Segurança Informática - FCUPpbrandao/aulas/1112/TeleSaude/slides/aula-SegInf... · Segurança...

Segurança Informática nas redes 1

Segurança Informática - MIM 2011/12

M I M 2 0 1 1 / 2 0 1 2

P E D R O B R A N D Ã O

Segurança Informática

References

Some slides are based on “Computer Networking: A Top Down Approach 5th edition”. Jim Kurose, Keith Ross Addison-Wesley, April 2009

Others by Dr Lawrie Brown (UNSW@ADFA) for “Computer Security: Principles and Practice”, 1/e, by William Stallings and Lawrie Brown

Still some from Mark Stamp “Information Security: Principles and Practice” 2nd edition (Wiley 2011).

Seg. Informática - pbrandao

2



Contents


3

Overview

Some background (network stuff)

Crypto reminders

Steganography

Authentication

Access control/authorization

Side channels

CAPTCHAs

DoS Attacks

Firewalls

Intrusion Detection Systems (IDS)

Internet Security Protocols

Authentication protocol

SSL, IPsec, VPNs, S/MIME

Other subjects


Overview 4



Key Security Concepts


5

Computer Security Challenges

1. not simple

2. must consider potential attacks

3. procedures used counter-intuitive

4. must decide where to deploy mechanisms

5. involve algorithms and secret info

6. battle of wits between attacker / admin

7. not perceived on benefit until fails

8. requires regular monitoring

9. too often an after-thought

10. regarded as impediment to using system


6



Network Security Attacks

classify as passive or active

passive attacks are eavesdropping release of message contents

traffic analysis

are hard to detect so aim to prevent

active attacks modify/fake data masquerade

replay

modification

denial of service

hard to prevent so aim to detect


7

Security Taxonomy


8



N E T W O R K S T U F F


Background 9

IP Address: intro


10

IP Address: 32 bits identifier of network interface

Routers have multiple interfaces

Terminals usually have only one

One IP address per each interface

223.1.1.1

223.1.1.2

223.1.1.3

223.1.1.4 223.1.2.9

223.1.2.2

223.1.2.1

223.1.3.2 223.1.3.1

223.1.3.27

223.1.1.1 = 11011111 00000001 00000001 00000001

223 1 1 1

decimal binary

128 bits for IPv6



Sub-networks


11

IP Address:

Sub-net part (most significant bits)

Node part (less significant bits)

What is a sub-net?

Group of interfaces with the same sub-net IP address part

Nodes can “reach” each other without router intervention

223.1.1.1

223.1.1.2

223.1.1.3

223.1.1.4 223.1.2.9

223.1.2.2

223.1.2.1

223.1.3.2 223.1.3.1

223.1.3.27

Network with 3 sub-networks

sub-net

IP Address: CIDR


12

CIDR: Classless Inter Domain Routing Subnet part of arbitrary size

format: a.b.c.d/x, where x is the number of bits of the subnet part

11001000 00010111 00010000 00000000

200.23.16.0/23

subnet node



Routing – Tables


13

Net 1

R1

Net 2

R2

Net 3

R3

Net 4

Net 5

Destination Next Hop

Net 1 R1

Net 2 Direct delivery

Net 3 Direct delivery

Net 4 R3

Net 5 R1

14.0.0.0

R1

145.12.0.0

R2

192.170.1.0

R3

192.170.20.0

81.0.0.0

145.12.0.1 14.0.0.1

81.0.0.1

145.12.0.7 192.170.1.1 192.170.1.7 192.170.20.1

Destination Mask Next Hop

14.0.0.0 255.0.0.0 145.12.0.1

145.12.0.0 255.255.0.0 Direct delivery

192.170.1.0 255.255.255.0 Direct delivery

192.170.20.0 255.255.255.0 192.170.1.7

81.0.0.0 255.0.0.0 145.12.0.1

IP addresses: how to get one?

Who says which machine has which IP address?

hard-coded by system admin in a file

DHCP: Dynamic Host Configuration Protocol: dynamically get address from as server “plug-and-play”


14



DHCP: Dynamic Host Configuration Protocol

Goal: allow host to dynamically obtain its IP address from network server when it joins network

Can renew its lease on address in use

Allows reuse of addresses (only hold address while connected an “on”)

Support for mobile users who want to join network

DHCP overview:

host broadcasts “DHCP discover” msg [optional]

DHCP server responds with “DHCP offer” msg [optional]

host requests IP address: “DHCP request” msg

DHCP server sends address: “DHCP ack” msg


15

DHCP client-server scenario

223.1.1.1

223.1.1.2

223.1.1.3

223.1.1.4 223.1.2.9

223.1.2.2

223.1.2.1

223.1.3.2 223.1.3.1

223.1.3.27

A

B

E

DHCP server

arriving DHCP

client needs

address in this

network


16



DHCP: more than IP address

DHCP can return more than just allocated IP address on subnet: address of first-hop router for client

name and IP address of DNS sever

network mask (indicating network versus host portion of address)


