Internet Security (SS 2011)
Total Page:16
File Type:pdf, Size:1020Kb
Internet Security (SS 2011) 01 Basic concepts and definitions – Dichotomy (splitting the topic „security“ into two subsets) ● Host • node, physical or virtual machine • is (or can be) well-controlled by well-developed authentication and authorization models • strong notion of „privileged“ state • usually penetrated via a buggy application • focus of Jean-Pierre Seifert's lectures ● Network • anyone can connect • connectivity can only be controlled in very small, well-regulated environments, maybe not even then • different OS have different or no notions of user Ids and privileges • focus of Anja Feldmann's lectures – Principle: Trust nothing. A host should trust nothing that comes over the wire. – Network security tools ● Cryptography ● Network-based access control (e.g. firewalls) ● Monitoring ● Protocol analysis by formal verification ● paranoid design – Protocol design ● heavy use of crypto and authentication ● ensure that sensitive fields are protected ● bilateral authentication ● proper authorization ● defend against • eavesdropping • modification • deletion • replay • and combinations thereof – Definition of Computer Security: ● deals with the prevention and detection of unauthorized actions by users or others of a system. ● Main components: • Confidentiality: prevent unauthorized disclosure of information, origin: historical link of security to secrecy (few organizations dealing with classified data) • Integrity: prevent unauthorized modification of information • Availability: prevent unauthorized withholding of information services are accessible and useable (without undue delay) whenever needed by an authorized entity fault-tolerance is needed, e.g. against DoS ● Additional components: • authenticitiy, • accountability: actions affecting security must be traceable to the responsible party audit information must be kept and protected access control is needed • reliability – deals with accidental damage • safety – impact of system failure on the environment • dependability – reliance can be justifiable placed on the system • survivability – recovery of the system after massive failure – more terms: ● Vulnerability: • error or weakness in the design, implementation or operation of a system • Hardware: Interruption (DoS), Modification, Interception (Theft), Fabrication (Substitution) • Software: Interruption (Deletion), Modification, Interception, Fabrication • Data: Interruption (Loss), Modification, Interception, Fabrication ● Attack: means of exploiting some vulnerability in a system ● Threat: • adversary who is motivated and capable of exploiting a vulnerability • different enemies have different abilities • Serious enemies can exploit the „three B“: burglary, bribery and blackmail (in addition to social engineering) • cannot design a security system unless one knows who the enemy is ● Types of attackers: • „Joy hackers“: most are „script kiddies“, some are very competent share more tools than the good guys do • Hacking for profit allied with the spammers and phishers primary motivation: money sophisticated attacks, less pure vandalism botnets • organized crime • industrial espionage less than 5% of attacks are detected professionals know what they want and use non-technical means (social engineering) won't use your machine to attack others, so they are hard to find • inside jobs: What if your system administrator turns to the „Dark Side“? • Spies • Distinction needed because security is a matter of economics: how much security do you need/can you affors ● Assets • host-resident data • bandwidth • CPU time • knowledge of what hosts exist ● Cipher: • algorithm for encryption and decryption • operates syntactically • on elements of an alphabet or groups of letters (arbitrary plaintext → compute ciphertext) • usually depends on a piece of additional information, the key • distinct from codes ● Code: • operate semantically • on words, phrases or sentences • e.g. per codebooks • classical cryptography: substituting according to a large codebook which links random string of characters to a word or phrase [wikipedia] – Weakest point: Human „Humans are incapable of securely storing high-quality cryptographic keys, and they have unacceptable speed and accuracy when performing cryptographic operations. They are also large, expensive to maintain, difficult to manage, and they pollute the environment. It is astonishing that these devices continue to be manufactured and deployed, but they are sufficiently pervasive that we must design our protocols around their limitations. Kaufman et al. “ – examples of attacks: ● Bandwidth attacks • clog your bandwidth, e.g. DoS • use your bandwidth to attack someone else, e.g. reflector attacks: forge source address for UDP-based