UNIT V

SECURITY PRACTICE AND

SYSTEM SECURITY
• Electronic Mail security:
– PGP, S/MIME
• IP security
• Web Security
• SYSTEM SECURITY:
 Intruders
 Malicious software
 Viruses
 Firewalls.
 Email Security

• E-mail is one of the most widely used and regarded network

services

• currently message contents are not secure

– may be inspected either in transit

– or by suitably privileged users on destination system

 Email Security Enhancements
• confidentiality
– protection from disclosure
• authentication
– of sender of message
• message integrity
– protection from modification
• non-repudiation of origin
– protection from denial by sender
 Security Services For E-mail
• Privacy
• Authentication
• Integrity
• non-repudiation
• proof of submission
• proof of delivery
• message flow confidentiality (did Alice sent Bob a message?)
• Anonymity
• containment (leakage)
• Audit
• Accounting
• self destruct
• message sequence integrity
 Attacks possible through E-mail: Faking
host -t mx [Link]
[Link] mail is handled (pri=100) by [Link]
telnet [Link] 25
Trying [Link]...
Connected to [Link].
Escape character is ’ˆ]’.
220 [Link] -- Server ESMTP (PMDF V5.1-7 #6879)
helo [Link]
250 [Link] OK, [[Link]].
mail from: hgs@[Link]
250 2.5.0 Address Ok.
rcpt to: hgs@[Link]
250 2.1.5 hgs@[Link] OK.
data
354 Enter mail, end with a single ".".
a test
250 2.5.0 Ok.
quit
 Email Tracing
Received: from [Link] ([Link] [[Link]]) by
[Link] (8.8.5/8.6.6) with ESMTP id PAA07654 for
<hgs@[Link]>; Thu, 10 Apr 1997 [Link] -0400 (EDT)
Received: from [Link] (SYSTEM@[Link] [[Link]])
by [Link] (8.8.5/8.6.6) with ESMTP id PAA16005
for <hgs@[Link]>; Thu, 10 Apr 1997 [Link] -0400 (EDT)
Received: from [Link] ([[Link]]) by [Link]
(PMDF V5.1-7 #6879) with SMTP id <01IHJN1HAVHE000TEO@[Link]
hgs@[Link]; Thu, 10 Apr 1997 [Link] EDT
From: hgs@[Link]
Date: Thu, 10 Apr 1997 [Link] -0400 (EDT)
Date-warning: Date header was inserted by [Link]
To: hgs@[Link]
Message-ID: <01IHJN3GBO8Q000TEO@[Link]>
MIME-version: 1.0
Content-Type: TEXT/PLAIN; CHARSET=US-ASCII
Content-Length: 8
a test
 Establishing Public Keys
• email: often no prior meeting of principals

• Use (chain of) certificates:x’s public key is y, signed

“VeriSign”

• selection of certificates – not complete trust or felon!

• easily delivered with mail (but: size)

 Privacy

• multiple recipients-repeated encryption of long message

• only encrypt session key for each recipient

• list exploder: get session key, re-encrypt for each recipient

• local list: need key for each recipient

 Source Authentication

• Address spoofing:

• telnet to almost any SMTP server

• some don’t insert appropriate Received From: header

• one receiver or list: sign with public key

• but: private key-needs to authenticate/sign with exploder

Message Integrity

• authentication always with message integrity

• integrity without authentication: ransom note-no system exists

Non-Repudiation

 Alice cannot deny having sent message to Bob

 may want plausible deniability

• public key: non-repudiable source authentication easy

• secret key: repudiable source authentication easy

 Pretty Good Privacy (PGP)
• widely used de facto secure email

• developed by Phil Zimmermann

• selected best available crypto algs to use

• integrated into a single program

• on Unix, PC, Macintosh and other systems

• originally free, now also have commercial versions available

 PGP Operation – Authentication
1. sender creates message
2. make SHA-1160-bit hash of message
3. attached RSA signed hash to message
4. receiver decrypts & recovers hash code
5. receiver verifies received message hash
 PGP Operation – Confidentiality
1. sender forms 128-bit random session key
2. encrypts message with session key
3. attaches session key encrypted with RSA
4. receiver decrypts & recovers session key
5. session key is used to decrypt message
 PGP Operation – Confidentiality &
Authentication
• can use both services on same message

– create signature & attach to message

– encrypt both message & signature

– attach RSA/ElGamal encrypted session key

 PGP Operation – Compression
• by default PGP compresses message after signing but before
encrypting

– so can store uncompressed message & signature for later

verification

– & because compression is non deterministic

• uses ZIP compression algorithm

 PGP Operation – Email Compatibility

• when using PGP will have binary data to send (encrypted

message etc)
• however email was designed only for text
• hence PGP must encode raw binary data into printable ASCII
characters
• uses radix-64 algorithm
– maps 3 bytes to 4 printable chars
– also appends a CRC
• PGP also segments messages if too big
PGP Operation – Summary
 PGP Session Keys
• need a session key for each message

– of varying sizes: 56-bit DES, 128-bit CAST or IDEA, 168-

bit Triple-DES

• generated using ANSI X12.17 mode

• uses random inputs taken from previous uses and from

keystroke timing of user
 PGP Public & Private Keys
• since many public/private keys may be in use, need to identify
which is actually used to encrypt session key in a message

– could send full public-key with every message

– but this is inefficient

• rather use a key identifier based on key

– is least significant 64-bits of the key

– will very likely be unique

• also use key ID in signatures

PGP Message Format
 PGP Key Rings
• each PGP user has a pair of keyrings:

