DOCSLIB.ORG

Intrusion Detection Systems: Techniques, Datasets and Challenges Ansam Khraisat*, Iqbal Gondal, Peter Vamplew and Joarder Kamruzzaman

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Khraisat et al. Cybersecurity (2019) 2:20 Cybersecurity https://doi.org/10.1186/s42400-019-0038-7 SURVEY Open Access Survey of intrusion detection systems: techniques, datasets and challenges Ansam Khraisat*, Iqbal Gondal, Peter Vamplew and Joarder Kamruzzaman Abstract Cyber-attacks are becoming more sophisticated and thereby presenting increasing challenges in accurately detecting intrusions. Failure to prevent the intrusions could degrade the credibility of security services, e.g. data confidentiality, integrity, and availability. Numerous intrusion detection methods have been proposed in the literature to tackle computer security threats, which can be broadly classified into Signature-based Intrusion Detection Systems (SIDS) and Anomaly-based Intrusion Detection Systems (AIDS). This survey paper presents a taxonomy of contemporary IDS, a comprehensive review of notable recent works, and an overview of the datasets commonly used for evaluation purposes. It also presents evasion techniques used by attackers to avoid detection and discusses future research challenges to counter such techniques so as to make computer systems more secure. Keywords: Malware, Intrusion detection system, NSL_KDD, Anomaly detection, Machine learning Introduction bank customers, robbing bank accounts or stealing The evolution of malicious software (malware) poses a credit cards (Symantec, 2017). However, the new gener- critical challenge to the design of intrusion detection ation of malware has become more ambitious and is tar- systems (IDS). Malicious attacks have become more so- geting the banks themselves, sometimes trying to take phisticated and the foremost challenge is to identify un- millions of dollars in one attack (Symantec, 2017). For known and obfuscated malware, as the malware authors that reason, the detection of zero-day attacks has be- use different evasion techniques for information con- come the highest priority. cealing to prevent detection by an IDS. In addition, there High profile incidents of cybercrime have demonstrated has been an increase in security threats such as zero-day the ease with which cyber threats can spread internation- attacks designed to target internet users. Therefore, ally, as a simple compromise can disrupt a business’ essen- computer security has become essential as the use of in- tial services or facilities. There are a large number of formation technology has become part of our daily lives. cybercriminals around the world motivated to steal infor- As a result, various countries such as Australia and the mation, illegitimately receive revenues, and find new tar- US have been significantly impacted by the zero-day at- gets. Malware is intentionally created to compromise tacks. According to the 2017 Symantec Internet Security computer systems and take advantage of any weakness in Threat Report, more than three billion zero-day attacks intrusion detection systems. In 2017, the Australian Cyber were reported in 2016, and the volume and intensity of Security Centre (ACSC) critically examined the different the zero-day attacks were substantially greater than pre- levels of sophistication employed by the attackers (Austra- viously (Symantec, 2017). As highlighted in the Data lian, 2017). So there is a need to develop an efficient IDS to Breach Statistics in 2017, approximately nine billion data detect novel, sophisticated malware. The aim of an IDS is records were lost or stolen by hackers since 2013 to identify different kinds of malware as early as possible, (Breach_LeveL_Index, 2017). A Symantec report found which cannot be achieved by a traditional firewall. With the that the number of security breach incidents is on the increasing volume of computer malware, the development rise. In the past, cybercriminals primarily focused on of improved IDSs has become extremely important. In the last few decades, machine learning has been * Correspondence: [email protected] used to improve intrusion detection, and currently there Internet Commerce Security Laboratory, Federation University Australia, is a need for an up-to-date, thorough taxonomy and Mount Helen, Australia © The Author(s). 