
11
Network security overview
• The features causing security problems– Sharing: access control for a single system is
not enough– Complexity of systems– Undefined boundary: one host may be on
multiple networks– Multiple-node path before data reaches you:
anonymity of attacker and hard to traceback: the South Bell example
12
• A typical NFS operation and its security features:– A read from B: confidentiality– A write to B: Integrity and confidentiality– Forge communication from A to B: integrity– Block traffic b/w A and B: availability– Impersonation
13
• Security problems in network protocols:– ARP: cache poisoning– IP: spoofing, fragmentation– ICMP:– UDP:– TCP: session hijacking, SYN flood, DoS– DNS systems– Buffer overflow
14
• Security methods– Hiding: OS configuration, port, – Encryption: IPSec– Port protection: telnet, ftp, etc– Authentication– Data integrity: digital signature, checksum– Firewall: block unwanted traffic– IDS– Forensics– Proof of possession
16
Review of networks
• Network consists of– Hosts– Network devices– Links– Software
• The view of Internet– Users’ view– Real topology
17
• How routers work– Look at the destination address of the packet– Look up in the local routing table– Determine the exit interface– The next router will do the same– Default router– Route based on sub-network instead of IP
address
18
• IP address classes– Class A to C– Class A can have: 16.78 million addresses– Class B can have: 65536 addresses– Class C can have: 256 address– A decent cooperation needs one to many
class B addresses (Purdue’s joke)
19
• Special address:– 255.255.255.255: local broadcast– 0.0.0.0: this host– 127.-.-.-: loopback– CIDR: classless inter-domain routing
• What about IPv6 addresses
21
Review of Cryptography
• Two kinds of cryptographic algorithms– Keep the method secret
• Good: safe for low security requirement• Bad: update, proof of correctness, how to
communicate with outsider
– Make the algorithm public but keep the key secret
• Safety depends on the key only• Good: safety analysis can be conducted
22
Introduction (cnt’d)
• Symmetric algorithms– The encryption and decryption key can be
calculated from each other easily (most of the time the same).
– Block algorithms and stream algorithms• Cipher text is same of longer in length: Why??
– Good: efficient and fast, easy to deploy– Bad: key distribution, scalability, broadcast or
multicast
23
Introduction (cnt’d)
• Public-key encryption– First appear in 1970’s– Two keys: public key and private key– Private key cannot be derived from public key– Everyone can send a packet to Alice
– Only Alice has the private key to recover the packet– If Alice uses the private key to encrypt a message,
can be viewed as digital signature – Strong, scalable, easy for broadcast and multicast,
but very slow
)(messageE APub
24
Introduction (cnt’d)
• Attack to encryption system– Cipher-text only attack
• The amount of traffic matters
– Known plaintext attack– Chosen plaintext attack
• Key point– Keep the cost to break the system higher than
the gain of the information
25
Introduction (cnt’d)
• Can you always break an encryption system?– One time pad– Brute-force attack: Try every possible key
26
Introduction (cnt’d)
• Several old fashion encryption algorithms– Substitution ciphers
• Replace a character in the plaintext with another character• Example: Caesar cipher
– Transposition ciphers• Shuffle the order of characters• The frequency of characters does not change
– XOR and one-time pad: • If the random bits repeat in cycle, it is bad • Synchronization at both side is always a problem
28
One way functions
• One way function is easy to calculate in one direction, but not the other.– Given x, easy to get f(x)– Given f(x), even f() is known, still not easy to
get a x
• Trap door one way function– Given x, easy to calculate f(x)– Given f(x), difficult to get x– Given f(x) and a secret y, easy to get x
29
One way hash function
• Map a variable-length input string to a fixed length string: fingerprint the file– Easy to get Hash(x) when giving x– Almost impossible to find a x that satisfies Hash(x)– Almost impossible to find two files x and x’ to have the
same hash value– Minor change in x, large changes in Hash(x)
• Since the hash value is shorter, we have conflict:– We can easily rule out files, but not guarantee this is
the origin file– Still good enough in courts, like DNA tests