– public-key ring contains all the public-keys of other PGP

users known to this user, indexed by key ID

– private-key ring contains the public/private key pair(s) for

this user, indexed by key ID & encrypted keyed from a
hashed passphrase

• security of private keys thus depends on the pass-phrase

security
PGP Key Rings
PGP Message Generation
PGP Message Reception
 PGP Key Management
• rather than relying on certificate authorities
• in PGP every user is own CA
– can sign keys for users they know directly
• forms a “web of trust”
– trust keys have signed
– can trust keys others have signed if have a chain of
signatures to them
• key ring includes trust indicators
• users can also revoke their keys
PGP Trust Model Example
S/MIME (Secure/Multipurpose Internet Mail
Extensions)
• security enhancement to MIME email

– original Internet RFC822 email was text only

– MIME provided support for varying content types and

multi-part messages

– with encoding of binary data to textual form

– S/MIME added security enhancements

• have S/MIME support in many mail agents

– eg MS Outlook, Mozilla, Mac Mail etc

 S/MIME Functions

• enveloped data
– encrypted content and associated keys
• signed data
– encoded message + signed digest
• clear-signed data
– cleartext message + encoded signed digest
• signed & enveloped data
– nesting of signed & encrypted entities
 S/MIME Cryptographic Algorithms
• digital signatures: DSS & RSA

• hash functions: SHA-1 & MD5

• session key encryption: ElGamal & RSA

• message encryption: AES, Triple-DES, RC2/40 and others

• MAC: HMAC with SHA-1

• have process to decide which algs to use

 S/MIME Messages
• S/MIME secures a MIME entity with a signature, encryption,
or both
• forming a MIME wrapped PKCS object
• have a range of content-types:
– enveloped data
– signed data
– clear-signed data
– registration request
– certificate only message
 S/MIME Certificate Processing
• S/MIME uses X.509 v3 certificates

• managed using a hybrid of a strict X.509 CA hierarchy &

PGP’s web of trust

• each client has a list of trusted CA’s certs

• and own public/private key pairs & certs

• certificates must be signed by trusted CA’s

 Certificate Authorities
• have several well-known CA’s

• Verisign one of most widely used

• Verisign issues several types of Digital IDs

• increasing levels of checks & hence trust

Class Identity Checks Usage

1 name/email check web browsing/email

2 + enroll/addr check email, subs, s/w validate

3 + ID documents e-banking/service access

 S/MIME Enhanced Security Services

• 3 proposed enhanced security services:

– signed receipts

– security labels

– secure mailing lists

 Domain Keys Identified Mail
• a specification for cryptographically signing email messages

• so signing domain claims responsibility

• recipients / agents can verify signature

• proposed Internet Standard RFC 4871

• has been widely adopted

Internet Mail Architecture
 Email Threats
• see RFC 4684- Analysis of Threats Motivating DomainKeys
Identified Mail

• describes the problem space in terms of:

– range: low end, spammers, fraudsters

– capabilities in terms of where submitted, signed, volume,

routing naming etc

– outside located attackers

 IP Security
• have a range of application specific security mechanisms

– eg. S/MIME, PGP, Kerberos, SSL/HTTPS

• however there are security concerns that cut across protocol

layers

• would like security implemented by the network for all

applications
 IP Security
• general IP Security mechanisms

• provides

– authentication

– confidentiality

– key management

• applicable to use over LANs, across public & private WANs,

& for the Internet

• need identified in 1994 report

– need authentication, encryption in IPv4 & IPv6

IP Security Uses
 Benefits of IPSec
• in a firewall/router provides strong security to all traffic
crossing the perimeter

• in a firewall/router is resistant to bypass

• is below transport layer, hence transparent to applications

• can be transparent to end users

• can provide security for individual users

• secures routing architecture

 IP Security Architecture
• specification is quite complex, with groups:
– Architecture
• RFC4301 Security Architecture for Internet Protocol
– Authentication Header (AH)
• RFC4302 IP Authentication Header
– Encapsulating Security Payload (ESP)
• RFC4303 IP Encapsulating Security Payload (ESP)
– Internet Key Exchange (IKE)
• RFC4306 Internet Key Exchange (IKEv2) Protocol
– Cryptographic algorithms
– Other
 IPSec Services
• Access control

• Connectionless integrity

• Data origin authentication

• Rejection of replayed packets

– a form of partial sequence integrity

• Confidentiality (encryption)

• Limited traffic flow confidentiality

 Transport and Tunnel Modes
• Transport Mode

– to encrypt & optionally authenticate IP data

– can do traffic analysis but is efficient

– good for ESP host to host traffic

• Tunnel Mode

– encrypts entire IP packet

– add new header for next hop

– no routers on way can examine inner IP header

– good for VPNs, gateway to gateway security

 Transport
and
Tunnel Modes
 Transport
and
Tunnel Mode
Protocols
 Security Associations
• a one-way relationship between sender & receiver that affords
security for traffic flow
• defined by 3 parameters:
– Security Parameters Index (SPI)
– IP Destination Address
– Security Protocol Identifier
• has a number of other parameters
– seq no, AH & EH info, lifetime etc
• have a database of Security Associations
 Security Policy Database
• relates IP traffic to specific SAs
– match subset of IP traffic to relevant SA
– use selectors to filter outgoing traffic to map
– based on: local & remote IP addresses, next layer protocol,
name, local & remote ports
 Encapsulating Security Payload (ESP)

• provides message content confidentiality, data origin

authentication, connectionless integrity, an anti-replay service,
limited traffic flow confidentiality