2019 Open Access This article is distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made. Khraisat et al. Cybersecurity (2019) 2:20 Page 2 of 22 survey of this recent work. There are a large number of detection system and taxonomy by Axelsson (Axelsson, related studies using either the KDD-Cup 99 or DARPA 2000) classified intrusion detection systems based on the 1999 dataset to validate the development of IDSs; how- detection methods. The highly cited survey by Debar et ever there is no clear answer to the question of which al. (Debar et al., 2000) surveyed detection methods based data mining techniques are more effective. Secondly, the on the behaviour and knowledge profiles of the attacks. time taken for building IDS is not considered in the A taxonomy of intrusion systems by Liao et al. (Liao et evaluation of some IDSs techniques, despite being a crit- al., 2013a), has presented a classification of five sub- ical factor for the effectiveness of ‘on-line’ IDSs. classes with an in-depth perspective on their characteris- This paper provides an up to date taxonomy, together tics: Statistics-based, Pattern-based, Rule-based, State- with a review of the significant research works on IDSs based and Heuristic-based. On the other hand, our work up to the present time; and a classification of the pro- focuses on the signature detection principle, anomaly posed systems according to the taxonomy. It provides a detection, taxonomy and datasets. structured and comprehensive overview of the existing Existing review articles (e.g., such as (Buczak & Guven, IDSs so that a researcher can become quickly familiar 2016;Axelsson,2000; Ahmed et al., 2016; Lunt, 1988; with the key aspects of anomaly detection. This paper Agrawal & Agrawal, 2015)) focus on intrusion detection also provides a survey of data-mining techniques applied techniques or dataset issue or type of computer attack and to design intrusion detection systems. The signature- IDS evasion. No articles comprehensively reviewed intru- based and anomaly-based methods (i.e., SIDS and AIDS) sion detection, dataset problems, evasion techniques, and are described, along with several techniques used in each different kinds of attack altogether. In addition, the devel- method. The complexity of different AIDS methods and opment of intrusion-detection systems has been such that their evaluation techniques are discussed, followed by a several different systems have been proposed in the mean- set of suggestions identifying the best methods, depend- time, and so there is a need for an up-to-date. The up- ing on the nature of the intrusion. Challenges for the dated survey of the taxonomy of intrusion-detection current IDSs are also discussed. Compared to previous discipline is presented in this paper further enhances tax- survey publications (Patel et al., 2013; Liao et al., 2013a), onomies given in (Liao et al., 2013a; Ahmed et al., 2016). this paper presents a discussion on IDS dataset problems In view of the discussion on prior surveys, this article which are of main concern to the research community focuses on the following: in the area of network intrusion detection systems (NIDS). Prior studies such as (Sadotra & Sharma, 2016; Classifying various kinds of IDS with the major Buczak & Guven, 2016) have not completely reviewed types of attacks based on intrusion methods. IDSs in term of the datasets, challenges and techniques. In Presenting a classification of network anomaly IDS this paper, we provide a structured and contemporary, evaluation metrics and discussion on the importance wide-ranging study on intrusion detection system in terms of the feature selection. of techniques and datasets; and also highlight challenges Evaluation of available IDS datasets discussing the of the techniques and then make recommendations. challenges of evasion techniques. During the last few years, a number of surveys on in- trusion detection have been published. Table 1 shows Intrusion detection systems the IDS techniques and datasets covered by this survey Intrusion can be defined as any kind of unauthorised ac- and previous survey papers. The survey on intrusion tivities that cause damage to an information system. This Table 1 Comparison of this survey and similar surveys: (✔: Topic is covered, ✖ the topic is not covered) Survey # of Intrusion Detection System Techniques Dataset citation issue SIDS AIDS Hybrid (as of IDS 6/1/ Supervised learning Unsupervised Semi-supervised learning Ensemble methods 2019) Lunt (1988) 219 ✔✖ ✖ ✖ ✖ ✖ ✖ Axelsson (2000) 1039 ✔✔ ✖ ✖ ✖ ✖ ✖ Liao, et al. (2013b) 505 ✔✔ ✔ ✖ ✖ ✔ ✖ Agrawal and Agrawal (2015) 108 ✔✔ ✔ ✔ ✔ ✔ ✖ Buczak and Guven (2016) 338 ✔✔ ✔ ✖ ✔ ✔ ✔ Ahmed, et al. (2016) 181 ✖✔ ✔ ✖ ✖ ✖ ✔ This survey ✔✔ ✔ ✔ ✔ ✔ ✔ Khraisat et al. Cybersecurity (2019) 2:20 Page 3 of 22 means any attack that could pose a possible threat to the Traditional approaches to SIDS examine network information confidentiality, integrity or availability will be packets and try matching against a database of signa- considered an intrusion. For example, activities that would
Recommended publications
  • The 5 Things You Need to Do to Protect Yourself from Ransomware

