1. Dan LI CS Department, Tsinghua University
Network Security
Dan LI
CS Department, Tsinghua University
Today we’ll talk about Green Network.
2018/9/19

2. Today’s Lecture Overview of Network Security
Cryptographic hash functions
User authentication
SSL
IPSec & IKE
Distributed Denial of Service (DDoS)
Firewall
Reading List
First, I will give an overview Network Security, then we will have a look at Cryptographic hash functions.
After that, I will introduce User authentication, SSL, IPSec & IKE, DDOS and Firewall one by one.
2018/9/19

3. Motivation
2018/9/19

4. Excerpt From “General Terms of Use”
You acknowledge that neither wells fargo, its affiliates nor any of their respective employees, agents, third party content providers or licensors warrant that the services or the site will be uninterrupted or error free; nor do they make any warranty as to the results that may be obtained from use of the services or the site, or as to the timeliness, sequence, accuracy, reliability, completeness or content of any information, service, or merchandise provided through the services and the site.
2018/9/19

5. Privacy and Security 2018/9/19 Privacy policy for individuals
“As a Wells Fargo customer, your privacy and security always come first.”
Privacy policy for individuals
Online privacy policy
Our commitment to online security
Online and computer security tips
How we protect you
General terms of use
2018/9/19

6. What Do You Think
What do you think should be included in “privacy and security” for an e-commerce website?
So.., what do you think should be included in “privacy and security” for an e-commerce website?
2018/9/19

7. Desirable Security Properties
Authenticity
Confidentiality
Integrity
Availability
Accountability and non-repudiation
Freshness
Access control
Privacy of collected information
Integrity of routing and DNS infrastructure
Here is the Desirable Security Properties:
Authenticity
Confidentiality
Integrity
Availability
Accountability and non-repudiation
Freshness
Access control
Privacy of collected information
Integrity of routing and DNS infrastructure
2018/9/19

8. Peek at the Dark Side
The only reason we will be learning about attack techniques is to build better defenses
Don’t even think about using this knowledge to attack anyone
2018/9/19

9. What Drives the Attackers?
Put up a fake financial website, collect users’ logins and passwords, empty out their accounts
Insert a hidden program into unsuspecting users’ computers, use them to spread spam
Subvert copy protection, gain access to music and video files
Here we have a look at what drives the attackers.
Put up a fake financial website, collect users’ logins and passwords, empty out their accounts
Insert a hidden program into unsuspecting users’ computers, use them to spread spam
Subvert copy protection, gain access to music and video files
2018/9/19

10. What Drives the Attackers?
Stage denial of service attacks on websites, extort money
Wreak havoc, achieve fame and glory in the blackhat community
Moreover:
Stage denial of service attacks on websites, extort money
Wreak havoc, achieve fame and glory in the blackhat community
2018/9/19

11. Network Stack Only as secure as the single weakest layer…
Phishing attacks, usability
people
, Web, NFS
Sendmail, FTP, NFS bugs, chosen-protocol and version-rollback attacks
application
RPC
RPC worms, portmapper exploits
session
TCP
SYN flooding, RIP attacks,
sequence number prediction
transport IP
network
IP smurfing and other
address spoofing attacks
Here we review the network stack.
The network security is only as secure as the single weakest layer…… or interconnection between the layers
802.11
data link
WEP attacks RF
physical
RF fingerprinting, DoS
Only as secure as the single weakest layer…
… or interconnection between the layers
2018/9/19

12. Network Defenses Password managers, People End uses company policies…
Implementations
Systems
Firewalls, intrusion
detection…
Protocols and policies
Blueprints
TLS, IPsec, access control…
To make network secure, all defense mechanisms must work correctly and securely, otherwise, it may make the situation even worse……
People <-> Password managers, company policies
Systems <-> Firewalls, intrusion detection
Blueprints <-> TLS, Ipsec, access control
Building blocks <-> RSA, DSS, SHA-1
Cryptographic primitives
Building blocks
RSA, DSS, SHA-1…
2018/9/19

13. Correctness versus Security
System correctness:
system satisfies specification
For reasonable input, get reasonable output
System security:
system properties preserved in face of attack
For unreasonable input, output not completely disastrous
Main difference: active interference from adversary
Now, let’s have a look at correctness versus security. Modular design may increase vulnerability …
Abstraction is difficult to achieve in security: what if the adversary operates below your level of abstraction?
… but also increase security (small TCB)
2018/9/19

14. Bad News Security often not a primary consideration
Performance and usability take precedence
Feature-rich systems may be poorly understood
Implementations are buggy
Buffer overflows are the “vulnerability of the decade”
Cross-site scripting and other Web attacks
Here is why we are now facing a not secure network: Security often not a primary consideration
Performance and usability take precedence
Feature-rich systems may be poorly understood
Implementations are buggy
Buffer overflows are the “vulnerability of the decade”
Cross-site scripting and other Web attacks
2018/9/19

15. Bad News Networks are more open and accessible than ever
Increased exposure, easier to cover tracks
Many attacks are not even technical in nature
Phishing, impersonation, etc.
And also:
Networks are more open and accessible than ever
Increased exposure, easier to cover tracks
Many attacks are not even technical in nature
Phishing, impersonation, etc.
2018/9/19

16. Better News There are a lot of defense mechanisms
We’ll study some, but by no means all, in this course
It’s important to understand their limitations
Many security holes are based on misunderstanding
Security awareness and user “buy-in” help
Other important factors: usability and economics
But fortunately, we have some better news:
“If you think cryptography will solve your problem, then you don’t understand cryptography… and you don’t understand your problem” -- Bruce Schneier
2018/9/19

17. Today’s Lecture Overview of Network Security
Cryptographic hash functions
User authentication
SSL
IPSec & IKE
Distributed Denial of Service (DDoS)
Firewall
Reading List
Now, let’s have a look at Cryptographic hash functions.
2018/9/19

18. Communication on the Internet
network M
Alice
Bob
Here is a picture illustrating the communication on the Internet.
Alice and Bob are communicating via the Internet.
The basic issue is:
sending messages via untrusted intermediaries
Web access, , remote login, file transfer…
Learns M – attack on secrecy
Changes M – attack on integrity
2018/9/19

19. Integrity vs. Secrecy Integrity: attacker cannot tamper with message
Encryption may not guarantee integrity!
Intuition: attacker may able to modify message under encryption without learning what it is
This is recognized by industry standards (e.g., PKCS)
Many encryption schemes provide secrecy AND integrity
Given one-time key K, encrypt M as MK… Perfect secrecy, but can easily change M under encryption to MM’ for any M’Online auction: halve competitor’s bid without learning its value
“RSA encryption is intended primarily to provide confidentiality… It is not intended to provide integrity”
2018/9/19

20. More on Integrity BigFirm™ User
VIRUS
badFile
goodFile
The Times
hash(goodFile)
BigFirm™
User
Software manufacturer wants to ensure that the executable file is received by users without modification…Sends out the file to users and publishes its hash in NY Times. The goal is integrity, not secrecy
The idea is: given goodFile and hash(goodFile),
very hard to find badFile such that hash(goodFile)=hash(badFile
Idea: given goodFile and hash(goodFile),
very hard to find badFile such that hash(goodFile)=hash(badFile
2018/9/19