service where response is bigger than request • network identity attack: run a server with illegal content on hacked machine • eavesdropping: sniff password, credit card details ● Packet sniffing • easiest case: Broadcast media promiscuous NIC reads all packets passing by can read all unencrypted data 02 Crypto Basics – Cryptosystem ● pair of algorithms that take a key and convert plaintexts to ciphertexts and backwards ● symmetric = secret key = private key cryptosystem / cryptography ● asymmetric = public key cryptosystem / cryptography ● Main assumption: Kerckhoffs Principle (1883): Assume adversary knows the algorithm used, but not the key. ● Types of attacks: • ciphertext only • known plaintext • chosen plaintext ● Attacks: • mathematical attacks • statistical analysis – make assumptions about the distribution of letters, pairs of letters (digrams), triplets of letters (trigrams) etc = models of the language • examine ciphertext, correlate properties with the assumptions – Symmetric Cryptography: – Substitution cipher ● monoalphabetic cipher: substitute one letter for another (Caesar Code) ● insecure due to language characteristics (statistical attack on frequency of letters) ● enumerate all keys (brute-force attack) ● because 26! = 4*1026 possible keys are very few – One Time Pad (Vernam/Mauborgne cipher 1917-18) ● Exclusive-Or a key stream tape (random sequence of 0 and 1) with the plaintext ● online encryption of teletype traffic, combined with transmission ● provably secure ● but need true-random keying tapes which are never reused – Stream Cipher ● process message one bit or byte at a time when en/decrypting ● key stream generator produces a sequence S of pseudo-random bytes (like a one time pad) ● key stream bytes are combined (usually via XOR) with plaintext bytes ● properties: • very good for asynchronous traffic • best known stream cipher: RC4 • key streams must never be reused for different plaintexts ● RC4: • internal state: 256-byte array S plus two integers • modifies the state and outputs a byte of the keystream in each iteration increments i, adds the value of S pointed to by i to j, exchanges the values of S[i] and S[j], outputs the value of S at the location S[i] + S[j] (modulo 256). Each value of S is swapped at least once every 256 iterations • no resynchronization except via re-keying + starting over – Block Cipher ● process message in blocks, each of which is then en/decrypted ● like a substitution on very big characters ● codebook would need 264 entries, one for each 64-bit block ● instead create it from smaller building blocks ● Claude Shannon substitution • two primitive cryptographic operations: • substitution (S-Box) - makes relationship between ciphertext and plaintext as complex as possible • permutation (P-Box) – diffusion of statistical properties of plaintext over the bulk of ciphertext • Basis for: ● Feistel Cipher Structure • based on concept of invertible product cipher • partition input block into two halves • process block through multiple rounds which: • perform a substitution on left data half based on round function of right half and subkey • then have permutation swapping halves • Design elements: block size, key size, number of rounds, subkey generation algorithm, round function, fast software en/decryption, ease of analysis ● Cipher design • number of rounds: more is better, exhaustive search best attack • function f: provides confusion, is nonlinear, avalanche • have issues of how S-boxes are selected • key schedule: complex subkey creation, key avalanche ● 5 Standard modes of operation: • Electronic Code Book (ECB) direct use primarily to transmit encrypted keys very weak for general-purpose encryption similar blocks of plaintext produce similar blocks of ciphertext enemy can build „code book“ of plaintext/ciphertext equivalents encryption only works for messages that are a multiple of the block size initialization vector should not be transmitted, else it does not increase security • Cipher Block Chaining (CBC) most frequently used mode for message encryption Initialization vector XOR plaintext1, encrypted, result is ciphertext1, result is also taken XOR plaintext2, then encrypted → result is ciphertext2 … ciphertext of each encrypted block depends on the plaintext of all preceding blocks subsets of blocks appear valid and will decrypt properly message integrity has to be done otherwise used for general file or packet encryption (input must be padded) drawback: encryption is sequential, cannot be parallelized one bit error in ciphertext causes complete corruption of the corresponding plaintext block and inverts the corresponding bit in the following plaintext block • Cipher Feedback (CFB) with n-bit shift relatively close to CBC move encryption operation before XOR operator