# Lecture 17

## Lecture 17

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
##### Presentation Transcript

1. Lecture 17 Security Introduction Cryptography basics Web Security and Vulnerabilities Network SecurityTools

2. What is Network Security? Network security comprises the measures a company takes to protect its computer system, and it is a prime concern for every company that uses computers. Compromised network security means a hacker or competitor may gain access to critical or sensitive data, possibly resulting in data loss, or even complete destruction of the system. Appropriate network security is achieved when a user has to go through several layers of security before being able to access the desired network. The more layers the system has, the more secure it is. http://www.wisegeek.com/what-is-network-security.htm

3. Cryptography Encryption, decryption Keys, lengths, and harness Asymmetric key cryptography Hash functions Authentication PKI and key management Privacy

4. Public Key Encryption In 1976, Rivest, Shamir and Adleman introduced a public key cryptosystem, known as the RSAsystem. Since that time, there have been a number of variations in this algorithm developed for secure public communication of critical information. The theoretical basis for public-key encryption is the use of modular exponentiation and other integer arithmetic algorithms in number theory to produce a pair of coupled exponents. One of these exponents is the public key which is created by the intended receiver and transmitted to the message sender for encryption of the plaintext message. The intended receiver holds the private key which is used to decrypt the cyphertext. I want to send you a message Party at my house E92NV99URYU #\$|**@&!!! public key, private key E92NV99URYU Party at my house

5. The Public Key Method We generate a special pair of values (e,d). The plaintext message M is encrypted into the cyphertext message C using modular exponentiation mod n. We decrypt C back into M by, Before we look at how e and d are generated it is important to understand what is happening in these two expressions. First of all modular exponentiation does not involved raising a value to a power. The possible values for C (and M) are between 0 and n-1. Converting a string of characters the plaintext message into an integer is fairly straightforward. Once it is in numeric form modular exponentiation produces a value equal to the remainder after diving Me by n.

6. Computing the Key Pair (e,d) Let's look at how to compute the values of e and d. We start with a pair of values p and q that must be relatively prime (i.e. they have no common factors). These would normally be very large but for the purposes of this example we will choose, p = 47 q = 71 Now we need to find a value e such that the greatest common divisor between e and the product of (p-1) times (q-1) is 1, or gcd(e,(p-1)(q-1)) = 1. Please don't ask why....thanks. The product of p*q will be the modulus n. n = p*q = 3337 and so (p-1)(q-1) = 3220. We will choose e to be 79 since it is obvious that greatest common denominator between 79 and 3220 is 1.

7. Now we Need a d to go with our e 79*d = 1 mod 3220 First use the regular Euclidean Algorithm to find gcd(79,3220). The answer must be one - otherwise we can't be sure that a solution exists, so we proceed as follows: 3220 = 40*79 + 60 79 = 1*60 + 19 60 = 3*19 + 3 19 = 6*3 + 1 3 = 3*1 + 0 The last nonzero remainder is the gcd. Thus gcd(79,3220) = 1 (as expected). Now write this gcd (one) as a linear combination of 19 and 3220 by working back up the tree that we just created: Thus 1019*79 - 25*3220 = 1 Now do "mod 3220" on both sides to obtain: 1019*79 = 1 mod 3220 Thus d = 1019. So the inverse of 79 mod 3220 is 1019. Another way of saying this is that 79*1019 will be one more than a multiple of 3220.

8. SAFER+ Algorithm Details Pseudo-Hadamard Transform

9. Diffie-Hellman An algorithmic method For Key Agreement allows two hosts to create and share a secret key. VPNs operating on the IPSec standard use the Diffie-Hellman method for key management. Key management in IPSec begins with the overall framework called the Internet Security Association and Key Management Protocol (ISAKMP). Within that framework is the Internet Key Exchange (IKE) protocol. IKE relies on yet another protocol known as OAKLEY and it uses Diffie-Hellman. Diffie-Hellman Key Exchange http://philipfox.net/dh/dh.html

