CSC 401

Data and Computer Communications

Networks
Security

Dr. Lina Battestilli

Outline
What is network security?
Examples of Network Attacks
Security Principles
Cryptography
Message integrity, authentication
Securing e-mail
Securing TCP connections: SSL
Network layer security: IPsec
Securing wireless LANs
Operational security: firewalls and IDS
9

NCSU CSC Security Courses

CSC474 Network Security

CSC 405 Introduction to Computer Security

CSC 495 ( Special Topics )
Software Security
Comp Sci - Cryptography

10

Friends and enemies

Bob, Alice want to communicate securely
Trudy (intruder) may intercept, delete, add messages
Alice

Bob
channel

data

data, control
messages

secure
sender

secure
receiver

data

Trudy

Web browser/server for electronic transactions

on-line banking client/server
DNS servers
routers exchanging routing table updates,
etc

11

How can communication be comprised?

1. Evesdrop Passively sniff and record network data
(or metadata). For example:
Passively tap an electrical or optical
Listen to WiFi (e.g. Wireshark)
Compromise a router to duplicate/forward data
2. Impersonation can fake(spoof) information in packets
3. Hijack, Modify, delete, insert Actively tamper with
data by
Changing contents of packets
Redirect packets to another server
Take over control of end-host
4. Prevent communication denial of service
12

Common Types of Layer 2 Attacks

Eavesdropping with interface in promiscuous
mode
Easy in Wi-Fi or early Ethernet networks

Force packets to be broadcasted

Prevent Ethernet switches from learning, forcing
it to broadcast packets then eavesdrop!

Masquerade as DHCP or ARP server

Redirect packets to different end-hosts

13

MAC Overflow Attack

MAC Addr

If

router

S1

Internet

S2
S3

14

DHCP & DNS Masquerade

Rogue
DNS
Server

DHCP Request
DHCP Response

DHCP
Server
Internet
router
Rogue
DHCP
Server

15

ARP Spoofing
ARP Request
ARP Response

ARP
Server
Internet
router
Rogue
ARP
Server

16

Layer 3 Attacks Examples

Use ICMP to tell source end-host to redirect traffic

Send ICMP redirect messages to source host

BGP hijacking

ISP advertises prefixes belonging to someone else, capturing

their traffic
ISP advertises invalid ISP path, creating black hole
Requires masquerading as ISP or taking over BGP TCP session

Advertising More specific prefix

Insert more specific prefix to divert a portion of an address

space
Requires masquerading as ISP or taking over BGP TCP session
17

ICMP Redirect
ICMP Redirect:
Prefix A via Router 2

IP Prefix

Next Hop

Prefix A

Router 2

Internet
Router 1
(Default)
Prefix A
Router 2

Private
Intranet

Router 3

18

ICMP Redirect Attack

Internet
Router 1
(Default)
Prefix A
Router 2

Private
Intranet

Router 3

ICMP Redirect:
Prefix A via Attackers IP
Attacker can
prevent communication
create a man-in-the-middle attack
19

BGP Attacks
Security vulnerabilities in BGP
An AS can advertise IP addresses it does NOT own
An AS can not verify that the AsPath is correct
ISPs exchange BGP messages over regular TCP sessions.
Examples:
2008 Pakistan Telecom
Tried to block YouTube
Inadvertently propagated false BGP Advertisements
2004: Turkish ISP TTNet
Advertised best path via Turkey to everywhere
Almost entire Internet inoperational for several hours
2003: DataOne in Malaysia
Hijacked two of Yahoos Santa Clara prefixies
Believed to be malicious
2003: Spammers hijack Northrop Grumman
Hijacked block of unused IP addresses
Used it to sent spam
20

Denial of Service Attacks

Overload a server or network with too many packets -- availability

Distributed DoS (DDos) particularly effective

Motivation : Extortion, revenge, bragging rights
Can be done at: Link, Network, Transport, Application Layer
Some types of DoS Attacks
Jam a wireless network at PHY layer
Exploit NAV in 802.11
Flood Ping
EDNS Attack
SMURF Attack pings broadcast address from victims IP
SYN-bomb attack
IP fragment flooding
21

What we need from Network Security?

