1 / 24

Chapter 9 Networking & Distributed Security (Part B)

Chapter 9 Networking & Distributed Security (Part B). Outline. Overview of Networking Threats Wiretapping, impersonation, message interruption/modification, DoS Controls Encryption, authentication, distributed authentication, traffic control, integrity control Email privacy: PEM, PGP

feoras
Download Presentation

Chapter 9 Networking & Distributed Security (Part B)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Chapter 9Networking & Distributed Security (Part B)

  2. Outline • Overview of Networking • Threats Wiretapping, impersonation, message interruption/modification, DoS • Controls Encryption, authentication, distributed authentication, traffic control, integrity control • Email privacy: PEM, PGP • Firewalls • Multilevel networks csci5233 computer security & integrity (Chap. 9)

  3. Network Security Controls: Encryptions • Host-level (link) encryption: Fig. 9-16, p.406 • Link encryption occurs at layer 1 (physical) or layer 2 (data link) in the OSI model. • Data is encrypted before the system places it on the physical communication link. • Data is decrypted when entering the destination host. + Encryption is performed by efficient and reliable hardware. + Encryption is invisible to the OS and the application. • Data are “in the clear” at the higher layers (layer 3 and above). • Data need to be decrypted by the intermediate hosts. Q: How many intermediate hosts are there? csci5233 computer security & integrity (Chap. 9)

  4. Network Security Controls: Encryptions • Application-level (end-to-end) encryption: Fig. 9-18 • Encryption is performed between the sending application and the receiving application. • The encryption can be done by hardware device (between the user and the host) or by software. • A message is transmitted in encrypted form throughout the network.  a secure virtual tunnel + No cleartext exposure in any host. Is this true? + No exposure in intermediate hosts. • slower than link level encryption • If symmetric keys are used, totally n * (n-1) / 2 keys are needed between every n applications. csci5233 computer security & integrity (Chap. 9)

  5. Network Security Controls: Encryptions • Comparison of link and end-to-end encryption • Table 9-2: p.409 • Any other encryption-based network controls? csci5233 computer security & integrity (Chap. 9)

  6. VPN (Virtual Private Network) • There are two common types of VPNs: • Remote-Access • Also called a Virtual Private Dial-up Network (VPDN) • a user-to-LAN connection used by a company that has employees who need to connect to the private network from various remote locations • Typically, a corporation that wishes to set up a large remote-access VPN provides some form of Internet dial-up account to their users using an ISP. • Site-to-Site • Through the use of dedicated equipment and large-scale encryption, a company can connect multiple fixed sites over a public network such as the Internet. • Use of VPN to secure wireless LAN csci5233 computer security & integrity (Chap. 9)

  7. VPN Encryptions • Most VPNs use one of the following protocols to provide encryption: IPSec, PPTP/MPPE, and L2TP/IPSec. • IPSec - Internet Protocol Security Protocol (IPSec). • Tunnel mode encrypts the header and the payload of each packet while transport mode only encrypts the payload. • All devices must use a common key or certificate and must have very similar security policies set up. • IPSec supports either 56-bit (single DES) or 168-bit (triple-DES) encryption. • PPTP/MPPE – Point-To-Point Tunneling Protocol • PPTP supports multi-protocol VPNs, with 40-bit and 128-bit encryption using a protocol called Microsoft Point-to-Point Encryption (MPPE). • PPTP by itself does not provide data encryption. csci5233 computer security & integrity (Chap. 9)

  8. VPN Encryptions • L2TP/IPSec - Commonly called L2TP over IPSec • This provides the security of the IPSec protocol over the tunneling of Layer 2 Tunneling Protocol (L2TP). • Primarily used for remote-access VPNs with Windows 2000 operating systems, since Windows 2000 provides a native IPSec and L2TP client. • Internet Service Providers can also provide L2TP connections for dial-in users, and then encrypt that traffic with IPSec between their access-point and the remote office network server. • VPN References: • http://www.cisco.com/warp/public/471/how_vpn_works.shtml#intro • http://pptpclient.sourceforge.net/ csci5233 computer security & integrity (Chap. 9)

