1 / 66

網路安全訓練課程

網路安全訓練課程. 謝續平 國立交通大學資訊工程學系教授 中華民國資訊安全學會理事長 Editor, ACM Transactions on Information and System Security. 課程大綱. 謝續平 Introduction to Wired Network Security and Wireless Network Security 吳宗成 Information Security Managemen 王旭正 Authentication and Watermarking

kata
Download Presentation

網路安全訓練課程

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 網路安全訓練課程 謝續平 國立交通大學資訊工程學系教授 中華民國資訊安全學會理事長 Editor, ACM Transactions on Information and System Security

  2. 課程大綱 • 謝續平 Introduction to Wired Network Security and Wireless Network Security • 吳宗成Information Security Managemen • 王旭正Authentication and Watermarking • 曾文貴Applied Cryptograph-- Encryption Algorithm and Digital Signature • 楊明豪Intrusion Detection System, Malicious code--Worms, Viruses, and Trojans • 楊文和VPN amd Management/Application of PKI

  3. Wireless Security 謝續平 國立交通大學資訊工程學系教授 中華民國資訊安全學會理事長 Editor, ACM Transactions on Information and System Security

  4. Outline • Introduction • GSM • GPRS • 3G • IEEE 802.1x • Bluetooth • Mobile IP • WEP • RFID • Wireless Sensor

  5. Introduction to Wireless • Wireless • Convenient • Mobility • Usually limited computation power • However • Air media • Easy to listen

  6. Wireless Characteristics :Open system Associate request Client Access Point (AP) Associate response • allows anyone to begin a conversation with the access point, and provides no security whatsoever to the client who can talk to the AP

  7. Introduction to Security Issues of Wireless Networks • Security is major issue • Different architecture has different security vulnerabilities • We will introduce architecture and security vulnerabilities separately

  8. GSM

  9. Overview • GSM=Global System for Mobile Communications • A digital wireless network standard • Circuit-switched technology • FDMA + TDMA • 890-915 MHz for the link FDMA: Frequent Division Multiple Access TDMA: Time Division Multiple Access

  10. VLR HLR MS MSC BTS AUC Um BSC EIR A PSTN/ISDN A-bis Mobility mgt OMS Voice Traffic GSM Network Architecture MS: Mobile Station BTS: Base Transceiver Station BSC: Base Station Controller MSC: Mobile Switching Center OMS: Operation and Maintenance System VLR: Visited Location Register HLR: Home Location Register AUC: Authentication Center EIR: Equipment Identify Register

  11. Security Architecture

  12. Problems with GSM Security(1/3) • Active Attacks • Impersonating network elements such as false BTS is possible . • Key Transmission • Cipher keys and authentication values are transmitted in clear within and between networks. • Limited Encryption Scope • Encryption terminated too soon at edge of network to BTS • Communications and signaling in the fixed network portion aren’t protected • Designed to be only as secure as the fixed networks. • Channel Hijack • Protection against radio channel hijack relies on encryption. • However, encryption is not used in some networks.

  13. Problems with GSM Security (2/3) • Implicit Data Integrity • No integrity algorithm provided • Unilateral Authentication • Only user authentication to the network is provided. • No means to identify the network to the user. • Weak Encryption Algorithms • Key lengths are too short • Unsecured Terminal • IMEI is an unsecured identity Integrity mechanisms

  14. Problems with GSM Security(3/3) • Lawful Interception & Fraud • Considered as afterthoughts • Lack of Visibility • No indication to the user that encryption is on • Inflexibility • Inadequate flexibility to upgrade and improve security functionality over time

  15. 3G

  16. IP RAN Circuit switch Packet switch 3G Network Architecture CircuitNetwork Circuit/ Signaling Gateway Mobility Manager Feature Server(s) Circuit Switch IN Services RNC Call Agent Voice Data + Packet Voice IP Core Network Radio Access Control Packet Network (Internet) Packet Gateway 3G 2G/2.5G 2G RAN: Radio Access Network RNC: Radio Network Controller

  17. Problems with 3G Security • IMSI (International Mobile Subscriber Identify) is sent in cleartext when allocating TMSI (Temporary Mobile Subscriber Identify) to the user • The transmission of IMEI (International Mobile Equipment Number) is not protected • A user can be enticed to camp on a false BS (Base Station). • Hijacking outgoing/incoming calls in networks with disabled encryption is possible. • Man-in-the-middle and drops the user once the call is set-up

  18. 3G Security Principles • Build on GSM security • Correct problems with GSM security • Add new security features

  19. IEEE 802.1x

  20. IEEE 802.1X A framework for authenticating and controlling user traffic to a protected network Uses Extensible Authentication Protocol (EAP) Provides key management

  21. EAP Architecture • EAP is an envelope that supports many different kinds of authentication Method Layer TLS AKA/SIM PEAP/EAP TTLS LEAP EAP APIs EAP Layer Driver APIs Media Layer PPP 802.3 802.5 802.11

  22. EAP Related Methods • Cisco LEAP • PEAP • EAP-TLS • EAP-TTLS

  23. Cisco's Lightweight EAP (LEAP) • Mutual password authentication between the station and AP + per session WEP • Because LEAP's challenge/response isn't encrypted, it's vulnerable to offline dictionary attacks

  24. LEAP authentication process

  25. Protected extensible authentication protocol (PEAP) • Authentication process • Establish TLS connection between authentication server and user • Authenticate authentication server • Authenticate user • Generate session keys • There exists risks of man-in-the-middle attack in PEAP

  26. 802.1x vulnerabilities Absence of mutual authentication One way authentication of supplicant. Adversary acting as access point leads to Man-in-the-middle attack Session hijacking Attacker spoofs MAC (Medic Access Control) of AP and disassociates client Next, it spoofs MAC of client and gains connection