• services depend on options selected when establish Security

Association (SA), net location

• can use a variety of encryption & authentication algorithms

Encapsulating Security Payload
 Encryption & Authentication Algorithms &
Padding
• ESP can encrypt payload data, padding, pad length, and next header
fields
– if needed have IV at start of payload data
• ESP can have optional ICV for integrity
– is computed after encryption is performed
• ESP uses padding
– to expand plaintext to required length
– to align pad length and next header fields
– to provide partial traffic flow confidentiality
 Anti-Replay Service
• replay is when attacker resends a copy of an authenticated packet

• use sequence number to thwart this attack

• sender initializes sequence number to 0 when a new SA is

established

– increment for each packet

– must not exceed limit of 232 – 1

• receiver then accepts packets with seq no within window of (N –

W+1)
 Combining Security Associations
• SA’s can implement either AH or ESP
• to implement both need to combine SA’s
– form a security association bundle
– may terminate at different or same endpoints
– combined by
• transport adjacency
• iterated tunneling
• combining authentication & encryption
– ESP with authentication, bundled inner ESP & outer AH,
bundled inner transport & outer ESP
Combining Security Associations
 IPSec Key Management
• handles key generation & distribution

• typically need 2 pairs of keys

– 2 per direction for AH & ESP

• manual key management

– sysadmin manually configures every system

• automated key management

– automated system for on demand creation of keys for SA’s

in large systems

– has Oakley & ISAKMP elements

 Oakley
• a key exchange protocol

• based on Diffie-Hellman key exchange

• adds features to address weaknesses

– no info on parties, man-in-middle attack, cost

– so adds cookies, groups (global params), nonces, DH key

exchange with authentication

• can use arithmetic in prime fields or elliptic curve fields

 ISAKMP

• Internet Security Association and Key Management Protocol

• provides framework for key management

• defines procedures and packet formats to establish, negotiate,

modify, & delete SAs

• independent of key exchange protocol, encryption alg, &

authentication method

• IKEv2 no longer uses Oakley & ISAKMP terms, but basic

functionality is same
IKEV2 Exchanges
ISAKMP
 IKE Payloads & Exchanges
• have a number of ISAKMP payload types:

– Security Association, Key Exchange, Identification,

Certificate, Certificate Request, Authentication, Nonce,
Notify, Delete, Vendor ID, Traffic Selector, Encrypted,
Configuration, Extensible Authentication Protocol

• payload has complex hierarchical structure

• may contain multiple proposals, with multiple protocols &

multiple transforms
 Cryptographic Suites
• variety of cryptographic algorithm types
• to promote interoperability have
– RFC4308 defines VPN cryptographic suites
• VPN-A matches common corporate VPN security using
3DES & HMAC
• VPN-B has stronger security for new VPNs implementing
IPsecv3 and IKEv2 using AES
– RFC4869 defines four cryptographic suites compatible with US
NSA specs
• provide choices for ESP & IKE
• AES-GCM, AES-CBC, HMAC-SHA, ECP, ECDSA
 Web Security
• Web now widely used by business, government, individuals
• but Internet & Web are vulnerable
• have a variety of threats
– integrity
– confidentiality
– denial of service
– authentication
• need added security mechanisms
Web Traffic Security Approaches
 General Description of SSL/TLS
Terminology:

• SSL: Secure Socket Layer

• TLS: Transport Layer Security

• Concept: secure connections on top of TCP

 OS independent

 TCP instead of UDP

Cons: Rogue packet problem

Pro: SSL/TLS doesn’t have to deal with packet retransmission

 Cntd..
• History:

• SSLv2 proposed and deployed in Netscape 1.1 (1995)

• PCT (Private Communications Technology) by Microsoft

• SSLv3: most commonly used (1995)

• TLS proposed by the IETF based on SSLv3 but not compatible

(1996)

• Uses patent free DH and DSS instead of RSA which patent

didn’t expire yet
 SSL Architecture
SSL session

• An association between client & server

• Created by the Handshake Protocol

• Defines a set of cryptographic parameters

• May be shared by multiple SSL connections

SSL connection

• A transient, peer-to-peer, communications link

• Associated with 1 SSL session

 SSL/TLS Basic Protocol
SSL/TLS partitions TCP byte stream into records:

• A record has: header, cryptographic protection => provides a

reliable encrypted, and integrity protected stream of octet

Record types:

 User data

 Handshake messages

 Alerts: error messages or notification of connection closure

 Change cipher spec

Cntd..
 Cntd..
• How do you make sure that keyed hash in message 3 is different
from B’s response?

• Include a constant CLNT/client finished(in SSL/TLS) for A and

SRVR/server finished for B

• Keyed hash is sent encrypted and integrity protected for no real

reason

• Keys: derived by hashing K and RA and RB

• 3 keys in each direction: encryption, integrity and IV

• Write keys (to send: encrypt, integrity protect)

• Read keys (to receive: decrypt, integrity check)

 What’s still missing?
• SSL/TLS allowed to authenticate the server

• How would the server authenticate the user?

SSL/TLS allows clients to authenticate using certificates:

• B requests a certificate in message 2

• A sends: certificate, signature of hash of the handshake

messages
 Session Resumption
Many secure connections can be derived from the session
• Cheap: how?
• Session initiation: modify message 2
• B-> A: session_id, certificate, cipher, RB
• Aand Bremember: (session_id, master key)
• To resume a session: Apresents the session_id in message 1
• A-> B: session_id, ciphers I support, RA
• B -> A: session_id, cipher I choose, RB, {keyed hash of
handshake msgs}
• A -> B: {keyed hash of handshake msgs}
• A<-> B: data encrypted and integrity checked with keys
derived from K
 Computing the Keys

S: pre-master secret (forget it after establishing K)

• K= f(S, RA, RB)

• 6 keys = gi(K, RA, RB)

• Rs: 32 bytes (usually the first 4 bytes are Unix time)

 PKI in SSL
• Client comes configured with a list of “trusted organizations”:
CA

• What happens when the server sends its certificate?