17

Reminder: Internet Stack


18

application: network applications

FTP, SMTP, HTTP

transport: data transfer between processes

TCP, UDP

network: routing of datagrams between source and destination

IP, routing protocols

logic: data transfer between adjacent network elements

PPP, Ethernet

Physical: bits on the “wire”

Physical

Logic

Network

Transport

Application



Link Layer: Introduction - terminology


19

hosts and routers are nodes

communication channels that connect adjacent nodes along communication path are links

wired links

wireless links

LANs

layer-2 packet is a frame, encapsulates datagram

data-link layer has responsibility of transferring datagram from one node to adjacent node over a link

Link Layer Services


20

framing, link access: encapsulate datagram into frame, adding header, trailer

channel access if shared medium

“MAC” addresses used in frame headers to identify source, destination

different from IP address!

reliable delivery between adjacent nodes Similar techniques to transport layer

seldom used on low bit-error link (fiber, some twisted pair)

wireless links: high error rates



MAC Addresses and ARP


21

32-bit IP address: network-layer address

used to get datagram to destination IP subnet

MAC (or LAN or physical or Ethernet) address: function: get frame from one interface to another physically-

connected interface (same network)

48 bit MAC address (for most LANs)

burned in NIC ROM, also sometimes software settable

LAN Addresses and ARP


22

Each adapter on LAN has unique LAN address

Broadcast address = FF-FF-FF-FF-FF-FF

= adapter

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN (wired or wireless)



ARP: Address Resolution Protocol


24

Each IP node on LAN has ARP table

ARP table: IP/MAC address mappings for some LAN nodes

Question: how to determine MAC address of B knowing B’s IP address?

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN

137.196.7.23

137.196.7.78

137.196.7.14

137.196.7.88

Ethernet – Star topology


25

bus topology popular through mid 90s all nodes in same collision domain (can collide with each other)

today: star topology prevails active switch in center

each “spoke” runs a (separate) Ethernet protocol (nodes do not collide with each other)

switch

bus: coaxial cable star



Switches vs. Routers


26

both store-and-forward devices routers: network layer devices (examine network layer headers)

switches are link layer devices

routers maintain routing tables, implement routing algorithms

switches maintain switch tables, implement filtering, learning algorithms

Elements of a wireless network


27

network infrastructure

wireless hosts

laptop, PDA, IP phone

run applications

may be stationary (non-mobile) or mobile

wireless does not always mean mobility





28


base station

typically connected to wired network

relay - responsible for sending packets between wired network and wireless host(s) in its “area”

e.g., cell towers, 802.11 access points



29


wireless link

typically used to connect mobile(s) to base station

also used as backbone link

multiple access protocol coordinates link access

various data rates, transmission distance





30


infrastructure mode

base station connects mobiles into wired network

handoff: mobile changes base station providing connection into wired network



31

ad hoc mode

no base stations

nodes can only transmit to other nodes within link coverage

nodes organize themselves into a network: route among themselves



Characteristics of selected wireless link standards


32

Indoor 10-30m

Outdoor 50-200m

Mid-range

outdoor 200m – 4 Km

Long-range

outdoor 5Km – 20 Km

.056

.384

1

4

5-11

54

IS-95, CDMA, GSM 2G

UMTS/WCDMA, CDMA2000 3G

802.15

802.11b

802.11a,g

UMTS/WCDMA-HSPDA, CDMA2000-1xEVDO 3G cellular

enhanced

802.16 (WiMAX)

802.11a,g point-to-point

200 802.11n

Data

ra

te (

Mb

ps) data

Mesh Networks


33

Internet

ISP A

ISP B

Wired link

Wireless link to infrastructure

Wireless link to Mesh




Crypto reminders 34

Symmetric Encryption


35



Public Key Encryption


36

Public Key Authentication


37



Message Authentication Codes


38

Secure Hash Functions


39



Message Authentication


40

X.509 Certificates


41



CA root certificates

42


CA gratuitas para email.

Server Certificate

43




Mail certificate

44


45

Steganography

Cry

pto

rem

ind

ers




Steganography

According to Herodotus (Greece 440 BC)

Shaved slave’s head

Wrote message on head

Let hair grow back

Send slave to deliver message

Shave slave’s head to expose message (warning of Persian invasion)

Historically, steganography used more than cryptography!


