Lecture 15 - Midterm Review CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07/

CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger

Topics • Concepts: Definitions • Passwords: Use and policy • Symmetric Key: Key distribution and Use (encrypt, decrypt, integrity) • Public Key: Diffie-Hellman, RSA, Use (encrypt, decrypt, sign) • Crypto: Hashes and properties, MACs, Hash Chains, Public/symmetric comparisons • Protocols: Needham-Schroeder (symmetric), Signing, Authenticity and Integrity • Authentication Systems: Kerberos, SSH, PKIs CSE497b Introduction to Computer (and Network) Security - Spring 2007 - Professor Jaeger

Page

Topics (con’t) • Network Security: IP/routing/mgmt protocols and vulnerabilities, IPsec • Worms and DDoS: Worm spread, Offense/defense in worm attacks, DDoS amplification • Web Security: SSL and Cookies Study to ...

CSE497b Introduction to Computer (and Network) Security - Spring 2007 - Professor Jaeger

... Get a Good Grade

Page

Concepts • Security terms from Lecture 2 • Definitions and Comparisons • Apply trust to other situations: – What is trusted in protocols: NS, Kerberos, SSH, PKI? – What are threats to protocols/systems?

CSE497b Introduction to Computer (and Network) Security - Spring 2007 - Professor Jaeger

Page

Review • An adversary is a subject who tries to gain unauthorized access • A threat is a mechanism that the adversary is capable of employing to gain unauthorized access • A risk is a loss due to an adversary gaining unauthorized access • A vulnerability is a flaw in a that enables a threat to allow the adversary unauthorized access • A threat model describes all the mechanisms available to the adversaries • A trust model describes all the subjects that are trusted not to have vulnerabilities that can be abused or be adversaries • A security model consists of a threat model and a trust model (functional and security goals as well) CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger

Page

5

Passwords • • • •

Lecture 3 + Gollmann 2.1-2.2 What is authentication? How do we use passwords securely? Password policies – Effect on password space (key space)

• Other factors

CSE497b Introduction to Computer (and Network) Security - Spring 2007 - Professor Jaeger

Page

Symmetric Key • Lecture 5 + Perlman Chapter 2.1-2.4 • Key space and entropy • Key distribution – How to give someone a key – Know who possesses a key

• Use: encryption/decryption • Integrity

CSE497b Introduction to Computer (and Network) Security - Spring 2007 - Professor Jaeger

Page

Public Key • Lecture 6 + Perlman Chapter 6 (DH, RSA) • Diffie-Hellman – Protocol and computations

• RSA – Modular arithmetics (relatively prime) – Computations • p, q, phi(n), d, e

• Encryption/Decryption • Integrity

CSE497b Introduction to Computer (and Network) Security - Spring 2007 - Professor Jaeger

Page

Other Crypto • Lecture 7 + Perlman Chapter 5 (hash uses) • Hashes and what you can do with them – HMAC, Hash chain

• Hash properties • Authenticity and integrity – Symmetric Key and Public Key

• Public/Symmetric Comparisons

CSE497b Introduction to Computer (and Network) Security - Spring 2007 - Professor Jaeger

Page

Review: secret vs. public key crypto. • Public key cryptography – Symmetric keys, where A – Each key pair consists of a single key (k) is used is used public and private component: for E and D k+ (public key), k- (private key) D( k, E(k, p) ) = p D( k-, E(k+, p) ) = p D( k+, E(k, -p) ) = p • All (intended) receivers • Public keys are distributed have access to key (typically) through public key • Note: Management of keys certificates determines who has access – Anyone can communicate to encrypted data secretly with you if they have – E.g., password encrypted your certificate email – E.g., SSL-base web • Also known as symmetric commerce key cryptography

• Secret key cryptography

CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger

Page 10

Protocols • Lecture 8 + Perlman Chapter 11 • Simple key distribution/data security protocols – confidentiality, authenticity, integrity