21. Authentication Identification and assurance of origin of information
network
Authenticity is identification and assurance of origin of information
We’ll see many specific examples in different scenarios
Identification and assurance of origin of information
2018/9/19

22. Authentication with Shared Secrets
msg, H(SECRET,msg)
Alice
Bob
Alice wants to ensure that nobody modifies message in transit(both integrity and authentication)
The idea is: given msg,
very hard to compute H(SECRET, msg) without SECRET;
easy with SECRET
Alice wants to ensure that nobody modifies message in transit
(both integrity and authentication)

23. Hash Functions: Main Idea
Hash function H .
message
“message
digest” x . y . . .
x’’ y’ x’
bit strings of any length
n-bit bit strings
Here is the main idea of hash functions.
H is a lossy compression function
Collisions: h(x)=h(x’) for some inputs x, x’
Result of hashing should “look random” (make this precise later)
Intuition: half of digest bits are “1”; any bit in digest is “1” half the time
Cryptographic hash function needs a few properties…
H is a lossy compression function
Collisions: h(x)=h(x’) for some inputs x, x’
Result of hashing should “look random” (make this precise later)
Intuition: half of digest bits are “1”; any bit in digest is “1” half the time
Cryptographic hash function needs a few properties…

24. One-Way Intuition: hash should be hard to invert How hard?
“Preimage resistance”
Let h(x’)=y{0,1}n for a random x’
Given y, it should be hard to find any x such that h(x)=y
How hard?
Brute-force: try every possible x, see if h(x)=y
SHA-1 (common hash function) has 160-bit output
Suppose have hardware that’ll do 230 trials a pop
Assuming 234 trials per second, can do 289 trials per year
Will take 271 years to invert SHA-1 on a random image
One approach is one-way. The intuition is that: hash should be hard to invert!
How hard will the hash be? SHA-1 (common hash function) has 160-bit output
Suppose have hardware that’ll do 230 trials a pop
Assuming 234 trials per second, can do 289 trials per year
Will take 271 years to invert SHA-1 on a random image

25. “Birthday Paradox” T people
Suppose each birthday is a random number taken from K days (K=365) – how many possibilities?
KT (samples with replacement)
Here is the famous “Birthday Paradox”
How many possibilities that are all different?
(K)T = K(K-1)…(K-T+1) samples without replacement
Probability of no repetition?
(K)T/KT  1 - T(T-1)/2K
Probability of repetition?
O(T2)

26. Collision Resistance Should be hard to find x, x’ such that h(x)=h(x’)
Brute-force collision search is O(2n/2), not O(2n)
n = number of bits in the output of hash function
For SHA-1, this means O(280) vs. O(2160)
Reason: birthday paradox
Let T be the number of values x,x’,x’’… we need to look at before finding the first pair x,x’ s.t. h(x)=h(x’)
Assuming h is random, what is the probability that we find a repetition after looking at T values? O(T^2)
Total number of pairs? O(2^n)
Conclusion: O(2^(n/2))

27. One-Way vs. Collision Resistance
One-wayness does not imply collision resistance
Suppose g is one-way
Define h(x) as g(x’) where x’ is x except the last bit
h is one-way (to invert h, must invert g)
Collisions for h are easy to find: for any x, h(x0)=h(x1)
Collision resistance does not imply one-wayness
Suppose g is collision-resistant
Define h(x) to be 0x if x is n-bit long, 1g(x) otherwise
Collisions for h are hard to find: if y starts with 0, then there are no collisions, if y starts with 1, then must find collisions in g
h is not one way: half of all y’s (those whose first bit is 0) are easy to invert (how?); random y is invertible with probab. 1/2
So what’s the difference between One-Way and Collision Resistance?
One-wayness does not imply collision resistance
Suppose g is one-way
Define h(x) as g(x’) where x’ is x except the last bit
h is one-way (to invert h, must invert g)
Collisions for h are easy to find: for any x, h(x0)=h(x1)
Collision resistance does not imply one-wayness
Suppose g is collision-resistant
Define h(x) to be 0x if x is n-bit long, 1g(x) otherwise
Collisions for h are hard to find: if y starts with 0, then there are no collisions, if y starts with 1, then must find collisions in g
h is not one way: half of all y’s (those whose first bit is 0) are easy to invert (how?); random y is invertible with probab. 1/2

28. Weak Collision Resistance
Given randomly chosen x, hard to find x’ such that h(x)=h(x’)
Attacker must find collision for a specific x. By contrast, to break collision resistance, enough to find any collision.
Brute-force attack requires O(2n) time
We also have weak collision resistance.
Given randomly chosen x, hard to find x’ such that h(x)=h(x’)
Weak collision resistance does not imply collision resistance (why?)

29. Which Property Do We Need?
UNIX passwords stored as hash(password)
One-wayness: hard to recover password
Integrity of software distribution
Weak collision resistance
But software images are not really random… maybe need full collision resistance
Auction bidding
Alice wants to bid B, sends H(B), later reveals B
One-wayness: rival bidders should not recover B
Collision resistance: Alice should not be able to change her mind to bid B’ such that H(B)=H(B’)
So actually, which property do we need?
What do you think?
It depends on your requirement for real systems!

30. Common Hash Functions MD5 RIPEMD-160 SHA-1 (Secure Hash Algorithm)
128-bit output
Still used very widely
Completely broken by now
RIPEMD-160
160-bit variant of MD-5
SHA-1 (Secure Hash Algorithm)
160-bit output
US government (NIST) standard as of
Also the hash algorithm for Digital Signature Standard (DSS)
Here is the some common hash functions.
They are widely used in the Internet.
MD5: almost every software downloading site……

31. Basic Structure of SHA-1
Against padding attacks
Split message into 512-bit blocks
Here we have a detailed look at SHA-1.
First, let’s see the basic structure.
Note the compression function: Applied to each 512-bit block and current 160-bit buffer
This is the heart of SHA-1!
Compression function
Applied to each 512-bit block
and current 160-bit buffer
This is the heart of SHA-1
160-bit buffer (5 registers)
initialized with magic values

32. SHA-1 Compression Function
Current buffer (five 32-bit registers A,B,C,D,E)
Current message block
Four rounds, 20 steps in each
The SHA-1 Compression Function. Let’s look at each step in more detail…
It is very similar to a block cipher, with message itself used as the key for each round
Fifth round adds the original
buffer to the result of 4 rounds
Buffer contains final hash value

33. One Step of SHA-1 (80 steps total)B C D +
Logic function for steps
(BC)(BD)
BCD
(BC)(BD)(CD)
BCD ft +
5 bitwise
left-rotate Wt +
Multi-level shifting of message blocks
Here is one of the 80 steps of SHA-1 Compression Function.
Current message block mixed in
For steps 0..15, W0..15=message block
For steps ,
Wt=Wt-16Wt-14Wt-8Wt-3
30 bitwise
left-rotate
Special constant added
(same value in each 20-step round,
4 different constants altogether) Kt + A E B C D

34. How Strong Is SHA-1? Every bit of output depends on every bit of input
Very important property for collision-resistance
Brute-force inversion requires 2160 ops, birthday attack on collision resistance requires 280 ops
Some recent weaknesses (2005)
Collisions can be found in 263 ops
So, having understand how complex SHA-1 is, you may wonder how strong it actually is.
Every bit of output depends on every bit of input
Very important property for collision-resistance
Brute-force inversion requires 2160 ops, birthday attack on collision resistance requires 280 ops
Some recent weaknesses (2005)
Collisions can be found in 263 ops

35. Authentication Without Encryption
KEY
MAC
(message authentication code)
KEY
message, MAC(KEY,message) = ?
Recomputes MAC and verifies whether it is
equal to the MAC attached to the message
message
Alice
Bob
Let’s see the Authentication Without Encryption.
Integrity and authentication: only someone who knows KEY can compute MAC for a given message.

