1. 20-751 ECOMMERCE TECHNOLOGY SPRING 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Network Security

2. 20-751 ECOMMERCE TECHNOLOGY SPRING 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Outline Authentication –Passwords –Biometrics Network protection –Firewalls, proxy servers –Denial of service attacks –Viruses

3. 20-751 ECOMMERCE TECHNOLOGY SPRING 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS “1059” Methods of User Authentication Something you know... –Password, PIN, “mother’s maiden name” Something you have... –Physical key, token, magnetic card, smartcard Something you are... –Finger print, voice, retina, iris Someplace you are –GPS information Best to use two or more of the above, called two-factor authentication SOURCE: SECURITY DYNAMICS

4. 20-751 ECOMMERCE TECHNOLOGY SPRING 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Time-based Token Authentication Login: mcollings Passcode: 2468234836 PIN TOKENCODE Token code: Changes every 60 seconds Unique seed Clock synchronized to UCT (UNIVERSAL COORDINATED TIME) PASSCODE=+PINTOKENCODE SOURCE: RSARSA

5. 20-751 ECOMMERCE TECHNOLOGY SPRING 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Biometrics Use of an unalterable body part or feature to provide identification History –For 1,000,000 years we couldn’t identify people –France used tattoos; abolished in 1832 –Uniqueness of fingerprints 1890 Verification v. identification Weaknesses: –Forgery –Replay attack

6. 20-751 ECOMMERCE TECHNOLOGY SPRING 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Fingerprints SOURCE: C3i MAIN SHAPES: LOOP WHORL ARCH MINUTIAE: END BIFURCATION ISLAND LAKE DOT EACH PERSON HAS A UNIQUE ARRANGEMENT OF MINUTIAE:

7. 20-751 ECOMMERCE TECHNOLOGY SPRING 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Fingerprint Capture Thompson-CSF FingerChipFingerChip (Thermal-sensed swipe) DEMO1DEMO1, DEMO2DEMO2 ST-Micro TOUCHCHIP (Capacitative) American Biometric Company BioMouse (Optical) Biometric Partners Touchless Sensor

8. 20-751 ECOMMERCE TECHNOLOGY SPRING 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Fingerprint Capture BIOMETRIC ACCESS CORPORATION DIGITAL PERSONA VERITOUCH MULTI-FINGER SCANNER NOVUS HAND GEOMETRY SYSTEM

9. 20-751 ECOMMERCE TECHNOLOGY SPRING 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Two-Factor Authentication Token From Authentication © 2002. Used by permission Fingerprint “unlocks” the authentication token, e.g. a digital certificate

10. 20-751 ECOMMERCE TECHNOLOGY SPRING 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Iris Scan SOURCE: IRISCAN Human iris patterns encode ~3.4 bits per sq. mm Can be stored in 512 bytes Patterns do not change after 1 year of life Patterns of identical twins are uncorrelated Chance of duplication < 1 in 10 78 Identification speed: 2 sec. per 100,000 people PERSONAL IRIS IMAGER Companies: British Telecom, Iriscan, SensarIriscanSensar

11. 20-751 ECOMMERCE TECHNOLOGY SPRING 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Signature Dynamics Examines formation of signature, not final appearance DSV (Dynamic signature verification) Parameters Total time Sign changes in x-y velocities and accelerations Pen-up time Total path length Sampling 100 times/second Companies: CyberSIgn, Quintet,CyberSIgnQuintet PenOpPenOp, SoftPro SignPlus,SoftPro

12. 20-751 ECOMMERCE TECHNOLOGY SPRING 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Web/Network Security Client Side –What can the server do to the client? Fool it Install or run unauthorized software, inspect/alter files Server Side –What can the client do to the server? Bring it down (denial of service) Gain access (break-in) Network –Is anyone listening? (Sniffing) –Is the information genuine? Are the parties genuine?

13. 20-751 ECOMMERCE TECHNOLOGY SPRING 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Packet Sniffer Client Packet Sniffing Server NETWORK INTERFACE CARD ALLOWS ONLY PACKETS FOR THIS MAC ADDRESS EVERY NETWORK INTERFACE CARD HAS A UNIQUE 48-BIT MEDIA ACCESS CONTROL (MAC) ADDRESS, e.g. 00:0D:84:F6:3A:10 24 BITS ASSIGNED BY IEEE; 24 BY CARD VENDOR PACKET SNIFFER SETS HIS CARD TO PROMISCUOUS MODE TO ALLOW ALL PACKETS THROUGH

14. 20-751 ECOMMERCE TECHNOLOGY SPRING 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Network Security Problem SOURCE: CERTCERT REMOVABLE MEDIA USER MODEM + TELEPHONE LOCAL AREA NETWORK REMOTE LOCATION INTERNET CONNECTION “BACKDOOR” INTERNET CONNECTION ISP REMOTE USER VENDORS AND SUBCONTRACTORS RADIO EMISSIONS WIRELESS USER

15. 20-751 ECOMMERCE TECHNOLOGY SPRING 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Sophistication v. Intruder Knowledge SOURCE: CERTCERT

16. 20-751 ECOMMERCE TECHNOLOGY SPRING 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Firewall A device placed between two networks or machines –All traffic in and out must pass through the firewall –Only authorized traffic is allowed to pass –The firewall itself is immune to penetration Internet Firewall Company Network SOURCE: ADAM COLDWELL

17. 20-751 ECOMMERCE TECHNOLOGY SPRING 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Firewall Architecture SOURCE: CHAPMAN, BUILDING INTERNET FIREWALLS

