Presentation is loading. Please wait.

Presentation is loading. Please wait.

Summer Workshop on Cyber Security Computer Networks Security (Part 2) Dr. Hamed Mohsenian-Rad University of California at Riverside and Texas Tech University.

Published byPaulina Harvey Modified over 8 years ago

Similar presentations

Presentation on theme: "Summer Workshop on Cyber Security Computer Networks Security (Part 2) Dr. Hamed Mohsenian-Rad University of California at Riverside and Texas Tech University."— Presentation transcript:

1 Summer Workshop on Cyber Security Computer Networks Security (Part 2) Dr. Hamed Mohsenian-Rad University of California at Riverside and Texas Tech University July 14- 18, 2014 Supported by National Science Foundation

2 Securing Computer Networks Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU2  Recall the five layers in computer networks:  Q: In what layer do you think we should apply security tool? Transport Application Physical Link Network

3 Securing Computer Networks Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU3  Recall the five layers in computer networks:  Q: In what layer do you think we should apply security tool? Transport Application Physical Link Network We secure everything coming from above.

4 Securing Computer Networks Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU4  Recall the five layers in computer networks:  Q: In what layer do you think we should apply security tool? Transport Application Physical Link Network We secure everything coming from above.

5 Security in Application Layer Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU5  We design a security module for a specific application:  Different applications may need different security efforts.  Case Study:  Securing Emails  Q: What are the security needs for emails?

6 Secure e-mail: Confidentiality Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU6 Notations:  K S : A symmetric key  K B : Bob’s public key  K S : Bob’s private key  Alice wants to send confidential e-mail, m, to Bob. + - K S ( ). K B ( ). + + - K S (m) K B (K S ) + m KSKS KSKS KBKB + K S ( ). K B ( ). - KBKB - KSKS m K S (m) K B (K S ) + Internet

7 Secure e-mail: Confidentiality Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU7 Alice:  Generates a random symmetric key K S  Encrypts message with K S  Also encrypts K S with Bobs public key  Sends both K S (m) and K B (K S ) to Bob  Alice wants to send confidential e-mail, m, to Bob. K S ( ). K B ( ). + + - K S (m) K B (K S ) + m KSKS KSKS KBKB + K S ( ). K B ( ). - KBKB - KSKS m K S (m) K B (K S ) + Internet

8 Secure e-mail: Confidentiality Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU8  Alice wants to send confidential e-mail, m, to Bob. K S ( ). K B ( ). + + - K S (m) K B (K S ) + m KSKS KSKS KBKB + K S ( ). K B ( ). - KBKB - KSKS m K S (m) K B (K S ) + Internet Bob:  Uses his private key to decrypt and recover K S  Uses K S to decrypt K S (m) to recover m

9 Secure e-mail: Authentication Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU9  Alice wants to provide sender authentication message integrity  Alice digitally signs message  Sends both message and digital signature H( ). K A ( ). - + - H(m ) K A (H(m)) - m KAKA - Internet m K A ( ). + KAKA + K A (H(m)) - m H( ). H(m ) compare

10 Secure e-mail: Authentication Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU10  Alice wants to provide both secrecy and authentication. Alice uses three keys: her private key, Bob’s public key, newly created symmetric key H( ). K A ( ). - + K A (H(m)) - m KAKA - m K S ( ). K B ( ). + + K B (K S ) + KSKS KBKB + Internet KSKS

11 Secure e-mail: Authentication Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU11  Alice wants to provide both secrecy and authentication. H( ). K A ( ). - + K A (H(m)) - m KAKA - m K S ( ). K B ( ). + + K B (K S ) + KSKS KBKB + Internet KSKS Q: What are the steps on the Bob’s side?