36. HMAC
Construct MAC by applying a cryptographic hash function to message and key
Could also use encryption instead of hashing, but…
Hashing is faster than encryption in software
Library code for hash functions widely available
Can easily replace one hash function with another
There used to be US export restrictions on encryption
Invented by Bellare, Canetti, and Krawczyk (1996)
Mandatory for IP security, also used in SSL/TLS
Here we have a brief introduction to HMAC: keyed-Hash Message Authentication Code.
It is Invented by Bellare, Canetti, and Krawczyk (1996).
HMAC Construct MAC by applying a cryptographic hash function to message and key.
It is Mandatory for IP security, and also used in SSL/TLS.

37. Today’s Lecture Overview of Network Security
Cryptographic hash functions
User Authentication
SSL
IPSec & IKE
Distributed Denial of Service (DDoS)
Firewall
Reading List
Now, we go to User Authentication.
2018/9/19

38. Basic Problem ? How do you prove to someone that
The basic problem is that How do you prove to someone that you are who you claim to be.
Any system with access control must solve this problem
How do you prove to someone that
you are who you claim to be?
Any system with access control must solve this problem

39. Many Ways to Prove Who You Are
What you know
Passwords
Secret key
Where you are
IP address
What you are
Biometrics
What you have
Secure tokens
There are many ways to prove who you are:
What you know
Passwords
Secret key
Where you are
IP address
What you are
Biometrics
What you have
Secure tokens

40. Password-Based Authentication
User has a secret password.
System checks it to authenticate the user.
How is the password communicated?
Eavesdropping risk
How is the password stored?
In the clear? Encrypted? Hashed?
So first, I will introduce What you know: Password-Based Authentication.
The basic idea is that User has a secret password. System checks it to authenticate the user.
How easy is it to guess the password?
Easy-to-remember passwords tend to be easy to guess
Password file is difficult to keep secret

41. Other Aspects Usability Denial of service Social engineering
Hard-to-remember passwords?
Carry a physical object all the time?
Denial of service
Stolen wallet
Attacker tries to authenticate as you, account locked after three failures
“Suspicious” credit card usage
Social engineering
And other aspects……
Usability
Hard-to-remember passwords?
Carry a physical object all the time?
Denial of service
Stolen wallet
Attacker tries to authenticate as you, account locked after three failures
“Suspicious” credit card usage
Social engineering

42. Passwords in the Real World
From high school pranks…
Student in Tyler changes school attendance records
Students in California change grades
Different authentication for network login and grade system, but teachers were using the same password (very common)
…to serious cash
English accountant uses co-workers’ password to steal $17 million for gambling
…to identity theft
Helpdesk employee uses passwords of a credit card database to sell credit reports to Nigerian scammers
[PasswordResearch.com]
From high school pranks…
Student in Tyler changes school attendance records
Students in California change grades
Different authentication for network login and grade system, but teachers were using the same password (very common)
…to serious cash
English accountant uses co-workers’ password to steal $17 million for gambling
…to identity theft
Helpdesk employee uses passwords of a credit card database to sell credit reports to Nigerian scammers

43. Passwords and Computer Security
First step after any successful intrusion: install
sniffer or keylogger to steal more passwords
Second step: run cracking tools on password files
Usually on other hijacked computers
In Mitnick’s “Art of Intrusion”, 8 out of 9 exploits involve password stealing and/or cracking
usernames and passwords stored in the clear in troubleshooting tickets
“Dixie bank” hack: use default router password to change firewall rules to enable incoming connections

44. UNIX-Style Passwords user system password file hash function
“cypherpunk”
system password file
user
t4h97t4m43
fa6326b1c2
N53uhjr438
Hgg658n53 …
hash
function
Here is the UNIX-Style passwords.
The password is encrypted using a hash function and stored in the system password file.

45. Password Hashing Instead of user password, store H(password)
When user enters password, compute its hash and compare with entry in password file
System does not store actual passwords!
Difficult to go from hash from password!
Do you see why hashing is better than encryption here?
Hash function must have some properties
One-way: given H(password), hard to find password
No known algorithm better than trial and error
Is collision resistance needed?

46. UNIX Password System Uses DES encryption as if it were a hash function
Encrypt NULL string using password as the key
Truncates passwords to 8 characters!
Artificial slowdown: run DES 25 times (why?)
Can instruct modern UNIXes to use MD5 hash function
Problem: passwords are not truly random
With 52 upper- and lower-case letters, 10 digits and 32 punctuation symbols, there are 948  6 quadrillion possible 8-character passwords
Humans like to use dictionary words, human and pet names  1 million common passwords
The UNIX Password System Uses DES encryption as if it were a hash function.
The problem is that: passwords are not truly random
With 52 upper- and lower-case letters, 10 digits and 32 punctuation symbols, there are 948  6 quadrillion possible 8-character passwords
Humans like to use dictionary words, human and pet names  1 million common passwords

47. Dictionary Attack Password file /etc/passwd is world-readable
Contains user IDs and group IDs which are used by many system programs
Dictionary attack is possible because many
passwords come from a small dictionary
Attacker can pre-compute H(word) for every word in the dictionary – this only needs to be done once!!
The UNIX Password System vulnerable through Dictionary Attack
With 1,000,000-word dictionary and assuming 10 guesses per second, brute-force online attack
takes 50,000 seconds (14 hours) on average

48. Salt (chosen randomly when password is first set)
shmat:fURxfg,4hLBX:14510:30:Vitaly:/u/shmat:/bin/csh
/etc/passwd entry
salt
(chosen randomly when
password is first set)
Password
hash(salt,pwd)
Salt users with the same password have different entries in the password file
In this way, offline dictionary attack becomes much harder

49. Advantages of Salting
Without salt, attacker can pre-compute hashes of all dictionary words once for all password entries
Same hash function on all UNIX machines; identical passwords hash to identical values
One table of hash values works for all password files
With salt, attacker must compute hashes of all dictionary words once for each combination of salt value and password
With 12-bit random salt, same password can hash to 4096 different hash values
Without salt, attacker can pre-compute hashes of all dictionary words once for all password entries
With salt, attacker must compute hashes of all dictionary words once for each combination of salt value and password

50. Shadow Passwords Hashed password is not
shmat:x:14510:30:Vitaly:/u/shmat:/bin/csh
/etc/passwd entry
Hashed password is not
stored in a world-readable file
Store hashed passwords in /etc/shadow file which is only readable by system administrator (root)
Add expiration dates for passwords
Early Shadow implementations on Linux called the login program which had a buffer overflow!