Secrecy/Confidentiality: only sender, intended receiver should
understand message contents

sender encrypts message

receiver decrypts message

authentication: sender, receiver want to confirm identity of

each other

message integrity: sender, receiver want to ensure message

not altered (in transit, or afterwards) without detection

access and availability: services must be accessible and

available to users
22

So what can we do?

Communicate securely despite insecure

networks -- > cryptography
Secure small parts of network despite
insecurity of wider network
Design systems to scale well in response to
attacks scalable system design
23

Outline
What is network security?
Examples of Network Attacks
Security Principles
Cryptography
Message integrity, authentication
Securing e-mail
Securing TCP connections: SSL
Network layer security: IPsec
Securing wireless LANs
Operational security: firewalls and IDS
24

The language of cryptography

Alices
K encryption
A
key
plaintext
m

encryption
algorithm

KA(m)

ciphertext

Bobs
K decryption
Bkey
decryption plaintext
algorithm

m = KB(KA(m))

Trudy

m plaintext message
KA(m) ciphertext, encrypted with key KA
m = KB(KA(m))
25

Breaking an Encryption Scheme

cipher-text ONLY attack:
Trudy has ciphertext to
analyze
two approaches:
brute force: search
through all keys
statistical analysis

known-plaintext attack:
Trudy has plaintext
corresponding to ciphertext
e.g., in monoalphabetic
cipher, Trudy determines
pairings for a,l,i,c,e,b,o,

chosen-plaintext attack:
Trudy can get ciphertext for
chosen plaintext

26

Symmetric key cryptography

KS

KS
plaintext
message, m

encryption
algorithm

ciphertext
K

(m)

decryption plaintext
algorithm
m = KS(KS(m))

symmetric key crypto: Bob and Alice share same (symmetric) key: K
DES: Data Encryption Standard (1993)
56-bit-key-encrypted phrase decrypted (brute force) in less than a day

3DES, encrypt 3 times with 3 diff keys

AES: Advanced Encryption Standard (2001)

processes data in 128 bit blocks
128, 192, or 256 bit keys
brute force decryption (try each key) taking 1 sec on DES, takes 149 trillion years for AES
27

Public Key Cryptography

symmetric key crypto
requires sender, receiver
know shared secret key
Q: how to agree on key in
first place (particularly if
never met)?

public key crypto

radically different
approach [DiffieHellman76, RSA78]
sender, receiver do not
share secret key
public encryption key
known to all
private decryption key
known only to receiver

28

Public Key Cryptography

+ Bobs public
B key

e.g. RSA

plaintext
message, m

encryption
algorithm

Computationally expensive
Inefficient, particularly for long
messages.
DES much faster than RSA
100 times faster in software
1000-10000 in hardware

ciphertext
+
B

K (m)

- Bobs private
B key

decryption
algorithm

plaintext
message
-

+
B

m = KB (K (m))

In Practice Session Key

use public key crypto to establish secure
connection, then establish second key
symmetric session key for encrypting data
Bob and Alice use RSA to exchange a
symmetric session key KS
once both have KS, they use symmetric key
cryptography

29

Outline
What is network security?
Examples of Network Attacks
Security Principles
Cryptography
Message integrity, authentication
Securing e-mail
Securing TCP connections: SSL
Network layer security: IPsec
Securing wireless LANs
Operational security: firewalls and IDS
30

Authentication
Goal: Bob wants Alice to prove her identity to him
Protocol ap1.0: Alice says I am Alice
Alice

Bob

I am Alice
Trudy

in a network,
Bob can NOT see
Alice, so Trudy simply
declares
to be Alice

31

Authentication: another try

Protocol ap2.0: Alice says I am Alice in an IP packet
containing her source IP address

Alices
IP address I am Alice

Failure scenario??

Trudy

32

Authentication: another try

Protocol ap2.0: Alice says I am Alice in an IP packet
containing her source IP address

Trudy can create

a packet
spoofing
Alices address
Alices
IP address I am Alice

Trudy

33

Authentication: another try

Protocol ap3.0: Alice says I am Alice and sends her
secret password to prove it.