46

Images and Steganography


Images use 24 bits for color: RGB

8 bits for red, 8 for green, 8 for blue

For example

0x7E 0x52 0x90 is this color

0xFE 0x52 0x90 is this color

While

0xAB 0x33 0xF0 is this color

0xAB 0x33 0xF1 is this color

Low-order bits don’t matter…

47



Images and Stego


Given an uncompressed image file…

For example, BMP format

…we can insert information into low-order RGB bits

Since low-order RGB bits don’t matter, result will be “invisible” to human eye

But, computer program can “see” the bits

48

Stego Example 1

Left side: plain Alice image

Right side: Alice with entire Alice in Wonderland (pdf) “hidden” in the image


49

Non-Stego Example


Walrus.html in web browser

“View source” reveals: "The time has come," the Walrus said, 

"To talk of many things: 

Of shoes and ships and sealing wax 

Of cabbages and kings 

And why the sea is boiling hot 

And whether pigs have wings." 

50

Stego Example 2


stegoWalrus.html in web browser

“View source” reveals: "The time has come," the Walrus said, 

"To talk of many things: 

Of shoes and ships and sealing wax 

Of cabbages and kings 

And why the sea is boiling hot 

And whether pigs have wings." 

Hidden” message: 010 100 110 100 100 100 01010011 = S, 01001001 = I, 00…

51




Authentication 52

User Authentication

fundamental security building block basis of access control & user accountability

is the process of verifying an identity claimed by or for a system entity

has two steps: identification - specify identifier

verification - bind entity (person) and identifier

distinct from message authentication


53



Means of User Authentication

four means of authenticating user's identity

based one something the individual knows - e.g. password, PIN

possesses - e.g. key, token, smartcard

is (static biometrics) - e.g. fingerprint, retina

does (dynamic biometrics) - e.g. voice, sign

can use alone or combined

all can provide user authentication

all have issues


54

Why Passwords?

Why is “something you know” more popular than “something you have” and “something you are”?

Cost: passwords are free

Convenience: easier for admin to reset pwd than to issue a new thumb


55



Keys vs Passwords

Crypto keys

Suppose key is 64 bits

Then 264 keys

Choose key at random…

…then attacker must try about 263 keys

Passwords

Suppose passwords are 8 characters, and 256 different characters

Then 2568 = 264 pwds

Users do not select passwords at random

Attacker has far less than 263 pwds to try (dictionary attack)


56

Bank password: m1S3cr3t

Good and Bad Passwords


Bad passwords frank

Fido

password

4444

Pikachu

102560

AustinStamp

Good Passwords?

jfIej,43j-EmmL+y

09864376537263

P0kem0N

FSa7Yago

0nceuP0nAt1m8

PokeGCTall150

57



Token Authentication

object user possesses to authenticate, e.g. embossed card

magnetic stripe card

memory card

smartcard

Smart card


58

Cartão de Cidadão


59

From [SecHISSantos]



Cartão de Cidadão


60

From [SecHISSantos]

CC Properties

61


Properties Visible Machine

Readable Zone

Integrated

Circuit

Last names X X X

First names X X X

Parents Names X X

Nacionality X X X

Birth date X X X

Sex X X X

Height X X

Facial Image X X

Signature X

Civil ID Number X X

Tax ID Number X X

Health ID Number X X

Social Security ID Number X X

Document Number X X X

Emitting Country (Portuguese Republic) X

Type of document X

Expiry date X X

Emission date X

Address X1

Fingerprints (2) X2

Eventual indications, according to the law X

Authentication certificate X2

Electronic signature certificate X

Software applications needed X

Free writing zone for citizen use X

Additional health data (health sub-system,

etc) X

1 Data not accessible 2 PIN (password) protected access/use

From [SecHISSantos]



Biometric Authentication

authenticate user based on one of their physical characteristics


62

Operation of a Biometric System

63




Remote User Authentication

authentication over network more complex problems of eavesdropping, replay

generally use challenge-response user sends identity

host responds with random number

user computes f(r,h(P)) and sends back

host compares value from user with own computed value, if match user authenticated

protects against a number of attacks


64

Authentication Security Issues

client attacks

host attacks

eavesdropping

replay

trojan horse

denial-of-service


65




Access Control 66

Access Control

“The prevention of unauthorized use of a resource, including the prevention of use of a resource in an unauthorized manner“

central element of computer security

assume users and groups authenticate to system

assigned access rights to certain resources on system


67



Access Control Principles


68

Access Control Elements

subject - entity that can access objects a process representing user/application

often have 3 classes: owner, group, world

object - access controlled resource e.g. files, directories, records, programs etc

number/type depend on environment

access right - way in which subject accesses an object e.g. read, write, execute, delete, create, search


69



UNIX File Access Control


70

rwxrw----

Owner can read, write and execute

the file

Any user in the owner ‘s group can read, write

the file

All other users cannot read,

write or execute the file

Role-Based Access Control


71



Side channels

Acc

ess

co

ntr

ol


72

Multilevel Security (MLS)

MLS needed when subjects/objects at different levels use/on same system

Security levels for subjects and objects

For DoD levels, we have:

TOP SECRET > SECRET >

CONFIDENTIAL > UNCLASSIFIED

Subjects have clearance and objects have classifications


73




Covert Channel

MLS designed to restrict legitimate channels of communication

May be other ways for information to flow

For example, resources shared at different levels could be used to “signal” information

Covert channel: a communication path not intended as such by system’s designers

74

Covert Channel Example


Alice has TOP SECRET clearance, Bob has CONFIDENTIAL clearance

Suppose the file space shared by all users

Alice creates file FileXYzW to signal “1” to Bob, and removes file to signal “0”

Once per minute Bob lists the files

If file FileXYzW does not exist, Alice sent 0

If file FileXYzW exists, Alice sent 1

Alice can leak TOP SECRET info to Bob!

