Security and Privacy in

Computer Network

Kuan Zhang March 30, 2015

Outline

Fundamental Security o Security Objectives o Fundamental Cryptograph Techniques o Security Solutions IPSec Firewall

Emerging Security Threats in Current Computer Networks o Social Networks o Sybil Attacks o Sybil Detections

2

Outline

Fundamental Security o Security Objectives o Fundamental Cryptograph Techniques o Security Solutions IPSec Firewall

Emerging Security Threats in Current Computer Networks o Social Networks o Sybil Attacks o Sybil Detections

3

Security

“Security” relates to “computing or communicating in the presence of adversaries.”

Typically involves an “information system”: PC, network of computers, cell phone, email, ATM, car, smart grid, RFID, wireless link, medical device, …

Everything is digital now!

4

Overview of Security Requirements

Privacy (Confidentiality) User Authentication Data Authentication (Data Integrity) Non-Repudiation Access Control Availability

5

Confidentiality

Ability to keep communicated information between (among) authorized parties confidential/private;

Observer should not be able to recover information; In a stronger sense, an observer cannot determine the

parties involved or whether a communication session occurred.

6

User Authentication

Ability of the authorized parties in a communication session to ascertain the identity of other authorized parties o Mutually Trusting o One-Way Authenticated o Mutually Suspicious

7

Data Integrity

Ability to assure that exchanged information has not been subject to additions, deletions, modifications or undue delay by an unauthorized party;

Maintain the accuracy and consistency of data

8

Non-Repudiation

Ability to prevent an authorized party from denying the existence or contents of a communication session

9

Access Control

Ability that selectively allows only authorized users, devices and applications to gain access to resources on the network;

Prevent from misuse of data and network resources.

10

Availability

Data and networks are available to authorized parties; It intends to assure that the systems work promptly and

service is not denied to authorized users.

11

Cryptographic Tools

Encryption/Decryption Message Authentication Codes (MAC) Digital Signatures

12

Encryption/Decryption

Encryption is the process of transforming a plaintext message M into ciphertext C using a unique key K

Decryption is just the reverse operation; transforming

ciphertext C into plaintext M under control of key K

13

Message Authentication/Hashing

This function allows the detection of any modification of the plaintext message

It is usually a digest of the message created in such a way that as little as one bit change in the message will produce an unpredictable change in approximately 50% of the bits or characters of the digest

14

Digital Signatures

Ability to prove to an independent third party at a later date the author and contents of a message;

A digital signature is a mathematical scheme for demonstrating the authenticity of a digital message or document.

15

Randomness

The security of most systems relies on the availability of “random” numbers or bit streams

These are used for o Keys or keystreams o One-time authentication parameters (Nonce)

If the “random” parameters used are not random or can

be influenced, then the system is vulnerable (Netscape)

16

Objectives and Tools

Confidentiality/Privacy o Encryption

Data Integrity

o MAC o Hashing

User Integrity/Non-Repudiation

o Digital Signatures o Hashing

17

Computer Network Security

Security Functions can be applied at various points (layers) in the network o Link-to-Link o Transport o End-to-End

18

Link to Link

Contents and headers are encrypted

Information appears in-the-clear within switch

Lots of keys in the system!

19

Transport Layer Security

Provides protection of user identity and data from external observers

Requires high-speed (bulk) encryption processing No protection from other users in the same node

20

End-to-End Security

Encryption and Authentication Functions performed by end user

Lower speed requirements Attackers can monitor header information for

sender/receiver pairs (traffic analysis)

21

Internet Security

Collection of network connections and servers - messages may pass through non-secure nodes/various countries

TCP/IP was not designed to support security functions

22

IPSec Objectives

Internet Protocol Security (IPsec) is a set of protocols which sit on top of the Internet Protocol (IP) layer. It allows two or more hosts to communicate in a secure manner by authenticating and encrypting each IP packet of a communication session.