10. Kerberos Created by MIT as a solution to network security problems. The Kerberos protocol uses strong cryptography so that a client can prove its identity to a server (and vice versa) across an insecure network connection. After client and server have used Kerberos to prove their identity, they can encrypt all of their communications to assure privacy. When users log in to a Kerberos system, their password is encrypted and sent to the authentication service in the Key Distribution Center (KDC). If successfully authenticated, the KDC creates a master ticket that is sent back to the user's machine. Each time the user wants access to a service, the master ticket is presented to the KDC in order to obtain a service ticket for that service. The master-service ticket method keeps the password more secure by sending it only once at logon. From then on, service tickets are used, which function like session keys. After users are authenticated, they are granted a master ticket that is used to obtain service tickets. Service tickets act like session keys in other security systems. http://www.answers.com/topic/kerberos-protocol-1

11. Network & IT Security Threats and Countermeasures

12. Mwaa ha haa... Man-in-the-middle Attack (MitM) An attack on the authentication protocol run in which the attacker positions himself in between the claimant and verifier so that he can intercept and alter data traveling between them. (see also Pharming) I want to send you a message Get Stuffed, you jerk! Party at my house EUT725CDHJ E92NV99URYU public key, public key, private key private key Get stuffed, you jerk! Party at my house

14. Bluetooth Device Address (BD_ADDR) Each Bluetooth device is allocated a unique 48-bit Bluetooth device address (BD_ADDR). This number is obtained by contacting the IEEE to get an OUI that forms 24bits of the 48bit address. You can apply for a further OUI when more BD_ADDR values are required. 4.2.1 Authentication The authentication procedure is based on a challenge-response scheme […]. The verifier sends […] a random number (the challenge) to the claimant. The claimant calculates a response, that is a function of this challenge, the claimant’s BD_ADDR and a secret key. The response is sent back to the verifier, that checks if the response was correct or not. […] A successful calculation of the authentication response requires that two devices share a secret key. www.bluetooth.org

15. E1 Algorithm Based on SAVER+

16. Discovering Bluetooth devices and services Latest Linux distributions install by default the bluez-utils package. Among all the useful tools included within the package, you can find these two: * Hcitool: Remote Bluetooth devices discovery, name resolution, class identification. * Sdptool: Service Discovery Protocol management, Bluetooth services discovery. http://www.seguridadmobile.com/bluetooth/bluetooth-security/discovering-devices-and-services.html

17. Sending AT commands to mobile phones The execution of AT commands is one of the main goals in hypothetical attacks to mobile phones. AT commands are a set of instructions that allow remote configuration and operation in a GSM device, such as mobile phones. Like a "remote shell". However, not all the AT commands are always implemented by manufacturers in their devices: • Basic operations: voice and data calls, set call divert, manufacturer info, model info, IMEI, battery status, signal status. • Address book operations: read, add and delete contacts from the address book and also get the last dialed/missed/received calls list. • SMS operations: list, read, write, send and delete SMS messages.

18. Sending / Getting files from mobile phones The capability of sending files and even getting files is another important goal when it comes to attack mobile phones. Bluetooth supports file exchange through the OBEX protocol. Two profiles can be used for this, among all defined by the Bluetooth SIG: Object Push Profile: requires Authorization.This profile allows you to send files.

19. You can use ussp-push tool, available after installing ussp-push package in Ubuntu. Or either you can use Obexftp, available after installing obexftp package in Ubuntu. It's important to force it to use the channel associated to the Object Push Profile.

20. File Transfer Profile: requires Authentication and Authorization.Allows you to send files, get files and list directories. You can use Obexftp to send files. If no channel is specified, it will use the one associated to the File Transfer Profile by default. Finally, you can get files from the phone to the PC.

21. The BD_ADDR Attack Assume that the attacker eavesdropped on an entire pairing and authentication process, and saved all the messages The attacker can now use a brute force algorithm to find the PIN used. The attacker enumerates all possible values of the PIN. Knowing IN_RAND and the BD_ADDR, the attacker runs E22 with those inputs and the guessed PIN, and finds a hypothesis for Kinit. The attacker can now use this hypothesis of the initialization key, to decode messages 2 and 3. Messages 2 and 3 contain enough information to perform the calculation of the link key Kab, giving the attacker a hypothesis of Kab. The attacker now uses the data in the last 4 messages to test the hypothesis: Using Kab and the transmitted AU_RANDA (message 4), the attacker calculates SRES and compares it to the data of message 5. If necessary, the attacker can use the value of messages 6 and 7 to re-verify the hypothesis Kab until the correct PIN is found.

