1 / 29

Chapter 7 Networking & Distributed Security (Part B)

Chapter 7 Networking & Distributed Security (Part B). Network Security Controls: Distributed authentication. Two issues: To protect a single system from unauthorized remote users distributed user authentication

aaurand
Download Presentation

Chapter 7 Networking & Distributed Security (Part B)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 7Networking & Distributed Security (Part B)

  2. Network Security Controls: Distributed authentication • Two issues: • To protect a single system from unauthorized remote users distributed user authentication • To protect a network node from unauthorized access coming from other nodes  computer-to-computer authentication • Several approaches: • Distributed Authentication (by Digital, DEC) • Kerberos (by MIT) • DCE - Distributed Computing Environment (by OSF) • SESAME (a European R&D project) • CORBA –Common Object Request Broker Architecture (by OMG) Sawma V., Computer Security and Their Data

  3. Digital Distributed Authentication • 1989, 1990 • Gasser, Morrie, and Ellen McDermot. “An Architecture for Practical Delegation in a Distributed System”. Proceedings of the 1990 IEEE Symposium on Security and Privacy. 5/1990. • Issues to be resolved: • Impersonation of a server by a rogue process • Interception / modification of data exchanged btwn servers • Replay of a previous authentication • Approach: • Creation of a session key using public keys • The session key is used to encrypt further communications between the servers. • Implementation issues: public key distribution & certification Sawma V., Computer Security and Their Data

  4. Kerberos • Kerberos (Greek): a 3-headed dog that in Greek mythology guards the entrance to Hades • [Steiner, J., Neuman, C., and J. Schiller, 1988] "Kerberos: An Authentication Service for Open Network Systems", pp. 191-202 in Usenix Conference Proceedings, 2/1988. • [Kohl, J. and C. Neuman, 1993] The Kerberos Network Authentication Service (V5). RFC1510. 9/1993. • Purpose: authentication in distributed systems • Two types of servers: A Kerberos server (KS) – establish a session key btwn a user and the TGS A ticket granting server (TGS) – grant a ticket to a user request access to a resource Sawma V., Computer Security and Their Data

  5. Kerberos • Using Kerberos: • The user obtains a session key (SG)and a ticket (TG)from the KS. The KS also sends the session key and the user’s id to the TGS. (Fig. 9-21, p.413) Q. What is the session key for? Q. What information are contained in the ticket? Q. To whom would the user present the ticket? Q. Does the user transmit his password to the KS? • The user requests access to an object by obtaining from the TGS a ticket (TF) and a session key (SF). (Fig. 9-22) Q. What is the session key for? Q. What information are contained in the ticket? SF (p.414) Q. To whom would the user present the ticket? Fig. 9-23 Q. Can the ticket be read, modified or forged? Why or why not? Sawma V., Computer Security and Their Data

  6. Kerberos • Strength: + No passwords are transmitted on the network. + Cryptographic protection against spoofing: Every access is checked by the TGS and the respective resource server. + Limited period of validity: Every ticket has a time stamp. + Time stamps to prevent replay attack: Use of a reliable universal clock is required. + Mutual authentication: A secure channel btwn a user and a server can be established, via the use of a ticket and a session key. Both the serve and the user can authenticate each other. How? Sawma V., Computer Security and Their Data

  7. Kerberos • Weakness : • A continuously available TGS is required. Both reliability and performance may be potential problems. • Trust between the TGS and every server is required. Trust in a distributed environment is hard to establish. • Timely transactions are required. • A subverted workstation can save and later replay user passwords. • Password guessing works. • Kerberos does not scale well. Why? Fig. 9-23, p.415. • To enable the use of Kerberos in a distributed system, it is required that all applications use Kerberos. Q. Can the Kerberos server and the TGS be combined? Yes (see DCE). Q. What are the trade-offs? Sawma V., Computer Security and Their Data

