Security (Part 2) School of Business Eastern Illinois University © Abdou Illia, Spring 2007 (Week 13, Thursday 4/5/2007)
Dec 20, 2015
Security (Part 2)
School of BusinessEastern Illinois University
© Abdou Illia, Spring 2007
(Week 13, Thursday 4/5/2007)
2Learning Objectives
Discuss security goals
Discuss defense systems against– Intercepting confidential messages– DoS attacks– Malware attacks
3Security Goals
If eavesdropping and message alteration attacks succeed, in which of the following ways the victims could be affected?
a) Data files stored on hard drives might be deleted
b) Data files stored on hard drives might be altered
c) Data being transmitted could be altered
d) Data being transmitted could be intercepted and used by the attacker
e) Users might not be able to get network services for a certain period of time
f) The network might slow down
Confidentiality = Main goal of implementing defense systems against eavesdropping and message alteration.
4Security Goals
If a malware attack succeeds, in which of the following ways the victims could be affected?
a) Data files stored on hard drives might be deleted
b) Data files stored on hard drives might be altered
c) Data being transmitted could be altered
d) Data being transmitted could be intercepted and used by the attacker
e) Users might not be able to get network services for a certain period of time
f) The network might slow down
Integrity = Main goal of implementing defense systems against malware attacks.
5Security Goals
If a DoS attack succeeds, in which of the following ways the victims could be affected?
a) Data files stored on hard drive might be deleted
b) Data files stored on hard drives might be altered
c) Data being transmitted could be altered
d) Data being transmitted could be intercepted and used by the attacker
e) Users might not be able to get network services for a certain period of time
f) The network might slow down
Availability = Main goal of implementing defense systems against DoS attacks.
6
Security Goals CIA is the key word in implementing
security–Confidentiality of communications
–Integrity of data
–Availability of network services and resources
7Encryption-Decryption techniques Cryptography is the study of creating and using
encryption and decryption techniques.
Plaintext is the data before any encryption has been performed
Ciphertext is the data after encryption has been performed
The key is the unique piece of information that is used to create ciphertext and decrypt the ciphertext back into plaintext
8Encryption-Decryption techniques
Key = COMPUTER SCIENCE
Plaintext = this is the account number you have requested
Algorithm based on Vigenere matrix
9Encryption-Decryption techniques
1) Look at the first letter in the plaintext (T)
2) Look at the corresponding key character immediately above it (C)
3) C tells us to use row C of Vigenere matrix to perform alphabetic substitution for plaintext character T
4) Go to column T in row C and find the cipher character V
5) Repeat Steps 1 through 4 for every character of the plaintext.
COMPUTERSCIENCECOMPUTERSCIENCECOMPUTERSCIENCE
Thisistheaccountnumberyouhaverequested
10Encryption and Decryption techniques
Encryption algorithm cannot be kept secret
Key must be kept secret
Plaintext Encryption Ciphertext Decryption Plaintext
AlgorithmKey
AlgorithmKey
TransmittedOriginalMessage
OriginalMessage
11Encryption: Key Length Key can be “guessed” by exhaustive search
– Try all possible keys– See which one decrypts the message
Long keys make exhaustive search difficult
– If length is n bits, 2n tries may be needed
– If key length is 8 bits, only 256 tries maximum
– Usually, Key Length ≥ 56 bits
Assume a key is 56 bits. If it takes 0.00024 seconds to try each key, how long will it take to try all possible keys? What if 10000 computers are working together to try all key combinations?
12Encryption-Decryption methods
Symmetric key encryption method– Use a single key for Encryption-Decryption– Examples: Data Encryption Standard (DES), 3DES
Public/Private key encryption method– Use different keys for Encryption-Decryption– Examples: RSA, Elliptical curve cryptosystem
13Symmetric Encryption-Decryption
Symmetric key must be distributed secretly between partners
When Partner A sends to Partner B Partner A encrypts with the key, partner B decrypts with the key
When Partner B send to Partner A Partner B encrypts with the key, partner A decrypts with the key
Plaintext Encryption Ciphertext Decryption Plaintext
1010010101Transfer $5,000
Transfer$5,000
14Symmetric Encryption-Decryption
Advantages: Simple enough for fast Encryption-Decryption Fast enough for long messages
Disadvantages: Need a different Symmetric key for each partner (or other partners
could read messages) If N partners, need N*(N-1)/2 keys.
