Lecture 0

Anish Arora

CSE 5473

Network Security

Objectives

• Network (cyber-) security threats and countermeasures

• Elements of cryptography

• Protocols for security services 

• Network security design using available secure solutions

• Some advanced issues and technologies

(e.g. DDoS attacks, anonymous communications, wireless security, device / sensor network / cyberphysical security)

• Original research in network security

Yes, You will Master Acronyms

• DES, AES, RSA, Blowfish, MD, RC, SHA…

• IPSec

• OSPF

• SSL, TLS

• PGP (BGP?), Shibboleth

• DDoS

What We Won’t Cover

• How to configure and install security solutions

• Forensics

• Comprehensive organization approach to information assurance

• Business aspects of network security

And we’ll only superficially cover:

• Mathematics underlying cryptography

• How to crack systems (spyware, malware, adware)

• How to deal with access breaches (firewalls, IDS, port knocking)

• Legal issues underlying export and patenting

Related Courses that Do Cover What We Omit

• CSE 5473: This course

Focuses on network aspects of the tip of the so-called

security pyramid

• CSE 4471*: Information Security

A big picture perspective. From time to time, I’ll refer you

here for background reading or access security

• CSE 5351: Introduction to Cryptography

A reference for details on some of our topics

Also 5472 (Information Security Projects), 5359 (Int. Studies in Crypto.)

*: All links in lectures are optional reading unless otherwise specified

What We Will Assume

You should be familiar with:

Network layers

Protocols for the transport layer (TCP, UDP), for routing

(RIP or OSPF), for the application layer (http)

C/C++ and/or script programming

I expect from you some mathematical maturity, including

the ability to learn and use new mathematical &

programming notations (NesC for instance)

Course Materials

Webpage: http://cse.ohio-state.edu/~anish/5473.html syllabus, slides, notes, assignments, announcements

see also CARMEN (cse_5473_sp2015_31987)

Text

• William Stallings, Cryptography and Network Security: Principles & Practice ; either: 5th Ed., Prent. Hall, 2010, ISBN:0136097049 errata

4th Ed., Prent. Hall, 2002, ISBN:0131873164 errata

References

• Mark Stamp, Information Security: Principles & Practice, Wiley 2011 ISBN:0470626399

• Bruce Schneier, Applied Cryptography, 2nd Ed., Wiley 1996 ISBN 0-471-11709-9

My Expectations

• Read the material assigned in class, to the point that you

can answer simple conceptual or what-if questions in the

quiz. (I don’t expect you to remember details of crypto

algorithms or security protocols or usage parameters)

• Work independently and ethically on homeworks and labs

• Read lectures before class, we can more time in class to

discuss flaws, threats, attacks relevant to the discussion;

keep in mind you may know more about specific security

features and bugs than I do

Grading Plan

• Homework assignments:15% (focus: puzzles)

• Laboratory exercises: 25% (focus: cracking)

• In-class quizzes: 10% (focus: pay attention in class)

• Midterm quiz: 20% (focus: concepts)

• Research project: 30% (focus: theory/implementation)

Project will be done by teams of 2 undergraduates, or one

graduate student. I’ll provide options for programming

projects or you may consult with me to choose your own

(theory, analysis, design, or implementation) project

Grading is relative You might get an A at 75%

Outline of Lecture 0

• Security attacks

• Security mechanisms

• Security models

• Security services

Background `big picture’ : 4471 discussion of threats/attack (Read this)

Security Attacks

Definition Any action that compromises security of information

Examples :

Security Attacks (contd.)

• Other attacks include: Flooding, Denial of Service, Jamming

Traffic Analysis

Routing Attacks: false routes, configuration changes (SNMP)

Leak Information, Disown Information

Remote arbitrary code execution, e.g., via Viruses or Worms

Trapdoors, Covert functions, Logic Bombs

Man in the Middle impersonates peers to one another; provides service via others

Free Rider or Free Loader a peer that gets service but does not provide service

Lazy Middle Man a peer that does part of the work but never whole

Inject faults

Number of Security Attacks

Trends in Security Attacks

Optional reading: Malware, Worms, Phishing, Botnets, XSS

Security Attacks (contd.)

• Attacks are comprised of elementary attacks:

Replay

Deletion

Host compromise

Capability compromise

Key compromise

Data Encryption: requires knowledge of key

Data Decryption: requires knowledge of inverse key

Timestamps: requires access to a secure time server

Eavesdropping

IP spoofing

(Optional reading: Sniffing, Spoofing, Password tools)

Types of Security Attacks

Attacks Attacks

Attacks

A Classification of Security Attacks

• Passive or Active: both can access information being communicated, but only the

latter can create or modify it

• Host Compromise or Communication Compromise: only the former can obtain knowledge of all information known to

the host

• Internal or External: only the former can impersonate a system process, and thus also

act as an intermediary only the former let’s the protocol being executed known

• Destructive or Nondestructive: only the latter allows information to still be correctly communicated

to the destination(s)

Security Mechanism

Definition A mechanism that is designed to detect, prevent, or recover from a security attack

Pervasive security mechanisms include: encryption or encipherment digital signatures, notarization traffic padding routing control trusted functionality security labels access controls event detection audit trails firewalls

Types of Keys

Cryptography underlies many security mechanisms. Keys are often used for securing or unsecuring information

• Symmetric, S: Same key is used to encode and decode

• Asymmetric or Public/Private, B/R: Public key is used to encode, private key to decode

• One way function, f: Given x, it is easy to compute f(x), but given f(x) it’s hard tocompute x

• One way function with trapdoor, f: A one way function where given f(x) it is easy to compute x if

one knows a trapdoor function g s.t. g(f(x))=x

Types of Keys (contd.)

