Security in Communication Networks

Transcrição

Lehrstuhl für Informatik 4
Kommunikation und verteilte Systeme
Security in
Communication Networks
RWTH Aachen
Prof. Dr. Otto Spaniol
Dr. rer. nat. Dirk Thißen
Chapter 1: Introduction
Page 1
Organization
Lecture
• Lecture takes place on Thursday, 13:15 – 14:45
Exercises
•
•
•
•
•
Fortnightly
Exercise is given on Monday, 16:45 – 18:15
Frontal exercise
Exact dates depend upon the lecture dates
Exercise sheets are provided on the web
page two weeks before an exercise date
Planned exercise dates:
23.4.
7.5.
4.6.
25.6.
9.7.
Page 2
Organization
Slide Copies
• Copies to the lecture slides as well as exercise sheets are placed on the web page to
the lecture:
http://www-i4.informatik.rwth-aachen.de/content/teaching/lectures/sub/sikon/sikonSS07/index.html
Written Exam
At the end of summer term
Contact Information for questions regarding lecture/exercises
Prof. Dr. Otto Spaniol, Dr. Dirk Thißen
Lehrstuhl für Informatik 4, RWTH Aachen
Ahornstraße 55, 52074 Aachen
Phone: 0241 / 80 – 21400/21450
eMail: {spaniol, thissen}@informatik.rwth-aachen.de
Page 3
Literature
• Kaufman, Charlie; Perlman, Radia; Speciner, Mike: Network Security – Private
Communication in a Public World. Prentice-Hall, 2002
• Schneier, Bruce: Applied Cryptography - Protocols, Algorithms, and Source Code in
C. John Wiley & Sons, 1996
• Mao, Wenbo: Modern Cryptography. Prentice Hall, 2004
• Spaniol, Otto; Güneş, Mesut: Skript zur Vorlesung “Sicherheit in
Kommunikationsnetzen”. Mainz-Verlag, 2000
Page 4
Evolution of the Internet
• “Necessity is the mother of invention, and computer networks are the mother of modern
cryptography“ - R. L. Rivest
• The Story of the Internet:
During the latter half of the 1980's ARPANET moved from the research domain into a
transcontinental reality
In November 1988 the "Internet worm" brought the ARPANET to its knees
Since then an almost continuous stream of security-related incidents has affected
thousands of computer systems and networks throughout the world (see for more
information http://www.cert.org)
By 2005, the Internet had grown from 60,000 host computer systems to over 350
million
Many companies and private users now rely on the Internet for their daily business
and private communication (sharing financial, business, or personal information)
Attacks: illegal gain of information, unrecognized change of information, disturbance
of the functionality (Confidentiality, Integrity, Availability)
Page 5
Attacks on Computer
• Stand-alone computer system (UNIX operating system):
Only legitimate user with physical access to the computer system is able to log
in by providing name and password
Attacker must have physical access and the login information
• Networked computer (UNIX operating system):
System makes available some basic network services:
• telnetd: remote terminal access service, provided at port 23
• sendmail: electronic mail service, provided at port 25
• httpd: WWW, provided at port 80
• nsfd: network file service, provided at port 2049
Attacker does not need physical access
Attacker can use any TCP/IP service offered by the system
Page 6
Attacks on Computer
• Only an attacker who is able to physically access or connect to a computer
system can attack it
→ By adding more network connections, more vulnerabilities are added
automatically
• A networked computer system runs software that is inherently more complex and
error prone
→ An attacker must know and be able to exploit just one single bug (administrator
or security expert must know and fix each bug)
Security Goal: protect networked computers by separating a company network from
the Internet (e.g. by a Firewall)
Page 7
Attacks on Communication Processes
Passive Attack:
• Passive wiretapping attack: the attacker is able to interpret the data and to extract
information
• Traffic analysis attack: attacker can observe who communicates with whom (e.g. two
companies begin to exchange a large number of messages and combines them)
• Available programs: etherfind, tcpdump, ...
Active Attack:
• Modify, extend, delete, and replay data units
• Influence or modify routing tables
• Denial of service attack (flood a server)
ork
w
t
Ne
Alice
Router
attacker
Page 8
Security in Communication Processes
Confidentiality
• Message contents should be kept confidential; i.e., only the communication partners may
see it
• Sender and/or receiver of messages should remain anonymous, and third parties
(including the network operators) should be unable to observe their communication
• Neither potential communication partners nor third parties (including the network
operators) should be able to locate mobile stations
Integrity
• Forging message contents (including sender’s address) should be detected
• The recipient of a message should be able to prove that a particular message has been
sent, and if that the addressee has received the message
• Nobody can cheat the network operators in terms of usage fees. On the other hand, the
network operators can only charge fees for correctly delivered services
Availability
• The communication network enables communication between all parties who wish to
communicate and who are allowed to do so
Page 9
Security Techniques
• Known techniques for
Confidentiality: Data encryption, anonymity techniques
Integrity: Data encryption, digital signatures, access control and authentication
Availability: Fault-tolerant systems, access control, firewall, intrusion detection
• Important term: Cryptography
Secrecy
• Steganography: Hide message, e.g. in a picture
• Encryption: enc_algorithm: (plaintext, key) → ciphertext
Authentication
• Identification, entity authentication: Who is currently on the other end of
this connection?
• Message authentication: Who created this message?
• Digital Signature: Convince a third party about who created this message.
Page 10
Requirement: Trusted Domains