Alices Alices
Im Alice
IP addr password
Alices
IP addr

OK

Failure scenario??

Trudy

34

Authentication: another try

Protocol ap3.0: Alice says I am Alice and sends her
secret password to prove it.

Alices Alices
Im Alice
IP addr password
Alices
IP addr

OK

playback attack: Trudy

records Alices packet
and later
plays it back to Bob

Alices Alices
Im Alice
IP addr password

35

Authentication: yet another try

Protocol ap3.1: Alice says I am Alice and sends her
encrypted secret password to prove it.

Alices encrypted
Im Alice
IP addr password
Alices
IP addr

OK

Failure scenario??

36

Authentication: yet another try

Protocol ap3.1: Alice says I am Alice and sends her
encrypted secret password to prove it.

Alices encrypted
Im Alice
IP addr password
Alices
IP addr

OK

record
and
playback
still works!

Alices encrypted
Im Alice
IP addr password

37

Authentication: yet another try

Goal: avoid playback attack
nonce: number (R) used only once-in-a-lifetime
ap4.0: to prove Alice live, Bob sends Alice nonce, R. Alice
must return R, encrypted with shared secret key
I am Alice
R
KA-B(R)

Alice is live, and

only Alice knows
key to encrypt
nonce, so it must
be Alice!
38

Outline
What is network security?
Examples of Network Attacks
Security Principles
Cryptography
Message integrity, authentication
Securing e-mail
Securing TCP connections: SSL
Network layer security: IPsec
Securing wireless LANs
Operational security: firewalls and IDS
39

Digital signatures
cryptographic technique analogous to handwritten signatures:
sender (Bob) digitally signs document, establishing he
is document owner/creator.
verifiable, nonforgeable: recipient (Alice) can prove to
someone that Bob, and no one else (including Alice),
must have signed document

Secrecy is not enough!!!

40

Two Integrity Examples

Cryptographic hashes
Way to verify that data has not been modified
Requires no secrets: anyone can generate one
Useful in data storage

Message authentication codes (MACs)

Way to verify that data has not been modified
Also verifies generator has secret key: authenticity
Useful in networks

41

Digital signatures
simple digital signature for message m:

Bob signs m by encrypting with his private key KB-,

creating signed message, KB-(m)
Bobs message, m
Dear Alice
Oh, how I have missed
you. (blah blah blah)

- Bobs private
KB
key

Public key
encryption
algorithm

Bob

m,K B(m)
Bobs message,
m, signed
(encrypted) with
his private key

Alice thus verifies that:

Bob signed m
no one else signed m
Bob signed m and not m

non-repudiation:

Alice can take m, and signature KB(m) to court and prove that
Bob signed m

42

Message digests
computationally expensive to public-key-encrypt long messages
goal: fixed-length, easy- to-compute digital fingerprint

apply hash function H to m, get fixed size message digest, H(m).

large
message
m

H: Hash
Function

H(m)

Hash function properties:

many-to-1
produces fixed-size msg digest
(fingerprint)
given message digest x,
computationally infeasible to find m
such that x = H(m)

43

Digital signature = signed message digest

Bob sends digitally signed
message:
large
message
m

H: Hash
function

Bobs
private
key

KB

Alice verifies signature, integrity

of digitally signed message:

digital
signature
(encrypt)

encrypted
msg digest

encrypted
msg digest

H(m)

KB(H(m))

large
message
m
H: Hash
function

KB(H(m))

Bobs
public
key

KB

digital
signature
(decrypt)

H(m)

H(m)

equal
?
44

Hash function algorithms

MD5 hash function widely used (RFC 1321)
computes 128-bit message digest in 4-step
process.
arbitrary 128-bit string x, appears difficult to
construct msg m whose MD5 hash is equal to x

SHA-2 (SHA-512)
Historically SHA-I was most popular but now
nearly broken
Oct 2012, Keccak algo chosen by NIST for SHA-3
45