  9. Network Security Controls: Authentication / Access Control • Two goals of access control in a network: • To protect a single system from unauthorized users • To prevent unauthorized users to access a computer by passing through another computer (distributed authentication) • Protection of dial-in ports: a special case of distributed user authentication • Automatic call-back • Differentiated access rights depending on access methods (local vs remote) • Silent modem Q: Any other methods for dial-in port protection? csci5233 computer security & integrity (Chap. 9)

  10. Network Security Controls: Distributed authentication • Two issues: • To protect a single system from unauthorized remote users distributed user authentication • To protect a network node from unauthorized access coming from other nodes  computer-to-computer authentication • Several approaches: • Distributed Authentication (by Digital, DEC) • Kerberos (by MIT) • DCE - Distributed Computing Environment (by OSF) • SESAME (a European R&D project) • CORBA – Common Object Request Broker Architecture (by OMG) csci5233 computer security & integrity (Chap. 9)

  11. Digital Distributed Authentication • 1989, 1990 • Gasser, Morrie, and Ellen McDermot. “An Architecture for Practical Delegation in a Distributed System”. Proceedings of the 1990 IEEE Symposium on Security and Privacy. 5/1990. • Issues to be resolved: • Impersonation of a server by a rogue process • Interception / modification of data exchanged btwn servers • Replay of a previous authentication • Approach: • Creation of a session key using public keys • The session key is used to encrypt further communications between the servers. • Implementation issues: public key distribution & certification csci5233 computer security & integrity (Chap. 9)

  12. Kerberos • Kerberos (Greek): a 3-headed dog that in Greek mythology guards the entrance to Hades • [Steiner, J., Neuman, C., and J. Schiller, 1988] "Kerberos: An Authentication Service for Open Network Systems", pp. 191-202 in Usenix Conference Proceedings, 2/1988. • [Kohl, J. and C. Neuman, 1993] The Kerberos Network Authentication Service (V5). RFC1510. 9/1993. • Purpose: authentication in distributed systems • Two types of servers: A Kerberos server (KS) – establish a session key btwn a user and the TGS A ticket granting server (TGS) – grant a ticket to a user request access to a resource csci5233 computer security & integrity (Chap. 9)

  13. Kerberos • Using Kerberos: • The user obtains a session key (SG)and a ticket (TG)from the KS. The KS also sends the session key and the user’s id to the TGS. (Fig. 9-21, p.413) Q. What is the session key for? Q. What information are contained in the ticket? Q. To whom would the user present the ticket? Q. Does the user transmit his password to the KS? • The user requests access to an object by obtaining from the TGS a ticket (TF) and a session key (SF). (Fig. 9-22) Q. What is the session key for? Q. What information are contained in the ticket? SF (p.414) Q. To whom would the user present the ticket? Fig. 9-23 Q. Can the ticket be read, modified or forged? Why or why not? csci5233 computer security & integrity (Chap. 9)

  14. Kerberos • Strength: + No passwords are transmitted on the network. + Cryptographic protection against spoofing: Every access is checked by the TGS and the respective resource server. + Limited period of validity: Every ticket has a time stamp. + Time stamps to prevent replay attack: Use of a reliable universal clock is required. + Mutual authentication: A secure channel btwn a user and a server can be established, via the use of a ticket and a session key. Both the serve and the user can authenticate each other. How? csci5233 computer security & integrity (Chap. 9)

  15. Kerberos • Weakness : • A continuously available TGS is required. Both reliability and performance may be potential problems. • Trust between the TGS and every server is required. Trust in a distributed environment is hard to establish. • Timely transactions are required. • A subverted workstation can save and later replay user passwords. • Password guessing works. • Kerberos does not scale well. Why? Fig. 9-23, p.415. • To enable the use of Kerberos in a distributed system, it is required that all applications use Kerberos. Q. Can the Kerberos server and the TGS be combined? Yes (see DCE). Q. What are the trade-offs? csci5233 computer security & integrity (Chap. 9)