24. Buffer Overflow Attack Also known as stack overflow attack, works by exploiting a known bug in one of the applications running on a server. It then causes the application to overlay system areas, such as the system stack, thus gaining administrative rights. void function (char *str) {char buffer[16]; strcpy (buffer, str);} int main () {char *str = “XXXXXXXXX... ...XXXXX.... ...XXXXXXXX”; function (str);} http://www.thehackerslibrary.com/?p=488

25. Cache Cramming The technique of tricking a browser to run cached Java code from the local disk, instead of the internet zone, so it runs with less restrictive permissions. The Java Security Manager usually disallows port-scanning behavior, but crackers use the trick of placing Java code (e.g. a port scanner) into the browser's cache (only works with MS Explorer) and later executing it through a file: URL (using frames in the usual way). This attack works because Microsoft's cache layout is transparent. http://www.securingjava.com/chapter-five/chapter-five-13.html

26. Cache Poisoning Malicious or misleading data from a remote name server is saved [cached] by another name server. Typically used with DNS cache poisoning attacks. see also DNS Bug, DNS Spoofing http://courses.csail.mit.edu/6.857/2010/

27. Denial of service attack A user or program takes up all the system resources by launching a multitude of requests, leaving no resources and thereby "denying" service to other users. Typically, denial-of-service attacks are aimed at bandwidth control. (see Flooding Attack) Detecting DDoS attacks Simply blocking the attacker does not work because there are too many zombies and to recognize them you usually have to receive and decrypt the incoming packets. Tupakula and Varadharajan suggest a Packet Marking Technique that reduces the number of packets needed to tag, identify and block suspicous requests to as few as a single packet. http://ntrg.cs.tcd.ie/undergrad/4ba2.05/group2/index.html

28. Easter Egg Hidden functionality within an application program, which becomes activated when an undocumented, and often convoluted, set of commands and keystrokes are entered. Easter eggs are typically used to display the credits for the development team and are intended to be non-threatening. Hidden inside Google Earth is a secret flight simulator game that uses Google's satellite imagery. To get to the game, you need to open Google Earth and hit Cmd+Option+capitalA or Ctrl+Alt+A if you’re using a Windows Machine. http://www.pocket-lint.com/news/9889/google-earth-flight-sim-game

29. Emanations Analysis Gaining direct knowledge of communicated data by monitoring and resolving a signal that is emitted by a system and that contains the data but is not intended to communicate the data. https://www.ntt-review.jp/archive/ntttechnical.php?contents=ntr200810sf2.html

30. TEMPEST Eavesdropping on PC displays. Information on a PC screen can be remotely reconstructed exactly as it appeared on the display by monitoring and appropriately demodulating the weak emanations generated by the PC and its peripheral equipment Such an eavesdropping technique had been researched by some military organizations since around 1960, but most of the results were classified and not disclosed to the public. It came to public attention in 1985 when Wim van Eck pointed out that information on a cathode ray tube display can easily be reconstructed. Since his work, research on information leakage of this kind has been conducted by many organizations. The National Security Agency (NSA) in the USA refers to this type of threat by the covername TEMPEST, and this term is now in general use.

31. Fragment Overlap Attack A TCP/IP attack that is possible because IP allows packets to be broken down into fragments for more efficient transport across various media. The TCP packet (and its header) are carried in the IP packet. In this attack the second fragment contains incorrect offset. When packet is reconstructed, the port number will be overwritten. An attacker can construct a packet with acceptable headers in the first fragment but then overlap the next fragment so that it also has headers in it. Since packet filters don't expect TCP headers in non-first fragments, they won't filter on them, and the headers don't need to be acceptable. The figure on the right shows examples of overlapped fragments. http://baishui.info/orelly/networking_2ndEd/fire/ch04_02.htm

32. Honey pot Programs that simulate one or more network services that you designate on your computer's ports. An attacker assumes you're running vulnerable services that can be used to break into the machine. A honey pot can be used to log access attempts to those ports including the attacker's keystrokes. This could give you advanced warning of a more concerted attack. A Honeypot allows you to capture and analyze suspect activities. For example, assume you have an ADSL connection, with only one public IP address. The ISP modem is configured to perform a network address translation (NAT) on all incoming packets (destination: public IP address) to the private honeypot address. The Honeywall is connected to the Vmnet0 interface which is bridged to the eth0 device. It is also connected to the Vmnet1 interface like the honeypot. This configuration allows us to have an independent network between the two virtual OS's. Vmnet2 is a host-only interface used for the Honeywall administration. Note that the Wifi connection is outside the Honewall. http://stankiewicz.free.fr/Wikka/wikka.php?wakka=HowtoHoneypot

