430 likes | 555 Views
Welcome to CS 395/495 Internet Security: A Measurement-based Approach. Why Internet Security. Internet attacks are increasing in frequency, severity and sophistication Denial of service (DoS) attacks Cost $1.2 billion in 2000
E N D
Welcome to CS 395/495Internet Security: A Measurement-based Approach
Why Internet Security • Internet attacks are increasing in frequency, severity and sophistication • Denial of service (DoS) attacks • Cost $1.2 billion in 2000 • 1999 CSI/FBI survey 32% of respondents detected DoS attacks directed to their systems • Thousands of attacks per week in 2001 • Yahoo, Amazon, eBay, Microsoft, White House, etc., attacked
Why Internet Security (cont’d) • Virus and worms • Melissa, Nimda, Code Red, Code Red II, Slammer … • Cause over $28 billion in economic losses in 2003, growing to over $75 billion in economic losses by 2007. • Code Red (2001): 13 hours infected >360K machines - $2.4 billion loss • Slammer (2003): 10 minutes infected > 75K machines - $1 billion loss • …… • Security has become one of the hottest jobs even with downturn of economy
Overview • Course Administrative Trivia • What is Internet security? • Principles of cryptography • Authentication Some slides are in courtesy of J. Kurose and K. Ross
Logistics • Instructor Yan Chen (ychen@cs.northwestern.edu), Office Hours: Wed. 2-4pm or by appointment, Rm 330, 1890 Maple Ave. • TA Jason A. Skicewicz (jskitz@cs.northwestern.edu) Office Hours: Tu. and Th. 3:30-4:30pm, Rm 321, Maple Ave.
Course Overview • Seminar class: paper reading + a big project • Start with the basic concepts of security • Cryptography, access control and protection • First half focus on large-scale Internet attacks • Mobile Malcode (virus/worm): characterization, technologies, history and current defense • Denial of service (DoS) attacks • Firewall technologies • Intrusion detection systems (IDS)
Course Overview (cont’d) • Many new unknown attacks/anomalies remaining • Second half: Internet anomaly detection • High-speed network measurement and monitoring • Network fault diagnostics and root cause analysis • BGP/routing anomalies • Network topology discovery • Measurement-based inference • Peer-to-peer system measurement and monitoring
Prerequisites and Course Materials • Required: CS340 (Intro to computer networking) • Highly Recommended: OS or having some familiarity with Unix systems programming • No required textbook – paper reading! • Recommended (see webpage for a complete list) • Firewalls and Internet Security: Repelling the Wily Hacker, 2nd edition, by William R. Cheswick, Steven M. Bellovin, and Aviel D. Rubin • Computer Networking: A Top-Down Approach Featuring the Internet, [KR], Second Edition, James Kurose and Keith Ross, Addison Wesley, 2002
Grading • No exams for this class • Class participation and discussion 10% • Paper reading summary 10% • In class paper presentation 15% • Project 65% • Proposal and survey 5% • Design document 5% • Weekly report and meeting 5% • Project presentation 25% • Final report 25%
Paper Reading • Write a very brief summary of each paper, to be emailed to the TA before the class • Summary should include: • Paper title and its author(s) • Brief one-line summary • A paragraph of the one or two most significant new insight(s) you took away from the paper • A paragraph of the one or two most significant flaw(s) of the paper • A last paragraph where you state the relevance of the ideas today, potential future research suggested by the article
Class Format • Introduction of the basic problems, ideas and solutions (10 minutes) • Student presentations of the two papers • 20 minutes for presentation, and 10 minutes for discussion • Summarize with the last 10 minutes • Take turns for presentation (~30 papers, 4 papers/student)
Format of the Presentation • Presentation should include the following • Motivation • Classification of related work/background • Main ideas • Evaluation and results • Open issues • Send the slides to the TA and me for review at least 24 hours ahead of the class • Guidelines online
Projects • The most important part of class • Group of 2+ people • Project list will be online soon • Proposal – April 8 • 3-4 pages with another 1-2 pages references. • Design Document – April 15 • 4-5 pages with a detailed description of the software design, load distribution among group members. • Weekly Meeting and Progress Report – 4/13-5/25 • Each team will schedule a weekly meeting (30 minutes) with me. A work-in-progress report (except the 4/13 week) of 1-2 pages is due 24 hours ahead of the meeting. • Project Presentation – June 1 and 3 • Final Report – June 9
Communication and Policies • Web page: http://www.cs.nwu.edu/~ychen/classes/cs495/ • Newsgroup (cs.netsec) is available • Send emails to instructor and TA for questions inappropriate in newsgroup • No late handins! Will be ignored • Work division • Each team member should do similar amount of work • Survey on work division at the end of quarter • More contribution, better grade!