51. How People Use Passwords
Write them down
Use a single password at multiple sites
Do you use the same password for Amazon and your bank account? UT Direct? Do you remember them all?
Make passwords easy to remember
“password”, “Kevin123”, “popcorn”
Some services use “secret questions”
to reset passwords
“What is your favorite pet’s name?”
Paris Hilton’s T-Mobile cellphone hack
So how people use passwords?
Write them down
Use a single password at multiple sites
Make passwords easy to remember
Some services use “secret questions”to reset passwords

52. Password Surveys Klein (1990) and Spafford (1992)
2.7% guessed in 15 minutes
21% in a week
Sounds Ok? Not if passwords last 30 days or more!
Much more computing power is available now!
U. of Michigan: 5% of passwords were “goblue”
How many passwords on this campus involve “orange”, “horns”, etc.?
Here is a Password Survey.
Klein (1990) and Spafford (1992)
2.7% guessed in 15 minutes
21% in a week
Sounds Ok? Not if passwords last 30 days or more!
Much more computing power is available now!
U. of Michigan: 5% of passwords were “goblue”
How many passwords on this campus involve “orange”, “horns”, etc.?

53. Memorability vs. Security
[Ross Anderson]
One bank’s idea for making PINs “memorable”
If PIN is 2256, write your favorite word in the grid
Fill the rest with random letters
Normally 9,999 choices for PIN – hard to guess
Now only a few dozen possible English words – easy to guess!
So how is the Memorability vs. Security?

54. Heuristics for Guessing Attacks
Dictionary with words spelled backwards
First and last names, streets, cities
Same with upper-case initials
All valid license plate numbers in your state
Room numbers, telephone numbers, etc.
Letter substitutions and other tricks
If you can think of it, attacker will, too
Here is some Heuristics for Guessing Attacks.
Dictionary with words spelled backwards
First and last names, streets, cities
Same with upper-case initials
All valid license plate numbers in your state
Room numbers, telephone numbers, etc.
Letter substitutions and other tricks
If you can think of it, attacker will, too

55. Social Engineering Univ. of Sydney study (1996)
336 CS students ed asking for their passwords
Pretext: “validate” password database after suspected break-in
138 returned their passwords; 30 returned invalid passwords; 200 reset passwords (not disjoint)
Treasury Dept. report (2005)
Auditors pose as IT personnel attempting to correct a “network problem”
35 of 100 IRS managers and employees provide their usernames and change passwords to a known value
Other examples: Mitnick’s “Art of Deception”
We should also consider Social Engineering.
Univ. of Sydney study (1996)
336 CS students ed asking for their passwords
Pretext: “validate” password database after suspected break-in
138 returned their passwords; 30 returned invalid passwords; 200 reset passwords (not disjoint)
Treasury Dept. report (2005)
Auditors pose as IT personnel attempting to correct a “network problem”
35 of 100 IRS managers and employees provide their usernames and change passwords to a known value
Other examples: Mitnick’s “Art of Deception”

56. Strengthening Passwords
Add biometrics
For example, keystroke dynamics or voiceprint
Revocation is often a problem with biometrics
Graphical passwords
Goal: increase the size of memorable password space
Rely on the difficulty of computer vision
Face recognition is easy for humans, hard for machines
Present user with a sequence of faces, he must pick the right face several times in a row to log in
So we should we do if we want to strengthening passwords?
Add biometrics
For example, keystroke dynamics or voiceprint
Revocation is often a problem with biometrics
Graphical passwords
Goal: increase the size of memorable password space
Rely on the difficulty of computer vision
Face recognition is easy for humans, hard for machines
Present user with a sequence of faces, he must pick the right face several times in a row to log in

57. Graphical Passwords Images are easy for humans to remember
Especially if you invent a memorable story to go along with the images
Dictionary attacks on graphical passwords are believed to be difficult
Images are very “random” (is this true?)
Still not a perfect solution
Need infrastructure for displaying and storing images
Shoulder surfing
Graphical Passwords:
Images are easy for humans to remember
Especially if you invent a memorable story to go along with the images
Dictionary attacks on graphical passwords are believed to be difficult
Images are very “random” (is this true?)
Still not a perfect solution
Need infrastructure for displaying and storing images
Shoulder surfing

58. Today’s Lecture Overview of Network Security
Cryptographic hash functions
User authentication
SSL
IPSec & IKE
Distributed Denial of Service (DDoS)
Firewall
Reading List
Now, let’s have a look at SSL.
2018/9/19

59. Layers of Security
TCP: provides a reliable end-to-end service.
TCP & SSL: provides a reliable & secure end-to-end service.
HTTPS: HTTP over SSL (or TLS)
Typically on port 443 (regular http on port 80)
SSL originally developed by Netscape
subsequently became Internet standard known as TLS (Transport Layer Security)
SSL has two layers of protocols
2018/9/19

60. SSL Record Protocol Services
SSL Record Protocol provides two services.
Message integrity
using a MAC with a shared secret key
similar to HMAC but with different padding
hash functions: MD5, SHA-1
Message confidentiality
using symmetric encryption with a shared secret key
Encryption algorithms: AES, IDEA, RC2-40, DES-40, DES, 3DES, RC4-40, RC4-128
SSL Record Protocol provides two services:
Message integrity
using a MAC with a shared secret key
similar to HMAC but with different padding
hash functions: MD5, SHA-1
Message confidentiality
using symmetric encryption with a shared secret key
Encryption algorithms: AES, IDEA, RC2-40, DES-40, DES, 3DES, RC4-40, RC4-128

61. SSL Handshake Protocol
Allows server & client to:
authenticate each other
to negotiate encryption & MAC algorithms and keys
Comprises a series of messages exchanged in phases:
Establish Security Capabilities (to agree on encryption, MAC, and key-exchange algorithms)
Server Authentication and Key Exchange
Client Authentication and Key Exchange
Finish
Negotiate Cipher-Suite Algorithms
Symmetric cipher to use
Key exchange method
Message digest function
Establish and share master secret
Optionally authenticate server and/or client

62. Client Hello Protocol version Random Number Session ID
SSLv3(major=3, minor=0)
TLS (major=3, minor=1)
Random Number
32 bytes
First 4 bytes, time of the day in seconds, other 28 bytes random
Prevents replay attack
Session ID
32 bytes – indicates the use of previous cryptographic material
Compression algorithm
Server “Hello Request”- ask client to restart
hello includes some random data for creating the master secret
SMU

63. Client Hello - Cipher Suites
INITIAL (NULL) CIPHER SUITE
SSL_NULL_WITH_NULL_NULL = { 0, 0 }
SSL_RSA_WITH_NULL_MD5 = { 0, 1 }
SSL_RSA_WITH_NULL_SHA = { 0, 2 }
SSL_RSA_EXPORT_WITH_RC4_40_MD5 = { 0, 3 }
SSL_RSA_WITH_RC4_128_MD5 = { 0, 4 }
SSL_RSA_WITH_RC4_128_SHA = { 0, 5 }
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = { 0, 6 }
SSL_RSA_WITH_IDEA_CBC_SHA = { 0, 7 }
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA = { 0, 8 }
SSL_RSA_WITH_DES_CBC_SHA = { 0, 9 }
SSL_RSA_WITH_3DES_EDE_CBC_SHA = { 0, 10 }
PUBLIC-KEY
ALGORITHM
SYMMETRIC
ALGORITHM
HASH
ALGORITHM
CIPHER SUITE CODES USED
IN SSL MESSAGES
Client Hello - Cipher Suites
SMU 52

