Security in Communication Networks
Transcrição
Security in Communication Networks
Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme Security in Communication Networks Lehrstuhl für Informatik 4 RWTH Aachen Prof. Dr. Otto Spaniol Dr. rer. nat. Dirk Thißen Chapter 1: Introduction Page 1 Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme Organization Lecture • Lecture takes place on Thursday, 13:15 – 14:45 Exercises • • • • • Fortnightly Exercise is given on Monday, 16:45 – 18:15 Frontal exercise Exact dates depend upon the lecture dates Exercise sheets are provided on the web page two weeks before an exercise date Chapter 1: Introduction Planned exercise dates: 23.4. 7.5. 4.6. 25.6. 9.7. Page 2 Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme Organization Slide Copies • Copies to the lecture slides as well as exercise sheets are placed on the web page to the lecture: http://www-i4.informatik.rwth-aachen.de/content/teaching/lectures/sub/sikon/sikonSS07/index.html Written Exam At the end of summer term Contact Information for questions regarding lecture/exercises Prof. Dr. Otto Spaniol, Dr. Dirk Thißen Lehrstuhl für Informatik 4, RWTH Aachen Ahornstraße 55, 52074 Aachen Phone: 0241 / 80 – 21400/21450 eMail: {spaniol, thissen}@informatik.rwth-aachen.de Chapter 1: Introduction Page 3 Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme Literature • Kaufman, Charlie; Perlman, Radia; Speciner, Mike: Network Security – Private Communication in a Public World. Prentice-Hall, 2002 • Schneier, Bruce: Applied Cryptography - Protocols, Algorithms, and Source Code in C. John Wiley & Sons, 1996 • Mao, Wenbo: Modern Cryptography. Prentice Hall, 2004 • Spaniol, Otto; Güneş, Mesut: Skript zur Vorlesung “Sicherheit in Kommunikationsnetzen”. Mainz-Verlag, 2000 Chapter 1: Introduction Page 4 Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme Evolution of the Internet • “Necessity is the mother of invention, and computer networks are the mother of modern cryptography“ - R. L. Rivest • The Story of the Internet: During the latter half of the 1980's ARPANET moved from the research domain into a transcontinental reality In November 1988 the "Internet worm" brought the ARPANET to its knees Since then an almost continuous stream of security-related incidents has affected thousands of computer systems and networks throughout the world (see for more information http://www.cert.org) By 2005, the Internet had grown from 60,000 host computer systems to over 350 million Many companies and private users now rely on the Internet for their daily business and private communication (sharing financial, business, or personal information) Attacks: illegal gain of information, unrecognized change of information, disturbance of the functionality (Confidentiality, Integrity, Availability) Chapter 1: Introduction Page 5 Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme Attacks on Computer • Stand-alone computer system (UNIX operating system): Only legitimate user with physical access to the computer system is able to log in by providing name and password Attacker must have physical access and the login information • Networked computer (UNIX operating system): System makes available some basic network services: • telnetd: remote terminal access service, provided at port 23 • sendmail: electronic mail service, provided at port 25 • httpd: WWW, provided at port 80 • nsfd: network file service, provided at port 2049 Attacker does not need physical access Attacker can use any TCP/IP service offered by the system Chapter 1: Introduction Page 6 Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme Attacks on Computer • Only an attacker who is able to physically access or connect to a computer system can attack it → By adding more network connections, more vulnerabilities are added automatically • A networked computer system runs software that is inherently more complex and error prone → An attacker must know and be able to exploit just one single bug (administrator or security expert must know and fix each bug) Security Goal: protect networked computers by separating a company network from the Internet (e.g. by a Firewall) Chapter 1: Introduction Page 7 Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme Attacks on Communication Processes Passive Attack: • Passive wiretapping attack: the attacker is able to interpret the data and to extract information • Traffic analysis attack: attacker can observe who communicates with whom (e.g. two companies begin to exchange a large number of messages and combines them) • Available programs: etherfind, tcpdump, ... Active Attack: • Modify, extend, delete, and replay data units • Influence or modify routing tables • Denial of service attack (flood a server) ork w t Ne Alice Router attacker Chapter 1: Introduction Page 8 Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme Security in Communication Processes Confidentiality • Message contents should be kept confidential; i.e., only the communication partners may see it • Sender and/or receiver of messages should remain anonymous, and third parties (including the network operators) should be unable to observe their communication • Neither potential communication partners nor third parties (including the network operators) should be able to locate mobile stations Integrity • Forging message contents (including sender’s address) should be detected • The recipient of a message should be able to prove that a particular message has been sent, and if that the addressee has received the message • Nobody can cheat the network operators in terms of usage fees. On the other hand, the network operators can only charge fees for correctly delivered services Availability • The communication network enables communication between all parties who wish to communicate and who are allowed to do so Chapter 1: Introduction Page 9 Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme Security Techniques • Known techniques for Confidentiality: Data encryption, anonymity techniques Integrity: Data encryption, digital signatures, access control and authentication Availability: Fault-tolerant systems, access control, firewall, intrusion detection • Important term: Cryptography Secrecy • Steganography: Hide message, e.g. in a picture • Encryption: enc_algorithm: (plaintext, key) → ciphertext Authentication • Identification, entity authentication: Who is currently on the other end of this connection? • Message authentication: Who created this message? • Digital