1
play

1 Connection Establishment Data Exchange Clients connect to an SSH - PDF document

Where in the stack is security? Attacks can be targeted at any layer of the 16: protocol stack Application layer: Password and data sniffing, Forged Exploits and Defenses Up and transactions, Security holes, Buffer Overflows?


  1. Where in the stack is security? ❒ Attacks can be targeted at any layer of the 16: protocol stack ❍ Application layer: Password and data sniffing, Forged Exploits and Defenses Up and transactions, Security holes, Buffer Overflows? ❍ Transport Layer: TCP Session Stealing, Down the Stack ❍ Network Layer: IP Spoofing, False Dynamic Routing Updates, ICMP attacks ❍ Link Layer: ARP attacks ❍ Denial of Service, Intrusion Last Modified: ❒ Defenses can be implemented at multiple levels of 4/15/2003 9:11:20 PM the protocol stack too ❍ Application Layer: PGP ❍ Transport Layer: SSL Some slides based on notes from cs515 at ❍ Network Layer: Ipsec UMass ❍ Link Layer: Static ARP tables, Physical security 7: Network Security 7: Network Security 1 2 Application Layer Network Clear Text Passwords Security ❒ We saw many application level protocols ❒ Many applications are designed with where sending your password in the clear is *HUGE* security problems required by the protocol ❒ On purpose? ❍ FTP, TELNET, POP, News ❍ No! many common applications designed when ❒ Attack: packet sniffing can capture the goal was just to get it to work (security passwords complicates that) ❒ Defenses: ❍ Sometimes the cure is worse than the problem ❍ Replace these applications with ones that do ❍ But some applications are bad enough that it not send the password in the clear makes you wonder ❍ Switched Networks and Physical Security of Backbone networks 7: Network Security 7: Network Security 3 4 Rsh and rcp Ssh ❒ Rsh and rcp are especially bad ❒ Program for logging into a remote machine ❒ rsh and rcp use the .rhosts file in your directory, and executing commands there which lists hosts and accounts to allows access ❒ Replaces telnet, rlogin and rsh from without a password. ❒ Example .rhosts file: ❒ Provides encrypted communications mymachine.cs.cornell.edu jnm between two hosts over an insecure *.cs.cornell.edu jnm network * * ❒ It does not use authenticate users – still ❒ Now that we know a machine is running rsh, all we uses the same authentication methods as need to do is pretend to be another machine in telnet etc but encrypts the exchange order to gain access? ❍ We’ll get to IP Spoofing a bit later 7: Network Security 7: Network Security 5 6 1

  2. Connection Establishment Data Exchange ❒ Clients connect to an SSH server on port ❒ Once connection is accepted (each side 22 authenticated), then a session key is exchanged ❒ The two sides negotiate an encryption algorithm to be used and exchange keys ❒ Each packet of data sent over this encrypted connection includes a packet ❍ Each side will have a preferred algorithm and sequence number so that replay attempts possibly alternate algorithms are thwarted ❍ Send key for preferred algorithm ❍ If preferred algorithm is rejected then will send keys for another algorithm if accepted 7: Network Security 7: Network Security 7 8 Identifying the Server? Secure Email? ❒ How does the client know they are talking ❒ Attacks to the server they think? ❍ Forged mail? ❒ Client maintains a list of the public_keys ❍ Mail goes in clear text? for all hosts they have ever spoken with (e.g. in ~/.ssh/known_hosts) ❒ When contact server, server tells client its public key, client must choose to accept or reject the first time ❒ From then on if doesn’t match will warn user 7: Network Security 7: Network Security 9 10 Secure e-mail Secure e-mail (continued) • Alice wants to send secret e-mail message, m, to Bob. • Alice wants to provide sender authentication message integrity. • generates random symmetric private key, K S . • encrypts message with K S • Alice digitally signs message. • also encrypts K S with Bob’s public key. • sends both message (in the clear) and digital signature. • sends both K S (m) and e B (K S ) to Bob. 7: Network Security 7: Network Security 11 12 2

