Network Security V.T. Raja and James Coakley Oregon State University

Outline Introduction –Imperative need for secure communication Increasing # of security incidences Cost of downtime Customer privacy/satisfaction etc. Characteristics of a secure communication Cryptography

Imperative Need for Secure Communication Reported Security Incidents up to 1995 Source: CERT.ORG Slide provided by guest speaker Kris Rosenberg

Reported Security Incidents 1995 – 2003 Source: Slide provided by guest speaker Kris Rosenberghttp://

CERT Source: / /

What does CERT do?

Imperative Need for Secure Communication Cost of downtime Slide provided by guest speaker Kris Rosenberg

General example for today’s lecture Assume Bob and Alice are illicit lovers. Assume Trudy is Bob’s spouse Alice and Bob could represent: – a client and a server –2 servers –2 routers –2 business partners in a B2B transaction –a bank and a customer

Secure Communication Characteristics of a secure communication –Confidentiality –Authentication –Message Integrity and non-repudiation –Availability and Access Control

Confidentiality Alice wants the following to be confidential: –The fact that she is communicating with Bob –Timing of communication –Frequency of communication Only Alice and Bob should be able to understand the contents of the transmitted message; Should not be understood by eavesdropper (Trudy).

Confidentiality Relies On Cryptography Confidentiality often relies on cryptographic techniques for encrypting/ decrypting data using one or more keys to encrypt/decrypt data We will learn some basics about cryptography in today’s lecture

Authentication Both sender and receiver should be able to confirm identity of other party involved in communication –Confirm that the other party is indeed who/what they claim to be Authentication relies on authentication techniques, several of which rely on cryptographic techniques

Message Integrity and Non-Repudiation Content of communication is not altered maliciously or by accident Message integrity also relies on cryptographic techniques Non-repudiation = not denying what was communicated

Availability Can communication occur in first place? Hackers preventing infrastructure from being used by legitimate users – e.g., viruses, DoS attacks Detect breaches and respond to attacks

Access Control Entities allowed to gain access to resources only if they have the appropriate access rights (e.g., login ID, passwords, biometric devices) Facilitated by firewalls, which provide access control based on a per-packet basis, and on a per-service basis. Provide a degree of isolation and protection from those outside of one’s network

Network Security – Part 2 Cryptography Symmetric Key Cryptography Public Key Cryptography

Symmetric Key Cryptography –Caesar Cipher –Monoalphabetic Cipher –Polyalphabetic Cipher –Data Encryption Standard (DES) –Triple DES (3DES) –Advanced Encryption Standard (AES) Trusted Intermediaries for symmetric key distribution –Key Distribution Center (KDC) –Kerberos

Basic Terminology Plain Text –Original data – not disguised Cipher (Encrypted) Text –Disguised data – looks unintelligible to intruder –Data disguised using encryption algorithm Key –A string of #s or characters used as input to encryption algorithm to disguise plain text –Symmetric Key: Alice and Bob use same key to encrypt and decrypt text

Symmetric Key Cryptography Caesar Cipher –Each letter in plaintext is substituted with letter that is K letters later –Wrap around is allowed (i.e., z followed by letter a) –If K = 3, a in plaintext becomes d in cipher text b in plaintext becomes e in cipher text –Example: Decrypt the following using a Caesar Cipher of K =3; Assume ‘wrap around’ is allowed. “ere, l oryh brx. Dolfh” Once it is known that Caesar cipher is being used, it is easy to break the code (only 25 possible key values).

Symmetric Key Cryptography Monoalphabetic Cipher –Improvement on Caesar Cipher –No regular pattern – any letter can be substituted for any other letter, as long as each letter has a unique substitute letter, and vice versa. Example follows: Plain Text: a b c d e f g h i j k l m n o p q r s t u v w x y z Cipher Text: m n b v c x z a s d f g h j k l p o i u y t r e w q Example: Find cipher text for “Bob, I love you. Alice” using above monoalphabetic cipher. 26! Possible pairings of letters – so breaking code is not as easy as in the case of Caesar cipher. Usually statistical analysis of plain text language can help in breaking the code faster.