• One way permutation, f,g: Both f and g are one way functions and each other's trapdoor

• One way hash function, MD: A hash function MD that is one way(Recall that a hash function may be many-to-one)

• One way weakly collision-free hash function, MD: A one way hash function MD s.t. given x it is hard to computea different y s.t. MD(x)=MD(y)

• One way strongly collision-free hash function, MD: A one way hash function MD s.t. it is hard to computedifferent x and y s.t. MD(x)=MD(y)

Types of Keys (contd.)

• Weak key:

A key in the key-space that does not encode well,

e.g., 0-key, and is thus easy to guess

• Complement key:

A key s.t. Complement(f(x)) = f(Complement(x))

and thus involves considering half the x to guess

• Related keys:

A pair of keys that are related by some difference

which can be exploited to reduce the number of x to guess

Kerchoff’s Principle

• For key based cryptosystems, the property of security should not rely on the secrecy of the mechanism (aka, algorithm)

• In other words, it should rely only on the secrecy of the key

• Interpretation: avoid security by obscurity

Security Models:A Model for Secure Network Communication

Consider information flowing over an insecure communications channel, in the presence of possible opponents

An appropriate security transform (encryption algorithm) can be used, with suitable keys, possibly negotiated using the presence of a trusted third party

Using this model requires us to:

• design a suitable algorithm for the security transformation

• generate the secret information (keys) used by the algorithm

• develop methods to distribute and share the secret information

• specify a protocol enabling the principals to use the transformation and secret information for a security service

A Model for Secure Network Communication

A Model for Network Access Security

Consider controlled access to information or resources on a computer system, in the presence of possible opponents

Appropriate controls are needed on the access and within the system, to provide suitable security. Some cryptographic techniques are useful here also

Using this model requires us to:

• select appropriate gatekeeper functions to identify users

• implement security controls to ensure only authorized users access designated information or resources

• implement trusted computer systems

A Model for Network Access Security

Recall: CSE 651 focuses more on Comm. than Access Model

Security Service

Definition A service that enhances the security of data processing systems and information transfers.

Makes use of one or more security mechanisms

Examples of network security service requirements:• authentication• privacy, confidentiality• integrity• non repudiation• obliviousness• information flow

Authentication

Definition The requirement by which a process securely communicates its identity to another

Thus, if process k receives an identification communication from process j then it must be the case that there is a corresponding send of that identification communication by j

Note that if messages are not all unique, then to deal with replay of old communications from j, we may have to embed counters in the state to capture bad prefixes

Instances of identity communication of j:

k j : n j k : R.j ‹n›

or

k j : n j k : S ‹n ; j›

Privacy

Definition The requirement by which communication is possible that can be decoded only by the processes that agree to communicate

In some cases, source, destination, frequency of communication needs to be protected as well

Instances of private communication from j to k:

• j k : S ‹data›

or

• j k : B.k ‹data›

Integrity

Definition The requirement by which a recipient can prove to itself that the message is what was indeed sent

I.e., the message was not modified or replaced

Instance of integrity of communication from j to k:• j k : data, MD(data; S)

Non Repudiation

Definition The requirement by which a recipient can prove to anyone that the message was indeed sent by the sender

Likewise, a sender can prove that a recipient indeed received the message

Note that non-repudiation implies integrity, but not vice versa. Note that non-repudiation does not necessarily imply authentication, since the message could have been forwarded by a third party

Instance of nonrepudiation of communication from j to k:

• j k : data, R.j ‹data›

or

• j k : data, R.j ‹MD(data)›

Obliviousness

Definition The requirement by which a process may perform a set of operations but not be sure which one (or more) of them was correctly performed

• E.g., a process may send two messages but not be sure which one of them was correctly received

• E.g. (slide 93 onwards), a process may sign one of a set of messages but not know which one it signed, or use one of a set of keys to encrypt with but not know which one was chosen

Information Flow

Definition The requirement by which a high-level process cannot communicate any information to a low-level process, directly or indirectly

Sometimes this is called absence of covert channels or subliminal channels

One sufficient condition for this requirement is called noninterference, which says that the outcome of an action of a low-level process in a computation remains the same even if actions performed by all higher-level processes are added or deleted to the computation

Security services (contd.)