  3. Pretty good privacy (PGP) Secure e-mail (continued) • Alice wants to provide secrecy, sender authentication, ❒ Internet e-mail encryption A PGP signed message: message integrity. scheme, a de-facto ---BEGIN PGP SIGNED MESSAGE--- standard. Hash: SHA1 ❒ Uses symmetric key cryptography, public key Bob:My husband is out of town cryptography, hash tonight.Passionately yours, Alice function, and digital signature as described. ---BEGIN PGP SIGNATURE--- ❒ Provides secrecy, sender Version: PGP 5.0 Charset: noconv authentication, integrity. yhHJRHhGJGhgg/12EpJ+lo8gE4vB3mqJ ❒ Inventor, Phil Zimmerman, hFEvZP9t6n7G6m5Gw2 ---END PGP SIGNATURE--- was target of 3-year federal investigation. Note: Alice uses both her private key, Bob’s public key. 7: Network Security 7: Network Security 13 14 Distributed Trust PGP key rings ❒ Don’t need to trust a certificate authority ❒ Allows arbitrary chains of certificates or key distribution center?! ❒ PGP software allows users to examine all ❒ Users get others they know to sign their “evidence” of someones public key public key indicating that they know this ❍ Users might require several certificates from person and this public key really go people they don’t know well to trust a key or just one certificate from people they know well together ❒ If receive a message from x, search key ❒ Users can collect this supporting evidence ring for a public key you trust to use in of their public key decrypting the message ❒ Users can also collect certificates of others public keys into a “key ring” 7: Network Security 7: Network Security 15 16 Transport Layer Network What might an attacker insert Security into an ongoing TCP stream? ❒ RST or FIN would kill the connection (denial of service) ❒ TCP will accept a segment with an acceptable IP address, port number and ❒ Worse if you know how the stream is sequence number interpreted on the other side you could ❍ Forging the IP address part isn’t hard add in data ❍ Port Number and Sequence number you can ❍ Telnet is an example of this because it is just definitely get if you are using a packet sniffer echoing key strokes ❍ Port number and sequence number are also ❍ If hijack a telnet session could insert any pretty predictable command you want (rm * ?!) ❒ All this means an attacker has a good chance of inserting data into a TCP stream 7: Network Security 7: Network Security 17 18 3

  4. Access beyond life of telnet Defenses connection ❒ Attacker can insert commands into the ❒ Switched networks and physical security of remote account. E.g. the back bone links ❍ Good idea to do yes but to easy for someone to ❍ echo “* attacker” > .rhosts plug into network somewhere ❒ Run applications that encrypt the data ❒ Clients connection not dropped so client stream might not even know! ❍ Hijacking ssh session vs telnet ❒ However, commands entered by the ❍ Can still interupt stream but harder to take it attacker might appear on a command line over to do something active history. ❒ Secure Socket layer 7: Network Security 7: Network Security 19 20 HTTPS Secure sockets layer (SSL) Encrypted SSL session: SSL: basis of IETF Transport ❒ ❒ Browser generates Layer Security (TLS). ❒ Server authentication: ❒ SSL works at transport symmetric session key, SSL can be used for non-Web layer. Provides security to ❍ SSL-enabled browser ❒ encrypts it with server’s applications, e.g., IMAP. includes public keys for any TCP-based app using public key (from CA), sends Client authentication can be trusted CAs. ❒ SSL services. encrypted key to server. done with client certificates. ❍ Browser requests server ❒ SSL: used between WWW ❒ Using its private key, server ❒ encrypt in the public key certificate, issued by browsers, servers for decrypts session key. given by server and send trusted CA. ecommerce (https). ❒ Browser, server agree that ❍ Browser uses CA’s public ❒ Server can decrypt using future msgs will be ❒ SSL security services: key to extract server’s private key encrypted. public key from ❍ server authentication ❒ All data sent into TCP certificate. ❍ data encryption socket (by client or server) ❒ Visit your browser’s ❍ client authentication is encrypted with session security menu to see its (optional) key. trusted CAs. 7: Network Security 7: Network Security 21 22 Network Layer Security False Dynamic Routing Updates ❒ Attacker injects a RIP update stating she has a ❒ Lots of potential problems at the IP layer path to a particular unused host or network ❍ In Dynamic Routing Protocols, routers exchange ❒ All subsequent packets will be routed to her. messages containing known route information to ❒ She replies with raw IP packets listing the IP reach consensus on the best routes through the address of the unused host concealing her identity system – any validation of these messages? ❍ No authentication that a packet came from a ❒ Similar attacks for interdomain routing. machine with the IP address listed in the ❒ Also allows a man in the middle attack and denial source field (Raw IP Interface) of service attacks ❍ Could instead listen/forward or modify incoming packets. ❍ Bad routing tables make a routing black hole where legitimate traffic does not reach 7: Network Security 7: Network Security 23 24 4

Recommend


More recommend