Aspects of security (Forouzan). ○. Privacy. – Message readable only by receiver
and sender. – Unreadable by others. ○. Authentication. – The receiver is ...
In t e r n e t w or k in g
Internet Security Literature: Forouzan: TCP/IP Protocol Suite : Ch 28
Internet Security ●
Internet security is difficult
●
Internet protocols were not originally designed for security
●
The protocols are full of security holes. In all levels of the stack: –
ARP - L2 hijacking
–
IP - spoofing, fragments, broadcast,
–
UDP - stateless – easy to spoof
–
TCP - hijacking sessions, denying service
–
DNS – contaminating DNS caches
–
Dynamic routing – false RIP messages
–
Tunneling - bypass firewall rules
Attack Examples ● ● ● ● ● ● ● ● ● ● ●
Spoofing – forging someone else’s address Dictionary attack – getting passwords Port scanning – finding open services Sniffing – listening on internal traffic Denial of service attacks (DOS) Distributed DOS (DDOS) Man-in-the-middle Virus Trojan horse Worm Ping of death - killer packets
Address spoofing ●
Forge addresses – –
●
ARP & L2 spoofing redirects ARP caches and learning tables –
●
attacking of the spoofed source
man-in-the middle –
●
Hijacking of sessions
blind spoofing : return traffic goes to wrong host –
●
L2 / IP addr / UDP ports / Names Easy to do
pretend to be other host
DNS –
forging DNS RR entries
Denial of service – DOS/DDOS ●
●
Prevent normal use of a service –
TCP syn attack at TCP connection setup
–
routing attacks – make networks unaccessable
–
web defacing
–
mail attacks
–
fragment attacks
Distributed DOS (DDOS) –
use many hosts to launch a DOS
–
smurf: use ping to directed multicast and spoofed src
Aspects of security (Forouzan) ●
●
●
●
Privacy –
Message readable only by receiver and sender
–
Unreadable by others
Authentication –
The receiver is certain of the sender’s identity
–
No imposter
Integrity –
Message receives exactly as it was sent.
–
No changes during transmission.
Nonrepudiation –
A receiver can prove that message came from a specific sender.
Secret key encryption ●
●
Secret-key encryption/decryption –
symmetric encryption
–
same key used at both parties
Advantage –
Efficient algorithms: good for large messages
●
Disadvantages –
Lots of keys: n(n-1)/2
–
Key distribution
●
KDC – Key Distribution Center
●
Examples –
Data Encryption Standard (DES)
–
Advanced Encryption Standard (AES)
Public key encryption ●
●
Use two keys
●
Disadvantages
–
Public key – available to all
–
Algorithm complexity
–
Private key – secret
–
Public key needs verification
Advantages –
No shared keys
–
Fewer keys
●
Certification Authority (CA)
●
Example: –
Rivest, Shamir, Adleman (RSA)
Digital Signature ●
For authentication, integrity and nonrepudiation
●
Signing the document – digital signature
●
Approach 1: Public-key encryption (RSA) for signing the whole document –
●
Use own private key to encrypt, public key to decrypt
Approach 2: Signing a digest of the document –
Use a secure hash function (one-way)
–
SHA-1, MD5
Sender signing the digest ●
Sender produces a digest using hashing
●
Digest is encrypted using its private key
●
Singed digest appended to message
signed digest
Receiver verifies signature ●
Receiver extracts signed digest –
decrypts it using sender’s public key
●
Produces a digest using hashing
●
Verification by comparing the two
Application/Transport layer security ●
Security can be implemented in different layers of the IP stack –
●
Kerberos –
●
–
–
A ”secure version” of rlogin Numerous functions
SSL – Secure Socket Layer – (https:) – – –
●
Digital signature using hashing and public-key encryption combined secret-/public-key encryption for privacy
SSH – Secure Shell –
●
Authentication and key distribution
PGP – Pretty Good Privacy –
●
Application/Transport/Networking
IETF version: TLS – Transport Layer Security Confidential pipe between browser and web server Server authentication
S/MIME – Mail security
Security in the IP layer: IPsec ●
A sender and receiver agree on a set of security schemes, – –
●
IPsec implemented in the IP header –
●
–
Privacy: Encapsulation Security Payload (ESP) Authentication, etc: Authentication Header (AH)
IPsec has two modes – –
●
Part of IP stack, network layer
IPsec consists of two protocols –
●
Security Association (SA) – a cleartext index (SPI) SA includes: encryption algorithm, keys, lifetime, addresses
Tunnel mode useful for VPNs Transport mode – end-to-end
Dynamic key management – –
ISAKMP – Internet SA and Key Management Protocol IKE – Internet Key Exchange
IPsec Transport Mode ●
End-to-end security –
●
Only end-host is trusted
Security Association (SA) between H1 and H2.