  8. Distributed Computing Environment • An OSF project, 1992 (now the Open Group, http://www.opengroup.org/dce/) • OSF DCE provides a foundation on which other distributed services and applications may be built. Fig. 9-24, p.416. • DCE is called "middleware" or "enabling technology“. It is not intended to exist alone, but instead should be bundled into a vendor's operating system offering, or integrated in by a third-party vendor. • DCE is not an application in itself, but is used to build custom applications or to support purchased applications. • The security service in DCE is based on Kerberos, with the KS and the TGS combined into a Security Server. • A cell is an administrative domain, consisting of the set of subjects and objects managed together. • OSF Distributed Computing EnvironmentFAQ • DCE RFCs Sawma V., Computer Security and Their Data

  9. SESAME • A European Commission’s R&D project • Similar to DCE • It uses Kerberos extensively. • It preceded both Kerberos and DCE in use of public key technology for secure authentication and distributing privilege attributes and tickets to users. • Note: Both Kerberos and DCE used symmetric keys initially, but have moved to support public keys. Sawma V., Computer Security and Their Data

  10. CORBA • Common Object Request Broker Architecture • An OMG specification, http://www.omg.org/corba/ • An ORB is a traffic director that joins clients’ requests to appropriate servers. • Cross-platform interoperability “Using the standard protocol IIOP (Internet Inter-ORB Protocol), a CORBA-based program from any vendor, on almost any computer, operating system, programming language, and network, can interoperate with a CORBA-based program from the same or another vendor, on almost any other computer, operating system, programming language, and network.“ (http://www.omg.org/gettingstarted/corbafaq.htm#WhatIsIt) Sawma V., Computer Security and Their Data

  11. CORBA • The separation of interface from implementation, enabled by OMG IDL, is the essence of CORBA. Sawma V., Computer Security and Their Data

  12. CORBA Security Services • OMG standards define two levels of CORBA security services. • Level 1 is intended for applications that may need to be secure, but where the code itself need not be aware of security issues. In such a case, all security operations should be handled by the underlying ORB. • Level 2 supports other advanced security features, and the application is likely to be aware of these. • Most CORBA’s security features are built into the underlying IIOP protocol, which supports secure communication using cryptography. • Mutual authentication is possible between the server and the user. Sawma V., Computer Security and Their Data

  13. CORBA • Strength of CORBA: • Flexibility of security policy: Any security policy may be supported, at the level of the ORB. • Independence of security technology: security technology neutral • Interoperability • Drawback: • CORBA specifications describe the means by which security functionality can be linked to a CORBA object, but there is no requirement to do so. • Implementations of the CORBA specification vary widely in terms of supported functionalities. Sawma V., Computer Security and Their Data

  14. Network Security Controls: Traffic control • Traffic (flow) analysis an attack launched by an interceptor who examines the traffic of a network to gather and/or to infer information The mere existence of messages flowing from one point to another can be sensitive information. Examples: p.418 • Control against traffic analysis: Spurious messages between points of low traffic Sawma V., Computer Security and Their Data

  15. Network Security Controls: Data Integrity Control • The goal: To ensure that data is correctly stored, communicated, and modified in the network • Types of controls: • Cryptographic checksums • Parity bits Byte parity bit: 1 if the sum of bits in a byte is even; 0 otherwise Longitudinal parity bit + byte parity bit: p.421 • Other error checking codes: hash value, message digest • Digital signatures: In a network, digital signatures are used to check authenticity of a message and also to enable auditability/traceability of data change. • Notarization: a 3rd party authority (notary) between two users in a network Sawma V., Computer Security and Their Data

  16. Electronic Mails • Security Goals vs Threats Sawma V., Computer Security and Their Data

  17. Privacy-enhanced E-Mails (PEM) • Internet standards 1987: RFC989 (PEM version 1) 1989: RFC1113 (version 2) 1993: RFC1421, 1422, 1423, 1424 (Part I, II, III, IV), version 3 • Protection of privacy-enhanced emails occurs in the body of the message. The header of the message is not changed to ensure compatibility with the then existing email systems. • Overview: Fig. 9-27, 9-28 (p.424) 1) The message header and body is encrypted under a symmetric key, K  E (message, K) 2) K is encrypted by the recipient’s public key  Rpub (K) 3) A duplicate header is prepended to the message, which contains both Rpub(K) and E(message, K). • Q: In step 2, can symmetric key, instead of the recipient’s public key, be used to encrypt the message key? Sawma V., Computer Security and Their Data