75



Inference Control Example


Suppose we query a database

Question: What is average salary of female CS professors at SJSU?

Answer: $95,000

Question: How many female CS professors at SJSU?

Answer: 1

Specific information has leaked from responses to general questions!

76

Inference Control and Research


For example, medical records are private but valuable for research

How to make info available for research and protect privacy?

How to allow access to such data without leaking specific information?

77



Naïve Inference Control


Remove names from medical records?

Still may be easy to get specific info from such “anonymous” data

Removing names is not enough

As seen in previous example

What more can be done?

78

Less-naïve Inference Control


Query set size control

Don’t return an answer if set size is too small

N-respondent, k% dominance rule

Do not release statistic if k% or more contributed by N or fewer

Example: Avg salary in Bill Gates’ neighborhood

This approach used by US Census Bureau

Randomization

Add small amount of random noise to data

Many other methods none satisfactory

79



Side Channel Attacks on Crypto


Sometimes possible to recover key without directly attacking the crypto algorithm

A side channel consists of “incidental information”

Side channels can arise due to The way that a computation is performed

Media used, power consumed, unintended emanations, etc.

Induced faults can also reveal information

Side channel may reveal a crypto key

80

Side Channels


Emanations security (EMSEC) Electromagnetic field (EMF) from computer screen can allow

screen image to be reconstructed at a distance

Smartcards have been attacked via EMF emanations

Differential power analysis (DPA) Smartcard power usage depends on the computation

Differential fault analysis (DFA) Key stored on smartcard in GSM system could be read using a

flashbulb to induce faults

Timing analysis Different computations take different time

RSA keys recovered over a network (openSSL)!

81



CAPTCHA

Acc

ess

Co

ntr

ol


82

Turing Test


Proposed by Alan Turing in 1950

Human asks questions to one human and one computer, without seeing either

If questioner cannot distinguish human from computer, computer passes the test

The gold standard in artificial intelligence

No computer can pass this today

But some claim to be close to passing

83

http://www.telegraph.co.uk/earth/main.jhtml?xml=/earth/2008/10/12/eacomputer112.xml



CAPTCHA


CAPTCHA

Completely Automated Public Turing test to tell Computers and Humans Apart

Automated test is generated and scored by a computer program

Public program and data are public

Turing test to tell… humans can pass the test, but machines cannot pass

Also known as HIP == Human Interactive Proof

Like an inverse Turing test (well, sort of…)

84

CAPTCHA Paradox?


“…CAPTCHA is a program that can generate and grade tests that it itself cannot pass…”

“…much like some professors…”

Paradox computer creates and scores test that it cannot pass!

CAPTCHA used so that only humans can get access (i.e., no bots/computers)

CAPTCHA is for access control

85



CAPTCHA Uses?


Original motivation: automated bots stuffed ballot box in vote for best CS grad school

SJSU vs Stanford?

Free email services spammers like to use bots to sign up for 1000’s of email accounts

CAPTCHA employed so only humans get accounts

Sites that do not want to be automatically indexed by search engines

CAPTCHA would force human intervention

86

CAPTCHA: Rules of the Game


Easy for most humans to pass

Difficult or impossible for machines to pass

Even with access to CAPTCHA software

From attacker’s perspective, the only unknown is a random number

Desirable to have different CAPTCHAs in case some person cannot pass one type

Blind person could not pass visual test, etc.

87



Do CAPTCHAs Exist?


Test: Find 2 words in the following

Easy for most humans

A (difficult?) OCR problem for computer o OCR == Optical Character Recognition

88

D E N I A L O F S E R V I C E


DoS Attacks 89



Classic Denial of Service Attacks


90

Source Address Spoofing


91

use forged source addresses given sufficient privilege to “raw sockets”

easy to create

generate large volumes of packets directed at target

with different, random, source addresses

cause same congestion on attacked link responses are scattered across Internet

real source is much harder to identify



SYN Spoofing


92

other common attack

attacks ability of a server to respond to future connection requests

overflowing tables used to manage them

hence an attack on system resource

TCP Connection Handshake


93



SYN Spoofing Attack


94

DDoS Control Hierarchy


95




Firewalls 96

Firewalls


Firewall must determine what to let in to internal network and/or what to let out

Access control for the network

Internet Internal network Firewall

97



Firewall as Secretary


A firewall is like a secretary

To meet with an executive

First contact the secretary

Secretary decides if meeting is important

So, secretary filters out many requests

You want to meet chair of CS department?