  16. Distributed Computing Environment • An OSF project, 1992 (now the Open Group, http://www.opengroup.org/dce/) • OSF DCE provides a foundation on which other distributed services and applications may be built. Fig. 9-24, p.416. • DCE is called "middleware" or "enabling technology“. It is not intended to exist alone, but instead should be bundled into a vendor's operating system offering, or integrated in by a third-party vendor. • DCE is not an application in itself, but is used to build custom applications or to support purchased applications. • The security service in DCE is based on Kerberos, with the KS and the TGS combined into a Security Server. • A cell is an administrative domain, consisting of the set of subjects and objects managed together. • OSF Distributed Computing EnvironmentFAQ • DCE RFCs csci5233 computer security & integrity (Chap. 9)

  17. SESAME • A European Commission’s R&D project • Similar to DCE • It uses Kerberos extensively. • It preceded both Kerberos and DCE in use of public key technology for secure authentication and distributing privilege attributes and tickets to users. • Note: Both Kerberos and DCE used symmetric keys initially, but have moved to support public keys. csci5233 computer security & integrity (Chap. 9)

  18. CORBA • Common Object Request Broker Architecture • An OMG specification, http://www.omg.org/corba/ • An ORB is a traffic director that joins clients’ requests to appropriate servers. • Cross-platform interoperability “Using the standard protocol IIOP (Internet Inter-ORB Protocol), a CORBA-based program from any vendor, on almost any computer, operating system, programming language, and network, can interoperate with a CORBA-based program from the same or another vendor, on almost any other computer, operating system, programming language, and network.“ (http://www.omg.org/gettingstarted/corbafaq.htm#WhatIsIt) csci5233 computer security & integrity (Chap. 9)

  19. CORBA • The separation of interface from implementation, enabled by OMG IDL, is the essence of CORBA. csci5233 computer security & integrity (Chap. 9)

  20. CORBA Security Services • [Viega & McGraw] p.54 • OMG standards define two levels of CORBA security services. • Level 1 is intended for applications that may need to be secure, but where the code itself need not be aware of security issues. In such a case, all security operations should be handled by the underlying ORB. • Level 2 supports other advanced security features, and the application is likely to be aware of these. • Most CORBA’s security features are built into the underlying IIOP protocol, which supports secure communication using cryptography. • Mutual authentication is possible between the server and the user. csci5233 computer security & integrity (Chap. 9)

  21. CORBA • Strength of CORBA: • Flexibility of security policy: Any security policy may be supported, at the level of the ORB. • Independence of security technology: security technology neutral • Interoperability • Drawback: • CORBA specifications describe the means by which security functionality can be linked to a CORBA object, but there is no requirement to do so. • Implementations of the CORBA specification vary widely in terms of supported functionalities. (Example: tunneling connections through a firewall. See VM, p.56.) csci5233 computer security & integrity (Chap. 9)

  22. Network Security Controls: Traffic control • Traffic (flow) analysis an attack launched by an interceptor who examines the traffic of a network to gather and/or to infer information The mere existence of messages flowing from one point to another can be sensitive information. Examples: p.418 • Control against traffic analysis: Spurious messages between points of low traffic csci5233 computer security & integrity (Chap. 9)

  23. Network Security Controls: Data Integrity Control • The goal: To ensure that data is correctly stored, communicated, and modified in the network • Types of controls: • Cryptographic checksums • Parity bits Byte parity bit: 1 if the sum of bits in a byte is even; 0 otherwise Longitudinal parity bit + byte parity bit: p.421 • Other error checking codes: hash value, message digest • Digital signatures: In a network, digital signatures are used to check authenticity of a message and also to enable auditability/traceability of data change. • Notarization: a 3rd party authority (notary) between two users in a network csci5233 computer security & integrity (Chap. 9)

  24. Summary • Next: • Email privacy: PEM, PGP • Firewalls csci5233 computer security & integrity (Chap. 9)

More Related