420 likes | 432 Views
Learn about the basics of cryptography, encryption, and decryption, as well as the vulnerabilities in web security. Understand network security tools and the importance of network security measures for protecting critical data.
E N D
Lecture 17 Security Introduction Cryptography basics Web Security and Vulnerabilities Network SecurityTools
What is Network Security? Network security comprises the measures a company takes to protect its computer system, and it is a prime concern for every company that uses computers. Compromised network security means a hacker or competitor may gain access to critical or sensitive data, possibly resulting in data loss, or even complete destruction of the system. Appropriate network security is achieved when a user has to go through several layers of security before being able to access the desired network. The more layers the system has, the more secure it is. http://www.wisegeek.com/what-is-network-security.htm
Cryptography Encryption, decryption Keys, lengths, and harness Asymmetric key cryptography Hash functions Authentication PKI and key management Privacy
The Public Key Method We generate a special pair of values (e,d). The plaintext message M is encrypted into the cyphertext message C using modular exponentiation mod n. We decrypt C back into M by, Before we look at how e and d are generated it is important to understand what is happening in these two expressions. First of all modular exponentiation does not involved raising a value to a power. The possible values for C (and M) are between 0 and n-1. Converting a string of characters the plaintext message into an integer is fairly straightforward. Once it is in numeric form modular exponentiation produces a value equal to the remainder after diving Me by n.
Computing the Key Pair (e,d) Let's look at how to compute the values of e and d. We start with a pair of values p and q that must be relatively prime (i.e. they have no common factors). These would normally be very large but for the purposes of this example we will choose, p = 47 q = 71 Now we need to find a value e such that the greatest common divisor between e and the product of (p-1) times (q-1) is 1, or gcd(e,(p-1)(q-1)) = 1. Please don't ask why....thanks. The product of p*q will be the modulus n. n = p*q = 3337 and so (p-1)(q-1) = 3220. We will choose e to be 79 since it is obvious that greatest common denominator between 79 and 3220 is 1.
Now we Need a d to go with our e 79*d = 1 mod 3220 First use the regular Euclidean Algorithm to find gcd(79,3220). The answer must be one - otherwise we can't be sure that a solution exists, so we proceed as follows: 3220 = 40*79 + 60 79 = 1*60 + 19 60 = 3*19 + 3 19 = 6*3 + 1 3 = 3*1 + 0 The last nonzero remainder is the gcd. Thus gcd(79,3220) = 1 (as expected). Now write this gcd (one) as a linear combination of 19 and 3220 by working back up the tree that we just created: Thus 1019*79 - 25*3220 = 1 Now do "mod 3220" on both sides to obtain: 1019*79 = 1 mod 3220 Thus d = 1019. So the inverse of 79 mod 3220 is 1019. Another way of saying this is that 79*1019 will be one more than a multiple of 3220.