• Needham-Schroeder – Trust – Purpose of protocol messages – Purpose of message components

CSE497b Introduction to Computer (and Network) Security - Spring 2007 - Professor Jaeger

Page

Needham-Schroeder Protocol 1) Alice → T rent 2) T rent → Alice 3) Alice → Bob 4) Bob → Alice 5) Alice → Bob

: : : : :

{Alice + Bob + rand1 } {Alice+Bob+rand1 +KAB +{Alice+KAB }KBT }KAT {Alice + KAB }KBT {rand2 }KAB {rand2 − 1}KAB ticket

• NS protocol is the basis for many authentication and key agreement systems, e.g., Kerberos • Addresses the problems in the preceding protocol – – – –

Use of rand1 ensures that Alice is not receiving replay Use of rand2 ensures that Bob is not receiving replay Alice is authenticated by ticket Specification of identities of Alice and Bob in request and ticket ensure that no ambiguity in identity (mutual auth.)

CSE543 Computer CSE497b Introduction (and to Network) ComputerSecurity and Network - Fall 2005 Security - Professor - Spring McDaniel 2007 - Professor Jaeger

12

Authentication Systems • Lectures 9 + 10; Perlman Chapters 13 + 15 • Kerberos – – – –

Principals: KDC, TGT, Client, Service Concepts: tickets and authenticators Relationship to Needham-Schroeder Trust

• SSH – Basic protocol, Trust

• PKI – Purpose, Verification protocol

• PAM – Purpose, architecture CSE497b Introduction to Computer (and Network) Security - Spring 2007 - Professor Jaeger

Page

Kerberos: What to know 1) Alice → T rent 2) T rent → Alice 3) Alice → Bob 4) Bob → Alice 5) Alice → Bob

: : : : :

{Alice + Bob + rand1 } {Alice+Bob+rand1 +KAB +{Alice+KAB }KBT }KAT {Alice + KAB }KBT {rand2 }KAB Bob’s Ticket Alice’s Ticket {rand2 − 1}KAB

• Kerberos Properties

Replaced by single “authenticator” message {time}KAB

– Initial Goals: secure communication, mutual authentication – Extra Goal: single signon – Compare result to SSH (and PKI today)

• Deployment of Needham-Schroeder – Two-phase protocol – Limited to single administrative domain – Challenges in replay prevention (timestamps) CSE543 Computer (and Network) Security - Fall 2006 - Professor Jaeger

Page 14

Network Security • Lecture 11 mostly – Basis for problems (no authentication) – Challenge of solutions (changes)

• IP protocol issues – TCP hijacking

• Routing protocols (no authentication) – RIP, ICMP, ARP, FTP, r*...

• Network Management – DNS – DNSSEC

• Firewalls – Rules like the quiz CSE497b Introduction to Computer (and Network) Security - Spring 2007 - Professor Jaeger

Page

IPsec • Lecture 12 + Perlman Chapter 17 • Tunnel and Transport Modes • AH and ESP – guarantees – packet handling – interaction with tunnel/transport

CSE497b Introduction to Computer (and Network) Security - Spring 2007 - Professor Jaeger

Page

Worms and DDoS • Lecture 13 • Worm propagation – Rate calculations

• Worm spread – Improve: scanning, polymorphism – Defense: Host

• DDoS – Mechanism – Amplification – Server/client work effort

CSE497b Introduction to Computer (and Network) Security - Spring 2007 - Professor Jaeger

Page

Web Security • Lecture 14 + Perlman Chapters 19 and 25 • SSL – Protocol basics: hello-algorithm selection, server authentication, secret exchange – High-level differences from IPsec: application protocol, no phase 1 secure channel, no AH/ESP, no tunnel

• Cookies – Build cookies using symmetric and public key – Integrity or confidentiality+integrity

CSE497b Introduction to Computer (and Network) Security - Spring 2007 - Professor Jaeger

Page