64. Server Hello Version Random Number Session ID Cipher suite
Protects against handshake replay
Session ID
Provided to the client for later resumption of the session
Cipher suite
Usually picks client’s best preference – No obligation
Compression method
Server Hello:
Version
Random Number
Protects against handshake replay
Session ID
Provided to the client for later resumption of the session
Cipher suite
Usually picks client’s best preference – No obligation
Compression method
SMU

65. Certificates Sequence of X.509 certificates
Server’s, CA’s, …
X.509 Certificate associates public key with identity
Certification Authority (CA) creates certificate
Adheres to policies and verifies identity
Signs certificate
User of Certificate must ensure it is valid
PKCS standards from RSA for RSA certificates
PKCS #10 cert requests
PKCS #9 cert attributes
PKCS #7 cert chain format
application/x-pkcs7-mime
used to load CA chain into browser
CSE 5349/7349
SMU

66. Validating a Certificate
Must recognize accepted CA in certificate chain
One CA may issue certificate for another CA
Must verify that certificate has not been revoked
CA publishes Certificate Revocation List (CRL)
Let’s see how SSL validate a certificate:
Must recognize accepted CA in certificate chain
One CA may issue certificate for another CA
Must verify that certificate has not been revoked
CA publishes Certificate Revocation List (CRL)
CSE 5349/7349
SMU

67. Client Key Exchange Premaster secret
Created by client; used to “seed” calculation of encryption parameters
2 bytes of SSL version + 46 random bytes
Sent encrypted to server using server’s public key
Here is the SSL Client Key Exchange:
Premaster secret
Created by client; used to “seed” calculation of encryption parameters
2 bytes of SSL version + 46 random bytes
Sent encrypted to server using server’s public key
This is where the attack happened in SSLv2
SMU

68. Change Cipher Spec & Finished Messages
Switch to newly negotiated algorithms and key material
Finished
First message encrypted with new crypto parameters
Digest of negotiated master secret, the ensemble of handshake messages, sender constant
HMAC approach of nested hashing
Change Cipher Spec & Finished Messages:
Change Cipher Spec
Switch to newly negotiated algorithms and key material
Finished
First message encrypted with new crypto parameters
Digest of negotiated master secret, the ensemble of handshake messages, sender constant
HMAC approach of nested hashing
SMU

69. SSL Encryption Master secret Key material Encryption keys
Generated by both parties from premaster secret and random values generated by both client and server
Key material
Generated from the master secret and shared random values
Encryption keys
Extracted from the key material
For SSL encryption, we have:
Master secret
Generated by both parties from premaster secret and random values generated by both client and server
Key material
Generated from the master secret and shared random values
Encryption keys
Extracted from the key material
SMU 52

70. Generating the Master Secret
SERVER’S PUBLIC KEY
IS SENT BY SERVER IN
ServerKeyExchange
CLIENT GENERATES THE
PREMASTER SECRET
ENCRYPTS WITH PUBLIC
KEY OF SERVER
CLIENT SENDS PREMASTER
SECRET IN Client
Key Exchange
SENT BY SERVER
IN ServerHello
SENT BY CLIENT
IN ClientHello
SERVER’S PUBLIC KEY IS SENT BY SERVER IN Server Key Exchange. CLIENT GENERATES THE PREMASTER SECRET ENCRYPTS WITH PUBLIC KEY OF SERVER. CLIENT SENDS PREMASTER SECRET IN Client Key Exchange.
MASTER SECRET IS 3 MD5 HASHES CONCATENATED TOGETHER = 384 BITS
MASTER SECRET IS 3 MD5
HASHES CONCATENATED
TOGETHER = 384 BITS
SMU 52

71. Generation of Key Material
JUST LIKE FORMING THE MASTER SECRET
EXCEPT THE MASTER
SECRET IS USED HERE
INSTEAD OF THE
PREMASTER SECRET
. . .
JUST LIKE FORMING THE MASTER SECRET.
EXCEPT THE MASTER SECRET IS USED HERE INSTEAD OF THE PREMASTER SECRET.
SMU 52

72. Obtaining Keys from the Key Material
SECRET VALUES
INCLUDED IN MESSAGE
AUTHENTICATION CODES
SYMMETRIC KEYS
INITIALIZATION VECTORS
FOR DES CBC ENCRYPTION
SMU 52

73. SSL Record Protocol
Here is SSL Record Protocol.
CSE 5349/7349
SMU 52

74. Record Header Three pieces of information Content type Content length
Application data
Alert
Handshake
Change_cipher_spec
Content length
Suggests when to start processing
SSL version
Redundant check for version agreement
There three pieces of information in SSL record header:
Content type
Application data
Alert
Handshake
Change_cipher_spec
Content length
Suggests when to start processing
SSL version
Redundant check for version agreement
SMU

75. Protocol (cont’d) Max. record length 214 – 1 MAC Data Headers
Sequence number
To prevent replay and reordering attack
Not included in the record
Max. record has the length 214 – 1
And MAC contains:
Data
Headers
Sequence number
To prevent replay and reordering attack
Not included in the record
CSE 5349/7349
SMU

76. SSL Session and Connection
SSL was designed to work with HTTP 1.0 which tended to open a lot of TCP connections between the same client and server.
SSL assumes a session is a relatively long-lived thing from which many (transient) connections can be cheaply derived.
1 session = 1 or more connections
Let’s see SSL Session and Connection:
SSL was designed to work with HTTP 1.0 which tended to open a lot of TCP connections between the same client and server.
SSL assumes a session is a relatively long-lived thing from which many (transient) connections can be cheaply derived.
1 session = 1 or more connections

77. SSL Overhead 2-10 times slower than a TCP session
Where do we lose time
Handshake phase
Client does public-key encryption
Server does private-key encryption (still public-key cryptography)
Usually clients have to wait on servers to finish
Data Transfer phase
Symmetric key encryption
While we can use SSL to get better security, SSL has its own overhead:
2-10 times slower than a TCP session
Where do we lose time
Handshake phase
Client does public-key encryption
Server does private-key encryption (still public-key cryptography)
Usually clients have to wait on servers to finish
Data Transfer phase
Symmetric key encryption
CSE 5349/7349
SMU

78. SSL Applications HTTP – original application Secure mail
Server to client connection
SMTP/SSL?
Telnet, ftp ..
Resources:
Here are some SSL applications:
HTTP – original application
Secure mail
Server to client connection
SMTP/SSL?
Telnet, ftp ..
Resources:
CSE 5349/7349
SMU

79. Today’s Lecture Overview of Network Security
Cryptographic hash functions
User authentication
SSL
IPSec & IKE
Distributed Denial of Service (DDoS)
Firewall
Reading List
And next, I will introduce IPSec and IKE.
2018/9/19

80. IPsec: Network Layer Security
IPsec = AH + ESP + IPcomp + IKE
Protection for IP traffic
AH provides integrity and
origin authentication
ESP also confidentiality
Compression
Sets up keys and algorithms
for AH and ESP
IPsec is the combination of AH + ESP + Ipcomp + IKE.
AH and ESP rely on an existing security association
Idea: parties must share a set of secret keys and agree on each other’s IP addresses and crypto algorithms
Internet Key Exchange (IKE)
Goal: establish security association for AH and ESP
If IKE is broken, AH and ESP provide no protection!