12 Secure e-mail: Example Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU12  PGP (Pretty Good Privacy) Protocol -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Bob: Can I see you tonight? Passionately yours, Alice -----BEGIN PGP SIGNATURE----- Version: PGP for Personal Privacy 5.0 Charset: noconv yhHJRHhGJGhgg/12EpJ+lo8gE4vB3mqJhFEvZP9t6n7G6m5Gw2 -----END PGP SIGNATURE----- m K A (H(m)) -

13 Secure e-mail: Example Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU13  PGP (Pretty Good Privacy) Protocol -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Bob: Can I see you tonight? Passionately yours, Alice -----BEGIN PGP SIGNATURE----- Version: PGP for Personal Privacy 5.0 Charset: noconv yhHJRHhGJGhgg/12EpJ+lo8gE4vB3mqJhFEvZP9t6n7G6m5Gw2 -----END PGP SIGNATURE----- K A (H(m)) m -----BEGIN PGP MESSAGE----- Version: PGP for Personal Privacy 5.0 u2R4d+/jKmn8Bc5+hgDsqAewsDfrGdszX68liKm5F6Gc4sDfcXyt RfdSlOjuHgbcfDssWe7/K=lKhnMikLo0+l/BvcX4t==Ujk9PbcD4 Thdf2awQfgHbnmKlok8iy6gThlp -----END PGP MESSAGE - K B (…) +

14 Security in Transport Layer Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU14 This is not application-specific. Case Study:  SSL: Secure Sockets Layer  Transport Later Security to TCP-based apps. Transport Application Physical Link Network We secure everything coming from above.

15 SSL: Secure Sockets Layer Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU15 Widely deployed protocol – Supported by almost all browsers, web servers – HTTPS First Implementation: – Netscape Provides – Confidentiality – Data Integrity – Authentication Original goals: – Web e-commerce transactions – Encryption (especially credit-card numbers) – Web-server authentication – Optional client authentication Available to all TCP apps – Secure socket interface

16 SSL Example – Online Purchase Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU16  Confidentiality: Credit Card Information  Data Integrity: Altering Your order (e.g., address)  Server Authentication: Fake Amazon Website!

17 SSL and TCP/IP Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU17 Application TCP IP normal application Application SSL TCP IP application with SSL  SSL provides application programming interface (API) to application developers to use “secure sockets”.  C and Java SSL libraries/classes readily available

18 SSL Approach: Something Like PGP Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU18  But want to send byte streams & interactive data (Q: Why?)  Want set of secret keys for entire connection  Want certificate exchange as part of protocol: handshake phase H( ). K A ( ). - + K A (H(m)) - m KAKA - m K S ( ). K B ( ). + + K B (K S ) + KSKS KBKB + Internet KSKS

19 SSL Lifetime Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU19 Handshake: Alice and Bob use their certificates, private keys to authenticate each other. – Now, they can exchange shared secret Key Derivation: Alice and Bob use shared secret to derive set of [symmetric] keys. Data Transfer: Exchange encrypted byte streams. Connection Closure: special messages to securely close connection (Q: Why securely?)

20 SSL: A Simple Handshake Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU20 MS: Master Secret EMS: Encrypted Master Secret SSL hello public key certificate K B + (MS) = EMS To Generate Symmetric Keys K B - (EMS) [ More details on handshake coming soon! ]

21 SSL: Key Derivation Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU21 Generate and use different keys for – Message Authentication Code (MAC) – Data Encryption Using Key Derivation Function (KDF) and Master Key (MS), Bob and Alice generate four different keys: – K B = Encryption key for data sent from Bob to Alice – M B = MAC key for data sent from Bob to Alice – K A = Encryption key for data sent from Alice to Bob – M A = MAC key for data sent from Alice to Bob

22 SSL: Data Records Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU22 Break down the byte stream into series of records – Each record carries a separate MAC – Receiver can act on each record as it arrives E.g., separate message identification in instant messaging Issue: Receiver needs to distinguish MAC from data – Want to use variable-length records  Indicate Data Length lengthdataMAC

23 SSL: Sequence Numbers Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU23 Problem: attacker can capture and replay record or re-order records – Is it a new message?

