Download presentation
Presentation is loading. Please wait.
1
CSCE 715: Network Systems Security
Chin-Tser Huang University of South Carolina
2
Attacks, Mechanisms, and Services
Security attack: any action that compromises security of information owned by an organization Security mechanism: a mechanism designed to detect, prevent, or recover from a security attack Security service: a service that enhances security of data processing systems and information transfers of an organization Security service uses one or more security mechanisms to counter security attack 8/29/2007 (C) 2007 Chin-Tser Huang
3
Type of Attacks Active attacks Passive attacks Message loss
Traffic analysis Message interception Active attacks Message loss Message modification Message insertion Message replay Denial-of-Service attack 8/29/2007 (C) 2007 Chin-Tser Huang
4
Network Security Services
Confidentiality Integrity Authentication Anti-replay … Availability Access control Non-repudiation Anonymity 8/29/2007 (C) 2007 Chin-Tser Huang
5
Confidentiality Keep message known only to the receiver and secret to anyone else Counter message interception 8/29/2007 (C) 2007 Chin-Tser Huang
6
Integrity When receiver receives message m, receiver can verify m is intact after sent by sender Counter message modification 8/29/2007 (C) 2007 Chin-Tser Huang
7
Authentication When receiver receives message m, receiver can verify m is indeed sent by the sender recorded in m Counter message insertion 8/29/2007 (C) 2007 Chin-Tser Huang
8
Anti-replay When receiver receives message m, receiver can verify m is not a message that was sent and received before Counter message replay 8/29/2007 (C) 2007 Chin-Tser Huang
9
Availability Property of a system or a resource being accessible and usable upon demand by an authorized entity Counter denial-of-service attack 8/29/2007 (C) 2007 Chin-Tser Huang
10
Access Control Mechanism to enforce access rights to resources and data Users can access resources and data to which they have access rights Users cannot access resources and data to which they don’t have access rights 8/29/2007 (C) 2007 Chin-Tser Huang
11
Non-repudiation Sender non-repudiation: When receiver receives message m, receiver gets proof that sender of m ever sent m Receiver of m can show proof to third-party so that sender of m cannot repudiate 8/29/2007 (C) 2007 Chin-Tser Huang
12
Non-repudiation Receiver non-repudiation: When receiver receives message m, sender gets proof that receiver of m ever receives m Sender of m can show proof to third-party so that receiver of m cannot repudiate 8/29/2007 (C) 2007 Chin-Tser Huang
13
Anonymity Identity of sender is hidden from receiver
When receiver receives message m, receiver has no clue about sender of m 8/29/2007 (C) 2007 Chin-Tser Huang
14
Network Protocols Abstractions of communication between two processes over a network Define message formats Define legitimate sequence of messages Take care of physical details of different network hardware and machines Separate tasks in complex communication networks For example, FTP and ARP 8/29/2007 (C) 2007 Chin-Tser Huang
15
Protocol Layering Many problems need to be solved in a communication network These problems can be divided into smaller sets and different protocols are designed for each set of problem Protocols can be organized into layers to keep them easy to manage 8/29/2007 (C) 2007 Chin-Tser Huang
16
Properties of Protocol Layer
Functions of each layer are independent of functions of other layers Thus each layer is like a module and can be developed independently Each layer builds on services provided by lower layers Thus no need to worry about details of lower layers -- transparent to this layer 8/29/2007 (C) 2007 Chin-Tser Huang
17
Protocol Stack: OSI Model
Application Presentation Session Transport Network Data link Physical 8/29/2007 (C) 2007 Chin-Tser Huang
18
Communicating End Hosts
Application Application Presentation Presentation Session Session Transport Router Transport Network Network Network Data link Data link Data link Physical Physical Physical 8/29/2007 (C) 2007 Chin-Tser Huang
19
Verification of Network Protocols
Many complex protocols perform multiple functions with multiple messages It is desirable to verify that a protocol can correctly perform functions that it was designed for Particularly important for security protocols 8/29/2007 (C) 2007 Chin-Tser Huang
20
Traditional Ways of Network Protocol Specification
Plain English Time charts Programming languages 8/29/2007 (C) 2007 Chin-Tser Huang
21
Shortcomings of Plain English
Ambiguity Different words can have similar meanings process p sends message m to process q process p transmits message m to process q process p forwards message m to process q process p delivers message m to process q Same word can have different meanings process p sends file f to process q 8/29/2007 (C) 2007 Chin-Tser Huang
22
Shortcoming of Time Chart