Modular Exponentiation procedure mod_exp (b: int, n = (ak-1ak-2 . . . a1a0)2, m : pos_int) x:=1; power := b mod m for i in 0..k-1 loop if ai = 1 then x := (x*power) mod m power := (power*power) mod m end loop Example: Find 2644mod 645 64410 = 10100001002 2644mod 645 = (2512.2128.24) mod 645 = (2512mod 645).(2128mod 645).(24mod 645) = 1
The Euclidean Totient If p and q are prime, the number of values x in 0 < x < n for which gcd(x,n)=1 is given by (n) = (p-1)(q-1). (n) = (pq) = (p)(q) = (p − 1)(q − 1) Let's try a really simple example... p=3 q=5 n=15 so (p-1)(q-1)=(2)(4)=8. gcd(1,15)= 1 gcd(2,15)= 1 gcd(3,15)= 3 gcd(4,15)= 1 gcd(5,15)= 5 gcd(6,15)= 3 gcd(7,15)= 1 gcd(8,15)= 1 gcd(9,15)= 3 gcd(10,15)= 5 gcd(11,15)= 1 gcd(12,15)= 3 gcd(13,15)= 1 gcd(14,15)= 1
Public Key Cryptography In 1976, Rivest, Shamir and Adleman introduced a public key cryptosystem, known as the RSAsystem. Example: Encrypt the message STOP with p = 43 and q = 59, so that n = 43.59 = 2537 and e = 13. gcd(e,(p-1)(q-1)) = gcd(13, 42.58) = 1. S T O P 18 19 14 15 M1 M2 To decrypt we need d, which is an inverse of e mod (p-1)(q-1)
SAFER+ Algorithm Details Pseudo-Hadamard Transform Armenian Shuffle 9 12 13 16 3 2 7 6 11 10 15 14 1 8 5 4
Diffie-Hellman An algorithmic method For Key Agreement allows two hosts to create and share a secret key. VPNs operating on the IPSec standard use the Diffie-Hellman method for key management. Key management in IPSec begins with the overall framework called the Internet Security Association and Key Management Protocol (ISAKMP). Within that framework is the Internet Key Exchange (IKE) protocol. IKE relies on yet another protocol known as OAKLEY and it uses Diffie-Hellman. Diffie-Hellman Key Exchange http://philipfox.net/dh/dh.html http://www.sans.org/reading_room/whitepapers/vpns/review-diffie-hellman-algorithm-secure-internet-protocols_751
Kerberos Created by MIT as a solution to network security problems. The Kerberos protocol uses strong cryptography so that a client can prove its identity to a server (and vice versa) across an insecure network connection. After client and server have used Kerberos to prove their identity, they can encrypt all of their communications to assure privacy. When users log in to a Kerberos system, their password is encrypted and sent to the authentication service in the Key Distribution Center (KDC). If successfully authenticated, the KDC creates a master ticket that is sent back to the user's machine. Each time the user wants access to a service, the master ticket is presented to the KDC in order to obtain a service ticket for that service. The master-service ticket method keeps the password more secure by sending it only once at logon. From then on, service tickets are used, which function like session keys. After users are authenticated, they are granted a master ticket that is used to obtain service tickets. Service tickets act like session keys in other security systems. http://www.answers.com/topic/kerberos-protocol-1
Network & IT Security Threats and Countermeasures
BD_ADDR Attacks Bluetooth Vulnerability The BD_ADDR spoofing attack allows an attacker to masquerade as some trusted/paired device and use the credentials to gain access to profiles requiring authorization/authentication in one another remote device. The BD_ADDR spoofing attack can be perfomed in two ways: (1) Spoofing the BD_ADDR of a trusted device to access profiles requiring authorization. (2) Spoofing the BD_ADDR and obtaining the shared secret link key created during the pairing procedure to access profiles requiring authentication. http://www.seguridadmobile.com/bluetooth/bluetooth-security/BD_ADDR-spoofing.html
Bluetooth Device Address (BD_ADDR) Each Bluetooth device is allocated a unique 48-bit Bluetooth device address (BD_ADDR). This number is obtained by contacting the IEEE to get an OUI that forms 24bits of the 48bit address. You can apply for a further OUI when more BD_ADDR values are required. 4.2.1 Authentication The authentication procedure is based on a challenge-response scheme […]. The verifier sends […] a random number (the challenge) to the claimant. The claimant calculates a response, that is a function of this challenge, the claimant’s BD_ADDR and a secret key. The response is sent back to the verifier, that checks if the response was correct or not. […] A successful calculation of the authentication response requires that two devices share a secret key. www.bluetooth.org
The BD_ADDR Attack Assume that the attacker eavesdropped on an entire pairing and authentication process, and saved all the messages The attacker can now use a brute force algorithm to find the PIN used. The attacker enumerates all possible values of the PIN. Knowing IN_RAND and the BD_ADDR, the attacker runs E22 with those inputs and the guessed PIN, and finds a hypothesis for Kinit. The attacker can now use this hypothesis of the initialization key, to decode messages 2 and 3. Messages 2 and 3 contain enough information to perform the calculation of the link key Kab, giving the attacker a hypothesis of Kab. The attacker now uses the data in the last 4 messages to test the hypothesis: Using Kab and the transmitted AU_RANDA (message 4), the attacker calculates SRES and compares it to the data of message 5. If necessary, the attacker can use the value of messages 6 and 7 to re-verify the hypothesis Kab until the correct PIN is found.