Nearly no security technique is perfect: you mostly need to trust somebody:
• Protection against every possible attacker is impossible
• Before the design of a protection technique it is necessary to identify trusted domains
• A trusted domain comprises systems or parts of systems (e.g. security module)
• No attackers are assumed within a trusted domain (restriction of the attacker)
• A trusted domain is always related to a single user or group of users
Trusted Domain
Trusted Domain
Source
Protection technique
Untrusted Area
Destination
Protection technique
Page 11
Shared-key Encryption Scheme
•
•
•
•
One-time pad, DES, IDEA etc.
Can handle data volumes of several Gigabyte/s, but security is questionable
Key sizes of 56-128 bit
Key distribution: secret channel needs a key distribution center or public-key scheme
random
secur. param.
m
or
„error“
Trusted Domain
Key
generator
k
Secret Channel
k
k
Decryption
algorithm
enc(k, m)
Encryption
algorithm
m
m = message, k = key
Page 12
Shared-key Authentication Scheme
• Message authentication codes
• Specific constructions, or based on block ciphers or keyed hash functions
• Limitation: third party cannot check authenticity
random
secur. param.
m
Trusted Domain
Key
generator
k
Secret Channel
k
k
Auth.
algorithm
m, auth(k, m)
Test
algorithm
“ok”
or
“error”
m = message, k = key
Page 13
Cryptographic Hash Functions
• Hash Function H:
variable length in
easy
fixed length out (≥128 bit)
H
• One-way:
easy to compute
infeasible
infeasible to invert
• Collision resistant
• Practical hash functions:
SHA, MD5, etc.
• Cryptographic primitive
H: collision-resistant one-way hash-function
fixed H: H(x) “simulates” a random oracle
variable H: Keyed hash functions, family of hash functions
≠
Page 14
Public-key Encryption Scheme
•
•
•
•
RSA, Diffie-Hellman/El Gamal
About 10 times slower than symmetric schemes
“Key size” of 512-2048 bit for RSA
Typically used to exchange a shared key for a symmetric scheme
random
secur. param.
m
or
„error“
Trusted Domain
Key
generator
Trusted Domain
pk
Authenticated Channel
pk
sk
Decryption
algorithm
enc(pk, m)
Encryption
algorithm
m
m = message, sk = secret key, pk = public key
Page 15
Digital Signature Scheme
• Digital Signature: A hash value (collision-resistant) of a message is encrypted with the
secret key of a public-key encryption scheme.
• RSA, El Gamal, etc.
• Asymmetry allows third party to check authenticity (since public key is known to all).
random
secur. param.
m
Trusted Domain
Key
generator
Trusted Domain
pk
Authenticated Channel
pk
sk
Signature
algorithm
m, sign(sk, H(m))
Test
algorithm
“ok”
or
„error“
m = message, sk = secret key, pk = public key, H = hash function
Page 16
Access Control
•In general: authentication refers to the process of verifying the claimed identity of a
principal
•User → Computer
Knows (proof of knowledge)
Possesses (proof of possession)
Biometric characteristics (proof by property)
•User → System (via network)
Password-Based (Name A, Password B)
Address-Based (Name A, Address B)
Cryptographic:
Name: A
Challenge: X
Response: Y=f(X)
Page 17
Security in Layered Protocols
• There are always alternative ways to provide a (security) service
Higher layers are more application dependent and technology independent
End-to-end security is easier provided at higher layers; link (point-to-point) security
at lower layers
Higher layers are more likely implemented in software; lower layers in hardware
Higher layer encryption cannot protect lower layer headers; lower layer encryption
may have to trust intermediate nodes
• Security services may need to be provided at more than one layer
Application
PGP, PEM, ...
Application
Transport
SSH, SSL, ...
Transport
IP
AH, ESP
IP
PGP = Pretty Good Privacy, PEM = Privacy Enhanced Mail, SSH = Secure Shell, SSL=
Secure Socket Layer, AH = Authentication Header, ESP = Encapsulating Security Payload
Page 18
Anonymity
• Multi-party protocol: collectively use of
cryptographic protocols
• The sender and/or the recipient of a
communication can remain anonymous
• Nobody (not even the network operator) can trace
communication relations
Untraceability
Alice
Bob
Unobservable by Outsiders
Page 19
Protection of Networks: Firewall
• A firewall represents a barrier between a privately owned and protected network and
another network (e.g. the Internet)
• Purpose: prevent unwanted and unauthorized communication into or out of the
protected network
• Assume: Firewall is a trusted domain
Internet
Intranet
Firewall
Accessibility Security
Page 20
Protection of Networks: Intrusion Detection
System (IDS)
• IDS is a “burglar alarm for computers and networks”
• Functional components
An analysis engine that finds signs of intrusion
A response component that generates reactions based on the outcome of the
analysis engine
• Analysis engine:
Offline: analysis of stored log data
Online: “on the fly analysis” of observed data
• Response capabilities after analysis:
Alarm
Deny operation
• Attack Recognition: learning of attack patterns or usual habit of users
→ Privacy problem
Page 21
Content
Chapter 2: Security Techniques Background
• Secret Key Cryptography
• Public Key Cryptography
• Hash Functions
• Authentication
Chapter 3: Security on Network and Transport Layer
• e.g. IPsec, SSL, TLS, …
Chapter 4: Security on the Application Layer
• e.g. Kerberos, PGP
Chapter 5: Security Concepts for Networks
• e.g. Firewalls, Intrusion Detection
Page 22

Security in Communication Networks

Transcrição

Documentos relacionados

Naming vs. Locating Entities Simple Solution for a

Layer 1 – Physical Layer Transmission Media Twisted Pair

Application Example: WWW Communication in the WWW WWW

Wireless Broadband Networks 802.16

Mobile Communications

Mobile Communications

Chapter 2 - Informatik 4

History of Optical Disks Basic Technology Basic

THE CITY OF YOKOHAMA

Limitations of Object-Based Middleware Components