    The 5 Things You Need to Do to Protect Yourself from Ransomware

    THE 5 THINGS YOU NEED TO DO TO PROTECT YOURSELF FROM RANSOMWARE ARE YOU RANSOMWARE-AWARE? In our recent survey* of more than RANSOMWARE is malware sent The 5 things you need to do to protect 3,000 people in the U.S. and Canada by criminals that encrypts your we learned that many are unaware of files and threatens to delete yourself from ransomware ransomware or how to defend against it. them if you don’t pay a ransom. By Stephen Cobb, ESET Senior Security Researcher ...said85% they would not pay the ransom fee and just risk losing their files, and Family photos and videos. Tax returns and other financial records. Business 15% said they would pay and take the chance that they may not even get documents. Think about everything that you keep on your computer. What their files back. would happen if it all was stolen from you? ...of42% people did not know if the internet That’s what a ransomware attack does. Criminals use this nasty breed security/antivirus they were using helped protect them from ransomware. of software to reach out over your internet connection and kidnap the contents of your computer, literally holding them for ransom. Ransomware silently encrypts all of your personal files, making them unreadable, and then demands that you send money to the criminal in order to restore them. ...of31% respondents NEVER backup their files. Those in the youngest age bracket (18-24) were the most likely age group to never back up files (35%). We surveyed over 3,000 people across the U.S.
  • Internet Security

    Internet Security

    Internet Security Thompson Davis & Co. (TD & Co.) is committed to protecting the security and confidentiality of customer information. We use a combination of state-of-the-art technology and methods to help to protect the security of your online information. • Internet Communication Security Measures - Any sensitive personal information that you send through TD & Co. is held in a secured environment, protected by tools such as firewalls and/or database field encryption. Please do not send any sensitive or personal information over email. TD & Co. will not electronically send any personal financial information to you unless you request us to do so. • Protect Yourself from Fraudulent Web Sites - Personal information shared over the Internet can be used to commit fraud. One common method is for thieves to create a web site using a name that is similar to that of a reputable business, for instance by using a common misspelling of the company's name. The intent is to lure you into clicking onto the copycat web site and giving your personal information, including your account number and password. We caution you to make sure of whom you are dealing with over the Internet and to understand what will be done with your information. Always check that you have typed the correct web site address before entering personal information onto a site. • Personal Computer Security – Regardless of the security measures TD & Co. takes to protect your online financial information, if the computer or network you are using to access this data is not secure, you run the risk of your financial information being compromised.
  • Internet Security Threat Report Volume 24 | February 2019

    Internet Security Threat Report Volume 24 | February 2019

    ISTRInternet Security Threat Report Volume 24 | February 2019 THE DOCUMENT IS PROVIDED “AS IS” AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENT. THE INFORMATION CONTAINED IN THIS DOCUMENT IS SUBJECT TO CHANGE WITHOUT NOTICE. INFORMATION OBTAINED FROM THIRD PARTY SOURCES IS BELIEVED TO BE RELIABLE, BUT IS IN NO WAY GUARANTEED. SECURITY PRODUCTS, TECHNICAL SERVICES, AND ANY OTHER TECHNICAL DATA REFERENCED IN THIS DOCUMENT (“CONTROLLED ITEMS”) ARE SUBJECT TO U.S. EXPORT CONTROL AND SANCTIONS LAWS, REGULATIONS AND REQUIREMENTS, AND MAY BE SUBJECT TO EXPORT OR IMPORT REGULATIONS IN OTHER COUNTRIES. YOU AGREE TO COMPLY STRICTLY WITH THESE LAWS, REGULATIONS AND REQUIREMENTS, AND ACKNOWLEDGE THAT YOU HAVE THE RESPONSIBILITY TO OBTAIN ANY LICENSES, PERMITS OR OTHER APPROVALS THAT MAY BE REQUIRED IN ORDER FOR YOU TO EXPORT, RE-EXPORT, TRANSFER IN COUNTRY OR IMPORT SUCH CONTROLLED ITEMS. TABLE OF CONTENTS 1 2 3 BIG NUMBERS YEAR-IN-REVIEW FACTS AND FIGURES METHODOLOGY Formjacking Messaging Cryptojacking Malware Ransomware Mobile Living off the land Web attacks and supply chain attacks Targeted attacks Targeted attacks IoT Cloud Underground economy IoT Election interference MALICIOUS
  • Cyber Risks to Public Safety: Ransomware, September 2020