24 SSL: Sequence Numbers Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU24 Problem: attacker can capture and replay record or re-order records – Is it a new message? Solution: put sequence number into MAC: – MAC = MAC(M x, sequence||data) – Note: no separate sequence number field (Unlike TCP)

25 SSL: Sequence Numbers Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU25 Problem: attacker can capture and replay record or re-order records – Is it a new message? Solution: put sequence number into MAC: – MAC = MAC(M x, sequence||data) – Note: no separate sequence number field (Unlike TCP) Problem: attacker could replay all records Solution: use nonce (a number used once in a life-time)

26 SSL: Control Information Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU26 Problem: truncation attack: – Attacker forges TCP connection close segment – One or both sides think there is less data than actually is. Solution: record types, with one type for closure – Type 0 for data; Type 1 for closure MAC = MAC(M x, sequence||type||data) lengthtype data MAC

27 SSL: Summary Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU27 hello certificate, nonce K B + (MS) = EMS type 0, seq 1, data type 0, seq 2, data type 0, seq 1, data type 0, seq 3, data type 1, seq 4, close type 1, seq 2, close encrypted bob.com

28 SSL: We Are Not Done Yet! Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU28 How long are fields?  Standard Which encryption protocols? Want negotiation? – Allow Bob (client) and Alice (server) to support different encryption algorithms – Allow Bob (client) and Alice (server) to choose together specific algorithm before data transfer.

29 SSL Encryption Protocol Selection Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU29 Cipher Suite – Public-key algorithm – Symmetric encryption algorithm – MAC algorithm SSL supports many cipher suites –DES – Data Encryption Standard: block –3DES – Triple strength: block –RC2 – Rivest Cipher 2: block –RC4 – Rivest Cipher 4: stream

30 SSL: Handshake Details Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU30 Purpose 1.Server authentication 2.Negotiation: agree on crypto algorithms 3.Establish keys 4.Client authentication (optional)

31 SSL: Handshake Details Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU31 1.Client sends list of algorithms it supports – Along with client nonce 2.Server chooses algorithms from list; sends back: choice + public key certificate + server nonce

32 SSL: Handshake Details Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU32 3.Client – Verifies server’s public key certificate with a CA – Generates master_secret, – Encrypts it using server’s public key – Sends the encryption result back to the server Using its private key, the server obtains master_secret.

33 SSL: Handshake Details Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU33 4.Client and server use – master_secret – Nonces to independently compute: – Encryption – MAC keys

34 SSL: Handshake Details Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU34 5.Client sends a MAC in all the handshake messages 6.Server sends a MAC in all the handshake messages

35 SSL Programming Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU35  SSL programming tutorial: http://h71000.www7.hp.com/doc/83final/ba554_90007/ch04s03.html

36 Security in Network Layer Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU36 This is not application-specific. Case Study:  IPSec: Internet Protocol (IP) Security Protocol  VPN: Virtual Private Networks (Using IPSec) Transport Application Physical Link Network We secure everything coming from above.

37 What is Network-layer Confidentiality? Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU37 Between two network entities: Sending entity encrypts datagram (Q: why?) payload. Payload could be: – TCP or UDP segment, ICMP message,... Indifferent to the content: – Web pages, e-mail, P2P file transfers, TCP SYN packets … “Blanket Coverage”

38 Virtual Private Networks (VPNs) Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU38 Motivation: Institutions often want private networks for security. – Cost: Separate routers, links, DNS infrastructure. – Feasibility: Members are not always physically co-located. VPN: Inter-office traffic is sent over public Internet, but – Encrypted before entering public Internet – Logically separated from other traffic

39 Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU39 Virtual Private Networks (VPNs) IP header IPsec header Secure payload IP header IPsec header Secure payload IP header IPsec header Secure payload IP header payload IP header payload Headquarters Branch Office Salesperson in a Hotel Laptop w/ IPsec Router w/ IPv4 and IPsec Router w/ IPv4 and IPsec public Internet

40 Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU40 Virtual Private Networks (VPNs) IP header IPsec header Secure payload IP header IPsec header Secure payload IP header IPsec header Secure payload IP header payload IP header payload Headquarters Branch Office Salesperson in a Hotel Laptop w/ IPsec Router w/ IPv4 and IPsec Router w/ IPv4 and IPsec public Internet No Need for IPsec