• When the server whishes to authenticate the client:

• Server sends a list of CA it trusts and types of keys it can

handle

• In SSLv3 and TLS a chain of certificates can be sent

 Negotiating Cipher Suites
A cipher suite is a complete package:
• (encryption algorithm, key length, integrity checksum algorithm,etc.)
• Cipher suites are predefined:
• Each assigned a unique value (contrast with IKE)
• SSLv2: 3 bytes, SSLv3: 2 bytes => upto65000 combinations
• 30 defined,
• 256 reserved for private use: FFxx(risk of non-interoperability)
• Selection decision:
• In v3 A proposes, B chooses
• In v2 A proposes, B returns acceptable choices, and A chooses
• Suite names examples:
• SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
• SSL2_RC4_128_WITH_MD5
 Attacks fixed in v3
Downgrade attack:
• In SSLv2 there is no integrity protection for the initial
handshake
• Active attacker can remove strong crypto algorithm from
proposed cipher suite by A =>forcing A and B to agree on a
weak cipher
• Fixed by adding a finished message containing a hash of
previous messages
• Truncation attack:
• Without the finished message an attacker can send a TCP FIN
message and close the connection without communicating
nodes detecting it
SSL Stack
 SSL Record Protocol
• SSL Record Protocol defines these two services for SSL
connections:

Confidentiality

• Using symmetric encryption with a shared secret key defined

by Handshake Protocol

• IDEA, RC2-40, DES-40, DES, 3DES, Fortezza, RC4-40,

RC4-128

• CBC mode (except for RC4)

• Message is compressed before encryption

 SSL Record Protocol
Message integrity
• Using a MAC with shared secret key
• Based on HMAC and MD5 or SHA (with a padding difference due
to a typo in an early draft of HMAC RFC2104)
• Records sent after Change Cipher Spec record are cryptographically
protected
• Record header:
• [record type, version number, length]
• Change Cipher Spec= 20, Alert = 21, Handshake = 22,
Application_data = 23
 SSL Change Cipher Spec Protocol
• One of 3 SSL-specific protocols which use the SSL Record
Protocol

Single message

Causes pending state to become current

• all records following this will be protected with the ciphers

agreed upon
 SSL Alert Protocol
Conveys SSL-related alerts to peer entity
• Severity
• warning or fatal
• Specific alerts
• Unexpected message, bad record mac, decompression failure,
handshake failure, illegal parameter
• Close notify, no certificate, bad certificate, unsupported certificate,
certificate revoked, certificate expired, certificate unknown
• Compressed & encrypted
 SSL Handshake Protocol
Allows server & client to:
• Authenticate each other
• Negotiate encryption & MAC algorithms
• Negotiate cryptographic keys to be used
• Comprises a series of messages in phases
• Establish Security Capabilities
• Server Authentication and Key Exchange
• Client Authentication and Key Exchange
• Finish
 Handshake Messages
• ClientHellomessage: [type=1, length, version number, RA, length
of session_id, session_id, length of cipher suite list, sequence of
cipher suites, list of compression methods]

• ServerHello: [type=2, length, version number, RB, length of

session_id, session_id, chosen cipher, chosen compression method]

• Certificate: [type=11, length, length of first certificate, first

certificate, …]

• ServerKeyExchange:(for export: ephemeral public key) [type=12,

length, length of modulus, modulus, length of exponent, exponent]
 Cntd..
• CertificateRequest: [type=13, length, length of key type list, list of
types of keys, length of CA name list, length of first CA name,
1stCA name, …]

• ServerHelloDone: [type=14, length=0]

• ClientKeyExchange: [type=16, length, encrypted pre-master

secret]

• CertificateVerify: [type=15, length, length of signature, signature]

• HandshakeFinished: [type=20, length=36 (SSL) or 12 (TLS),

digest]
SSL Handshake Protocol
 Exportability Issues
Exportable suites in SSLv2:
• 40 secret bits out of 128 in symmetric keys
• 512-bits RSA keys
• Exportability in SSLv3:
• Integrity keys computed the same way
• Encryption keys: 40 bits secret
• IV non-secret
• When a domestic server (e.g., 1024-bit RSA key) communicates
with an external client the server creates an ephemeral key of 512-
bits and signs it with it’s 1024-bit key
 TLS (Transport Layer Security)
IETF standard RFC 2246 similar to SSLv3
• Minor differences
• Record format version number
• HMAC for MAC
• Pseudo-random function to expand the secrets
• Additional alert codes
• Changes in supported ciphers
• Changes in certificate negotiations
• Changes in use of padding
 Secure Electronic Transactions (SET)
• open encryption & security specification

• to protect Internet credit card transactions

• developed in 1996 by Mastercard, Visa etc

• not a payment system

• rather a set of security protocols & formats

– secure communications amongst parties

– trust from use of X.509v3 certificates

– privacy by restricted info to those who need it

SET Components
 SET Transaction
1. customer opens account
2. customer receives a certificate
3. merchants have their own certificates
4. customer places an order
5. merchant is verified
6. order and payment are sent
7. merchant requests payment authorization
8. merchant confirms order
9. merchant provides goods or service
10. merchant requests payment
 Dual Signature
• customer creates dual messages