Secretary does some filtering

You want to meet the PotUS?

Secretary does lots of filtering

98

Firewall Terminology


No standard firewall terminology

Types of firewalls

Packet filter works at network layer

Stateful packet filter transport layer

Application proxy application layer

Other names often used

E.g., “deep packet inspection”

99



Types of Firewalls


100

inside outside

Packet Filter


101

Operates at network layer

Can filter based on… Source IP address

Destination IP address

Source Port

Destination Port

Flag bits (SYN, ACK, etc.)

Egress or ingress Physical

Logic

Network

Transport

Application



Packet Filter


102

Advantages? Speed

Disadvantages? No concept of state

Cannot see TCP connections

Blind to application data

Physical

Logic

Network

Transport

Application

Packet Filter


103

Configured via Access Control Lists (ACLs)

Allow Inside Outside Any 80 HTTP

Allow Outside Inside 80 > 1023 HTTP

Deny All All All All All

Action Source

IP Dest

IP Source

Port Dest Port Protocol

Q: Intention?

A: Restrict traffic to Web browsing

Any

ACK

All

Flag Bits



TCP ACK Scan


104

Attacker scans for open ports thru firewall Port scanning is first step in many attacks

Attacker sends packet with ACK bit set, without prior 3-way handshake Violates TCP/IP protocol

ACK packet pass thru packet filter firewall

Appears to be part of an ongoing connection

RST sent by recipient of such packet

TCP ACK Scan


105

Attacker knows port 1209 open thru firewall

A stateful packet filter can prevent this Since scans not part of established connections

Packet Filter

Trudy Internal Network

ACK dest port 1207

ACK dest port 1208

ACK dest port 1209

RST



Stateful Packet Filter


106

Adds state to packet filter

Operates at transport layer

Remembers TCP connections, flag bits, etc.

Can even remember UDP packets (e.g., DNS requests)

Physical

Logic

Network

Transport

Application

Stateful Packet Filter


107

Advantages? Can do everything a packet filter can do

plus...

Keep track of ongoing connections (so prevents TCP ACK scan)

Disadvantages? Cannot see application data

Slower than packet filtering Physical

Logic

Network

Transport

Application



Application Proxy


108

A proxy is something that acts on your behalf

Application proxy looks at incoming application data

Verifies that data is safe before letting it in

Physical

Logic

Network

Transport

Application

Application Proxy


109

Advantages? Complete view of connections and

applications data

Filter bad data at application layer (viruses, Word macros)

Disadvantages? Speed

Physical

Logic

Network

Transport

Application



Deep Packet Inspection


110

Many buzzwords used for firewalls

One example: deep packet inspection

What could this mean?

Look into packets, but don’t really “process” the packets Effect like application proxy, but faster

Firewalls and Defense in Depth


111

Typical network security architecture

Internet

Intranet with additional

defense

Packet Filter

Application Proxy

DMZ FTP server

DNS server

Web server




Intrusion Detection Systems 112

Intruders


113

significant issue hostile/unwanted trespass from benign to serious

user trespass unauthorized logon, privilege abuse

software trespass virus, worm, or trojan horse

classes of intruders: masquerader, misfeasor, clandestine user



Examples of Intrusion


114

remote root compromise

web server defacement

guessing / cracking passwords

copying viewing sensitive data / databases

running a packet sniffer

distributing pirated software

using an unsecured modem to access net

impersonating a user to reset password

using an unattended workstation

Security Intrusion & Detection


115

Security Intrusion a security event, or combination of multiple

security events, that constitutes a security incident in which an intruder gains, or attempts to gain, access to a system (or system resource) without having authorization to do so.

Intrusion Detection a security service that monitors and analyzes

system events for the purpose of finding, and providing real-time or near real-time warning of attempts to access system resources in an unauthorized manner.



Intrusion Detection Systems


116

Intrusion detection approaches Signature-based IDS

Anomaly-based IDS

Intrusion detection architectures Host-based IDS

Network-based IDS

logical components: sensors - collect data

analyzers - determine if intrusion has occurred

user interface - manage / direct / view IDS

Host-Based IDS 117

Monitor activities on hosts for Known attacks

Suspicious behavior

Designed to detect attacks such as Buffer overflow

Escalation of privilege, …

Little or no view of network activities




Distributed Host-Based IDS


118

Network-Based IDS


119

Monitor activity on the network for… Known attacks

Suspicious network activity

Designed to detect attacks such as Denial of service

Network probes

Malformed packets, etc.

