Security (Part 2) School of Business Eastern Illinois University © Abdou Illia, Spring 2007 (Week 13, Thursday 4/5/2007)

Security (Part 2)

School of BusinessEastern Illinois University

© Abdou Illia, Spring 2007

(Week 13, Thursday 4/5/2007)

2Learning Objectives

Discuss security goals

Discuss defense systems against– Intercepting confidential messages– DoS attacks– Malware attacks

3Security Goals

If eavesdropping and message alteration attacks succeed, in which of the following ways the victims could be affected?

a) Data files stored on hard drives might be deleted

b) Data files stored on hard drives might be altered

c) Data being transmitted could be altered

d) Data being transmitted could be intercepted and used by the attacker

e) Users might not be able to get network services for a certain period of time

f) The network might slow down

Confidentiality = Main goal of implementing defense systems against eavesdropping and message alteration.

4Security Goals

If a malware attack succeeds, in which of the following ways the victims could be affected?

a) Data files stored on hard drives might be deleted

b) Data files stored on hard drives might be altered

c) Data being transmitted could be altered

d) Data being transmitted could be intercepted and used by the attacker

e) Users might not be able to get network services for a certain period of time

f) The network might slow down

Integrity = Main goal of implementing defense systems against malware attacks.

5Security Goals

If a DoS attack succeeds, in which of the following ways the victims could be affected?

a) Data files stored on hard drive might be deleted

b) Data files stored on hard drives might be altered

c) Data being transmitted could be altered

d) Data being transmitted could be intercepted and used by the attacker

e) Users might not be able to get network services for a certain period of time

f) The network might slow down

Availability = Main goal of implementing defense systems against DoS attacks.

6

Security Goals CIA is the key word in implementing

security–Confidentiality of communications

–Integrity of data

–Availability of network services and resources

7Encryption-Decryption techniques Cryptography is the study of creating and using

encryption and decryption techniques.

Plaintext is the data before any encryption has been performed

Ciphertext is the data after encryption has been performed

The key is the unique piece of information that is used to create ciphertext and decrypt the ciphertext back into plaintext

8Encryption-Decryption techniques

Key = COMPUTER SCIENCE

Plaintext = this is the account number you have requested

Algorithm based on Vigenere matrix

9Encryption-Decryption techniques

1) Look at the first letter in the plaintext (T)

2) Look at the corresponding key character immediately above it (C)

3) C tells us to use row C of Vigenere matrix to perform alphabetic substitution for plaintext character T

4) Go to column T in row C and find the cipher character V

5) Repeat Steps 1 through 4 for every character of the plaintext.

COMPUTERSCIENCECOMPUTERSCIENCECOMPUTERSCIENCE

Thisistheaccountnumberyouhaverequested

10Encryption and Decryption techniques

Encryption algorithm cannot be kept secret

Key must be kept secret

Plaintext Encryption Ciphertext Decryption Plaintext

AlgorithmKey

AlgorithmKey

TransmittedOriginalMessage

OriginalMessage

11Encryption: Key Length Key can be “guessed” by exhaustive search

– Try all possible keys– See which one decrypts the message

Long keys make exhaustive search difficult

– If length is n bits, 2n tries may be needed

– If key length is 8 bits, only 256 tries maximum

– Usually, Key Length ≥ 56 bits

Assume a key is 56 bits. If it takes 0.00024 seconds to try each key, how long will it take to try all possible keys? What if 10000 computers are working together to try all key combinations?

12Encryption-Decryption methods

Symmetric key encryption method– Use a single key for Encryption-Decryption– Examples: Data Encryption Standard (DES), 3DES

Public/Private key encryption method– Use different keys for Encryption-Decryption– Examples: RSA, Elliptical curve cryptosystem

13Symmetric Encryption-Decryption

Symmetric key must be distributed secretly between partners

When Partner A sends to Partner B Partner A encrypts with the key, partner B decrypts with the key

When Partner B send to Partner A Partner B encrypts with the key, partner A decrypts with the key

Plaintext Encryption Ciphertext Decryption Plaintext

1010010101Transfer $5,000

Transfer$5,000

14Symmetric Encryption-Decryption

Advantages: Simple enough for fast Encryption-Decryption Fast enough for long messages

Disadvantages: Need a different Symmetric key for each partner (or other partners

could read messages) If N partners, need N*(N-1)/2 keys.