    Cyber Risks to Public Safety: Ransomware, September 2020

    CYBER RISK TO PUBLIC SAFETY: RANSOMWARE RANSOMWARE IMPACTS ON PUBLIC SAFETY If you are experiencing a ransomware attack, please go directly to page 3 for incident reporting resources Ransomware is a type of malicious software that encrypts information stored on hard drives or network drives and disrupts access to compromised devices or networks. Ransomware applications threaten to erase, lock, or otherwise damage compromised drives and data unless payment is provided. Ransomware programs often elicit a sense of urgency (e.g., a short deadline for payment) to encourage affected organizations to pay. Ransomware applications may threaten to escalate demands (e.g., increase payment) if payment is not provided quickly. Even when payments are provided, malicious actors may steal sensitive information, default on agreements to restore access, or conduct follow-up cyberattacks. While ransomware typically aims to extort money from organizations, malicious actors may also target public safety agencies or critical infrastructure with the goal of disrupting emergency response capabilities.1, 2 Figure 1. Recent Ransomware Attack Statistics Ransomware can have a significant impact on public safety operations, including services provided by fire, emergency medical services, law enforcement, emergency communication centers/public safety answering points, and other public safety partners. Disruptions to public safety operations directly and negatively impact the health and safety of the communities they serve. For example, delays dispatching fire and emergency medical services may lead to increased loss of life and property damage. Malicious actors may target public safety agencies specifically to exploit these negative outcomes, creating a strong sense of urgency to accommodate perpetrator demands. Public safety agencies are highly encouraged to plan and prepare for a ransomware event to mitigate service disruptions, conduct effective response operations, and ensure rapid recovery.
  • Internet Security

    Internet Security

    Internet Security Personal It’s second nature for us to access the internet throughout the day. Our smartphones, laptops and desktops have essentially become an extension of ourselves. Just like a seatbelt in a car or a helmet on a bike, we all need some type of internet security to protect ourselves from potential hazards. Here are a few internet security tips to ensure you’re safety online. Shop Safely: Check for the padlock: It’s important when shopping online to make sure the site you’re on uses an SSL (secure sockets layer) certificate encryption. You can easily identify a site that uses this certificate by finding an image of a padlock in one of two places: either the status bar or the bottom of your web browser. This encryption ensures your credit card information, email or other personal information is protected from hackers. Phishing Protection: Periodically, you may receive fraudulent email messages appearing to come from a valid source. These emails are generally referred to as SPAM or 'Phishing' messages. To protect yourself and your family from phishing scams: • Be suspicious of any unsolicited emails asking for personal information. You should always be very suspicious when asked for personal information, especially when asked by companies or organizations that should already have such information. If you need to update your information call 1.800.746.4726 to speak to a Customer Service Representative. • Always report fraudulent or suspicious email. Reporting such instances will help get these "bad guys" tracked down. You can report any suspicious emails like these via the Spam button within webmail.
  • Mcafee Potentially Unwanted Programs (PUP) Policy March, 2018

    Mcafee Potentially Unwanted Programs (PUP) Policy March, 2018

    POLICY McAfee Potentially Unwanted Programs (PUP) Policy March, 2018 McAfee recognizes that legitimate technologies such as commercial, shareware, freeware, or open source products may provide a value or benefit to a user. However, if these technologies also pose a risk to the user or their system, then users should consent to the behaviors exhibited by the software, understand the risks, and have adequate control over the technology. McAfee refers to technologies with these characteristics as “potentially unwanted program(s),” or “PUP(s).” The McAfee® PUP detection policy is based on the process includes assessing the risks to privacy, security, premise that users should understand what is being performance, and stability associated with the following: installed on their systems and be notified when a ■ Distribution: how users obtain the software including technology poses a risk to their system or privacy. advertisements, interstitials, landing-pages, linking, PUP detection and removal is intended to provide and bundling notification to our users when a software program or technology lacks sufficient notification or control over ■ Installation: whether the user can make an informed the software or fails to adequately gain user consent to decision about the software installation or add- the risks posed by the technology. McAfee Labs is the ons and can adequately back out of any undesired McAfee team responsible for researching and analyzing installations technologies for PUP characteristics. ■ Run-Time Behaviors: the behaviors exhibited by the technology including advertisements, deception, and McAfee Labs evaluates technologies to assess any impacts to privacy and security risks exhibited by the technology against the degree of user notification and control over the technology.
  • Internet Security Policy