Signature: Convince a third party about who created this message. Chapter 1: Introduction Page 10 Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme Requirement: Trusted Domains Nearly no security technique is perfect: you mostly need to trust somebody: • Protection against every possible attacker is impossible • Before the design of a protection technique it is necessary to identify trusted domains • A trusted domain comprises systems or parts of systems (e.g. security module) • No attackers are assumed within a trusted domain (restriction of the attacker) • A trusted domain is always related to a single user or group of users Trusted Domain Trusted Domain Source Protection technique Chapter 1: Introduction Untrusted Area Destination Protection technique Page 11 Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme Shared-key Encryption Scheme • • • • One-time pad, DES, IDEA etc. Can handle data volumes of several Gigabyte/s, but security is questionable Key sizes of 56-128 bit Key distribution: secret channel needs a key distribution center or public-key scheme random secur. param. m or „error“ Trusted Domain Key generator k Secret Channel k k Decryption algorithm enc(k, m) Encryption algorithm m m = message, k = key Chapter 1: Introduction Page 12 Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme Shared-key Authentication Scheme • Message authentication codes • Specific constructions, or based on block ciphers or keyed hash functions • Limitation: third party cannot check authenticity random secur. param. m Trusted Domain Key generator k Secret Channel k k Auth. algorithm m, auth(k, m) Test algorithm “ok” or “error” m = message, k = key Chapter 1: Introduction Page 13 Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme Cryptographic Hash Functions • Hash Function H: variable length in easy fixed length out (≥128 bit) H • One-way: easy to compute infeasible infeasible to invert • Collision resistant • Practical hash functions: SHA, MD5, etc. • Cryptographic primitive H: collision-resistant one-way hash-function fixed H: H(x) “simulates” a random oracle variable H: Keyed hash functions, family of hash functions Chapter 1: Introduction ≠ Page 14 Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme Public-key Encryption Scheme • • • • RSA, Diffie-Hellman/El Gamal About 10 times slower than symmetric schemes “Key size” of 512-2048 bit for RSA Typically used to exchange a shared key for a symmetric scheme random secur. param. m or „error“ Trusted Domain Key generator Trusted Domain pk Authenticated Channel pk sk Decryption algorithm enc(pk, m) Encryption algorithm m m = message, sk = secret key, pk = public key Chapter 1: Introduction Page 15 Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme Digital Signature Scheme • Digital Signature: A hash value (collision-resistant) of a message is encrypted with the secret key of a public-key encryption scheme. • RSA, El Gamal, etc. • Asymmetry allows third party to check authenticity (since public key is known to all). random secur. param. m Trusted Domain Key generator Trusted Domain pk Authenticated Channel pk sk Signature algorithm m, sign(sk, H(m)) Test algorithm “ok” or „error“ m = message, sk = secret key, pk = public key, H = hash function Chapter 1: Introduction Page 16 Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme Access Control •In general: authentication refers to the process of verifying the claimed identity of a principal •User → Computer Knows (proof of knowledge) Possesses (proof of possession) Biometric characteristics (proof by property) •User → System (via network) Password-Based (Name A, Password B) Address-Based (Name A, Address B) Cryptographic: Name: A Challenge: X Response: Y=f(X) Chapter 1: Introduction Page 17 Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme Security in Layered Protocols • There are always alternative ways to provide a (security) service Higher layers are more application dependent and technology independent End-to-end security is easier provided at higher layers; link (point-to-point) security at lower layers Higher layers are more likely implemented in software; lower layers in hardware Higher layer encryption cannot protect lower layer headers; lower layer encryption may have to trust intermediate nodes • Security services may need to be provided at more than one layer Application PGP, PEM, ... Application Transport SSH, SSL, ... Transport IP AH, ESP IP PGP = Pretty Good Privacy, PEM = Privacy Enhanced Mail, SSH = Secure Shell, SSL= Secure Socket Layer, AH = Authentication Header, ESP = Encapsulating Security Payload Chapter 1: Introduction Page 18 Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme Anonymity • Multi-party protocol: collectively use of cryptographic protocols • The sender and/or the recipient of a communication can remain anonymous • Nobody (not even the network operator) can trace communication relations Untraceability Alice Bob Unobservable by Outsiders Chapter 1: Introduction Page 19 Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme Protection of Networks: Firewall • A firewall represents a barrier between a privately owned and protected network and another network (e.g. the Internet) • Purpose: prevent unwanted and unauthorized communication into or out of the protected network • Assume: Firewall is a trusted domain Internet Intranet Firewall Chapter 1: Introduction Accessibility Security Page 20 Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme Protection of Networks: Intrusion Detection System (IDS) • IDS is a “burglar alarm for computers and networks” • Functional components An analysis engine that finds signs of intrusion A response component that generates reactions based on the outcome of the analysis engine • Analysis engine: Offline: analysis of stored log data Online: “on the fly analysis” of observed data • Response capabilities after analysis: Alarm Deny operation • Attack Recognition: learning of attack patterns or usual habit of users → Privacy problem Chapter 1: Introduction Page 21 Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme Content Chapter 2: Security Techniques Background • Secret Key Cryptography • Public Key Cryptography • Hash Functions • Authentication Chapter 3: Security on Network and Transport Layer • e.g. IPsec, SSL, TLS, … Chapter 4: Security on the Application Layer • e.g. Kerberos, PGP Chapter 5: Security Concepts for Networks • e.g. Firewalls, Intrusion Detection Chapter 1: Introduction Page 22