Plaintext Encryption Ciphertext Decryption Plaintext

1010010101Transfer $5,000

Transfer$5,000

15Public/Private key Encryption-Decryption

Each partner has a private key (kept secret) and a public key (shared with everybody)

Sending Partner A encrypts with the public key of Partner B Partner B encrypts with the public key of Partner A

Receiving Each receiver decrypt with its own private key

Encrypt withParty B’s Public Key

Partner A Partner B

Decrypt withParty B’s Private Key

16Public/Private key Encryption-Decryption

Advantages: Once the message is encrypted, nobody can decrypted it except the receiver Simplicity of key exchange: No need to exchange public key securely

Disadvantages: Complex: Requires many computer processing cycles to do Public

Encryption-Decryption Can only be used to encrypt small messages

Encrypt withParty B’s Public Key

Partner A Partner B

Decrypt withParty B’s Private Key

17

Summary Questions3) Jason sends a message to Kristin using public key encryption.

(a) What key will Jason use to encrypt the message? (b) What key will Kristin use to decrypt the message? (c) What key will Kristin use to encrypt the reply? (d) What key will Jason use to decrypt the reply? (e) Can the message and reply be long messages? Explain.

(a)(b)(c)(d)(e)

4) Does public key encryption have a problem with secure key exchange for the public key? Explain.

18What is common to malware attacks?

Malware or content attack messages– Include illicit content in the data filed of the message

IP-H

IP-H

TCP-H

UDP-H Application Layer Message

Application Layer Message

Defense systems for protecting against malware attacks are designed to filter Application layer messages. Are Anti-Virus Programs or Application Firewalls.

19What is common to DoS messages?

Most DoS messages– Include Heading fields that might hide false identity

IP-H

IP-H

TCP-H

UDP-H Application Layer Message

Application Layer Message

Defense systems for protecting against DoS attacks are designed to check message headers. Could be Firewalls or Intrusion Detection Systems

20Firewall?

A security system that implement an access control policy between two networks

– Usually between the corporate network and an external network.

A firewall limits The types of messages that enters a network The types of messages that leaves the network

21Kinds of Firewall

All firewalls– Examine parts (fields) of incoming messages– Permit or deny access based on a list of rules

Based on the way they operate, there are– Packet Filter firewalls– Application (proxy) firewalls

22Packet Filter Firewall

PacketFilter

Firewall

IP-H

IP-H

TCP-H

UDP-H Application Message

Application Message

IP-H ICMP Message

Arriving Packets

Permit

Deny

Corporate Network The Internet

Examines content of IP header, TCP header, UDP header, and content of ICMP supervisory messages

23Packet Filter Firewall: Common rules

IP headers include IP addresses– A company could decide to block messages with specific IP

addresses. So, the firewall could be configured to do so.

TCP headers include port numbers that indicate which application service is desired

– A company could decide to block any outsider from trying to telnet into the company. So, it could configure its firewall to stop all incoming message requesting port 23

– A company could decide to stop outgoing messages requesting Usenet (port 119)

IF Interface = External

And Destination port = 23

And Destination IP address <> 172.16.x.x

THEN DENY

Example of rule for denying accessTelnet (remote login): port 23

Usenet (newsgroup service): port 119

E-Mail (SMTP): port 25

Web browsing: port 80

Typical TCP port numbers

24Application (Proxy) Firewall

Application firewalls, also known as Proxy firewalls– Examine Application layer messages to check for illicit

content

Application firewalls and Packet filter firewalls are complementary– In terms of what part of a message they examine.

IP-H

IP-H

TCP-H

UDP-H Application layer message

Application layer message

25Application (Proxy) Firewalls

SMTP(E-Mail)Proxy

FTPProxy

Application Firewall

HTTPProxy

Browser WebserverApplication

1. HTTP Request

Client PC Webserver

2. ExaminedHTTP Request

3. HTTPResponse

4. ExaminedHTTP Response

Acts like a server program to a client program, and like a client program to a server program

26Application (Proxy) Firewalls

Intercept messages from clients to a server and intercept messages from a server to its clients

Read Application layer messages to scan for illicit content

IF illicit content detected, the message is discarded

Multiple types of application proxy programs because– Different application programs have different characteristics to

examine.

27Intrusion Detection Systems

Software or hardware device that– Capture network activity data in log files– Generate alarms in case of suspicious activities

28

Summary Questions

1. What are the three main security goals

Answer: See slide #6

2. What parts of incoming messages do packet filter firewalls examine? Answer: See slide #22

3. a) What parts of incoming messages do application firewalls examine? b) What do they look for?

Answer: a) Application layer messages.

b) They look for illicit content.

4. What is an IDS? What it is used for?