Sending AT commands to mobile phones The execution of AT commands is one of the main goals in hypothetical attacks to mobile phones. AT commands are a set of instructions that allow remote configuration and operation in a GSM device, such as mobile phones. Like a "remote shell". However, not all the AT commands are always implemented by manufacturers in their devices: • Basic operations: voice and data calls, set call divert, manufacturer info, model info, IMEI, battery status, signal status. • Address book operations: read, add and delete contacts from the address book and also get the last dialed/missed/received calls list. • SMS operations: list, read, write, send and delete SMS messages. http://www.brics.dk/~jones/sms/packed/dg_at_r3a.pdf
Sending / Getting files from mobile phones The capability of sending files and even getting files is another important goal when it comes to attack mobile phones. Bluetooth supports file exchange through the OBEX protocol. Two profiles can be used for this, among all defined by the Bluetooth SIG: Object Push Profile: requires Authorization.This profile allows you to send files.
You can use ussp-push tool, available after installing ussp-push package in Ubuntu. Or either you can use Obexftp, available after installing obexftp package in Ubuntu. It's important to force it to use the channel associated to the Object Push Profile.
File Transfer Profile: requires Authentication and Authorization.Allows you to send files, get files and list directories. You can use Obexftp to send files. If no channel is specified, it will use the one associated to the File Transfer Profile by default. Finally, you can get files from the phone to the PC.
Dictionary (Brute-Force) Password Attacks A method of accessing an obstructed device through attempting multiple combinations of numeric and/or alphanumeric passwords. Cain and Abel - Password recovery tool for Windows. Recover passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols. John the Ripper - A multi-platform password hash cracker currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types which are most commonly found on various Unix flavors, as well as Kerberos AFS and Windows NT/2000/XP LM hashes. Several other hash types are added with contributed patches. THC Hydra - A network authentication cracker which supports different services. It can perform rapid dictionary attacks against telnet, ftp, http, https, smb, and several databases. Aircrack - A suite of cracking tools for WEP/WPA 802.11a/b/g WEP and WPA cracking. It can recover a 40 through 512-bit WEP key once enough encrypted packets have been gathered, as well as attack WPA 1 or 2 networks using cryptographic methods or by brute force. http://sectools.org/crackers.html
L0phtcrack - Windows password auditing and recovery application attempts to crack Windows passwords from hashes which it can obtain (given proper access) from stand-alone Windows workstations, networked servers, primary domain controllers, or Active Directory. In some cases it can sniff the hashes off the wire, includes methods for generating password guesses (dictionary, brute force, etc). Airsnort - 802.11 WEP Encryption Cracking Tool, a wireless LAN (WLAN) tool that recovers encryption keys. It was developed by the Shmoo Group and operates by passively monitoring transmissions, computing the encryption key when enough packets have been gathered. Similar to Aircrack. SolarWinds - A suite of network discovery/monitoring/attack tools targeted at systems administrators. Security-related tools include network discovery scanners, an SNMP brute-force cracker, router password decryption, a TCP connection reset program, and a set of router config download/upload applications. Pwdump - A Windows password recovery tool to extract NTLM and LanMan hashes from a Windows target, whether or not Syskey is enabled. It can display password histories if they are available, and output or write to a log file the data in L0phtcrack-compatible form. RainbowCrack - A hash cracker that makes use of a time-memory trade-off to do all the cracking-time computation in advance and store the results in "rainbow tables". RainbowCrack can be hundreds of times faster than a brute force cracker once the precomputation is finished. Brutus - A Windows-only network brute-force authentication cracker. Attacks network services of remote systems trying to guess passwords by using a dictionary with permutations. It supports HTTP, POP3, FTP, SMB, TELNET, IMAP, NTP, etc.