Other important security services include:

• authorization: access is enabled if that access is allowed

• availability: permanence, non-erasure

• verifiability: a sort of integrity, revealing originality not content

• unforgeability: a sort of integrity, forged messages must be

independent of original messages

• distinguishability: can guess whether encrypted msg is m0/m1

• detectability: can guess whether encrypted msg is valid

Optional reading: Firewalls (upto slide 37), Intrusion Detection

An aside on hashing

• Length of hash << length of message, & often fixed at 48-128

• Some other names of hashing: finger printing, message

integrity check (MIC), message digest, cryptographic

checksum, manipulation detection code

• Hash functions are wellknown. So hashing, unlike encryption

algorithms, is exportable; often used to communicate

programs securely over the web

• MD‹key;data› is a message authentication code (MAC) or data

authentication code (DAC); knowing key

More on hashing: Relative costs

Using 0 keys (MD) is cheaper that using 1 key (S), which in turn is cheaper than using 2 keys (B, R)

Privacy by j k: S‹data› is cheaper than j k: B.k‹data›

Authentication by j k: MD‹j;n;S› is cheaper than j k: S‹j;n›

Non-repudiation via R.j‹MD‹data›› is cheaper than R.j‹data›

Often 2 keys are used in rare modes and 1 key is used in common modes

Ethical, social, policy and legal issues

• Some software we will study may be under export restriction, it is your responsibility to obey the applicable laws

• Many of the algorithms we will discuss are protected by patents, which makes it illegal to make and sell (or give away) computer programs that use those algorithms

• I expect you to work individually. Cheating/undisclosed collaboration will be dealt with severely

• Background `Big Picture’ Reading: From CSE4471 on Ethics/Law (optionally this, this)

Patent issues

• Many cryptographic techniques & algorithms are patented

• Some are nonetheless royalty free (DES), at least for public

use

• Software licenses are necessary in these cases

Export issues

• Some governments consider encryption a dangerous technology

• USA, Australia, New Zealand, France and Russia control export

• Export licenses are needed for export to a government

• Import always ok; cannot export to Cuba, Iran, Iraq, Libya, North Korea,

Sudan, Syria

• Previously:

Technical review needed for export to non-government

Open source did not need review but must have deposited source code

Less than 64 bit encryption generally ok for export

Illegal to carry abroad encryption software on your laptop!

Elements of cryptography:Types of security

• unconditional security

no matter how much computation is available, cipher cannot be

broken since ciphertext provides insufficient information to

uniquely determine the corresponding plaintext

one-time pad: a truly random key as long as the message

is unbreakable: ciphertext bears no statistical relationship to plaintext

can only use the key once though

have problem of safe distribution of key

• computational security

given limited computing resources (e.g. time needed for calculations is

greater than age of universe), the cipher cannot be broken

Terminology

• cryptography - study of encryption principles/methods

characterize by: number of keys used

o single-key or private / two-key or public

type of encryption operations usedo substitution / transposition / product

way in which plaintext is processedo block / stream

• cryptanalysis (codebreaking) - study of principles/ methods of deciphering ciphertext without knowing key

• cryptology - the field of both cryptography and cryptanalysis

• brute force attacks – search-based alternative to cryptanalaysis: attacker tries every possible key to decipher ciphertext

• always possible to simply try every key • most basic attack, proportional to key size • assume either know / recognise plaintext

• not all key sizes equal: • 80 bit DES ~ 1024 bit RSA• as of 2010, neither regarded as secure

Brute force attacks

Types of cryptanalysis attacks

• ciphertext only only know ciphertext / algorithm, statistical, can identify plaintext

• known plaintext attack cipher by knowing / suspecting plaintext & ciphertext

• chosen plaintext attack cipher by selecting plaintext and obtaining ciphertext,

useful if limited set of messages

• chosen ciphertext attack cipher by selecting ciphertext and obtaining plaintext

• chosen text attack cipher by selecting either plaintext or ciphertext to

en/decrypt

Things we won’t really talk about

Substitution ciphers:

where letters of plaintext are replaced by others: b e, c f

or where if plaintext is viewed as a sequence of bits, then bit

patterns are replaced with ciphertext bit patterns

monoalphabetic: arbitrary mapping of letter to letter; 26!

multiletter coding: mapping from multiple letters

polyalphabetic techniques: multiple mappings e.g. position based

subject to brute force search and frequency attacks

Transposition (permutation) ciphers:

where the letter order is rearranged without altering the letters

subject to frequency attacks

Things we won’t really talk about

Product ciphers:

use several ciphers in succession to make harder

especially if a substitution is followed by a transposition

number of rounds should suffice to make output look random

each input bit in “block” should affect every output bit

this is bridge from classical to modern ciphers

Cryptanalysis tools:

special hardware

supercomputers or parallel machines

Internet coarse-grain parallelism

Things we won’t really talk about (contd.)

Steganography an alternative to encryption

hides existence of message

uses only subset of letters/words in longer msg marked in some way

using invisible ink

hiding in LSB in graphic image or sound file

drawback: high overhead to hide relatively few info bits