Public-key Certification
Motivation: Trudy plays pizza prank on Bob
Trudy creates e-mail order:
Dear Pizza Store, Please deliver to me four pepperoni pizzas.Thank
you, Bob
Trudy signs order with her private key
Trudy sends order to Pizza Store
Trudy sends to Pizza Store her public key, but says its Bobs
public key
Pizza Store verifies signature; then delivers four pepperoni
pizzas to Bob
Bob doesnt even like pepperoni!
Q: But how do we know what the right public key is?
46

Certification Authorities
Certification Authority (CA): binds public key to
particular entity, E.
E (person, router) registers its public key with CA.
E provides proof of identity to CA.
CA creates certificate binding E to its public key.
certificate containing Es public key digitally signed by CA CA
says this is Es public key
Bobs
public
key

Bobs
identifying
information

KB

digital
signature
(encrypt)
CA
private
key

CA

KB
certificate for
Bobs public key,
signed by CA
47

Certification Authorities
When Alice wants Bobs public key:
gets Bobs certificate (Bob or elsewhere).
apply CAs public key to Bobs certificate, get Bobs public key

+
KB

digital
signature
(decrypt)
CA
public
key

Bobs
public
+
K B key

K+
CA

48

Outline
What is network security?
Examples of Network Attacks
Security Principles
Cryptography
Message integrity, authentication
Securing e-mail
Securing TCP connections: SSL
Network layer security: IPsec
Securing wireless LANs
Operational security: firewalls and IDS
49

Secure e-mail
Alice wants to send confidential e-mail, m, to Bob.
KS

K ( .)
S

+
KS

KS(m )

KS(m )

KB( )
K+
B

Internet

KB(KS )

Alice:
generates random symmetric private key, KS
encrypts message with KS (for efficiency)
also encrypts KS with Bobs public key
sends both KS(m) and KB(KS) to Bob

KS( )

KB(KS )

KS
-

KB( )
K-B

Bob:
uses his private key to decrypt
and recover KS
uses KS to decrypt KS(m) to
recover m
50

Alice wants to provide secrecy, sender authentication, message

integrity.
-

KA

H( )

KA( )

KA(H(m))

KS

KS( )

m
KS

Alice uses three keys:

1. her private key
2. Bobs public key
3. newly created symmetric key

KB( )
K+
B

Internet

KB(KS )

51

SSL: Secure Sockets Layer & TCP/IP

provides

Application

confidentiality
integrity
authentication

SSL
TCP
IP

application with SSL

widely deployed security

protocol
supported by almost all
browsers, https
billions $/year over SSL

TLS, RFC 2246- Secure Session Layer on top

of TCP
SSL provides application programming
interface (API) to applications
C and Java SSL libraries/classes readily
available

52

Virtual Private Networks (VPNs)

laptop
w/ IPsec

public
Internet

salesperson
in hotel
router w/
IPv4 and IPsec

router w/
IPv4 and IPsec

branch office
53

Wireless Security Protocols

Wired Equivalent Privacy (WEP):
The original protocol designed to provide the same level of security as
wired networks.
Many well-known security flaws, is difficult to configure, and is easily
broken.
Wi-Fi Protected Access (WPA):
Introduced as an interim security enhancement over WEP while the 802.11i
wireless security standard was being developed.
Wi-Fi Protected Access version 2 (WPA2):
Based on the 802.11i wireless security standard, which was finalized in
2004.
Uses of the Advanced Encryption Standard (AES) for encryption.

54

Firewalls
isolates organizations internal net from larger Internet,
allowing some packets to pass, blocking others

public
Internet

administered
network

trusted good guys

firewall

untrusted bad guys

Types
Packet Filters
Stateful Packet Filters
Application Gateways
55

Intrusion Detection Systems

multiple IDSs: different types of checking at different locations
firewall

internal
network

IDS
sensors

Internet

Web
DNS
server FTP server
server

demilitarized
zone

56

Questions & Reference

Slides based on slides and material provided by

Jim Kurose and Keith Ross, Computer
Networking: A Top-Down Approach, 6th & 7th
edition
Slide from Nick McKeowns & Philip Levis csc144,
Stanford, Spring 2014

57