    Internet Security Policy

    Internet Security Policy GEFCU wants to take this opportunity to make our members aware of the increasingly common Internet fraud known as "phishing". The FBI's Internet Fraud Complaint Center reports a steady increase in complaints involving unsolicited e-mails directing consumers to a false "member service" website or directly asking for member information. These scams contribute to a rise in identity theft, credit card fraud, and other Internet-based frauds. One type of fraud, known as "phishing", involves sending members a seemingly legitimate e- mail request for account information, often under the pretense of asking the member to verify or re-confirm confidential personal information such as account numbers, social security numbers, passwords, and other sensitive information. In the e-mail, the perpetrator uses various means to convince members that they are receiving a legitimate message from someone whom the member may already be doing business with, such as your credit union. Techniques such as a false "FROM" address or the use of seemingly legitimate credit union logos, web links, and graphics may be employed to mislead the member. After gaining the member's trust, the perpetrator attempts to convince the member to provide personal information, employing false websites designed to convince the member the website is genuine, or simply embedding a form in the e-mail which the member completes. Criminals will take that information from the member and quickly act to gain unauthorized access to financial accounts, or commit identity theft or other illegal acts before the fraud is identified and stopped. GEFCU does NOT request personal information from members.
  • Trojans and Malware on the Internet an Update

    Trojans and Malware on the Internet an Update

    Attitude Adjustment: Trojans and Malware on the Internet An Update Sarah Gordon and David Chess IBM Thomas J. Watson Research Center Yorktown Heights, NY Abstract This paper continues our examination of Trojan horses on the Internet; their prevalence, technical structure and impact. It explores the type and scope of threats encountered on the Internet - throughout history until today. It examines user attitudes and considers ways in which those attitudes can actively affect your organization’s vulnerability to Trojanizations of various types. It discusses the status of hostile active content on the Internet, including threats from Java and ActiveX, and re-examines the impact of these types of threats to Internet users in the real world. Observations related to the role of the antivirus industry in solving the problem are considered. Throughout the paper, technical and policy based strategies for minimizing the risk of damage from various types of Trojan horses on the Internet are presented This paper represents an update and summary of our research from Where There's Smoke There's Mirrors: The Truth About Trojan Horses on the Internet, presented at the Eighth International Virus Bulletin Conference in Munich Germany, October 1998, and Attitude Adjustment: Trojans and Malware on the Internet, presented at the European Institute for Computer Antivirus Research in Aalborg, Denmark, March 1999. Significant portions of those works are included here in original form. Descriptors: fidonet, internet, password stealing trojan, trojanized system, trojanized application, user behavior, java, activex, security policy, trojan horse, computer virus Attitude Adjustment: Trojans and Malware on the Internet Trojans On the Internet… Ever since the city of Troy was sacked by way of the apparently innocuous but ultimately deadly Trojan horse, the term has been used to talk about something that appears to be beneficial, but which hides an attack within.
  • The Ethics of Cyberwarfare Randall R

    The Ethics of Cyberwarfare Randall R

    This article was downloaded by: [University of Pennsylvania] On: 28 February 2013, At: 08:22 Publisher: Routledge Informa Ltd Registered in England and Wales Registered Number: 1072954 Registered office: Mortimer House, 37-41 Mortimer Street, London W1T 3JH, UK Journal of Military Ethics Publication details, including instructions for authors and subscription information: http://www.tandfonline.com/loi/smil20 The Ethics of Cyberwarfare Randall R. Dipert a a SUNY (State University of New York) at Buffalo, NY, USA Version of record first published: 16 Dec 2010. To cite this article: Randall R. Dipert (2010): The Ethics of Cyberwarfare, Journal of Military Ethics, 9:4, 384-410 To link to this article: http://dx.doi.org/10.1080/15027570.2010.536404 PLEASE SCROLL DOWN FOR ARTICLE Full terms and conditions of use: http://www.tandfonline.com/page/terms-and- conditions This article may be used for research, teaching, and private study purposes. Any substantial or systematic reproduction, redistribution, reselling, loan, sub-licensing, systematic supply, or distribution in any form to anyone is expressly forbidden. The publisher does not give any warranty express or implied or make any representation that the contents will be complete or accurate or up to date. The accuracy of any instructions, formulae, and drug doses should be independently verified with primary sources. The publisher shall not be liable for any loss, actions, claims, proceedings, demand, or costs or damages whatsoever or howsoever caused arising directly or indirectly in connection with or arising out of the use of this material. Journal of Military Ethics, Vol. 9, No. 4, 384Á410, 2010 The Ethics of Cyberwarfare RANDALL R.
  • (Malicious Software) Installed on Your Computer Without Your Consent to Monitor Or Control Your Computer Use