Buffer Overflow Attack Also known as stack overflow attack, works by exploiting a known bug in one of the applications running on a server. It then causes the application to overlay system areas, such as the system stack, thus gaining administrative rights. void function (char *str) {char buffer[16]; strcpy (buffer, str);} int main () {char *str = “XXXXXXXXX... ...XXXXX.... ...XXXXXXXX”; function (str);} http://www.thehackerslibrary.com/?p=488
Cache Cramming The technique of tricking a browser to run cached Java code from the local disk, instead of the internet zone, so it runs with less restrictive permissions. The Java Security Manager usually disallows port-scanning behavior, but crackers use the trick of placing Java code (e.g. a port scanner) into the browser's cache (only works with MS Explorer) and later executing it through a file: URL (using frames in the usual way). This attack works because Microsoft's cache layout is transparent. http://www.securingjava.com/chapter-five/chapter-five-13.html
Cache Poisoning Malicious or misleading data from a remote name server is saved [cached] by another name server. Typically used with DNS cache poisoning attacks. see also DNS Bug, DNS Spoofing http://courses.csail.mit.edu/6.857/2010/
Denial of service attack A user or program takes up all the system resources by launching a multitude of requests, leaving no resources and thereby "denying" service to other users. Typically, denial-of-service attacks are aimed at bandwidth control. (see Flooding Attack) Detecting DDoS attacks Simply blocking the attacker does not work because there are too many zombies and to recognize them you usually have to receive and decrypt the incoming packets. Tupakula and Varadharajan suggest a Packet Marking Technique that reduces the number of packets needed to tag, identify and block suspicous requests to as few as a single packet. http://ntrg.cs.tcd.ie/undergrad/4ba2.05/group2/index.html
Easter Egg Hidden functionality within an application program, which becomes activated when an undocumented, and often convoluted, set of commands and keystrokes are entered. Easter eggs are typically used to display the credits for the development team and are intended to be non-threatening. Hidden inside Google Earth is a secret flight simulator game that uses Google's satellite imagery. To get to the game, you need to open Google Earth and hit Cmd+Option+capitalA or Ctrl+Alt+A if you’re using a Windows Machine. http://www.pocket-lint.com/news/9889/google-earth-flight-sim-game
Emanations Analysis Gaining direct knowledge of communicated data by monitoring and resolving a signal that is emitted by a system and that contains the data but is not intended to communicate the data. https://www.ntt-review.jp/archive/ntttechnical.php?contents=ntr200810sf2.html
TEMPEST Eavesdropping on PC displays. Information on a PC screen can be remotely reconstructed exactly as it appeared on the display by monitoring and appropriately demodulating the weak emanations generated by the PC and its peripheral equipment Such an eavesdropping technique had been researched by some military organizations since around 1960, but most of the results were classified and not disclosed to the public. It came to public attention in 1985 when Wim van Eck pointed out that information on a cathode ray tube display can easily be reconstructed. Since his work, research on information leakage of this kind has been conducted by many organizations. The National Security Agency (NSA) in the USA refers to this type of threat by the covername TEMPEST, and this term is now in general use.