81. IPsec Security Services
Authentication and integrity for packet sources
Ensures connectionless integrity (for a single packet) and partial sequence integrity (prevent packet replay)
Confidentiality (encapsulation) for packet contents
Also partial protection against traffic analysis
With IPsec, authentication and encapsulation can be used separately or together
Either provided in transport or tunnel mode
These services are transparent to applications above transport (TCP/UDP) layer

82. IPsec Modes Transport mode Tunnel mode
Used to deliver traffic from host to host or from host to gateway
End-to-end across networks or within same network
Tunnel mode
Used to deliver traffic from gateway to gateway or from host to gateway
Usually gateways are owned by the same organization
With an insecure network in the middle
There are two modes for IPsec:
Transport mode
Used to deliver traffic from host to host or from host to gateway
End-to-end across networks or within same network
Tunnel mode
Used to deliver traffic from gateway to gateway or from host to gateway
Usually gateways are owned by the same organization
With an insecure network in the middle

83. IPsec in Transport Mode
First, let’s see IPsec in Transport Mode.
End-to-end security between two hosts
Typically, client to gateway (e.g., PC to remote host)
Transport Mode requires IPsec support at each host
End-to-end security between two hosts
Typically, client to gateway (e.g., PC to remote host)
Requires IPsec support at each host

84. IPsec in Transport Tunnel Mode
Implements
IPsec
Implements
IPsec
Next, let’s see IPsec in Transport Tunnel Mode
IPsec protects communication on the insecure part of the network
The security gateway must implement IPsec.
IPsec protects communication on the insecure part of the network

85. Transport Mode vs. Tunnel Mode
Transport mode secures packet payload and leaves IP header unchanged
Tunnel mode encapsulates both IP header and payload into IPsec packets
IP header
(real dest)
IPsec header
TCP/UDP header + data
This slide shows the comparison of transport mode and tunnel mode.
Transport mode secures packet payload and leaves IP header unchanged
Tunnel mode encapsulates both IP header and payload into IPsec packets
IP header
(gateway)
IPsec header
IP header
(real dest)
TCP/UDP header + data

86. Security Association (SA)
One-way sender-recipient relationship
Two SAs required for a two-way conversation
SA determines how packets are processed
Cryptographic algorithms, keys, IVs, lifetimes, sequence numbers, mode (transport or tunnel) – read textbook!
SA is uniquely identified by SPI (Security Parameters Index)…
Each IPsec implementation keeps a database of Sas
SPI is sent with packet, tells recipient which SA to use

87. AH: Authentication Header
Sender authentication
Integrity for packet contents and IP header
Sender and receiver must share a secret key
This key is used in HMAC computation
The key is set up by IKE key establishment protocol and recorded in the Security Association (SA)
SA also records protocol being used (AH) and mode (transport or tunnel) plus hashing algorithm used
MD5 or SHA-1 supported as hashing algorithms
AH represents Authentication Header.
Sender authentication
Integrity for packet contents and IP header
Sender and receiver must share a secret key

88. IP Headers Version Header Length TOS Packet length Packet Id Flags
Immutable
Predictable
Mutable
Fragment
offset
TTL
Protocol
number
Checksum
Source IP
address
Destination
IP address
Options
Here we have a look at IP headers.
AH sets mutable fields to zero and predictable fields to final value and then uses this header plus packet contents as input to HMAC

89. Prevention of Replay Attacks
When SA is established, sender initializes 32-bit counter to 0, increments by 1 for each packet
If wraps around 232-1, new SA must be established
Recipient maintains a sliding 64-bit window
If a packet with high sequence number is received, do not advance window until packet is authenticated
When SA is established, sender initializes 32-bit counter to 0, increments by 1 for each packet
If wraps around 232-1, new SA must be established
Recipient maintains a sliding 64-bit window
If a packet with high sequence number is received, do not advance window until packet is authenticated

90. ESP: Encapsulating Security Payload
Adds new header and trailer fields to packet
Transport mode
Confidentiality of packet between two hosts
Complete hole through firewalls
Used sparingly
Tunnel mode
Confidentiality of packet between two gateways or a host and a gateway
Implements VPN tunnels
Now, let see ESP: Encapsulating Security Payload.
ESP adds new header and trailer fields to packet.
Transport mode
Confidentiality of packet between two hosts
Complete hole through firewalls
Used sparingly
Tunnel mode
Confidentiality of packet between two gateways or a host and a gateway
Implements VPN tunnels

91. ESP Security Guarantees
Confidentiality and integrity for packet payload
Symmetric cipher negotiated as part of security assoc
Optionally provides authentication (similar to AH)
Can work in transport…
…or tunnel mode
encrypted
Original IP
header
ESP header
TCP/UDP segment
ESP trailer
ESP auth
Confidentiality and integrity for packet payload
Symmetric cipher negotiated as part of security assoc
Optionally provides authentication (similar to AH)
Can work in transport.
authenticated
New IP
header
ESP header
Original IP
header
TCP/UDP segment
ESP trailer
ESP auth

92. Secure Key Establishment
Goal: generate and agree on a session key using some public initial information
What properties are needed?
Authentication (know identity of other party)
Secrecy (generated key not known to any others)
Forward secrecy (compromise of one session key does not compromise keys in other sessions)
Prevent replay of old key material
Prevent denial of service
Protect identities from eavesdroppers
Agreement (both parties agree on the value of key)
Now, I will introduce Secure Key Establishment.
The goal of Secure Key Establishment is to generate and agree on a session key using some public initial information.
The properties which Secure Key Establishment needs are:
Authentication (know identity of other party)
Secrecy (generated key not known to any others)
Forward secrecy (compromise of one session key does not compromise keys in other sessions)
Prevent replay of old key material
Prevent denial of service
Protect identities from eavesdroppers
Agreement (both parties agree on the value of key)

93. Key Management in IPsec
Manual key management
Keys and parameters of crypto algorithms exchanged offline (e.g., by phone), security associations established by hand
Pre-shared symmetric keys
New session key derived for each session by hashing pre-shared key with session-specific nonces
Standard symmetric-key authentication and encryption
Online key establishment
Internet Key Exchange (IKE) protocol
Use Diffie-Hellman to derive shared symmetric key
Manual key management
Keys and parameters of crypto algorithms exchanged offline (e.g., by phone), security associations established by hand
Pre-shared symmetric keys
New session key derived for each session by hashing pre-shared key with session-specific nonces
Standard symmetric-key authentication and encryption
Online key establishment
Internet Key Exchange (IKE) protocol
Use Diffie-Hellman to derive shared symmetric key