Overview • Course Administrative Trivia • What is Internet security? • Principles of cryptography • Authentication Some slides are in courtesy of J. Kurose and K. Ross
What is network security? Confidentiality: only sender, intended receiver should “understand” message contents • sender encrypts message • receiver decrypts message Authentication: sender, receiver want to confirm identity of each other Message Integrity: sender, receiver want to ensure message not altered (in transit, or afterwards) without detection Access and Availability: services must be accessible and available to users
Friends and enemies: Alice, Bob, Trudy • well-known in network security world • Bob, Alice (lovers!) want to communicate “securely” • Trudy (intruder) may intercept, delete, add messages Alice Bob data, control messages channel secure sender secure receiver data data Trudy
Who might Bob, Alice be? • … well, real-life Bobs and Alices! • Web browser/server for electronic transactions (e.g., on-line purchases) • on-line banking client/server • DNS servers • routers exchanging routing table updates • other examples?
There are bad guys (and girls) out there! Q: What can a “bad guy” do? A: a lot! • eavesdrop: intercept messages • actively insert messages into connection • impersonation: can fake (spoof) source address in packet (or any field in packet) • hijacking: “take over” ongoing connection by removing sender or receiver, inserting himself in place • denial of service: prevent service from being used by others (e.g., by overloading resources)
Overview • Course Administrative Trivia • What is Internet security? • Principles of cryptography • Authentication Some slides are in courtesy of J. Kurose and K. Ross
K K A B The language of cryptography Alice’s encryption key Bob’s decryption key symmetric key crypto: sender, receiver keys identical public-key crypto: encryption key public, decryption key secret (private) encryption algorithm decryption algorithm ciphertext plaintext plaintext
Symmetric key cryptography substitution cipher: substituting one thing for another • monoalphabetic cipher: substitute one letter for another plaintext: abcdefghijklmnopqrstuvwxyz ciphertext: mnbvcxzasdfghjklpoiuytrewq E.g.: Plaintext: bob. i love you. alice ciphertext: nkn. s gktc wky. mgsbc
K K A-B A-B K (m) m = K ( ) A-B A-B Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K • e.g., key is knowing substitution pattern in mono alphabetic substitution cipher • Q: how do Bob and Alice agree on key value? encryption algorithm decryption algorithm ciphertext plaintext plaintext message, m K (m) A-B A-B
Symmetric key crypto: DES and AES DES: Data Encryption Standard • US encryption standard [NIST 1993] • 56-bit symmetric key, 64-bit plaintext input • How secure is DES? • DES Challenge: 56-bit-key-encrypted phrase (“Strong cryptography makes the world a safer place”) decrypted (brute force) in 4 months. Most recent record – 22 hours. AES: Advanced Encryption Standard • new (Nov. 2001) symmetric-key NIST standard, replacing DES • processes data in 128 bit blocks • brute force decryption (try each key) taking 1 sec on DES, takes 149 trillion years for AES
Public Key Cryptography symmetric key crypto • requires sender, receiver know shared secret key • Q: how to agree on key in first place (particularly if never “met”)? public key cryptography • radically different approach [Diffie-Hellman76, RSA78] • sender, receiver do not share secret key • public encryption key known to all • private decryption key known only to receiver
+ K (m) B - + m = K (K (m)) B B Public key cryptography + Bob’s public key K B - Bob’s private key K B encryption algorithm decryption algorithm plaintext message plaintext message, m ciphertext
K (K (m)) = m B B - + 1 2 Public key encryption algorithms Requirements: need K ( ) and K ( ) such that . . + - B B + given public key K , it should be impossible to compute private key K B - B RSA: Rivest, Shamir, Adelson algorithm
+ - K K B B RSA: Choosing keys 1. Choose two large prime numbers p, q. (e.g., 1024 bits each) 2. Compute n = pq, z = (p-1)(q-1) 3. Choose e (with e<n) that has no common factors with z. (e, z are “relatively prime”). 4. Choose d such that ed-1 is exactly divisible by z. (in other words: ed mod z = 1 ). 5.Public key is (n,e).Private key is (n,d).