    (Malicious Software) Installed on Your Computer Without Your Consent to Monitor Or Control Your Computer Use

    Spyware is a type of malware (malicious software) installed on your computer without your consent to monitor or control your computer use. Clues that spyware is on a computer may include a barrage of pop-ups, a browser that takes you to sites you don't want, unexpected toolbars or icons on your computer screen, keys that don't work, random error messages, and sluggish performance when opening programs or saving files. In some cases, there may be no symptoms at all. While the term spyware suggests that software that secretly monitors the user's computing, the functions of spyware extend well beyond simple monitoring. Spyware programs can: Collect information stored on the computer or attached network drives, Collect various types of personal information, such as Internet surfing habits, sites that have been visited Collect user names and passwords stored on your computer as well as those entered from the keyboard. Interfere with user control of the computer Install additional software on the computer Redirect Web browser activity. Change computer settings, resulting in slow connection speeds, different home pages, and/or loss of Internet or functionality of other programs. The best defense against spyware and other unwanted software is not to download it in the first place. Here are a few helpful tips that can protect you from downloading software you don't want: Update your operating system and Web browser software, and set your browser security high enough to detect unauthorized downloads. Use anti-virus and anti-spyware, as well as a firewall software, and update them all regularly.
  • Lesson 6: Hacking Malware

    Lesson 6: Hacking Malware

    LESSON 6 HACKING MALWARE Lesson 6: Malware WARNING The Hacker Highschool Project is a learning tool and as with any learning tool there are dangers. Some lessons if abused may result in physical injury. Some additional dangers may also exist where there is not enough research on possible effects of emanations from particular technologies. Students using these lessons should be supervised yet encouraged to learn, try, and do. However ISECOM cannot accept responsibility for how any information herein is abused. The following lessons and workbooks are open and publicly available under the following terms and conditions of ISECOM: All works in the Hacker Highschool Project are provided for non-commercial use with elementary school students, junior high school students, and high school students whether in a public institution, private institution, or a part of home-schooling. These materials may not be reproduced for sale in any form. The provision of any class, course, training, or camp with these materials for which a fee is charged is expressly forbidden without a license including college classes, university classes, trade-school classes, summer or computer camps, and similar. To purchase a license, visit the LICENSE section of the HHS web page at http://www.hackerhighschool.org/licensing.html. The HHS Project is an open community effort and if you find value in this project we ask that you support us through the purchase of a license, a donation, or sponsorship. 2 Lesson 6: Malware Table of Contents WARNING....................................................................................................................................................2
  • CS 356 – Lecture 28 Internet Authentication

    CS 356 – Lecture 28 Internet Authentication

    CS 356 – Lecture 28 Internet Authentication Spring 2013 Review • Chapter 1: Basic Concepts and Terminology • Chapter 2: Basic Cryptographic Tools • Chapter 3 – User Authentication • Chapter 4 – Access Control Lists • Chapter 5 – Database Security (skipped) • Chapter 6 – Malicious Software • Networking Basics (not in book) • Chapter 7 – Denial of Service • Chapter 8 – Intrusion Detection • Chapter 9 – Firewalls and Intrusion Prevention • Chapter 10 – Buffer Overflow • Chapter 11 – Software Security • Chapter 12 – OS Security • Chapter 22 – Internet Security Protocols • Chapter 23 – Internet Authentication Applications Chapter 23 Internet Authentication Applications Kerberos Overview • initially developed at MIT • software utility available in both the public domain and in commercially supported versions • issued as an Internet standard and is the defacto standard for remote authentication • overall scheme is that of a trusted third party authentication service • requires that a user prove his or her identity for each service invoked and requires servers to prove their identity to clients Kerberos Protocol involves clients, application servers, and a Kerberos server • designed to counter a variety of threats to the security of a client/server dialogue • obvious security risk is impersonation • servers must be able to confirm the identities of clients who request service use an Authentication Server (AS) • user initially negotiates with AS for identity verification • AS verifies identity and then passes information on to an application server which will then accept service requests from the client need to find a way to do this in a secure way • if client sends user’s password to the AS over the network an opponent could observe the password • an opponent could impersonate the AS and send a false validation 2.