– order information (OI) for merchant

– payment information (PI) for bank

• neither party needs details of other

• but must know they are linked

• use a dual signature for this

– signed concatenated hashes of OI & PI

Purchase Request – Customer
Purchase Request – Merchant
 Purchase Request – Merchant
1. verifies cardholder certificates using CA sigs

2. verifies dual signature using customer's public signature key

to ensure order has not been tampered with in transit & that it
was signed using cardholder's private signature key

3. processes order and forwards the payment information to the

payment gateway for authorization (described later)

4. sends a purchase response to cardholder

 Payment Gateway Authorization
1. verifies all certificates
2. decrypts digital envelope of authorization block to obtain
symmetric key & then decrypts authorization block
3. verifies merchant's signature on authorization block
4. decrypts digital envelope of payment block to obtain symmetric
key & then decrypts payment block
5. verifies dual signature on payment block
6. verifies that transaction ID received from merchant matches that in
PI received (indirectly) from customer
7. requests & receives an authorization from issuer
8. sends authorization response back to merchant
 Payment Capture
• merchant sends payment gateway a payment capture request

• gateway checks request

• then causes funds to be transferred to merchants account

• notifies merchant using capture response

 Firewalls

• Effective means of protection a local system or network of

systems from network-based security threats while affording
access to the outside world via WAN`s or the Internet

• Information systems undergo a steady evolution (from small

LAN`s to Internet connectivity)

• Strong security features for all workstations and servers not

established
 The Role of Firewalls
• A firewall is a term used for a ``barrier'' between a network of machines
and users that operate under a common security policy and generally trust
each other, and the outside world.

• There are two basic reasons for using a firewall at present: to save money
in concentrating your security on a small number of components, and to
simplify the architecture of a system by restricting access only to machines
that trust each other.

• Firewalls are often regarded as some as an irritation because they are often
regarded as an impediment to accessing resources.
 Cntd..
• There is a fairly large group of determined and capable individuals around
the world who take pleasure in breaking into systems.
• Other than the sense of insecurity that it has instilled in society, the amount
of actual damage that has been caused is relatively slight. It highlights the
fact that essentially any system can be compromised if an adversary is
determined enough.
• It is a tried and true method to improve security within DOD projects to
have a ``black hat'' organization that attempts to break into systems rather
than have them found by your real adversaries.
• By bringing the vulnerabilities of systems to the forefront, the Internet
hackers have essentially provided this service, and an impetus to improve
existing systems.
Benefits of Firewall
 Firewall related Terminology
• Firewall A device or group of devices that enforces an access control
policy among networks. Firewalls connect protected and unprotected
networks, or support tri-homing, which allows a DMZ network.

• Protected network A network segment or segments to which access is

controlled. Protected networks are sometimes called "internal networks,"

• Unprotected network A network segment or segments to which access is

not controlled by the firewall.

• Demilitarized zone (DMZ) A network segment or segments located

between protected and unprotected networks. The DMZ may not be
connected to the protected network in any way. The DMZ may also
include perimeter defense systems.
 Cntd..
• Dual-homed firewall A firewall with two interfaces, one attached to the
protected network and one attached to the unprotected network.
• Tri-homed firewall A tri-homed firewalls connect three network segments
with different network addresses. Typically, these would be protected,
DMZ, and unprotected segments.
• Proxy A request for a connection made on behalf of a host. A proxy stands
between the protected and unprotected network.
• Network address translation A method of mapping one or more private,
reserved IP addresses to one or more public IP addresses. NAT was defined
to conserve IPv4 address space and refer to a specific block of IP addresses
that are never recognized or routed on the Internet. It allows organizations
to use their own internal IP addressing scheme
 Cntd..
• Application proxy A proxy service that is set up and torn down in
response to a client request, rather than existing on a static basis (as
is the case with circuit proxies). The application proxy performs all
of the services of a proxy, but for specific applications.
• Circuit proxy A proxy service that statically defines which traffic
will be forwarded. The circuit proxy is a special function performed
by application proxies, usually to support proxy connection between
internal users and outside hosts.
• Policy A document defining acceptable access to protected, DMZ,
and unprotected networks. Security policies set general guidelines
for what is and is not acceptable network access.
 Cntd..
• Rule set The collection of access control rules that determines
which packets are forwarded or dropped.
• Allowed traffic Packets forwarded as a result of the rule set.

• Illegal traffic Packets specified for rejection in the rule set.

• Rejected traffic Packets dropped as a result of the rule set.

• Authentication The process of verifying that a user requesting a

network resource is who he, she, or it claims to be, and vice versa.
Security association The set of security information related to a
given network connection or set of connections.
 Cntd..
• Packet filtering The process of controlling access by examining packets
based on the content of packet headers. Header information, such as IP
address or TCP port number, is examined to determine whether a packet
should be forwarded or rejected, based on a rule set.
• Stateful packet filtering The process of forwarding or rejecting traffic
based on the contents of a state table maintained by a firewall. When
stateful filtering is used, packets are only forwarded if they belong to a
connection that has already been established and that is being tracked in a
state table.
• Logging The recording of user requests made to the firewall. All requests
are typically logged, including allowed, illegal, and rejected traffic.
 Types of Firewalls

• Three common types of Firewalls:

– Packet-filtering routers

– Application-level gateways

– Circuit-level gateways

– (Bastion host)
 Types of Firewalls

• Packet-filtering Router
 Types of Firewalls

• Packet-filtering Router

– Applies a set of rules to each incoming IP packet and then

forwards or discards the packet

– Filter packets going in both directions

– The packet filter is typically set up as a list of rules based

on matches to fields in the IP or TCP header

– Two default policies (discard or forward)