Securit y Associat ion
IPsec Transport m ode
Int ernet
H1
H2
IPsec Tunnel Mode ●
Security Association (SA) between R1 and R2. – –
●
Cleartext packet to H1/H2. H1 - R1 and R2-H2 trusted
IPsec headers encapsulate the packet
Securit y Associat ion
H1
R1
Int ernet
R2
H2
Authentication Header - AH ●
AH supports a digital signature – –
●
digest produced by hash function addresses integrity, authentication, non-repudiation
Some AH header fields: –
SA index, message digest, sequence number (may not re-occur),
original datagram
IP hdr TCP hdr
transport mode
Payload
IP hdr AH hdr New proto: 51
tunnel mode
TCP hdr
Payload
authenticated
IP hdr AH hdr New hdr
IP hdr TCP hdr
Payload
authenticated
Encapsulation Security Payload - ESP ●
ESP encrypts the payload of an IP datagram – –
● ●
But ESP also has authentication ESP addresses privacy, but also authentication, etc.
In tunnel mode, the whole datagram is encrypted Some ESP header fields: –
SA index, sequence number (may not re-occur), padding
original datagram
IP hdr TCP hdr
transport mode
IP hdr ESP hdr TCP hdr New proto: 50
tunnel mode
Payload
Payload
ESP trailer ESP auth
encrypted authenticated
IP hdr ESP hdr IP hdr TCP hdr New hdr
Payload encrypted authenticated
ESP trailer ESP auth
Automatic key distribution – IKE/ISAKMP ●
Basic IPsec requires manual key configurations. But keys are long and difficult to administer: –
●
We need key distribution protocols – ”automatic keying”
Also, sequence numbers in ESP/AH do not wrap around –
New keys need to be used after 232 messages
For further information see: ●
●
Internet Security Association and Key Management Protocol (ISAKMP) The Internet Key Exchange (IKE/IKEv2)
Firewalls (on six slides)
Firewalls ● ● ● ● ●
Keeping the bad guys out Prevent unauthorized access Forward some packets and blocks others But the roles are not always clear What do we mean by secure?
Ext ranet
Int ranet
? Servers (DMZ)
Int ernet
Packet-filter firewall ●
A router with filtering capabilities
●
The firewall uses packet-filters (ACLs) to drop or pass traffic
●
Stateful inspection
●
–
keep state of every TCP/UDP flow and allow reverse traffic
–
traffic from inside ”opens” the firewall for incoming traffic dynamically
Example: – permit out on eth0 from 77.2.3.0/24 to any proto tcp keep state – permit inout on eth0 proto icmp – deny default
t rust ed Int ranet
unt rust ed Int ernet Firew all rout er w it h packet filt ering
Example rules ●
ICMP –
●
TCP –
●
allow all output/proxy, block all input, put web server in DMZ
DNS –
●
use the phone?
WWW –
●
block all input and output,...
H.323/SIP –
●
allow connections created from inside, block all other input
UDP –
●
allow all output, filter input (path MTU discovery)
block internal info from outside
SSH –
allow all input and output
Free from Cheswick et al ”Firewalls and Internet Security”
Proxy firewall / Application-level gateway ● ●
Better application-level understanding than packet-filtering An ALG is a firewall program that runs in user-space – at the application level –
●
Two separate TCP connections – –
●
typically in combination with packet-filtering one from a client to the ALG; one from the ALG to the server The ALG terminates the connections
Disadvantages – –
slower: more memory and processing one proxy per new application: web, sip, ftp, ...
t rust ed Int ranet
unt rust ed Int ernet Applicat ion-level gat ew ay
Demilitarized Zone ●
A DMZ contains server accessible from the Internet – – –
●
but the intranet is not accessible from the outside two levels of defence: defence in depth If a server is attacked, the intranet is still safe
Can be combined with application proxies Servers / Proxies
DMZ
t rust ed Int ranet
unt rust ed Int ernet Inner Barrier
Out er Barrier
Firewall Design Criteria ●
There is no absolute security –
●
Defense in depth –
●
Give the smallest amount of privilege possible
Fail safe –
●
The strength of your security system is bounded by the weakness of your weakest link
Least privilege –
●
place several firewalls after each other
Weakest link –
●
It is always a question of economics
Even if everything is going wrong, the security system should not leave any security hole in the system.
Keep it simple!