94. IKE Overview Goal: create security association between 2 hosts
Shared encryption and authentication keys, agreement on crypto algorithms
Two phases: 1st phase establishes security association (IKE-SA) for the 2nd phase
Always by authenticated Diffie-Hellman (expensive)
2nd phase uses IKE-SA to create actual security association (child-SA) to be used by AH and ESP
Use keys derived in the 1st phase to avoid DH exchange
Can be executed cheaply in “quick” mode
To create a fresh key, hash old DH value and new nonces

95. IKE Genealogy Diffie-Hellman Station-to-Station ISAKMP Photuris Oakley
1976
+ authentication,
identity protection
Diffie, van Oorschot, Wiener 1992
+ defense against
denial of service
ISAKMP
NSA 1998
Photuris
“generic” protocol for
establishing security associations
+ defense against replay
Karn, Simpson
+ compatibility with ISAKMP
Here is the IKE Genealogy.
It was first proposed in 1976, and finally became the Internet standard on December 2005.
Oakley
IKE
Orman 1998
Cisco 1998
IKEv2
Internet standard December 2005

96. Design Objectives Shared secret Authentication Identity protection
Create and agree on a secret which is known only to protocol participants
Authentication
Participants need to verify each other’s identity
Identity protection
Eavesdropper should not be able to infer participants’ identities by observing protocol execution
Protection against denial of service
Malicious participant should not be able to exploit the protocol to cause the other party to waste resources
The Design Objectives of IKE is as follows:
Shared secret
Authentication
Identity protection
Protection against denial of service

97. IKE: Phase One I R ga mod p, crypto proposal, Ni CookieR
Optional: refuse 1st message and
demand return of stateless cookie
CookieR
ga mod p, crypto proposal, Ni I R
CookieR, ga mod p, crypto proposal, Ni
gb mod p, crypto accepted, Nr
switch to K=f(Ni,Nr,crypto,gab mod p)
IKE is divided into to phases. Here is phase one.
Initiator reveals identity first:Prevents “polling” attacks where attacker initiates IKE connections to find out who lives at an IP
asdr
Instead of running 2nd phase,“piggyback” establishment of child-SA on initial exchange
EncK(“I”, sigI(m1-4), [cert], child-SA)
EncK(“R”, sigR(m1-4), [cert], child-SA)
Initiator reveals identity first
Prevents “polling” attacks where
attacker initiates IKE connections
to find out who lives at an IP addr
Instead of running 2nd phase,
“piggyback” establishment of
child-SA on initial exchange

98. IKE: Phase Two (Create Child-SA)
After Phase One, I and R share key K I R
EncK(proposal, Ni, [ga mod p], traffic)
Crypto suites, protocol
(AH, ESP or IPcomp)
Optional re-key
using old DH
value and fresh
nonces
IP address range,
ports, protocol id
And this is phase two.
After Phase One, I and R share key K
Can run this phase several times to create multiple SAs
EncK(proposal, Nr , [gb mod p], traffic)
Can run this several times to create multiple SAs

99. Other Aspects of IKE Interaction with other network protocols
How to run IPsec through NAT (Network Address Translation) gateways?
Error handling
Very important! Bleichenbacher attacked SSL by cryptanalyzing error messages from an SSL server
Protocol management
Dead peer detection, rekeying, etc.
Legacy authentication
What if one of the parties doesn’t have a public key?
Here is some other aspects of IKE.
Interaction with other network protocols
How to run IPsec through NAT (Network Address Translation) gateways?
Error handling
Very important! Bleichenbacher attacked SSL by cryptanalyzing error messages from an SSL server
Protocol management
Dead peer detection, rekeying, etc.
Legacy authentication
What if one of the parties doesn’t have a public key?

100. Current State of IPsec Best currently existing VPN standard
For example, used in Cisco PIX firewall, many remote access gateways
IPsec has been out for a few years, but wide deployment has been hindered by complexity
ANX (Automotive Networking eXchange) uses IPsec to implement a private network for the Big 3 auto manufacturers and their suppliers
The current State of Ipsec is that:
Best currently existing VPN standard
For example, used in Cisco PIX firewall, many remote access gateways
IPsec has been out for a few years, but wide deployment has been hindered by complexity
ANX (Automotive Networking eXchange) uses IPsec to implement a private network for the Big 3 auto manufacturers and their suppliers

101. Today’s Lecture Overview of Network Security
Cryptographic hash functions
User authentication
SSL
IPSec & IKE
Distributed Denial of Service Attacks
Firewall
Reading List
And next, I will introduce Distributed Denial of Service Attacks (DDOS).
2018/9/19

102. Background Information: Denial of Service Attacks
Denial of Service Attack: an attack on a computer or network that prevents legitimate use of its resources.
DoS Attacks Affect:
Software Systems
Network Routers/Equipment/Servers
Servers and End-User PCs
Before we go to DDOS, let’s first understand what is DOS.
Denial of Service Attack is an attack on a computer or network that prevents legitimate use of its resources.
It affects:
Software Systems
Network Routers/Equipment/Servers
Servers and End-User PCs
2018/9/19

103. DoS Shortfalls
DoS attacks are unable to attack large bandwidth websites – one upstream client cannot generate enough bandwidth to cripple major megabit websites.
New distributed server architecture makes it harder for one DoS to take down an entire site.
New software protections neutralize existing DoS attacks quickly
DoS attacks are unable to attack large bandwidth websites – one upstream client cannot generate enough bandwidth to cripple major megabit websites.
New distributed server architecture makes it harder for one DoS to take down an entire site.
New software protections neutralize existing DoS attacks quickly
2018/9/19

104. Distributed Denial of Service Attacks
What is a Distributed Denial of Service Attack?
A Distributed Denial of Service (DDoS) attack uses many computers to launch a coordinated DoS attack against one or more targets.
So what is a Distributed Denial of Service Attack?
A Distributed Denial of Service (DDoS) attack uses many computers to launch a coordinated DoS attack against one or more targets.
2018/9/19

105. DDoS Architecture Client Handler Agents 2018/9/19
Here is the basic DDoS architecture.
2018/9/19

106. Why are these attacks easy?
Internet built around end-to-end principle:
Most functions done by end hosts.
Examples: reliable delivery.
Advantages:
Simplifies network core.
Example: IP packet forwarding.
Example: it’s easy to start an ISP.
Anyone can introduce new services.
Result: lots of innovation.
So why are these attacks easy?
Anyone can start an ISP!
2018/9/19

107. Why is defense hard? End-to-end principle conflicts with:
Centralized control.
Centralized monitoring.
Separation of data from control traffic.
Mandatory authentication.
Mandatory accounting.
And why is defense hard?
End-to-end principle conflicts with:
Centralized control.
Centralized monitoring.
Separation of data from control traffic.
Mandatory authentication.
Mandatory accounting.
2018/9/19

108. Widely Used DDoS Programs
Trinoo
Tribe Flood Network
TFN2K
stacheldraht (barbed wire)
And these are the widely used DDoS programs:
Trinoo
Tribe Flood Network
TFN2K
stacheldraht (barbed wire)
2018/9/19