 Types of Firewalls
• Advantages:
– Simplicity
– Transparency to users
– High speed
• Disadvantages:
– Difficulty of setting up packet filter rules
– Lack of Authentication
• Possible attacks and appropriate countermeasures
– IP address spoofing
– Source routing attacks
– Tiny fragment attacks
 Types of Firewalls

• Application-level Gateway
 Types of Firewalls
• Application-level Gateway
– Also called proxy server
– Acts as a relay of application-level traffic
• Advantages:
– Higher security than packet filters
– Only need to scrutinize a few allowable applications
– Easy to log and audit all incoming traffic
• Disadvantages:
– Additional processing overhead on each connection (gateway as
splice point)
 Types of Firewalls

• Circuit-level Gateway
 Types of Firewalls

• Circuit-level Gateway

– Stand-alone system or

– Specialized function performed by an Application-level

Gateway

– Sets up two TCP connections

– The gateway typically relays TCP segments from one

connection to the other without examining the contents
 Types of Firewalls

• Circuit-level Gateway

– The security function consists of determining which

connections will be allowed

– Typically use is a situation in which the system

administrator trusts the internal users

– An example is the SOCKS package

 Types of Firewalls
• Bastion Host

– A system identified by the firewall administrator as a critical

strong point in the network´s security

– The bastion host serves as a platform for an application-level or

circuit-level gateway

• In addition to the use of simple configuration of a single system

(single packet filtering router or single gateway), more complex
configurations are possible

• Three common configurations

 Firewall Configurations

• Screened host firewall system (single-homed bastion host)

 Firewall Configurations

• Screened host firewall, single-homed bastion configuration

• Firewall consists of two systems:

– A packet-filtering router

– A bastion host

• Configuration for the packet-filtering router:

– Only packets from and to the bastion host are allowed to

pass through the router

• The bastion host performs authentication and proxy functions

 Firewall Configurations

• Greater security than single configurations because of two

reasons:

– This configuration implements both packet-level and

application-level filtering (allowing for flexibility in
defining security policy)

– An intruder must generally penetrate two separate systems

– This configuration also affords flexibility in providing

direct Internet access (public information server, e.g. Web
server)
 Firewall Configurations

• Screened host firewall system (dual-homed bastion host)

 Firewall Configurations

• Screened host firewall, dual-homed bastion configuration

– The packet-filtering router is not completely compromised

– Traffic between the Internet and other hosts on the private

network has to flow through the bastion host

• Screened-subnet firewall system

 Firewall Configurations
• Screened subnet firewall configuration

– Most secure configuration of the three

– Two packet-filtering routers are used

– Creation of an isolated sub-network

• Advantages:

– Three levels of defense to thwart intruders

– The outside router advertises only the existence of the screened

subnet to the Internet (internal network is invisible to the
Internet)
 Firewall Configurations

• Disadvantages:

– The inside router advertises only the existence of the

screened subnet to the internal network (the systems on the
inside network cannot construct direct routes to the
Internet)
 Firewall Design Principles
• The firewall is inserted between the premises network and the
Internet

• Aims:

– Establish a controlled link

– Protect the premises network from Internet-based attacks

– Provide a single choke point

 Firewall Characteristics
• Design goals:

– All traffic from inside to outside must pass through the

firewall (physically blocking all access to the local network
except via the firewall)

– Only authorized traffic (defined by the local security

police) will be allowed to pass
 Firewall Characteristics
• Design goals:
– The firewall itself is immune to penetration (use of trusted
system with a secure operating system)
• Four general techniques:
• Service control
– Determines the types of Internet services that can be accessed,
inbound or outbound
• Direction control
– Determines the direction in which particular service requests are
allowed to flow
 Cntd..

• User control

– Controls access to a service according to which user is

attempting to access it

• Behavior control

– Controls how particular services are used (e.g. filter e-mail)

 Intruders
• significant issue for networked systems is hostile or unwanted
access

• either via network or local

• can identify classes of intruders:

– masquerader

– misfeasor

– clandestine user

• varying levels of competence

 Intruders
• clearly a growing publicized problem

– from “Wily Hacker” in 1986/87

– to clearly escalating CERT status

• may seem benign, but still cost resources

• may use compromised system to launch other attacks

• awareness of intruders has led to the development of CERTs

 Intrusion Techniques
• aim to gain access and/or increase privileges on a system

• basic attack methodology

– target acquisition and information gathering

– initial access

– privilege escalation

– covering tracks

• key goal often is to acquire passwords

• so then exercise access rights of owner

 Password Capture
• another attack involves password capture
– watching over shoulder as password is entered
– using a trojan horse program to collect
– monitoring an insecure network login
• eg. telnet, FTP, web, email
– extracting recorded info after successful login (web
history/cache, last number dialed etc)
• using valid login/password can impersonate user
• users need to be educated to use suitable
precautions/countermeasures
 Intrusion Detection
• inevitably will have security failures

• so need also to detect intrusions so can

– block if detected quickly

– act as deterrent

– collect info to improve security

• assume intruder will behave differently to a legitimate user

– but will have imperfect distinction between

 Password Guessing
• one of the most common attacks
• attacker knows a login (from email/web page etc)
• then attempts to guess password for it
– defaults, short passwords, common word searches
– user info (variations on names, birthday, phone, common
words/interests)
– exhaustively searching all possible passwords
• check by login or against stolen password file
• success depends on password chosen by user
• surveys show many users choose poorly
 Approaches to Intrusion Detection