1. To encrypt bit pattern, m, compute d e c = m mod n m = c mod n e (i.e., remainder when m is divided by n) d e m = (m mod n) mod n RSA: Encryption, decryption 0. Given (n,e) and (n,d) as computed above 2. To decrypt received bit pattern, c, compute d (i.e., remainder when c is divided by n) Magic happens! c Why secure? No quick factorizing algorithm
d e c = m mod n m = c mod n d c RSA example: Bob chooses p=5, q=7. Then n=35, z=24. e=5 (so e, z relatively prime). d=29 (so ed-1 exactly divisible by z. e m m letter encrypt: l 17 1524832 12 c letter decrypt: 17 12 l 481968572106750915091411825223071697
K (K (m)) = m - B B + K (K (m)) - + = B B RSA: another important property use private key first, followed by public key use public key first, followed by private key Result is the same!
Symmetric (DES) vs. Public Key (RSA) • Exponentiation of RSA is expensive ! • AES and DES are much faster • 100 times faster in software • 1,000 to 10,000 times faster in hardware • RSA often used in combination in AES and DES • Pass the session key with RSA
Overview • Course Administrative Trivia • What is Internet security? • Principles of cryptography • Authentication Some slides are in courtesy of J. Kurose and K. Ross
Authentication Goal: Bob wants Alice to “prove” her identity to him Protocol ap1.0:Alice says “I am Alice” “I am Alice” Failure scenario??
Authentication Goal: Bob wants Alice to “prove” her identity to him Protocol ap1.0:Alice says “I am Alice” in a network, Bob can not “see” Alice, so Trudy simply declares herself to be Alice “I am Alice”
Alice’s IP address “I am Alice” Authentication: another try Protocol ap2.0:Alice says “I am Alice” in an IP packet containing her source IP address Failure scenario??
Alice’s IP address “I am Alice” Authentication: another try Protocol ap2.0:Alice says “I am Alice” in an IP packet containing her source IP address Trudy can create a packet “spoofing” Alice’s address
Alice’s password Alice’s IP addr “I’m Alice” Alice’s IP addr OK Authentication: another try Protocol ap3.0:Alice says “I am Alice” and sends her secret password to “prove” it. Failure scenario??
Alice’s password Alice’s IP addr “I’m Alice” Alice’s IP addr OK Authentication: another try Protocol ap3.0:Alice says “I am Alice” and sends her secret password to “prove” it. Alice’s password Alice’s IP addr “I’m Alice” playback attack: Trudy records Alice’s packet and later plays it back to Bob
encrypted password Alice’s IP addr “I’m Alice” Alice’s IP addr OK Authentication: yet another try Protocol ap3.1:Alice says “I am Alice” and sends her encryptedsecret password to “prove” it. Failure scenario??
encrypted password Alice’s IP addr “I’m Alice” Alice’s IP addr OK Authentication: another try Protocol ap3.1:Alice says “I am Alice” and sends her encrypted secret password to “prove” it. encryppted password Alice’s IP addr “I’m Alice” record and playback still works!
K (R) A-B Authentication: yet another try Goal:avoid playback attack Nonce:number (R) used only once –in-a-lifetime ap4.0:to prove Alice “live”, Bob sends Alice nonce, R. Alice must return R, encrypted with shared secret key “I am Alice” R Alice is live, and only Alice knows key to encrypt nonce, so it must be Alice! Failures, drawbacks?
- K (R) A + + K K A A - - + (K (R)) = R K (K (R)) = R A A A Authentication: ap5.0 ap4.0 requires shared symmetric key • can we authenticate using public key techniques? ap5.0: use nonce, public key cryptography “I am Alice” Bob computes R and knows only Alice could have the private key, that encrypted R such that “send me your public key”