Not scalable Many legitimate sequences of messages Cannot list all possible legitimate sequences when the number of sequences grows exponentially 8/29/2007 (C) 2007 Chin-Tser Huang
23
Shortcoming of Using Programming Language
Hard to prove correctness of protocol specification For example, protocol specified in C language may involve overlap, and may involve transmission delay 8/29/2007 (C) 2007 Chin-Tser Huang
24
Formal Ways of Network Protocol Specification
BAN logic Abstract Protocol Notation 8/29/2007 (C) 2007 Chin-Tser Huang
25
BAN Logic Invented by Burrows, Abadi, and Needham
Use logical constructs and postulates to analyze authentication protocols and uncover various protocol weaknesses 8/29/2007 (C) 2007 Chin-Tser Huang
26
Logical Constructs Assume P and Q are network agents, X is a message, and K is an encryption key P believes X: P acts as if X is true, and may assert X in other messages P has jurisdiction over X: P's beliefs about X should be trusted P said X: At one time, P transmitted (and believed) message X, although P might no longer believe X P sees X: P receives message X, and can read and repeat X {X}K: X is encrypted with key K fresh(X): X was sent recently key(K, P<->Q): P and Q may communicate with shared key K 8/29/2007 (C) 2007 Chin-Tser Huang
27
Examples of Postulates
If P believes key(K, P<->Q), and P sees {X}K, then P believes (Q said X) If P believes (Q said X) and P believes fresh(X), then P believes (Q believes X) If P believes (Q has jurisdiction over X) and P believes (Q believes X), then P believes X If P believes that Q said <X, Y>, the concatenation of X and Y, then P also believes that Q said X, and P also believes that Q said Y 8/29/2007 (C) 2007 Chin-Tser Huang
28
Shortcomings of BAN Logic
High level of abstraction Need for a protocol idealization step, in which user is required to transform each message in a protocol into formulas Can only verify a round every time 8/29/2007 (C) 2007 Chin-Tser Huang
29
Abstract Protocol Notation
Presented by Mohamed Gouda in the book Elements of Network Protocol Design Formal and scalable Proof of correctness of protocol specification can be easily done using state transition diagram 8/29/2007 (C) 2007 Chin-Tser Huang
30
Communication Model A network of processes and two unbounded FIFO channels between every two processes Set of messages process p … process q … 8/29/2007 (C) 2007 Chin-Tser Huang
31
Process Specification
Each process in a protocol is specified as follows process px inp <name of input> : <type of input> … <name of input> : <type of input> var <name of variable> : <type of variable> <name of variable> : <type of variable> begin <action> [] <action> end 8/29/2007 (C) 2007 Chin-Tser Huang
32
Action Execution Specified as <guard> <statement>
Satisfy three conditions Atomic: actions in the whole protocol are executed one at a time; one action cannot start while another action execution is in progress Non-deterministic: an action is executed only when its guard is true Fair: if guard of an action is continuously true, then the action is eventually executed 8/29/2007 (C) 2007 Chin-Tser Huang
33
State Transition Diagram
Define semantic of a protocol State is defined by a value for each variable in protocol and by a message set for each channel in protocol Transition is movement from current state to next state triggered by an action execution 8/29/2007 (C) 2007 Chin-Tser Huang
34
An Example Protocol process p var ready: boolean {init. ready=true}
txt, t : integer begin ready txt := any; send rqst(txt) to q; ready := false [] rcv rply(t) from q {use text t in received message} ready := true end process q var t : integer begin rcv rqst(t) from p t := any; send rply(t) to p end 8/29/2007 (C) 2007 Chin-Tser Huang
35
State Transition Diagram of Example Protocol
T.0 : ready ch.p.q = < > ch.q.p = < > T.1 : ~ready ch.p.q = <rqst(txt)> ch.q.p = < > T.2 : ~ready ch.p.q = < > ch.q.p = <rply(t.q)> 8/29/2007 (C) 2007 Chin-Tser Huang
36
Adversary Model Adversary can change contents of protocol channels by executing the following actions a finite number of times Message loss: lose an original message Message modification: modify the field of an original message to cause a modified message Message replay: replace an original message by another original message to cause a replayed message Message insertion: add to a channel a finite number of arbitrary messages 8/29/2007 (C) 2007 Chin-Tser Huang
37
Prove Correctness of Secure Protocol
Execution of adversary actions may lead the protocol to a bad state Protocol is said to be correct if it converges to its good cycle in a finite number of steps after adversary finishes executing its actions 8/29/2007 (C) 2007 Chin-Tser Huang
38
Next Class Network security tools to counter the effects of adversary actions Cryptography backgrounds of network security tools Read Ch. 2 8/29/2007 (C) 2007 Chin-Tser Huang
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.