IPSec incorporates the facilities to provide: o Secure branch office connections via the Internet o Secure remote access via the Internet o Extranet and Intranet groups o “Some” protection for e-commerce applications

23

IPSec - Methods

Security functions are provided to allow encryption and/or authentication of all traffic at the IP level

Support a variety of public key algorithms, conventional algorithms and hash functions

24

IPSec Services

Access Control (limited) Connectionless data transfer integrity Data origin authentication Packet sequence integrity/replay rejection Confidentiality (Limited) traffic analysis protection

25

IPSec Security Associations

Relationship between sender and receiver is defined by the Security Association (SA)

A “peer” relationship consists of two SA’s Three Sub-protocols

o Authentication Header Provide support for authenticating and ensure integrity of IP

packets Replay protection provided by Sequence number in header

o Encapsulated Security Payload (ESP) Protect the IP packet data from third party interference by

encrypting the contents using symmetric cryptography algorithms such as Blowfish and 3DES

o IP Payload Compression Protocol (IPComp)

26

Authentication Header

Provide support for authenticating and ensure integrity of IP packets

Replay protection provided by Sequence number in header

27

Encapsulated Security Payload

Provide for confidentiality and (optional) authentication of the packet’s payload

Some protection from traffic analysis is also provided (tunnel mode)

28

IPSec Types of Service

29

Modes

There are two modes for AH and ESP o Transport Mode Protect communications between two hosts.

o Tunnel Mode Build virtual tunnels, commonly known as Virtual

Private Networks (VPNs)

30

Transport Mode

Provide protection of the payload of the packet Intended to protect upper-layer protocols using the

payload.

31

Tunnel Mode

The entire IP packet is encrypted and/or authenticated; Original IP packet is encapsulated in a new outer IP

packet which can be used to protect header information or create VPN;

Designed to allow networks behind firewalls to communicate without implementing IPSec;

Real IP addresses can be encrypted to prevent observation.

32

AH Modes

33

ESP Modes

34

Network Examples

35

Cryptographic Algorithms

Authentication includes o HMAC – MD5 o HMAC – SHA-1

Encryption includes o Three-key triple DES, RC5, IDEA, three key triple IDEA,

CAST Recent IETF initiative to incorporate Suite B algorithms

36

Automated Key Management

Default Automated Key Management is ISKAMP/Oakley (Modified version of Diffie Hellman key exchange

Diffie Hellman RSA

37

Limits to IPSec Protection

IPSec runs at a low enough layer that it is transparent to the user and applications

IPSec can only resolve to the level of the IP address No protection of data above IP level

38

Firewall

A firewall is a network security system that controls the incoming and outgoing network traffic based on an applied rule set;

A firewall establishes a barrier between a trusted, secure internal network and another network (e.g., the Internet) that is assumed not to be secure and trusted;

Firewalls exist both as software to run on general purpose hardware and as a hardware appliance.

39

Firewall Logic

Firewalls use 3 types of filtering mechanisms o Packet filtering or packet purity

Data flow consists of packets of information and firewalls analyze these packets to sniff out offensive or unwanted packets depending on what you have defined as unwanted packets.

o Proxy Firewalls in this case assume the role of a recipient & in turn

sends it to the node that has requested the information & vice versa.

o Inspection In this case Firewalls instead of sifting through all of the

information in the packets, mark key features in all outgoing requests & check for the same matching characteristics in the inflow to decide if it relevant information that is coming through.

40

Firewall Rules

Firewalls rules can be customized as per your needs, requirements and security threat levels. o IP Addresses

Blocking off a certain IP address or a range of IP addresses, which you think are predatory.

o Domain names allow certain specific domain names to access your

systems/servers or allow access to only some specified types of domain names or domain name extension like .edu.

o Protocols A firewall can decide which of the systems can allow or have

access to common protocols like IP, SMTP, FTP, UDP,ICMP,Telnet or SNMP.