Some overlap with firewall

Little or no view of host-base attacks

Can have both host and network IDS



NIDS Sensor Deployment


120

IDS Principles


121

assume intruder behavior differs from legitimate users expect overlap as shown

observe deviations

from past history

problems of:

false positives

false negatives

must compromise




Internet security protocols 122

Protocol

Human protocols the rules followed in human interactions Example: Asking a question in class

Networking protocols rules followed in networked communication systems Examples: HTTP, FTP, etc.

Security protocol the (communication) rules followed in a security application Examples: SSL, IPSec, Kerberos, etc.


123



Secure Entry to NSA

1. Insert badge into reader

2. Enter PIN

3. Correct PIN? Yes? Enter

No? Get shot by security guard


124

ATM Machine Protocol

1. Insert ATM card

2. Enter PIN

3. Correct PIN? Yes? Conduct your transaction(s)

No? Machine (eventually) eats card

125




Identify Friend or Foe (IFF) 126

Namibia K

Angola

1. N

2. E(N,K) SAAF Impala

K

Russian MIG


MIG in the Middle 127

Namibia K

Angola

1. N

2. N

3. N

4. E(N,K)

5. E(N,K)

6. E(N,K)

SAAF Impala

K

Russian MiG




128

Authentication protocol

Inte

rne

t se

curi

ty

pro

toco

ls


Authentication

Alice must prove her identity to Bob Alice and Bob can be humans or computers

May also require Bob to prove he’s Bob (mutual authentication)

Probably need to establish a session key

May have other requirements, such as Use public keys

Use symmetric keys

Use hash functions

Anonymity, plausible deniability, etc., etc.


129



Authentication

Authentication on a stand-alone computer is relatively simple Hash password with salt, etc.

“Secure path,” attacks on authentication software, keystroke logging, etc., are issues

Authentication over a network is challenging Attacker can passively observe messages

Attacker can replay messages

Active attacks possible (insert, delete, change)


130

Simple Authentication

Simple and may be OK for standalone system

But insecure for networked system Subject to a replay attack (next 2 slides)

Also, Bob must know Alice’s password

Alice Bob

“I’m Alice”

Prove it

My password is “frank”

131




Authentication Attack 132

Alice Bob

“I’m Alice”

Prove it


Trudy


Authentication Attack 133

This is an example of a replay attack

How can we prevent a replay?

Bob

“I’m Alice”

Prove it


Trudy




Better Authentication 134

Better since it hides Alice’s password From both Bob and Trudy

But still subject to replay

Alice Bob

“I’m Alice”

Prove it

h(Alice’s password)


Challenge-Response 135

To prevent replay, use challenge-response Goal is to ensure “freshness”

Suppose Bob wants to authenticate Alice Challenge sent from Bob to Alice

Challenge is chosen so that Replay is not possible

Only Alice can provide the correct response

Bob can verify the response




Nonce 136

To ensure freshness, can employ a nonce Nonce == number used once

What to use for nonces? That is, what is the challenge?

What should Alice do with the nonce? That is, how to compute the response?

How can Bob verify the response?

Should we rely on passwords or keys?


Challenge-Response 137

Bob

“I’m Alice”

Nonce

h(Alice’s password, Nonce)

Nonce is the challenge

The hash is the response

Nonce prevents replay, ensures freshness

Password is something Alice knows

Bob must know Alice’s pwd to verify

Alice




Generic Challenge-Response 138

In practice, how to achieve this?

Hashed pwd works…

Encryption is better here (Why?)

Bob

“I’m Alice”

Nonce

Something that could only be

Alice from Alice (and Bob can verify)


Symmetric Key Notation 139

Encrypt plaintext P with key K

C = E(P,K)

Decrypt ciphertext C with key K

P = D(C,K)

Here, we are concerned with attacks on protocols, not attacks on crypto

So, we assume crypto algorithms secure




Authentication: Symmetric Key 140

Alice and Bob share symmetric key K

Key K known only to Alice and Bob

Authenticate by proving knowledge of shared symmetric key

How to accomplish this? Must not reveal key, must not allow replay (or other) attack,

must be verifiable, …


Authentication with Symmetric Key 141

Alice, K Bob, K

“I’m Alice”

E(R,K)

Secure method for Bob to authenticate Alice

Alice does not authenticate Bob

So, can we achieve mutual authentication?

R




Mutual Authentication? 142

What’s wrong with this picture?

“Alice” could be Trudy (or anybody else)!

Alice, K Bob, K

“I’m Alice”, R

E(R,K)

E(R,K)


Mutual Authentication 143

Since we have a secure one-way authentication protocol…

The obvious thing to do is to use the protocol twice Once for Bob to authenticate Alice

Once for Alice to authenticate Bob

This has got to work…





This provides mutual authentication…

…or does it? See the next slide

Alice, K Bob, K

“I’m Alice”, RA

RB, E(RA, K)

E(RB, K)


Mutual Authentication Attack 145

Bob, K

1. “I’m Alice”, RA

2. RB, E(RA, K)

Trudy

Bob, K

3. “I’m Alice”, RB

4. RC, E(RB, K)

Trudy





Our one-way authentication protocol is not secure for mutual authentication Protocols are subtle!