Symmetric Key Cryptography Polyalphabetic Encryption –Use multiple monoalphabetic/Caesar ciphers –Use a specific monoalphabetic/Caesar cipher to encode a letter in a specific position in the plain text message –This implies that same letter appearing in different positions in the plaintext might be encoded differently. Example: 2 Caesar ciphers; K = 5, K = 19 For every 5 bits in the plain text use the 2 Caesar ciphers in the following pattern: C1, C2, C2, C1, C2 Example: Using K= 5 and K =19, find cipher text for “Bob, I love you.”

Symmetric Key Cryptography Data Encryption Standard (DES) –Published in 1977, and updated in 1993 –For commercial and non-classified U.S. Govt. use –Encodes plaintext using 56-bit key Objective: Scramble data and key so that every bit of the cipher text depends on every bit of the data and every bit of the key –Algorithm: Complex (beyond the scope of the course); Decryption works by reversing the algorithm’s operations.

How well does DES work? In 1997 RSA Data Security Inc., ( A network security company) launched a DES challenge contest to crack a short phrase (“strong cryptography makes the world a safer place”) it had encrypted using a 56-bit DES. Winning team took 4 months to decode. It had volunteers throughout the Internet to systematically explore key space. Claimed 10K cash prize after testing only a quarter of the key space (about 18 quadrillion keys) In 1999, RSA launched another DES challenge. Message was decrypted in little over 22 hours by a network of volunteers and a special purpose computer called “Deep Crack”. Claimed 250 K cash prize. Not bad for a day’s work?

Symmetric Key Cryptography Triple DES (3 DES) –If 56-bit DES is considered to be insecure, one can simply run the algorithm multiple times, using a different key each time –DES run three times (with a different 56-bit key at beginning of each time DES is run). Advanced Encryption Standard (AES) –NIST – in Nov 2001 announced successor to DES. –AES is also a symmetric key algorithm that processes data in 128-bit blocks –AES can operate with 128-bit keys, 192-bit keys, and 256-bit keys

Trusted Intermediaries Disadvantage of Symmetric Key Cryptography: –2 communicating parties have to agree upon their secret key ahead of time in a secure manner. Since sender and receiver do not meet face to face in the networking world, they need a trusted intermediary –Trusted Intermediaries: Key Distribution Center Kerberos

Key Distribution Center (KDC) A server that shares a different secret symmetric key with each registered user. KDC knows the secret key of each user, and each user can communicate securely with KDC using this key. Assume Alice and Bob use KDC for their communication. –Assume Alice’s secret key known to Alice and KDC is K A-KDC – Assume Bob’s secret key known to Bob and KDC is K B-KDC.

Example: Alice and BOB using KDC 1.Using her key, Alice sends a message to KDC saying that she (A) wants to communicate with Bob (B). We denote this message as K A-KDC (A, B). 2.a. KDC decrypts K A-KDC (A, B). b. KDC generates a random number R 1, which is to be used as symmetric key by Alice and Bob during their communication.

Example: Alice and BOB using KDC 2 c. KDC sends Alice R 1, and a pair of values A and R 1 encrypted using Bob’s key. We denote this message sent to Alice by KDC as: K A-KDC (R 1, K B-KDC (A, R 1 )). 3. Alice decrypts message and extracts symmetric key R 1. Alice extracts and forwards (although she cannot decrypt) K B-KDC (A, R 1 ) to Bob. 4.Bob decrypts and understands that he is to use R 1 as symmetric key to converse with person A (Alice). 5.Bob and Alice communicate using symmetric key R 1

Kerberos Developed by MIT Very similar to KDC Has additional functions such as: –Time stamp for validity of “nonce” R 1. –Has info about which users have access privileges to which services on which network servers.

Public Key Cryptography Public keys and Private keys RSA Algorithm Authentication Authentication Protocol (ap) –ap 1.0, 2.0, 3.0, 3.1, 4.0, 5.0 –Exchanging Public Keys »Man (Woman) in the middle-attack

Introduction - Public Key Cryptography Is it possible for two parties to communicate using encryption/decryption without using a shared secret key? –Yes. Using public key cryptography A radically different and marvelously elegant approach towards encryption/decryption Public key cryptography is useful not only for encryption/decryption, but also for authentication and digital signatures as well.