41

Firewall Rules (Cont’)

Firewalls rules can be customized as per your needs, requirements and security threat levels. o Ports

Blocking or disabling ports of servers that are connected to the internet will help maintain the kind of data flow you want to see it used for & also close down possible entry points for hackers or malignant software.

o Keywords Shift through the data flow for a match of the keywords or phrases

to block out offensive or unwanted data from flowing in.

42

Outline

Fundamental Security o Security Objectives o Fundamental Cryptograph Techniques o Security Solutions IPSec Firewall

Emerging Security Threats in Current Computer Networks o Social Networks o Sybil Attacks o Sybil Detections

43

Social Networks

Social Networks (SNs) facilitate social interactions and exchange information among users

44

45

Primary Identity Information Disclosure on Social Networks

Privacy in MSNs?

Access a user’s account or profile indirectly Via the friends of the user

Forge fake information

Privacy in SNs

46

Maryland

Califonia

Delaware

Michigan

New Jersey

Social Networking Online Protection Act (SNOPA)

Sybil Attack

What is Sybil? The Sybil attack is an attack wherein a reputation system

or a network is subverted by a considerable number of forging identities.

How does Sybil work? By illegitimately infusing false or biased information via

the pseudonymous identities, an adversary can mislead a system into making decisions benefiting herself.

Spam, information leakage.

47

Examples

Sensor Networks, Mobile Sensing, Smart Grid Sybils report false sensing data

Social Network Voting Change the overall popularity of an option

Reputation System (Service Evaluation) Forge positive or negative reviews

48

Spam Advertisement, malware, phishing

Steal user’s information Facebook spies create false profile for top Nato chief to

steal personal data from his high-ranking friends Sybil population 14.3 million Sybils (August, 2012) 20 million Sybils (August, 2013)

49

Examples (Cont’)

Sybil Defense

Cryptograph based System Feature based Social Network based Social Community based

Cryptograph based Sybil Defense

Cryptograph mechanisms, such as digital signatures and identity authentication.

These schemes require a trusted authority (TA) for the verification of identities. o The TA is the bottleneck of systems, which could easily

become a target point. o Moreover, it is impractical, since there is definitely not a

globe agency who can be trusted by the entire public.

System Feature based Sybil Defense

Explore the specific features of the unique systems or applications

Such anti-Sybil systems are specially designed; an efficient solution for one application is typically not suitable for the others

Moving patterns Sybils usually appear together

Sensor networks Nodes are static Measure RSSI of Sybils

Social Network based Sybil Defense

With SOCIAL NETWORK (social relationship), we can detect Sybil based on a unique structure of friendships. Observation: although attackers can create plenty of Sybil

identities and further create plenty of friendships (also known as social links) among the Sybils, the number of links between Sybils and honest users is limited.

53

Detect Sybils according to the community structures of social networks [9]

54

Social Community based Sybil Defense

9. B. Viswanath, A. Post, K. Gummadi, and A. Mislove, “An analysis of social network-based sybil defenses,” in Proc. of ACM SIGCOMM, vol. 40, no. 4, 2010, pp. 363–374.

(1) Sybil defense can be viewed as implicitly ordering or ranking nodes in the network, (2) The ranking of nodes is biased towards those which decrease conductance. Thus, nodes that are tightly connected around a trusted node are more likely to be ranked higher. (3) When the trusted node is located in a densely connected community of nodes, with a clear boundary between this community and the rest of the network, the nodes in the local community around the trusted node are ranked before others.

Social Network based Sybil Defense (NSD) vs. Social Community based Sybil Defense (CSD) Constraints for NSD: Multi-community for an honest node

55

Social Community based Sybil Defense (Cont’)

NSD Sybil Defense Community Detection

Online social network user’s behavior difference

56

An Online Social Network Sybil Detection

Outline

Fundamental Security Security Objectives Fundamental Cryptograph Techniques Security Solutions

Emerging Security Threats in Current Computer Networks Social Networks Sybil Attacks Sybil Detections

57

Thank You

58