Plaintext Encryption Ciphertext Decryption Plaintext
1010010101Transfer $5,000
Transfer$5,000
15Public/Private key Encryption-Decryption
Each partner has a private key (kept secret) and a public key (shared with everybody)
Sending Partner A encrypts with the public key of Partner B Partner B encrypts with the public key of Partner A
Receiving Each receiver decrypt with its own private key
Encrypt withParty B’s Public Key
Partner A Partner B
Decrypt withParty B’s Private Key
16Public/Private key Encryption-Decryption
Advantages: Once the message is encrypted, nobody can decrypted it except the receiver Simplicity of key exchange: No need to exchange public key securely
Disadvantages: Complex: Requires many computer processing cycles to do Public
Encryption-Decryption Can only be used to encrypt small messages
Encrypt withParty B’s Public Key
Partner A Partner B
Decrypt withParty B’s Private Key
17
Summary Questions3) Jason sends a message to Kristin using public key encryption.
(a) What key will Jason use to encrypt the message? (b) What key will Kristin use to decrypt the message? (c) What key will Kristin use to encrypt the reply? (d) What key will Jason use to decrypt the reply? (e) Can the message and reply be long messages? Explain.
(a)(b)(c)(d)(e)
4) Does public key encryption have a problem with secure key exchange for the public key? Explain.
18What is common to malware attacks?
Malware or content attack messages– Include illicit content in the data filed of the message
IP-H
IP-H
TCP-H
UDP-H Application Layer Message
Application Layer Message
Defense systems for protecting against malware attacks are designed to filter Application layer messages. Are Anti-Virus Programs or Application Firewalls.
19What is common to DoS messages?
Most DoS messages– Include Heading fields that might hide false identity
IP-H
IP-H
TCP-H
UDP-H Application Layer Message
Application Layer Message
Defense systems for protecting against DoS attacks are designed to check message headers. Could be Firewalls or Intrusion Detection Systems
20Firewall?
A security system that implement an access control policy between two networks
– Usually between the corporate network and an external network.
A firewall limits The types of messages that enters a network The types of messages that leaves the network
21Kinds of Firewall
All firewalls– Examine parts (fields) of incoming messages– Permit or deny access based on a list of rules
Based on the way they operate, there are– Packet Filter firewalls– Application (proxy) firewalls
22Packet Filter Firewall
PacketFilter
Firewall
IP-H
IP-H
TCP-H
UDP-H Application Message
Application Message
IP-H ICMP Message
Arriving Packets
Permit
Deny
Corporate Network The Internet
Examines content of IP header, TCP header, UDP header, and content of ICMP supervisory messages
23Packet Filter Firewall: Common rules
IP headers include IP addresses– A company could decide to block messages with specific IP
addresses. So, the firewall could be configured to do so.
TCP headers include port numbers that indicate which application service is desired
– A company could decide to block any outsider from trying to telnet into the company. So, it could configure its firewall to stop all incoming message requesting port 23
– A company could decide to stop outgoing messages requesting Usenet (port 119)
IF Interface = External
And Destination port = 23
And Destination IP address <> 172.16.x.x
THEN DENY
Example of rule for denying accessTelnet (remote login): port 23
Usenet (newsgroup service): port 119
E-Mail (SMTP): port 25
Web browsing: port 80
Typical TCP port numbers
24Application (Proxy) Firewall
Application firewalls, also known as Proxy firewalls– Examine Application layer messages to check for illicit
content
Application firewalls and Packet filter firewalls are complementary– In terms of what part of a message they examine.
IP-H
IP-H
TCP-H
UDP-H Application layer message
Application layer message
25Application (Proxy) Firewalls
SMTP(E-Mail)Proxy
FTPProxy
Application Firewall
HTTPProxy
Browser WebserverApplication
1. HTTP Request
Client PC Webserver
2. ExaminedHTTP Request
3. HTTPResponse
4. ExaminedHTTP Response
Acts like a server program to a client program, and like a client program to a server program
26Application (Proxy) Firewalls
Intercept messages from clients to a server and intercept messages from a server to its clients
Read Application layer messages to scan for illicit content
IF illicit content detected, the message is discarded
Multiple types of application proxy programs because– Different application programs have different characteristics to
examine.
27Intrusion Detection Systems
Software or hardware device that– Capture network activity data in log files– Generate alarms in case of suspicious activities
28
Summary Questions
1. What are the three main security goals
Answer: See slide #6
2. What parts of incoming messages do packet filter firewalls examine? Answer: See slide #22
3. a) What parts of incoming messages do application firewalls examine? b) What do they look for?
Answer: a) Application layer messages.
b) They look for illicit content.
4. What is an IDS? What it is used for?