41 Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU41 Virtual Private Networks (VPNs) IP header IPsec header Secure payload IP header IPsec header Secure payload IP header IPsec header Secure payload IP header payload IP header payload Headquarters Branch Office Salesperson in a Hotel Laptop w/ IPsec Router w/ IPv4 and IPsec Router w/ IPv4 and IPsec public Internet Must Use IPsec

42 IPsec Services Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU42 Data integrity Origin authentication Replay attack prevention (Sliding Window) Confidentiality Two protocols to send and receive secure datagrams: – Authentication Header (AH) – Encapsulated Security Payload (ESP)

43 IPsec Services Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU43 Authentication Header (AH) – Source Authentication – Data Integrity Encapsulated Security Payload (ESP) – Source Authentication – Data Integrity – Confidentiality

44 IPsec Services Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU44 Authentication Header (AH) – Source Authentication – Data Integrity Encapsulated Security Payload (ESP) – Source Authentication – Data Integrity – Confidentiality Critical

45 IPsec Services Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU45 Authentication Header (AH) – Source Authentication – Data Integrity Encapsulated Security Payload (ESP) – Source Authentication – Data Integrity – Confidentiality More Popular (Our Focus)

46 IPsec – Tunneling Mode Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU46 Edge routers IPsec-aware IPsec Tunnel Mode Host Mode Hosts IPsec-aware

47 Security Associations (SAs) Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU47 In ESP, before sending data, a “security association (SA)” is established from sending to receiving entity Receiving entitles maintain state information about SA – SA is opened – SA is closed Details: How many SAs in VPN w/ headquarters, branch office, and n traveling salespeople?

48 Example SA from R1 to R2 Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU48 193.68.2.23 200.168.1.100 172.16.1/24 172.16.2/24 security association Internet headquarters branch office R1 R2

49 Example SA from R1 to R2 Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU49 193.68.2.23 200.168.1.100 172.16.1/24 172.16.2/24 security association Internet headquarters branch office R1 R2 Initiating Router

50 Example SA from R1 to R2 Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU50 193.68.2.23 200.168.1.100 172.16.1/24 172.16.2/24 security association Internet headquarters branch office R1 R2 Receiving Router

51 Example SA from R1 to R2 Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU51 193.68.2.23 200.168.1.100 172.16.1/24 172.16.2/24 security association Internet headquarters branch office R1 R2 R1 maintains the following state information:  32-bit SA identifier: Security Parameter Index (SPI)  Origin SA interface (200.168.1.100)  Destination SA interface (193.68.2.23)  Encryption key and type of encryption (confidentiality)  Authentication key and type of authentication

52 Example SA from R1 to R2 Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU52 Example SA Fields: SPI: 12345 Source IP: 200.168.1.100 Dest IP: 193.68.2.23 Protocol: ESP Encryption algorithm: 3DES-cbc HMAC algorithm: MD5 Encryption key: 0x7aeaca… HMAC key:0xc0291f…

53 Security Association Database (SAD) Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU53  Routers hold SA states in security association database (SAD), where it can locate them during processing.  When sending IPsec datagram, R1 uses SAD to see how to process datagram. (Q: what kind of process?)  When IPsec datagram arrives to R2, R2 indexes SAD with SPI, and processes datagram accordingly.

54 IPsec Datagram Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU54 Focus for now on tunnel mode with ESP new IP header ESP hdr original IP hdr Original IP datagram payload ESP trl ESP MAC encrypted authenticated padding pad length next header SPI Seq #

55 IPsec Datagram Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU55 Focus for now on tunnel mode with ESP new IP header ESP hdr original IP hdr Original IP datagram payload ESP trl ESP MAC encrypted authenticated padding pad length next header SPI Seq # Adjust Length for Block Ciphers

56 IPsec Datagram Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU56 Focus for now on tunnel mode with ESP new IP header ESP hdr original IP hdr Original IP datagram payload ESP trl ESP MAC encrypted authenticated padding pad length next header SPI Seq # UDP, TCP, etc.