109. Common DDoS Countermeasures
Prevent Initial Hack
Use of Firewalls and Demilitarized Zone
Check Ingress/Egress Packets
Use a server farm and load balancer to offset the effects of a DDoS attack
Prevent SYN flood attacks by discarding the first SYN packet (causes delay for legitimate users)
Change IP address of attacked system (problem for updating legitimate users of new system IP address)
So how to protect us from DDoS attacks? Here are some common DDoS Countermeasures:
Prevent Initial Hack
Use of Firewalls and Demilitarized Zone
Check Ingress/Egress Packets
Use a server farm and load balancer to offset the effects of a DDoS attack
Prevent SYN flood attacks by discarding the first SYN packet (causes delay for legitimate users)
Change IP address of attacked system (problem for updating legitimate users of new system IP address)
2018/9/19

110. DDoS Protection Environment
Linux Kernal (immune to TARGA & teardrop)
Linux Virtual Server (provides balancing algorithms)
NAT via load balancer (translates incoming traffic before it hits the server).
Direct Routing Request Dispatching (allows MAC addresses to directly communicate with the server, bypassing the load balancer).
IP Tunneling
Firewall – packet filtering
Class Based Queuing (assigns repetitive packets to smaller queue freeing up queue space for legitimate users)
Traffic Monitor
And here is the DDoS Protection Environment:
Linux Kernal (immune to TARGA & teardrop)
Linux Virtual Server (provides balancing algorithms)
NAT via load balancer (translates incoming traffic before it hits the server).
Direct Routing Request Dispatching (allows MAC addresses to directly communicate with the server, bypassing the load balancer).
IP Tunneling
Firewall – packet filtering
Class Based Queuing (assigns repetitive packets to smaller queue freeing up queue space for legitimate users)
Traffic Monitor
2018/9/19

111. Conceptual Model for Defending Against DDoS Attacks
Suitable technological solutions in the Internet and suitable incentives upon the users of the Internet.
Economic incentives for Internet users to cooperate
Technical solutions must work together with consistent incentive.
We need two things, suitable technological solutions in the Internet and suitable incentives upon the users of the Internet. The machinery and the incentives interlock and must be designed together. We also need to consider the cost-effective issue: to construct technical solutions and incentive structures in a cost-effective way.
The biggest barrier in defending against DDoS attacks is the lack of economic incentives for Internet users to cooperate. Sample research by icsa.net shows that less than 15 percent of all corporate users are filtering source IP addresses. An even smaller percentage of Internet service providers – less than 8 percent – are doing this type of filtering.
So the technical solutions must work together with consistent incentive.
2018/9/19

112. Protect us from DDoS Attacks
Raise the bar:
Improve host security.
Make it hard to fake IP addresses
Experiment with RON-like and peer-to-peer architectures.
Raise the bar:
Improve host security.
Make it hard to fake IP addresses.
Experiment with RON-like and peer-to-peer architectures.
2018/9/19

113. Today’s Lecture Overview of Network Security
Cryptographic hash functions
User authentication
SSL
IPSec & IKE
Distributed Denial of Service Attacks
Firewall
Reading List
And next, I will introduce Firewalls.
2018/9/19

114. What is a Firewall?
A firewall is hardware, software, or a combination of both.
Used to prevent unauthorized programs or Internet users from accessing a private network and/or a single computer
First, let’s understand what is a firewall.
A firewall is hardware, software, or a combination of both that is used to prevent unauthorized programs or Internet users from accessing a private network and/or a single computer

115. Rules Determine WHO ? WHEN ? WHAT ? HOW ? INTERNET Protected Network
My PC
There are a set of rules in firewall to protect our hosts from attacks.
Protected
Network
Firewall

116. Hardware vs. Software Firewalls
Hardware Firewalls
Protect an entire network
Implemented on the router level
Usually more expensive, harder to configure
Software Firewalls
Protect a single computer
Usually less expensive, easier to configure
As mentioned above, firewall can be either hardware or software or both. Here is a comparison of hardware firewalls and software firewalls.
Hardware Firewalls
Protect an entire network
Implemented on the router level
Usually more expensive, harder to configure
Software Firewalls
Protect a single computer
Usually less expensive, easier to configure

117. How does a software firewall work?
Inspects each individual “packet” of data as it arrives at either side of the firewall
Inbound to or outbound from your computer
Determines whether it should be allowed to pass through or if it should be blocked
Next, I will introduce software firewall, and leave hardware firewall for further reading.
Software firewall works as follows:
Inspects each individual “packet” of data as it arrives at either side of the firewall
Inbound to or outbound from your computer
Determines whether it should be allowed to pass through or if it should be blocked

118. Firewall Rules
Allow – traffic that flows automatically because it has been deemed as “safe” (Ex. Meeting Maker, Eudora, etc.)
Block – traffic that is blocked because it has been deemed dangerous to your computer
Ask – asks the user whether or not the traffic is allowed to pass through
Here is the firewall rule. Typically, there three kinds of rules:
Allow – traffic that flows automatically because it has been deemed as “safe” (Ex. Meeting Maker, Eudora, etc.)
Block – traffic that is blocked because it has been deemed dangerous to your computer
Ask – asks the user whether or not the traffic is allowed to pass through

119. What a personal firewall can do
Stop hackers from accessing your computer
Protects your personal information
Blocks “pop up” ads and certain cookies
Determines which programs can access the Internet
So what a personal firewall can do?
Stop hackers from accessing your computer
Protects your personal information
Blocks “pop up” ads and certain cookies
Determines which programs can access the Internet

120. What a personal firewall cannot do
Cannot prevent viruses
Only an antivirus product with updated definitions can prevent viruses
After setting it initially, you can forget about it
The firewall will require periodic updates to the rulesets and the software itself
And what a personal firewall cannot do?
It cannot prevent viruses
Only an antivirus product with updated definitions can prevent viruses
After setting it initially, you can forget about it
The firewall will require periodic updates to the rulesets and the software itself

121. Considerations when using personal firewall software
If you did not initialize an action and your firewall picks up something, you should most likely deny it and investigate it
It’s a learning process (Ex. Spooler Subsystem App)
If you notice you cannot do something you did prior to the installation, there is a good chance it might be because of your firewall
Here are some considerations when using personal firewall software:
If you did not initialize an action and your firewall picks up something, you should most likely deny it and investigate it
It’s a learning process (Ex. Spooler Subsystem App)
If you notice you cannot do something you did prior to the installation, there is a good chance it might be because of your firewall

122. Examples of personal firewall software
ZoneAlarm <
BlackICE Defender <
Tiny Personal Firewall <
Norton Personal Firewall <
Here are some examples of personal firewall software:
ZoneAlarm <
BlackICE Defender <
Tiny Personal Firewall <
Norton Personal Firewall <

123. Windows XP Firewall Currently *not* enabled by default
Enable under Start -> Settings -> Control Panel
Select Local Area Connection
Select the Properties button
Click the “Advanced” tab
And almost everyone knows, the Windows XP Firewall:
Currently *not* enabled by default
Enable under Start -> Settings -> Control Panel
Select Local Area Connection
Select the Properties button
Click the “Advanced” tab

124. Final Firewall Notes Rule Management Default Allow vs. Default Deny
Firewalls do NOT Solve the Entire Problem
Now let’s have a summary about firewall:
Rule Management
Default Allow vs. Default Deny
Firewalls do NOT Solve the Entire Problem

125. Q & A
2018/9/19