Basic Idea of Public Key Cryptography Each participant has a private key (known only to the participant) and a public key. The public key is created with one’s private key. Public key is made available to others and could be posted even on a website which is accessible by the rest of the world. Public key of recipient is used by sender to encrypt message. Recipient decrypts message using recipient’s private key.

Public Key Cryptography Example: –Alice wishes to send a message to Bob. –Alice fetches Bob’s public key. –Alice uses Bob’s public key to encrypt message –Alice sends encrypted message to Bob. –Bob decrypts cipher text with Bob’s private key.

Notation and Choice of Keys Assume Alice’s plain text message, (which has to be encrypted and then sent to Bob) is denoted as m. Assume Bob’s public key is denoted as K B + and his private key is denoted as K B -. These keys are chosen such that: K B - (K B + (m)) = K B + (K B - (m)) = m RSA algorithm (named after its founders, Ron Rivest, Adi Shamir, and Leonard Adleman) has become almost synonymous with public key cryptography.

RSA and DES/AES RSA is a complex algorithm and uses concepts from number theory. DES is at least 100 times faster than RSA. In practice, RSA is often used in combination with DES or AES. –Message is encrypted using DES key –Alice encrypts DES key with Bob’s public key –Bob decrypts and obtains DES key with his private key. –Message is decrypted using DES key

Authentication ap 1.0 –Alice announces to Bob, “I am Alice.” Trudy could have sent this message. ap 2.0 –Alice announces to Bob, “I am Alice”, and asks Bob to authenticate her by matching source IP (in IP header) with Alice’s IP. Trudy could have sent this message if she had done IP spoofing.

Authentication ap 3.0 –Alice announces to Bob, “I am Alice”, and asks Bob to authenticate her by verifying her plaintext password. Trudy may have already eavesdropped earlier, and have stolen Alice’s plaintext password during an earlier conversation between Alice and Bob. Now, Trudy could send the message, “I am Alice” by using Alice’s plaintext password. ap 3.1 –Alice announces to Bob, “I am Alice”, and asks Bob to authenticate her by verifying her encrypted password, which is kept the same for different communication sessions between Bob and Alice. Same disadvantage mentioned in ap 3.0 still exists. Note that Trudy need not decrypt the password. She could still eavesdrop, steal encrypted password, and then perform a “playback attack” on Bob.

Authentication ap 4.0 –Alice announces to Bob, “I am Alice.” –Bob sends a plaintext nonce (= r) to Alice. Note that nonce is a one time value that is specific to that communication session. It is not repeated again in another session. So “playback attack” is not possible. –Alice resends same nonce back to Bob but this time nonce is encrypted with symmetric key used by Alice and Bob. –Bob decrypts nonce using symmetric key. If decrypted nonce equals the nonce he sent Alice earlier (i.e. decrypted nonce = r), then Alice is authenticated. –However, this implies that Alice and Bob must have decided upon and exchanged their symmetric key.

Authentication ap 5.0 –Alice announces to Bob, “I am Alice.” –Bob sends a plaintext nonce (= r) to Alice. Since nonce is a one-time value, “playback attack” is not possible. –Alice resends same nonce back to Bob but this time nonce is encrypted with Alice’s private key. –Bob decrypts nonce using Alice’s public key. If decrypted nonce equals the nonce he sent Alice earlier (i.e. decrypted nonce = r), then Alice is authenticated.

Exchanging Public Keys Why should public key be publicly available? Wouldn’t it be better for Alice and Bob to exchange their respective public keys via , after authenticating each other? –Due to possibility of “man (woman) in the middle attack.”

Man (Woman) in the Middle Attack Alice transmits, “I am Alice.” Trudy eavesdrops. Bob sends a nonce = r. Trudy intercepts nonce, and sends Bob encrypted nonce (encrypted using her private key). Bob sends a message to Alice asking her for a public key. Trudy intercepts message, and sends Bob Trudy’s public key. Bob decrypts nonce with Trudy’s public key (thinking that he is using Alice’s public key), and inadvertently authenticates Trudy. While Bob is encrypting new data using Trudy’s public key, Trudy is busy posing as Bob to Alice. In particular, –Trudy transmits Bob’s nonce to Alice –Alice transmits encrypted nonce (encrypted using Alice’s private key). –Trudy intercepts encrypted nonce, and asks Alice for her public key. –Alice sends her public key

Man (Woman) in the Middle Attack Bob sends encrypted data (encrypted using Trudy’s public key) Trudy decrypts using her private key, and finds out Bob’s plain text. Trudy encrypts Bob’s plain text using Alice’s public key. Trudy transmits encrypted text to Alice. Alice decrypts using her private key, and finds out Bob’s plain text. Alice and Bob are happy that they have had a secure communication. They are ignorant of the fact that Trudy has intercepted and decrypted Bob’s message to Alice.