57 IPsec Datagram Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU57 Focus for now on tunnel mode with ESP new IP header ESP hdr original IP hdr Original IP datagram payload ESP trl ESP MAC encrypted authenticated padding pad length next header SPI Seq # Authentication with Shared Secret Key

58 IPsec Big Picture: What happens? Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU58 193.68.2.23 200.168.1.100 172.16.1/24 172.16.2/24 security association Internet headquarters branch office R1 R2 new IP header ESP hdr original IP hdr Original IP datagram payload ESP trl ESP MAC encrypted authenticated padding pad length next header SPI Seq #

59 IPsec Sequence Numbers Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU59 For new SA, sender initializes seq. # to 0 Each time datagram is sent on SA: – sender increments seq # counter and updates seq # field Q: Why do we use sequence numbers here?

60 IPsec Sequence Numbers Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU60 For new SA, sender initializes seq. # to 0 Each time datagram is sent on SA: – sender increments seq # counter and updates seq # field Goal: – Prevent attacker from sniffing and replaying a packet

61 IPsec Sequence Numbers Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU61 For new SA, sender initializes seq. # to 0 Each time datagram is sent on SA: – sender increments seq # counter and updates seq # field Goal: – Prevent attacker from sniffing and replaying a packet Method: – destination checks for duplicates – doesn’t keep track of all received packets; just uses a window

62 IPsec Services (Summary) Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU62 Trudy sits between R1 & R2. With no keys, can she: – See the original contents of datagram? – See the source, dest IP addr, transport protocol, app port? – Flip bits without detection? – Pretend to be R1 using R1’s IP address? – Replay a datagram? Justify Your Answers!

63 IKE: Internet Key Exchange Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU63 For 1 or 2 tunnels we can do manual keying. – Just manually enter the SA information to two routers The router in Headquarters. The router in Branch Office. It will be impractical for VPN with 100s of endpoints! Instead use IPsec IKE (Internet Key Exchange) – Similar to the Handshaking in SSL (Q: Remember SSL?)

64 IKE: PSK and PKI Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU64 Authentication (prove who you are) with either – Pre-shared secret (PSK) or – With PKI (pubic/private keys and certificates).

65 IKE: PSK and PKI Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU65 Authentication (prove who you are) with either – Pre-shared secret (PSK) or – With PKI (pubic/private keys and certificates). PSK: both sides start with a secret – run IKE to authenticate each other and to generate IPsec SAs (one in each direction) with encryption, authentication keys

66 IKE: PSK and PKI Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU66 Authentication (prove who you are) with either – Pre-shared secret (PSK) or – With PKI (pubic/private keys and certificates). PSK: both sides start with a secret – run IKE to authenticate each other and to generate IPsec SAs (one in each direction) with encryption, authentication keys PKI: both sides start with public/private keys, certificate – run IKE to authenticate each other, obtain IPsec SAs

67 IPsec Summary Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU67 IKE message exchange for algorithms, keys, SPI #s ESP Protocol (or AH protocol) – Use SAD, Sequence #s, etc. IPsec peers can be two end systems: – Two routers/firewalls, – A router/firewall and an end system – Two end systems, …

68 Security in Link Layer Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU68 This is not application-specific. Case Study:  Wireless LAN: Wireless Local Area Network  WEP: Wired Equivalent Privacy Transport Application Physical Link Network We secure everything coming from above.

69 Security in Link Layer Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU69 The main focus at link layer is to handle different link types: – Wired (Ethernet Cable, etc.) – Wireless (WLAN: Shared Channels, Q: Why?) Q: Which one is more vulnerable? Why? Q: Why do we care about WEP (Wired Equivalent Privacy)?

70 Security in Link Layer Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU70 Our Focus: WiFi = IEEE 802.11 We will cover: – IEEE 802.11 WEP – IEEE 802.11i WEP Our Focus

71 WEP Mobile Device Authentication Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU71 WEP does not specify a key management algorithm. Assumption: – Shared key via an out-of-band method. (Q: What does that mean?) AP Mobile Device

72 WEP Mobile Device Authentication Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU72 WEP does not specify a key management algorithm. AP Mobile Device

73 WEP Mobile Device Authentication Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU73 WEP does not specify a key management algorithm. Q: Should the Mobile Device send the Security Key to the Access Point to Authenticate Itself? Q: Why? AP Mobile Device

74 WEP Mobile Device Authentication Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU74 WEP does not specify a key management algorithm. Q: Should the Mobile Device send the Security Key to the Access Point to Authenticate Itself? Q: Why? Q: What is your suggestion? AP Mobile Device

75 WEP Mobile Device Authentication Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU75 Step 1: Mobile Device Requests Authentication. AP Mobile Device I need access.

