Crypto toolbox CNS tools for building secure applications Lecture 11 • fast symmetric key encryption Lectures • 1. Risk, viruses hash functions 2. UNIX vulnerabilities • random numbers, prime testing Networks 101 3. Authentication & hashing • public key crypto Network vulnerabilities 4. Random #s classical crypto • 5. Block ciphers DES, RC5 Big integer math libraries/methods Network attacks 6. AES, stream ciphers RC4, LFSR • algorithms for message authentication, key exchange, user authentication promiscuous mode 7. MIDTERM • rules for encoding, padding, interoperability 8. Public key crypto RSA, D-H denial of service • no standard API but OpenSSL is a good start server attacks 9. ECC, PKCS, ssh/pgp impersonation 10. PKI, SSL 11. Network vulnerabilities SSL: TCP wrapper for secure client-server communication 12. Network defenses, IDS, firewalls assignments 4 7 8 message/user authentication, encryption, D-H key CS594 paper due 12/1/06 13. IPsec, VPN, Kerberos, secure OS 14. Secure coding, crypto APIs assignment 9 do it all with SSL and public keys 15. review CNS Lecture 11 - 2 Network security You are here … Attacks & Defenses Cryptography Applied crypto Goals -- integrity, privacy, availability • Risk assessment •Random numbers •SSH • Viruses Increasing risk: standalone, multiuser, remote user, network •Hash functions •PGP • Unix security • A B • authentication MD5, SHA,RIPEMD S/Mime Threats (active/passive) • A B • Network security •Classical + stego •SSL interruption -- denial of service A m B Firewalls,vpn,IPsec,IDS • modification •Number theory •Kerberos A A’ B • Forensics • fabrication -- replay, impersonation •Symmetric key •IPsec • interception -- sniffing A B • traffic analysis E DES, Rijndael, RC5 •Crypto APIs •Public key •Securing coding RSA, DSA, D-H,ECC CNS Lecture 11 - 3 CNS Lecture 11 - 4 Network vulnerabilities Net history '57 ARPA '69 ARPAnet bomb proof (packet switched) '75 DECnet '76 Ethernet • non-localized '77 UNIX PDP-11 '78 UUCP PCs • surveillance difficult '79 USENET (home 300 bps), XMODEM, BBS '80 BITNET (PCs) • no legal jurisdiction '81 CSNET '82 BSD 4.1c TCP/IP, FidoNet • prolific (targets/attackers) '84 ORNL-MILNET (9.6Kbs), Ether, IBM SNA –Trends: 24x7 DSL/broadband, wireless '85 Sun workstations, sniffer '86 NSFNET (home 1200 bps) • many complex services '87 UT-ORNL (56Kbs) '88 ORNL-MILNET (56Kbs) (home 2400) • many trusting services '89 ORNL-UT T1 (1.5Mbs), IRC '90 ORNL (T1 ESnet) home(9600bps) '91 ORNL FDDI '92 MBONE (multicast video/audio) yet, increasing reliance on the network '93 ORNL ATM home(ISDN 128Kbs) WWW '94 ESnet/ORNL T3 (45Mbs) '96 ORNL/UT ATM (155 Mbs), broadband ’98 ESnet/ORNL OC12 (622), wireless, home(broadband, 3 mbs) ’02 Internet2/ORNL OC192 (10gig) CNS Lecture 11 - 5 CNS Lecture 11 - 6 1 Internet history What’s a network Internet DECnet SNA FDDI uunet AOL ATM ISDN IEEE 802.11 wireless NSFnet Bitnet Fidonet • Developed in late 70’s • media ARPAnet MILNET VPN PPP intranet LAN VLAN WAN… –No need for security, small community of users • protocols –Initial goals: scalability and ease of use • service –Security issues not understood/foreseen at that time • Today Internet is a voluntary world-wide federation of networks Selection criteria: –No central authority, no common culture • speed –Links millions of people and organizations (competitors, enemies) • connectivity –Voluntary (critical) services include routing and naming (DNS) • cost –Routers and servers are just computers with their own vulnerabilities • community of interest –You can’t be sure where an outgoing packet will be routed or where an • portability incoming packet came from ! • availability/survivability CNS Lecture 11 - 7 CNS Lecture 11 - 8 OSI reference model OSI and IP • physical -- bit stream (wire, optical, wireless) • data link -- packets on the link (FDDI, ethernet, token ring) • network -- connects links, routers (IP) OSI Reference Model IP Conceptual Layers • transport -- reliable stream (TCP, UDP) Application • session -- more reliable (SSL) Presentation Application • presentation -- canonical form (API, data conversion) Session • application -- mail, telnet, http, ssh, etc. Transport Transport Network Internet Layer vulnerabilities Data Link Network Physical/data link: DoS, address spoofing, sniffing Ethernet, 802.3, 802.5, Physical Interface ATM, FDDI, and so on Network: address spoofing, DoS, re-routes Transport:: DoS, hijacking, insertion, modification, replay Application: buffer overflows, bugs, DoS CNS Lecture 11 - 9 CNS Lecture 11 - 10 Layers/encapsulation interconnects Protocol Relationships • modem voice/data +------+ +-----+ +-----+ +-----+ | http | | FTP | | TFTP| ... | ... | Application • repeaters signal regeneration (data) +------+ +-----+ +-----+ +-----+ | | | | • hubs/switches filter (data/link) +-----+ +-----+ +-----+ | TCP | | UDP | ... | ... | Transport • bridges/concentrators/access point filter, store & +-----+ +-----+ +-----+ | | | forward, media interconnect, modem pools +--------------------------+----+ | Internet Protocol & ICMP | Network • routers/NAT network-layer routing/ address mapping +--------------------------+----+ | • firewall gateway/routers +---------------------------+ | Local Network Protocol | Data link • gateways application-layer conversion, e.g., mail gateway +---------------------------+ Protocol encapsulation ISP concentrator router 16 20 20/8 4 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- ....... -+-+-+-+ | mac | IP |TCP/UDP| App/Data ..... | CRC | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- ....... -+-+-+-+ switch router router router Data is carried in packets. Packets are intermixed. router firewall CNS Lecture 11 - 11 CNS Lecture 11 - 12 2 Addressing Ethernet +--------+--------+ DECnet |area(6) host(10)| +--------+--------+ 16 bits • Address: service (port), host • Xerox, DEC, Intel, '76 • inexpensive, pervasive +-----------------------------------+ • 10 million bits/sec (100, GigE, 10Gige) • physical and link layer spec (IEEE 802) • network name to number IPv6 |sub | subnet | interface | +-----------------------------------+ • CSMA/CD • carry IP, DECnet, appletalk, IPX translation (DNS) 128 bits • thick, thin, fiber, twisted pair, wireless • packets travel by every interface • network to physical mapping • min packet (60 bytes) • interface recognizes its own address and +--------+--------+--------+--------+ broadcast (ARP) IP A |0 net(7)| host (24) | • max pkt (1500) (9KB for jumbo-frame GigE) +--------+--------+--------+--------+ • 6-byte address (vendor(3)+other(3)) (MAC) • can program interface to recognize multicast 32 bits • supports broadcast and multicast • can change interface address ! +--------+--------+--------+--------+ (impersonation) 32-bit internet address (IPv4) B |10 net (14) | host (16) | • +--------+--------+--------+--------+ 0 7 8 15 16 23 24 31 32 39 40 47 can put interface in promiscuous mode unique +-------+-------+-------+-------+-------+-------+ +--------+--------+--------+--------+ | Destination address | assigned by authority C |110 net (21) |host(8) | +-------+-------+-------+-------+-------+-------+ +--------+--------+--------+--------+ | Source address | clumped in A, B, or C +--------+--------+--------+--------+ +-------+-------+-------+-------+-------+-------+ D is multicast D |1110 multicast (28) | | type | data ... +--------+--------+--------+--------+ +-------+-------+-------+--... ABC D net.255.255 is broadcast .... +-------+-------+-------+-------+ Private (NAT) RFC 1918: +---+---+---+---+---+---+ | checksum CRC | repeater 10.0.0.0 Ethernet | vendor(24)| local (24)| broadcast: -1 +-------+-------+-------+-------+ +---+---+---+---+---+---+ hub/switch 172.16.0.0 48 bits bridge 192.168.0.0 IP multicast 0x01 00 5E Microsoft stashes ether address in GH IPv6 128-bit address WORD documents – unique ID! Spoofing: by host name, or IP address, or MAC address EF CNS Lecture 11 - 13 CNS Lecture 11 - 14 Promiscuous mode esniff.c password sniffer A B C D r • hear EVERY packet on the wire • libpcap (need to be “root”) • token ring and FDDI too – and obviously, WIRELESS • Open ethernet interface in promiscuous mode • useful for: if ((if_fd = open(NIT_DEV, O_RDONLY)) < 0) –protocol analyzers • Read packets and filter –traffic watchers –Look for IP, TCP, and ports (telnet, ftp, pop) –intrusion detection –Hash based on IP src/dst and TCP src/dst port • root privilege UNIX (just do it on Win*) –Add data to hash entry • commercial LANanalyzers –Print and delete entry on 128 bytes, FIN, or idle (30 mins) • tools (tcpdump, xtr, traffic, etherfind, ethereal,…) • make your own (libpcap) • Download sniffers from the net (root kit, esniff.c) fprintf(LOG,"\n-- TCP/IP LOG -- TM: %s --\n", Ptm(&CLe->Time)); … fprintf(LOG," PATH: %s(%s) =>", Symaddr(CLe->SRCip),SERVp(CLe->SRCport)); Capture your keystrokes, passwords, credit card info . fprintf(LOG," %s(%s)\n", Symaddr(CLe->DSTip),SERVp(CLe->DSTport)); fprintf(LOG," STAT: %s, %d pkts, %d bytes [%s]\n", NOWtm(),CLe->PKcnt,(CLe->Length+dl), msg); fprintf(LOG," DATA: "); CNS Lecture 11 - 15 CNS Lecture 11 - 16 Sniffer log Wireless -- TCP/IP LOG -- TM: Wed Dec 7 10:42:22 -- PATH: shadow.epm.ornl.gov(1021) => manzana.epm.ornl.gov(rlogin) STAT: Wed Dec 7 10:43:28, 179 pkts, 128 bytes [DATA LIMIT] DATA: bbd : bbd • Easy to sniff : xterm/9600 : (255)(255)ss • sniffers: netstumbler wepcrack : ^^ : P^A(243)^A(138)hucl2x airsnort : cd^H^Hcd pccm2^H^H^H^H^H^H^H^H^Hls : rm h0001.xdr • wardriving – drive around, locate open : h^Hftp shadow wireless : bbd : hucl2x –Free internet services ☺ : cd /u1/bbd/xdr : ls –Apartments,