The “obvious” thing may not be secure

Also, if assumptions or environment change, protocol may not be secure This is a common source of security failure

For example, Internet protocols


Symmetric Key Mutual Authentication 147

Do these “insignificant” changes help?

Yes!

Alice, K Bob, K

“I’m Alice”, RA

RB, E(“Bob”,RA,K)

E(“Alice”,RB,K)




148

Protocols – SSL

Inte

rne

t se

curi

ty

pro

toco

ls


Secure Sockets Layer (SSL)

transport layer security service originally developed by Netscape

version 3 designed with public input

subsequently became Internet standard RFC2246: Transport Layer Security (TLS)

use TCP to provide a reliable end-to-end service

may be provided in underlying protocol suite

or embedded in specific packages


149



What is SSL?


150

SSL is the protocol used for majority of secure transactions on the Internet

For example, if you want to buy a book at amazon.com… You want to be sure you are dealing with Amazon

(authentication)

Your credit card information must be protected in transit (confidentiality and/or integrity)

As long as you have money, Amazon doesn’t really care who you are

So, no need for mutual authentication

SSL Protocol Stack


151

Physical

Logic

Network

Transport

Application

Socket “Layer”

User

OS

NIC



SSL Record Protocol Services

message integrity using a MAC with shared secret key

similar to HMAC but with different padding

confidentiality using symmetric encryption with a shared secret key defined

by Handshake Protocol

AES, IDEA, RC2-40, DES-40, DES, 3DES, Fortezza, RC4-40, RC4-128

message is compressed before encryption


152

Simple SSL-like Protocol

Is Alice sure she’s talking to Bob?

Is Bob sure he’s talking to Alice?

Alice Bob

I’d like to talk to you securely

Here’s my certificate

{K}Bob

protected HTTP



SSL Authentication

Alice authenticates Bob, not vice-versa How does client authenticate server?

Why would server not authenticate client?

Mutual authentication is possible: Bob sends certificate request in message 2 Then client must have a valid certificate

If server wants to authenticate client, server could instead require password

Alice

155

Protocols – IPsec

Inte

rne

t se

curi

ty

pro

toco

ls




IP Security

various application security mechanisms eg. S/MIME, PGP, Kerberos, SSL/HTTPS

security concerns cross protocol layers

hence would like security implemented by the network for all applications

authentication & encryption security features included in next-generation IPv6

also usable in existing IPv4


156

SSL vs IPSec

IPSec Lives at the network layer (part of the OS)

Encryption, integrity, authentication, etc.

Is overly complex (some security issues)

SSL (and IEEE standard known as TLS) Lives at socket layer (part of user space)

Encryption, integrity, authentication, etc.

Relatively simple and elegant specification



SSL vs IPSec

Part 3 Protocols

158

IPSec: OS must be aware, but not apps

SSL: Apps must be aware, but not OS

SSL built into Web early-on (Netscape)

IPSec often used in VPNs (secure tunnel)

Reluctance to retrofit applications for SSL

IPSec not widely deployed (complexity, etc.)

The bottom line…

Internet less secure than it should be!

Ipsec and SSL


159

IPsec lives at the network layer

IPsec is transparent to applications

Physical

Logic

Network

Transport

Application SSL

User

OS

NIC

IPsec



IPSec

general IP Security mechanisms

provides authentication

confidentiality

key management

applicable to use over LANs, across public & private WANs, & for the Internet


160

IPSec Uses


161



Two protocols

Authentication Header (AH) protocol provides source authentication & data integrity but not

confidentiality

Encapsulation Security Protocol (ESP) provides source authentication, data integrity, and

confidentiality

more widely used than AH

Comparison of IPsec Modes

Transport Mode

Tunnel Mode

IP header data

IP header ESP/AH data

IP header data

new IP hdr ESP/AH IP header data

Transport Mode

o Host-to-host

Tunnel Mode

o Firewall-to-firewall

Transport Mode not necessary…

…but it’s more efficient



IPsec Transport mode


164

IPsec datagram emitted and received by end-system.

Protects upper level protocols

Ipsec secured

IPsec Tunnel mode


165

End routers are IPsec aware. Hosts need not be

Ipsec secured

Plain IP Plain IP



Benefits of IPsec

in a firewall/router provides strong security to all traffic crossing the perimeter

in a firewall/router is resistant to bypass

is below transport layer, hence transparent to applications

can be transparent to end users

can provide security for individual users

secures routing architecture


166

167

Protocols – VPNs

Inte

rne

t se

curi

ty

pro

toco

ls




What are VPNs?