76 WEP Mobile Device Authentication Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU76 Step 2: Access point responds with a 128 bye nonce. AP Mobile Device Uniquely Generated Nonce.

77 WEP Mobile Device Authentication Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU77 Step 3: MD encrypts nonce using its Security Key. AP Mobile Device Encrypted Nonce.

78 WEP Mobile Device Authentication Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU78 Step 4: AP checks encrypted nonce and grants access. AP Mobile Device Authentication

79 WEP Mobile Device Authentication Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU79 Step 4: AP checks encrypted nonce and grants access. AP Mobile Device Authentication [ AP indicates if Authentication is necessary in beacon frames. ]

80 WEP Mobile Device Authentication Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU80 A hacker may hear all message exchanges. Q: Why? AP Mobile Device

81 WEP Mobile Device Authentication Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU81 Q: Does it help to try replay? Q: Why? AP Mobile Device

82 WEP Mobile Device Authentication Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU82 Q: How about trying different security keys… AP Mobile Device

83 Security Issues in Wireless Link Layer Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU83 Note 1: WEP must be “self-synchronized” – Each frame should be separately encrypted. – That is, no encryption dependency among frames. – Q: Why?

84 Security Issues in Wireless Link Layer Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU84 Note 1: WEP must be “self-synchronized” – Each frame should be separately encrypted. – That is, no encryption dependency among frames. – Q: Why? Frame Loss is a Frequent Problem in Wireless Links.

85 Security Issues in Wireless Link Layer Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU85 Note 2: We need to handle bit errors with CRC: – CRC: Cyclic Redundancy Check – Include CRC inside encryption. Frame Data: Payload CRC

86 Security Issues in Wireless Link Layer Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU86 Note 3: Minimal computation for encryption: – We cannot make encryption the bottleneck. – We send thousands of frames in a second. Can’t afford spending too much time on encryption. CRC an other tasks already take some time.

87 Security Issues in Wireless Link Layer Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU87 IEEE 802.11 WEP uses XOR encryption! Q: What is the benefit? Payload CRC XOR Encrypted Data Security Key

88 Security Issues in Wireless Link Layer Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU88 IEEE 802.11 WEP uses XOR encryption! Q: What is the disadvantage? Payload CRC XOR Encrypted Data Security Key

89 Security Issues in Wireless Link Layer Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU89 Q: What if the hacker knows the content? – Example: She knows know what file is being downloaded. – Knowing the content of one frame is enough: XOR Known Original Content Security Key Encrypted Data

90 Security Issues in Wireless Link Layer Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU90 The hacker can apply the key to the rest of frame. Solution: Use a different key for each frame. – Of course, both sides should know the key. – Q: Any suggestion?

91 Security Issues in Wireless Link Layer Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU91 IEEE 802.11 WEP uses Initialization Vector (IV): Key Generator Function Randomly Generated 24-bit IV 40-bit Security Key

92 Security Issues in Wireless Link Layer Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU92 IEEE 802.11 WEP uses Initialization Vector (IV): Key Generator Function Randomly Generated 24-bit IV 40-bit Security Key Per-Frame Security Key Encrypt Frame Data Indicate IV (Q: Why?)

93 Security Issues in Wireless Link Layer Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU93 IEEE 802.11 WEP uses Initialization Vector (IV): 802.11 Header IV Original Payload CRC Encrypted Link Layer Payload

94 Security Issues in Wireless Link Layer Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU94 IEEE 802.11 WEP uses Initialization Vector (IV): Q: Do we encrypt IV or is it in plain text? 802.11 Header IV Original Payload CRC Encrypted Link Layer Payload

95 Security Issues in Wireless Link Layer Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU95 IEEE 802.11 WEP uses Initialization Vector (IV): Q: Do we encrypt IV or is it in plain text? Q: Should we avoid duplicating ‘random’ IVs? 802.11 Header IV Original Payload CRC Encrypted Link Layer Payload