  18. Privacy-enhanced E-Mails (PEM) • The answer: YES. See p.425. • Q: What would be the requirements if symmetric key is used? Proc-Type field: processing type DEK-Info field: data exchange key field Key-Info: key exchange • Message encryption: DES • Key exchange: DES or RSA • In principle, any encryption algorithms can be used. Sawma V., Computer Security and Their Data

  19. Privacy-enhanced E-Mails (PEM) • Security features: Confidentiality – message encryption Authenticity - ? Nonrepudiability - ? Integrity - ? Answers: p.425 Sawma V., Computer Security and Their Data

  20. Privacy-enhanced E-Mails (PEM) • Advantages: The user may choose to use PEM or not in sending an email. PEM provide strong end-to-end security for emails. • Problems? • Key management • The end points may not be secure. • Yet another privacy enhanced email protocol: PGP: p.426 Sawma V., Computer Security and Their Data

  21. Firewalls • Q: Which is more important, protection of emails or protection of network-connected resources? • A firewall works in a way similar to a filter, which lets through only desirable interactions while keeping all others out of the protected network. • Analogy: a gate keeper, a security gateway • A firewall is a device or a process that filters all traffic between a protected (inside) network and a less trustworthy (outside) network. • Scenarios: • Internal users sending company secrets outside • Outside people breaking into systems inside Sawma V., Computer Security and Their Data

  22. Firewalls • Alternative security policies: • To block all incoming traffic, but allow outgoing traffic to pass. • To allow accesses only from certain places • To allow accesses only from certain users • To allow accesses for certain activities (such as specific port numbers) • Port 79: finger; Port 23: telnet; Port 513: rlogin; • Port 21: ftp; Port 177: X Windows • ICMP messages: the PROTOCOL field of IP header = 1 • Each of these mechanisms is a potential back door into the system. Sawma V., Computer Security and Their Data

  23. Types of Firewalls • Screening Routers • The simplest, but may be the most effective type of firewalls. • A router plays the role of a ‘gateway’ between two networks. (Fig. 7-31) • A screening router takes advantage of a router’s ability of “screening” passing-through packets and forwards only packets that are desirable. • Example: Fig. 7-32. • A router has a unique advantage because it sits between an outside and the inside network. (Fig. 7-33) Sawma V., Computer Security and Their Data

  24. Types of Firewalls • Proxy Gateways • “proxy”: authority or power to act for another • A firewall that simulates the effects of an application by running “pseudo-applications”. • To the inside it implements part of the application protocol to make itself look as if it is the outside connection. • To the outside it implements part of the application protocol to act just like the inside process would. • It examines the content, not just the header, of a packet. Sawma V., Computer Security and Their Data

  25. Types of Firewalls • Guards • A “sophisticated” proxy firewall • A guard firewall examines and interprets the content of a packet. • A guard usually implements and enforces certain business policies. • Example: enforcing an email “quota” • Other examples • Trade-offs? • Table 7-3 Comparing the types of firewalls Sawma V., Computer Security and Their Data

  26. Firewalls • Examples of Firewall Configurations • Screening router only: Fig. 7-35 • Proxy firewall only: Fig. 7-36 • A combined approach: Fig. 7-37 Q: Does it make sense to reverse the position of the screening router and the proxy firewall in Fig. 7-37? Sawma V., Computer Security and Their Data

  27. DMZ (Demilitarized zone) • The segment in a network bounded by two firewalls. Sawma V., Computer Security and Their Data

  28. Considerations about Firewalls • Firewalls provide perimeter protection of a network, if the network’s perimeter is clearly defined and can be controlled by the firewall. • A firewall is a prime target to attack. • A firewall does not solve all security problems. Why not? • A firewall may have a negative effect on software portability. Sawma V., Computer Security and Their Data

  29. Summary • Network security is a rich area, in terms of complexity of the problem and research opportunities. • Intrusion detection • Honeypots • Security versus performance • … Sawma V., Computer Security and Their Data

More Related