33. Ping of Death Attack An exploit that (when first discovered) could be easily used to crash a wide variety of machines by overrunning the size limits in their TCP/IP stacks. The term is now used to refer to any nudge delivered by hackers over the network that causes bad things to happen on the system being nudged. There is a specific ICMP echo variation that could cause a system crash. The difference of the echo request from the normal ones is the large size of IP packet it contains. RFC 791 specifies that the maximum size of an IP packet is 65,535 bytes. An ICMP echo request with more than 65,507 (65,535-20-8) bytes of data could cause a remote system to crash while reassembling the packet fragments. http://www.trainsignaltraining.com/ping-of-death-and-dos-attacks/2009-05-14/

34. Protocol Attacks When the characteristics of network services are exploited by the attacker. Examples include the creation of infinite protocol loops which result in denial of services (e.g., echo packets under IP), the use of information packets under the Network News Transfer Protocol to map out a remote site, and use of the Source Quench protocol element to reduce traffic rates through select network paths. (a type of DoS Attack) IRPAS (Internet Routing Protocol Attack Suite) itrace - traceroute(1) by ICMP echo request tctrace - traceroute(1) by TCP SYN packets netenum - enumeration/ping-sweep tool netmask - ICMP netmask request protos - IP protocol scanner hsrp - HSRP takeover tool cdp - for sending CDP (Cisco router Discovery Protocol) messages to the wire. igrp - for sending Interior Gateway Routing Protocol messages. irdp - for sending ICMP router discovery protocol messages. irdpresponder - waits for IRDP requests and sends out response packets to fool clients. ass - Autonomous System Scanner, a TCP port scanner that knows more than one protocol. file2cable - sends out raw ethernet frames from files. http://www.ferzip.com/?p=286

35. Tiny Fragment Attack With many IP implementations it is possible to impose an unusually small fragment size on outgoing packets. If the fragment size is made small enough to force some of a TCP packet's TCP header fields into the second fragment, filter rules that specify patterns for those fields will not match. If the filtering implementation does not enforce a minimum fragment size, a disallowed packet might be passed because it didn't hit a match in the filter. This attack can be used to circumvent user-defined filtering rules. The attacker hopes that a filtering router will examine only the first fragment and allow all other fragments to pass. This attack can be prevented at the router by enforcing rules, which govern the minimum size of the first fragment. This first fragment should be made large enough to ensure it contains all the necessary header information. http://www.ouah.org/fragma.html

36. Web Bug Tiny images, invisible to a user, placed on web sites in such a way that they allow third parties to track use of web servers and collect information about the user, including IP address, Host name, browser type and version, operating system name and version, and web browser cookie. Example, Two Web Bugs found on Quicken's home page www.quicken.com <img src="http://ad.doubleclick.net/ad/pixel.quicken/NEW" width=1 height=1 border=0> <IMG WIDTH=1 HEIGHT=1 border=0 SRC="http://media.preferences.com/ping?ML_SD=IntuitTE_Intuit_1x1_RunOfSite_Any &db_afcr=4B31-C2FB-10E2C&event=reghome&group=register& time=1999.10.27.20.5 6.37"> What Information is returned by a Web Bug ? The IP address of the computer that fetched the Web Bug The URL of the page that the Web Bug is located on The URL of the Web Bug image The time the Web Bug was viewed The type of browser that fetched the Web Bug image A previously set cookie value http://w2.eff.org/Privacy/Marketing/web_bug.html

37. Terminology & Information Sources http://www.ssimail.com/Glossary.htm http://www.sans.org/security-resources/glossary.php http://csrc.nist.gov/publications/nistir/NISTIR-7298_Glossary_Key_Infor_Security_Terms.pdf http://csrc.nist.gov/publications/ http://www.itl.nist.gov/fipspubs/ http://www.itl.nist.gov/fipspubs/by-num.htm http://www.symantec.com/business/security_response/threatexplorer/ http://glossary.spamlaws.com/ http://www.ssimail.com/Glossary.htm