18. 20-751 ECOMMERCE TECHNOLOGY SPRING 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Firewall Architecture Intranet DMZ Internet Firewall WEB SERVER EMAIL SERVER PROXY SERVER

19. 20-751 ECOMMERCE TECHNOLOGY SPRING 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Proxy Server SOURCE: CHAPMAN, BUILDING INTERNET FIREWALLS “DUAL-HOMED” MEANS HAS TWO IP ADDRESSES DOES NOT FORWARD IP PACKETS

20. 20-751 ECOMMERCE TECHNOLOGY SPRING 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Enterprise Access Security Web Server Firewall Authentication Server RAS Intranet Mainframe Enterprise UNIX RSA Agent Remote Access Internet RSA Agent Internet Access RSA Agent Enterprise Access RSA Agents SOURCE: RSARSA

21. 20-751 ECOMMERCE TECHNOLOGY SPRING 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Denial-of-Service Attacks Attack to disable a machine (server) by making it unable to respond to requests Use up resources –Bandwidth, swap space, RAM, hard disk Some attacks yield millions of service requests per second

22. 20-751 ECOMMERCE TECHNOLOGY SPRING 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Ping Flooding Victim System Attacking System(s) Internet SOURCE: PETER SHIPLEY

23. 20-751 ECOMMERCE TECHNOLOGY SPRING 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Three-Way Handshake Client Server SYNSYN | ACKACK 1: Send SYN seq=x 2: Send SYN seq=y, ACK x+1 3: Send ACK y+1 SOURCE: PETER SHIPLEY

24. 20-751 ECOMMERCE TECHNOLOGY SPRING 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS SMURF ATTACK INTERNET PERPETRATOR VICTIM ICMP echo (spoofed source address of victim) Sent to IP broadcast address ICMP echo reply SOURCE: CISCO ICMP = Internet Control Message Protocol INNOCENT REFLECTOR SITES BANDWIDTH MULTIPLICATION: A T1 (1.54 Mbps) can easily yield 100 MBbps of attack 1 SYN 10,000 SYN/ACKs -- VICTIM IS DEAD

25. 20-751 ECOMMERCE TECHNOLOGY SPRING 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Distributed Denial of Service Attack SOURCE: CERTCERT VICTIM INTRUDER INTRUDER SENDS COMMANDS TO HANDLERS

26. 20-751 ECOMMERCE TECHNOLOGY SPRING 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS DDOS Attack SOURCE: CERTCERT

27. 20-751 ECOMMERCE TECHNOLOGY SPRING 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS DDOS Attack SOURCE: CERTCERT

28. 20-751 ECOMMERCE TECHNOLOGY SPRING 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Rate Limiting Allows network managers to set bandwidth limits for users and by traffic type. Prevents deliberate or accidental flooding of the network Rate Limiting for Different Classes of Users Network Manager Teachers Students 2 Mbps 10 Mbps 50 Mbps SOURCE: CISCO

29. 20-751 ECOMMERCE TECHNOLOGY SPRING 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Code Attacks Virus –executable code –that attaches itself to other executable code (infection) –to reproduce itself (spread) replicator + concealer + payload Rabbit, Worm –program that makes many copies of itself and spreads them. Each copy makes copies, etc. Worm spreads via networks. Trojan Horse –performs unauthorized activity while pretending to be another program. Example: fake login program

30. 20-751 ECOMMERCE TECHNOLOGY SPRING 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Viral Phenomena Invented ~1985 More than 70,000 known viruses –More than in nature 10-15 new viruses per day 35% are destructive (up from 10% in 1993) Virus attacks per computer doubles every two years Written mostly by men 14-24 –India, New Zealand, Australia, U.S. Symantec employs 45 people full-time, spread over 24 hours, to detect and neutralize viruses

31. 20-751 ECOMMERCE TECHNOLOGY SPRING 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Exploiting System Bugs Buffer overflows –Program allocates 255 bytes for input. –Hacker sends 500 bytes. BUFFER (255 BYTES) PROGRAM CODE 245 BYTES ARE OVERWRITTEN WITH HACKER’S DATA NOW HACKER’S CODE CAN BE EXECUTED INPUT IS 500 BYTES LONG BUFFER (255 BYTES) PROGRAM CODE

32. 20-751 ECOMMERCE TECHNOLOGY SPRING 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Viral Phenomena Stealth capability –Virus “hides” from detection. Installs memory-resident code. –Intercepts file accesses. If attempt is made to access its disk sector, substitutes “clean” data instead. Mutation –Accidental. Virus gets changed (corrupted) by system –Deliberate. Creator inserts program modification code. “Self-garbling” - unscrambles itself before use –Result: virus becomes hard to detect Virus toolkits

33. 20-751 ECOMMERCE TECHNOLOGY SPRING 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Virus Detection Some virus families have common characteristics –Presence or absence of particular strings Antiviral software –Only detects what it know how to detect. –Must be upgraded regularly for new viruses. –Symantec encyclopediaSymantec encyclopedia File virus –Compare size with known backup copy. –Presence of strings, like “.EXE” Retrovirus –Attacks or disables antivirus software

34. 20-751 ECOMMERCE TECHNOLOGY SPRING 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Network Attacks SOURCE: CERTCERT

35. 20-751 ECOMMERCE TECHNOLOGY SPRING 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Key Takeaways Evaluate all risks, even internal ones People do bizarre things when they think no one will find out Security is for professionals Unexplored future in biometrics Proxies give only thin protection There is no current defense to DOS attacks There is no defense to new viruses (except Java for a while)

36. 20-751 ECOMMERCE TECHNOLOGY SPRING 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Q A &