  27. Bluetooth Security

  28. Introduction • Developed by Bluetooth Special Interest Group(SIG) • The Bluetooth protocol uses a combination of circuit and packet switching. • Form ad hoc networks of several(up to eight) devices, called piconets • Use the radio range of 2.45 GHz, max bandwidth is 1Mb/s • Support either asynchronous data channel and up to three synchronous speech channels • provides a point-to-point connection (only two Bluetooth units involved), or a point-to-multipoint connection,

  29. Security Scheme of Bluetooth

  30. Generation of Unit Key (Bluetooth device address)

  31. K K AB AB A A A A A B B B K K =K =K K K AC AC AB AB AC AC C C B B C C C AB and AC Link Keys AB and AC Link Keys B pretends to be C by B pretends to be C by are A’s Unit Key are A’s Unit Key simply using C’s address simply using C’s address (a) (a) (b) (b) Security Vulnerability:Unit Key Stealing

  32. Mobile IP

  33. The Need for Mobile IP • A home link is the link on which a specific node should be located; that is the link, which has been assigned the same network-prefix as the node’s IP address • A foreign linkis any link other than a node’s home link – that is, any link whose network-prefix differs from that of the node’s IP address • Mobilityis the ability of a node to change its point of attachment from one link to another while maintaining all existing communications and using the same IP address at its new link

  34. Mobile IP Entities and Relationships Mobile Node “at home” foreign Link tunnel Home Link Foreign Agent Home Agent Mobile Node “visiting” a foreign link

  35. 3 functional entities • Mobile Node (MN) – a node which can change its point-of-attachment to the Internet from one link to another while maintaining any ongoing communications and using its (permanent) IP home address • Home Agent (HA) – router with an interface on the mobile node’s home link, which: • Is informed by the mobile node about its current location, represented by its care-of-address • Intercepts packets destined to the mobile nodes home address and tunnels them to the mobile node’s current location, i.e. to the care-of-address

  36. 3 functional entities (cont.) • Foreign Agent (FA)– a router on a mobile node’s foreign link which: • Assists the mobile node in informing its home agent of its current care-of address • In some cases, provides a care-of address and de-tunnels packets for the mobile node that have been tunneled by its home agent • Serves as default router for packets generated by the mobile node while connected to this foreign link

  37. Security Issues • Insider Attack • Mobile Node Denial-of-Service • Replay Attacks • Theft of Information: Passive Eavesdropping • Theft of Information: Session-Stealing (Takeover) Attack

  38. Wired Equivalent Privacy (WEP)

  39. WEP • WEP = Wired Equivalent Privacy • Protection between AP and MNs (Mobile Nodes) • Based on RC4 algorithm plus a 24-bit IV (Initial Vector) • IV is included in each packet to ensure data integrity • Stream Cipher • optional for 802.11

  40. IV original unencrypted packet checksum RC4 key IV encrypted packet How WEP Works

  41. Problems with WEP • Key Generation • ICV Generation • WEP Attacks

  42. Key generation problems • The main problem of WEP is Key Generation. • Key distribution is done manually. • Secret Key is too small, only 40 Bits. • Very susceptible to brute force attacks. • IV is too small. • Only 16 Million different possibilities for every packet. • Secret Keys are accessible to user, therefore not secret.

  43. ICV generation problems • The ICV is generated from a cyclic redundancy check (CRC-32) • Only a simple arithmetic computation. Can be done easily by anyone. • Not cryptographically secure.

  44. Attacks • Replay • Statistical gathering of certain ciphertext that once sent to server will cause wanted reaction. • IP redirection • The access point will decrypt the packet, and send the packet off to its (new) destination. • Denial of Service Attacks • Flooding the 2.4Ghz frequency with noise.

  45. Security Flaws The risks of keystream reuse If C1= P1RC4(IV,k) and C2= P2RC4(IV,k) then C1  C2 = ( P1RC4(IV,k)) ( P2RC4(IV,k)) = P1  P2 • The WEP standard recommends(but does not require) that the IV be changed after every packet.

  46. Reuse Initialization Vector • The IV field used bye WEP is only 24 bits wide, nearly guaranteeing that the same IV will be reused for multiple messages. packet size 2000-byte at average 5Mbps bandwidth ( ( (2000 8)/(5 106))  224)/3600=14 hours • PCMCIA cards that they tested reset the IV to 0 each time it’s re-initialized, and the IV is incremented by one for each packet.

  47. Decryption Dictionaries • Some access points transmit broadcast messages in plaintext and encrypted form when access control is disabled. • The attacker can build a table of the keystream corresponding to each IV. • It does not matter if 40 bits or 104 bits shared secret key use as the attack centers on the IV collision.

  48. Message Modification • The WEP checksum is a linear function of the message. •  may be chosen arbitrarily bye the attacker • A(B) : <IV, C> • (A)B : <IV, C’> • C’= C  < ,c()> = RC4(IV,k)  <M, c(M)>  < ,c()> = RC4(IV,k)  <M  , c(M)  c()> = RC4(IV,k)  <M  , c(M  )> = RC4(IV,k)  <M’, c(M’)> M’=M  

  49. Message Injection • It is possible to reuse old IV values without triggering any alarms at the receiver. • That is, if attacker ever learns the complete plaintext P of any given ciphertext packet C, he can recover keystream used to encrypt the packet. P  C = P  (PRC4(IV,k))= RC4(IV,k) (A)B : <IV,C’> where C’= <M’, c(M’) >  RC4(IV,k)

  50. Authentication Spoofing • The message injection attack can be used to defeat the shared-key authentication mechanism used by WEP. • The attacker learns both the plaintext challenge sent by the access point and the encrypted version sent by the mobile station.

More Related