Digital Signatures and Message Digests Assume Bob wants to digitally sign a “document,” m. Bob’s digital signature could be K B - (m) Due to complexity of RSA, digital signatures are applied to “fingerprints” instead of being applied to message m. Fingerprint – H(m) – where H denotes a “hash algorithm” Bob’s digital signature is K B - (H(m))

Message Digests Message Digest (Hash) algorithms: –MD5 –SHA-1 Secure Hash Algorithm is a U.S. federal standard Required for use whenever a secure message digest algorithm is required for federal applications Produces a 160-bit message digest. Longer the output length, the more secure SHA-1 SHA-224, SHA-256, SHA-384, and SHA-512, which despite the similarity of names, are actually fairly different algorithms to SHA-1 and have much wider safety margins.

Public Key Certification PK cryptography – possible for two entities to exchange secret messages without having to exchange secret keys. Communicating entities have to exchange public keys (without being subject to “man in the middle attack”). Binding a public key to a particular entity is typically done by a Certification Authority (CA).

Certification Authority A CA verifies that an entity is who it claims to be. After verification, CA creates a certificate that binds the public key of the entity to the identity. Certificate – includes a public key – includes globally unique identifying information about owner of the public key –Is digitally signed by CA (Internet Explorer – Tools, Internet Options, Content, Certificates)

Availability and Access Control Some attacks Firewalls

Examples of some attacks Denial of Service attacks –“Ping” attacks –SYN flood attack Distributed Denial of Service attacks

Terminology –IP Spoofing –Ping –TCP Packet Numbers (also known as Sequence#s) Acknowledgement Numbers Port IDs (Port Scanning, mapping) –Telnet Denial of Service (DoS) Attack –Smurf Attack –SYN Flood Attack –Half-open telnet sessions Distributed DoS Attack Firewalls –Packet level firewall –Application level firewall Network Address Translation –NAT Server

Ping Packets Ping packets –Packets that ask a computer to respond with an acknowledgement –Used to see if a computer is still operational in a network e.g., Ping by computer name »Ping bus.orst.edu Ping by IP address »Ping

Denial of Service (DoS) Attack Hacker attempts to disrupt the network by flooding the network with messages so that the network cannot process messages from legitimate users Examples: 1. Hacker’s program continuously pings target computer. –Consequence: –Solution: 2. Hacker’s program continuously send “ping” requests to the target that list the target as the sender –Consequence: –Solution: 3. Smurf attack: What is a smurf attack? What is the consequence of a smurf attack? 4. SYN Flood attack: What is a SYN flood attack? What is the consequence of such an attack?

TCP SYN for a simple Telnet application TCP stands for: Transmission Control Protocol SYN stands for: Synchronize Sequence Numbers

SYN Flood Attack Attacker (client) sends a TCP SYN (Synchronize Sequence/Packet Number) request to server. The server responds by sending a TCP SYN/ACK packet. The attacker does not respond – resulting in half- open session using up server resources. The attacker sends a flood of such TCP SYN requests without responding. Requests from other legitimate clients are unable to reach the server due to multiple half-open sessions

Distributed DoS (DDos) attack In A DDoS attack, a hacker first gains control of hundreds/thousands of computers (slaves). Plants software referred to as DDoS agent on each of the slaves Hacker then uses software referred to as DDoS handler (master) to control the agents (slaves) Attacker launches attacks from all the slaves and it is difficult to trace hacker

High Profile Victims of DDoS Yahoo, eBay, Amazon, Microsoft and eTrade websites have been rendered inaccessible to legitimate visitors after being flooded with traffic from hundreds of hijacked system sites were flooded with DDoS attack for almost one daywww.msn.comwww.expedia.com DDoS attack high-level DNS servers on the Internet