Fragment Overlap Attack A TCP/IP attack that is possible because IP allows packets to be broken down into fragments for more efficient transport across various media. The TCP packet (and its header) are carried in the IP packet. In this attack the second fragment contains incorrect offset. When packet is reconstructed, the port number will be overwritten. An attacker can construct a packet with acceptable headers in the first fragment but then overlap the next fragment so that it also has headers in it. Since packet filters don't expect TCP headers in non-first fragments, they won't filter on them, and the headers don't need to be acceptable. The figure on the right shows examples of overlapped fragments. http://baishui.info/orelly/networking_2ndEd/fire/ch04_02.htm
Honey pot Programs that simulate one or more network services that you designate on your computer's ports. An attacker assumes you're running vulnerable services that can be used to break into the machine. A honey pot can be used to log access attempts to those ports including the attacker's keystrokes. This could give you advanced warning of a more concerted attack. A Honeypot allows you to capture and analyze suspect activities. For example, assume you have an ADSL connection, with only one public IP address. The ISP modem is configured to perform a network address translation (NAT) on all incoming packets (destination: public IP address) to the private honeypot address. The Honeywall is connected to the Vmnet0 interface which is bridged to the eth0 device. It is also connected to the Vmnet1 interface like the honeypot. This configuration allows us to have an independent network between the two virtual OS's. Vmnet2 is a host-only interface used for the Honeywall administration. Note that the Wifi connection is outside the Honewall. http://stankiewicz.free.fr/Wikka/wikka.php?wakka=HowtoHoneypot
Protocol Attacks When the characteristics of network services are exploited by the attacker. Examples include the creation of infinite protocol loops which result in denial of services (e.g., echo packets under IP), the use of information packets under the Network News Transfer Protocol to map out a remote site, and use of the Source Quench protocol element to reduce traffic rates through select network paths. (a type of DoS Attack) IRPAS (Internet Routing Protocol Attack Suite) itrace - traceroute(1) by ICMP echo request tctrace - traceroute(1) by TCP SYN packets netenum - enumeration/ping-sweep tool netmask - ICMP netmask request protos - IP protocol scanner hsrp - HSRP takeover tool cdp - for sending CDP (Cisco router Discovery Protocol) messages to the wire. igrp - for sending Interior Gateway Routing Protocol messages. irdp - for sending ICMP router discovery protocol messages. irdpresponder - waits for IRDP requests and sends out response packets to fool clients. ass - Autonomous System Scanner, a TCP port scanner that knows more than one protocol. file2cable - sends out raw ethernet frames from files. http://www.ferzip.com/?p=286 http://www.phenoelit-us.org/irpas/
Tiny Fragment Attack With many IP implementations it is possible to impose an unusually small fragment size on outgoing packets. If the fragment size is made small enough to force some of a TCP packet's TCP header fields into the second fragment, filter rules that specify patterns for those fields will not match. If the filtering implementation does not enforce a minimum fragment size, a disallowed packet might be passed because it didn't hit a match in the filter. This attack can be used to circumvent user-defined filtering rules. The attacker hopes that a filtering router will examine only the first fragment and allow all other fragments to pass. This attack can be prevented at the router by enforcing rules, which govern the minimum size of the first fragment. This first fragment should be made large enough to ensure it contains all the necessary header information. http://www.ouah.org/fragma.html
Web Bug Tiny images, invisible to a user, placed on web sites in such a way that they allow third parties to track use of web servers and collect information about the user, including IP address, Host name, browser type and version, operating system name and version, and web browser cookie. Example, Two Web Bugs found on Quicken's home page www.quicken.com <img src="http://ad.doubleclick.net/ad/pixel.quicken/NEW" width=1 height=1 border=0> <IMG WIDTH=1 HEIGHT=1 border=0 SRC="http://media.preferences.com/ping?ML_SD=IntuitTE_Intuit_1x1_RunOfSite_Any &db_afcr=4B31-C2FB-10E2C&event=reghome&group=register& time=1999.10.27.20.5 6.37"> What Information is returned by a Web Bug ? The IP address of the computer that fetched the Web Bug The URL of the page that the Web Bug is located on The URL of the Web Bug image The time the Web Bug was viewed The type of browser that fetched the Web Bug image A previously set cookie value http://w2.eff.org/Privacy/Marketing/web_bug.html
Terminology & Information Sources http://www.ssimail.com/Glossary.htm http://www.sans.org/security-resources/glossary.php http://csrc.nist.gov/publications/nistir/NISTIR-7298_Glossary_Key_Infor_Security_Terms.pdf http://csrc.nist.gov/publications/ http://www.itl.nist.gov/fipspubs/ http://www.itl.nist.gov/fipspubs/by-num.htm http://www.symantec.com/business/security_response/threatexplorer/ http://glossary.spamlaws.com/ http://www.ssimail.com/Glossary.htm