96 IEEE 802.11i: Improved Security Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU96 Numerous (stronger) forms of encryption: – Encryption method is chosen during handshake. Uses authentication server separate from AP – MDs use AP to talk to authentication server first. – Example: Institutional WiFis, like at UC Riverside. Provides key distribution and generation, etc…

97 Firewalls: Operational Security Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU97 Isolates organization’s internal net from larger Internet, allowing some packets to pass, blocking others! firewall administered network public Inter net firewall trusted “good guys” untrusted “bad guys”

98 Why Do We Need Firewalls? Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU98 Reason 1: They can Prevent Denial-of-Service (DoS) Attacks:  TCP SYN Flooding:  Attacker establishes many bogus TCP connections, no resources left for “real” connections Reason 2: Prevent illegal modification / access of internal data Q: Other reasons?

99 Firewall Example: Packet Filtering Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU99 Internal network connected to Internet via router firewall. Should arriving packet be allowed in? Departing packet let out?

100 Firewall Example: Packet Filtering Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU100 Router filters packet-by-packet based on: – Source IP address, Destination IP address Example: Block TCP connections by IP addresses in a county. Should arriving packet be allowed in? Departing packet let out?

101 Firewall Example: Packet Filtering Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU101 Router filters packet-by-packet based on: – TCP/UDP source and destination port numbers Example: Block all UDP packets, Or block non-standard ports Should arriving packet be allowed in? Departing packet let out?

102 Firewall Example: Packet Filtering Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU102 Router filters packet-by-packet based on: – ICMP message type Example: Block any “Ping” from the outside. Should arriving packet be allowed in? Departing packet let out?

103 Firewall Example: Packet Filtering Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU103 Router filters packet-by-packet based on: – TCP SYN and ACK bits Example: Block any “inbound” ACK = 0. Only the internal hosts can “initiate” a TCP connection to outside; not the reverse. Should arriving packet be allowed in? Departing packet let out?

104 Netowrk Security (Summary) Summer Workshop on Cyber Security August 14 - 18, 2014 – Network Security, Part 3, UCR & TTU104 Basic Techniques…... – Cryptography (Symmetric and Public) – Message Integrity – End-point Authentication …. used in many different layers – Application Layer: Secure Email – Transport Layer: Secure Transport (SSL) – Network Layer: IP sec – Link Layer: 802.11

Download ppt "Summer Workshop on Cyber Security Computer Networks Security (Part 2) Dr. Hamed Mohsenian-Rad University of California at Riverside and Texas Tech University."

Similar presentations

IPSec.

IPSec.
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
SSL: Secure Sockets Layer

SSL: Secure Sockets Layer
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.
8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 A note on the use of these.

8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 A note on the use of these.
Lecture 24 Secure Communications CPE 401 / 601 Computer Network Systems Slides are modified from Jim Kurose & Keith Ross.

Lecture 24 Secure Communications CPE 401 / 601 Computer Network Systems Slides are modified from Jim Kurose & Keith Ross.
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.

Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
IPsec Internet Headquarters Branch Office SA R1 R2

IPsec Internet Headquarters Branch Office SA R1 R2
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.

Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
McGraw-Hill © ©The McGraw-Hill Companies, Inc., 2004 Chapter 31 Security Protocols in the Internet.

McGraw-Hill © ©The McGraw-Hill Companies, Inc., 2004 Chapter 31 Security Protocols in the Internet.
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.

ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Crypto – chapter 16 - noack Introduction to network stcurity Chapter 16 - Stallings.

Crypto – chapter 16 - noack Introduction to network stcurity Chapter 16 - Stallings.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.

Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.
8-1 Internet security threats Mapping: m before attacking: gather information – find out what services are implemented on network  Use ping to determine.

8-1 Internet security threats Mapping: m before attacking: gather information – find out what services are implemented on network  Use ping to determine.
K. Salah1 Security Protocols in the Internet IPSec.

K. Salah1 Security Protocols in the Internet IPSec.

Similar presentations

Ads by Google