168

Provide a private network service using a shared (non-private) infrastructure

Shared infrastructure (eg. Internet)

Private network

site 2

Private network

site 1

Private network

Types of VPNs


169

Shared infrastructure (e.g. Internet)

Headquarters

Branch

Home user

Mobile user

Partner



VPN Types


170

Site-to-site Connectivity between sites

Intranet VPNs: sites of a single organization

Extranet VPNs: sites of different organizations (business partners)

Remote access Mobile or home based users access organization

Provisioned by: Provider: a network provider offers the interconnection service

User: the organization deploys/administers the VPN infrastructure

Technologies for site to site


171

IPsec Encryption/authentication

GRE – Generic Routing Encapsulation Limited/no Encryption/authentication

IP-in-IP No Encryption/authentication

Headquarters Branch



Technologies for Remote access


172

IPsec

SSL/TLS Clientless VPNs

PPTP – Point-to-Point Tunnelling Protocol Encryption/authentication

L2TP – Layer two Tunnelling Protocol Limited/no Encryption/authentication

Headquarters

Mobile user

173

Protocols – S/MIME

Inte

rne

t se

curi

ty

pro

toco

ls




S/MIME (Secure/Multipurpose Internet Mail Extensions)

security enhancement to MIME email original Internet RFC822 email was text only

MIME provided support for varying content types and multi-part messages

with encoding of binary data to textual form

S/MIME added security enhancements

have S/MIME support in many mail agents eg MS Outlook, Mozilla, Mac Mail etc


174

S/MIME Functions

enveloped data encrypted content and associated keys

signed data encoded message + signed digest

clear-signed data cleartext message + encoded signed digest

signed & enveloped data nesting of signed & encrypted entities


175



S/MIME Process


176


Others subjects 177



Phishing/Scamms

Fake email tries to lure victim to website

Website tries to steal details of credit cards, authentication to website

Usually website mimics a real website

Test your might From verisign

From sonicwall

From paypal

Examples of fraud from CGD


178

Malware


179

Virus Encrypted, polymorphic, metamorphic malware

Trojan

Worms

Botnets

https://www.phish-no-phish.com/

http://www.sonicwall.com/furl/phishing

https://www.paypal.com/cgi-bin/webscr?cmd=xpt/Marketing/securitycenter/antiphishing/AntiPhishingQuiz-outside

https://www.cgd.pt/Seguranca/Seguranca-Phishing/Pages/Fraude-Email-Links-Maliciosos.aspx



Bot nets


180

Picture from Microsoft press

Injections


181

SQL Injections

XSS – Cross-site scripting

CSRF – Cross-Site Request Forgery



Identity management


182

Shibboleth

Windows cardspace

OpenID

Medical Device attacks


183

Image from mymethodist.net

See http://www.secure-medicine.org/

http://upload.wikimedia.org/wikipedia/en/b/bc/Windows_CardSpace_icon.png

http://www.secure-medicine.org/








The end 184

References


185

[SecHISSantos] Santos, R.; Correia, M.E.; Antunes, L.; "Securing a Health Information System with a government issued digital identification card," Security Technology, 2008. ICCST 2008. 42nd Annual IEEE International Carnahan Conference on , pp.135-141, 13-16 Oct. 2008, doi: 10.1109/CCST.2008.4751292

[VPNsCisco] “What is a Virtual Private Network”, Chapter from “Comparing, Designing, and Deploying VPNs” by Mark Lewis, Cisco Press See also VPNC White Papers

http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=4751292

http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=4751292

http://ptgmedia.pearsoncmg.com/images/1587051796/samplechapter/1587051796content.pdf

http://www.vpnc.org/white-papers.html



Acronyms


186

ARP – Address Resolution Protocol AH – Authentication Header (IPsec) CAPTCHA – Completely Automated Public Turing test to

tell Computers and Humans Apart CIDR – Classless Inter Domain Routing DHCP – Dynamic Host Configuration Protocol DMZ – De Militarized Zone DoS – Denial of Service DDoS – Distributed DoS ESP – Encapsulation Security Protocol (IPsec) GRE – Generic Routing Encapsulation IDS – Intrusion Detection Systems

Acronyms


187

IPsec – Internet Protocol security

L2TP – Layer two tunnelling protocol

MLS – MultiLevel Security

Nonce – Number Once

OCR – Optical Character Recognition

PPTP – Point-to-Point Tunneling Protocol

PotUS – President of the US

SSO – Single Sign On

S/MIME – Secure/Multipurpose Internet Mail Extensions

VPN – Virtual Private Network

Segurança Informática - FCUPpbrandao/aulas/1112/TeleSaude/slides/aula-SegInf... · Segurança...

Documents

Transcript of Segurança Informática - FCUPpbrandao/aulas/1112/TeleSaude/slides/aula-SegInf... · Segurança...