• statistical anomaly detection

– threshold

– profile based

• rule-based detection

– anomaly

– penetration identification
 Audit Records
• fundamental tool for intrusion detection

• native audit records

– part of all common multi-user O/S

– already present for use

– may not have info wanted in desired form

• detection-specific audit records

– created specifically to collect wanted info

– at cost of additional overhead on system

 Statistical Anomaly Detection
• threshold detection

– count occurrences of specific event over time

– if exceed reasonable value assume intrusion

– alone is a crude & ineffective detector

• profile based

– characterize past behavior of users

– detect significant deviations from this

– profile usually multi-parameter

 Audit Record Analysis

• foundation of statistical approaches

• analyze records to get metrics over time

– counter, gauge, interval timer, resource use

• use various tests on these to determine if current behavior is

acceptable

– mean & standard deviation, multivariate, markov process,

time series, operational

• key advantage is no prior knowledge used

 Rule-Based Intrusion Detection
• observe events on system & apply rules to decide if activity is
suspicious or not
• rule-based anomaly detection
– analyse historical audit records to identify usage patterns &
auto-generate rules for them
– then observe current behaviour & match against rules to see
if conforms
– like statistical anomaly detection does not require prior
knowledge of security flaws
 Rule-Based Intrusion Detection
• rule-based penetration identification
– uses expert systems technology
– with rules identifying known penetration, weakness
patterns, or suspicious behaviour
– compare audit records or states against rules
– rules usually machine & O/S specific
– rules are generated by experts who interview & codify
knowledge of security admins
– quality depends on how well this is done
 Base-Rate Fallacy
• practically an intrusion detection system needs to detect a
substantial percentage of intrusions with few false alarms

– if too few intrusions detected -> false security

– if too many false alarms -> ignore / waste time

• this is very hard to do

• existing systems seem not to have a good record

 Distributed Intrusion Detection

• traditional focus is on single systems

• but typically have networked systems

• more effective defense has these working together to detect

intrusions

• issues

– dealing with varying audit record formats

– integrity & confidentiality of networked data

– centralized or decentralized architecture

Distributed Intrusion Detection - Architecture
Distributed Intrusion Detection – Agent
Implementation
 Honey pots
• decoy systems to lure attackers

– away from accessing critical systems

– to collect information of their activities

– to encourage attacker to stay on system so administrator

can respond

• are filled with fabricated information

• instrumented to collect detailed information on attackers

activities

• single or multiple networked systems

 Password Management
• front-line defense against intruders

• users supply both:

– login – determines privileges of that user

– password – to identify them

• passwords often stored encrypted

– Unix uses multiple DES (variant with salt)

– more recent systems use crypto hash function

• should protect password file on system

 Password Studies
• Purdue 1992 - many short passwords

• Klein 1990 - many guessable passwords

• conclusion is that users choose poor passwords too often

• need some approach to counter this

 Managing Passwords - Education
• can use policies and good user education
• educate on importance of good passwords
• give guidelines for good passwords
– minimum length (>6)
– require a mix of upper & lower case letters, numbers,
punctuation
– not dictionary words
• but likely to be ignored by many users
 Managing Passwords - Computer Generated
• let computer create passwords

• if random likely not memorisable, so will be written down (sticky

label syndrome)

• even pronounceable not remembered

• have history of poor user acceptance

• FIPS PUB 181 one of best generators

– has both description & sample code

– generates words from concatenating random pronounceable

syllables
 Managing Passwords - Reactive Checking

• reactively run password guessing tools

– note that good dictionaries exist for almost any

language/interest group

• cracked passwords are disabled

• but is resource intensive

• bad passwords are vulnerable till found

 Managing Passwords - Proactive Checking

• most promising approach to improving password security

• allow users to select own password

• but have system verify it is acceptable

– simple rule enforcement (see earlier slide)

– compare against dictionary of bad passwords

– use algorithmic (markov model or bloom filter) to detect

poor choices
 Viruses and Other Malicious Content

• computer viruses have got a lot of publicity

• one of a family of malicious software

• effects usually obvious

• have figured in news reports, fiction, movies (often

exaggerated)

• getting more attention than deserve

• are a concern though

Malicious Software (Malware)
 Trapdoors

• secret entry point into a program

• allows those who know access bypassing usual security
procedures
• have been commonly used by developers
• a threat when left in production programs allowing exploited
by attackers
• very hard to block in O/S
• requires good s/w development & update
 Logic Bomb
• one of oldest types of malicious software
• code embedded in legitimate program
• activated when specified conditions met
– eg presence/absence of some file
– particular date/time
– particular user
• when triggered typically damage system
– modify/delete files/disks
 Trojan Horse
• program with hidden side-effects

• which is usually superficially attractive

– eg game, s/w upgrade etc

• when run performs some additional tasks

– allows attacker to indirectly gain access they do not have

directly

• often used to propagate a virus/worm or install a backdoor

• or simply to destroy data

 Zombie
• program which secretly takes over another networked
computer

• then uses it to indirectly launch attacks

• often used to launch distributed denial of service (DDoS)

attacks

• exploits known flaws in network systems

 Viruses

• a piece of self-replicating code attached to some other code

– cf biological virus

• both propagates itself & carries a payload

– carries code to make copies of itself

– as well as code to perform some covert task

 Virus Operation
• virus phases:

– dormant – waiting on trigger event

– propagation – replicating to programs/disks

– triggering – by event to execute payload

– execution – of payload

• details usually machine/OS specific

– exploiting features/weaknesses
During its lifetime, a typical virus goes through the following four
phases:
 Dormant phase: The virus is idle. The virus will
eventually be activated by some event, such as a date,
the presence of another program or file, or the capacity
of the disk exceeding some limit. Not all viruses have
this stage.
 Propagation phase: The virus places a copy of itself
into other programs or into certain system areas on the
disk. The copy may not be identical to the propagating
version; viruses often morph to evade detection. Each
infected program will now contain a clone of the virus,
which will itself enter a propagation phase.
 Triggering phase: The virus is activated to
perform the function for which it was
intended. As with the dormant phase, the
triggering phase can be caused by a variety of
system events, including a count of the
number of times that this copy of the virus has
made copies of itself.
 Execution phase: The function is performed.
The function may be harmless, such as a
message on the screen, or damaging, such as
the destruction of programs and data files.
 Virus Structure
program V :=
{goto main;
1234567;
subroutine infect-executable := {loop:
file := get-random-executable-file;
if (first-line-of-file = 1234567) then goto loop
else prepend V to file; }
subroutine do-damage := {whatever damage is to be done}
subroutine trigger-pulled := {return true if some
condition holds}
main: main-program := {infect-executable;
if trigger-pulled then do-damage;
goto next;}
next:
}
 The following pseudocode fragment shows how a simple computer
virus works.
beginvirus:
if spread-condition then begin
for some set of target files do begin
if target is not infected then
begin
determine where to place
virus instructions
copy instructions from
beginvirus to endvirus into target
alter target to execute
added instructions
end;
end;
end;
perform some action(s)
goto beginning of infected program
endvirus:
 Types of Viruses

• can classify on basis of how they attack

• parasitic virus

• memory-resident virus

• boot sector virus

• stealth

• polymorphic virus

• macro virus
 Macro Virus
• macro code attached to some data file
• interpreted by program using file
– eg Word/Excel macros
– esp. using auto command & command macros
• code is now platform independent
• is a major source of new viral infections
• blurs distinction between data and program files making task
of detection much harder
• classic trade-off: "ease of use" vs "security"
 Email Virus
• spread using email with attachment containing a macro virus

– cf Melissa

• triggered when user opens attachment

• or worse even when mail viewed by using scripting features in

mail agent

• usually targeted at Microsoft Outlook mail agent &

Word/Excel documents
 Worms
• replicating but not infecting program
• typically spreads over a network
– cf Morris Internet Worm in 1988
– led to creation of CERTs
• using users distributed privileges or by exploiting system
vulnerabilities
• widely used by hackers to create zombie PC's, subsequently used
for further attacks, esp DoS
• major issue is lack of security of permanently connected systems,
esp PC's
 Worm Operation
• worm phases like those of viruses:
– dormant
– propagation
• search for other systems to infect
• establish connection to target remote system
• replicate self onto remote system
– triggering
– execution
 Morris Worm

• best known classic worm

• released by Robert Morris in 1988

• targeted Unix systems

• using several propagation techniques

– simple password cracking of local pw file

– exploit bug in finger daemon

– exploit debug trapdoor in send mail daemon

• if any attack succeeds then replicated self

 Recent Worm Attacks
• new spate of attacks from mid-2001
• Code Red
– exploited bug in MS IIS to penetrate & spread
– probes random IPs for systems running IIS
– had trigger time for denial-of-service attack
– 2nd wave infected 360000 servers in 14 hours
• Code Red 2
– had backdoor installed to allow remote control
• Nimda
– used multiple infection mechanisms
• email, shares, web client, IIS, Code Red 2 backdoor
 Virus Countermeasures

• viral attacks exploit lack of integrity control on systems

• to defend need to add such controls

• typically by one or more of:

– prevention - block virus infection mechanism

– detection - of viruses in infected system

– reaction - restoring system to clean state

 Anti-Virus Software
• first-generation
– scanner uses virus signature to identify virus
– or change in length of programs
• second-generation
– uses heuristic rules to spot viral infection
– or uses program checksums to spot changes
• third-generation
– memory-resident programs identify virus by actions
• fourth-generation
– packages with a variety of antivirus techniques
– eg scanning & activity traps, access-controls
 Advanced Anti-Virus Techniques

• generic decryption

– use CPU simulator to check program signature & behavior

before actually running it

• digital immune system (IBM)

– general purpose emulation & virus detection

– any virus entering org is captured, analyzed,

detection/shielding created for it, removed
 Behavior-Blocking Software
• integrated with host O/S
• monitors program behavior in real-time
– eg file access, disk format, executable mods, system
settings changes, network access
• for possibly malicious actions
– if detected can block, terminate, or seek ok
• has advantage over scanners
• but malicious code runs before detection
 Trusted Computer Systems
• information security is increasingly important
• have varying degrees of sensitivity of information
– cf military info classifications: confidential, secret etc
• subjects (people or programs) have varying rights of access to
objects (information)
• want to consider ways of increasing confidence in systems to
enforce these rights
• known as multilevel security
– subjects have maximum & current security level
– objects have a fixed security level classification
 Bell LaPadula (BLP) Model
• one of the most famous security models
• implemented as mandatory policies on system
• has two key policies:
• no read up (simple security property)
– a subject can only read/write an object if the current security
level of the subject dominates (>=) the classification of the
object
• no write down (*-property)
– a subject can only append/write to an object if the current
security level of the subject is dominated by (<=) the
classification of the object
Reference Monitor
 Evaluated Computer Systems
• governments can evaluate IT systems

• against a range of standards:

– TCSEC, IPSEC and now Common Criteria

• define a number of “levels” of evaluation with increasingly

stringent checking

• have published lists of evaluated products

– though aimed at government/defense use

– can be useful in industry also