1 / 44

EE579T Network Security 6: Hiding in Plain Sight

EE579T Network Security 6: Hiding in Plain Sight. Prof. Richard A. Stanley. Thought for the Day. “I never give ‘em hell. I just tell the truth and they think it’s hell.” Harry S. Truman. Overview of Tonight’s Class. Review last week’s lesson Look at network security in the news

zorina
Download Presentation

EE579T Network Security 6: Hiding in Plain Sight

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. EE579TNetwork Security6: Hiding in Plain Sight Prof. Richard A. Stanley WPI

  2. Thought for the Day “I never give ‘em hell. I just tell the truth and they think it’s hell.” Harry S. Truman WPI

  3. Overview of Tonight’s Class • Review last week’s lesson • Look at network security in the news • Course project discussions • Hiding in plain sight • Secure protocols • Hiding information WPI

  4. Last Week... • Attacking a network is no different from robbing a bank; you have to plan if you expect to be successful • There are three basic steps to planning, which is called vulnerability assessment: • Acquire the target (case the joint) • Scan for vulnerabilities (find the entry points) • Identify poorly protected data (enumeration) • This applies if you are inside or outside the protected perimeter! WPI

  5. Security Last Week-1 • FBI counterintellingence agent Robert Hanssen arrested for espionage • What can we learn from this? • He wasn’t caught because he was careless • He knew all the tricks used to catch spies • He was arrogant (Philby book) • He did “exceptionally grave” damage to the nation, and is probably directly responsible for at least two people being executed • So what does that have to do with network security? WPI

  6. Network Security Last Week- 1 • “Anna” virus writer’s mayor praises him, calls event a “joke,” offers job! • U.K.'s Terrorism Act 2000 classifies those who put lives in danger through computer manipulation as terrorists. • VBS_Valentin.A exploits hole in older Outlook and Outlook Express versions • runs in preview window • deletes every file stored on a PC on the 8th, 14th, 23rd and 29th of every month. WPI

  7. Network Security Last Week- 2 • NSA warns it can't keep up with rapid changes in IT • Kournikova virus inspires copy-cat spammers. Are we surprised? • Sm0ked Vandals say more attacks to come • Canadian security e-mailer Neurocom pulled an alert concerning a Hotmail vulnerability WPI

  8. Course Projects - 1 • Port scanning technology • Sullivan, Toomey • Extensible authentication protocol • Mizar, Hirsch, Tummala • Honey Pot • Kaps, Gaubatz • Wired/Wireless security comparison • Azevedo, Nguyen, H. Tummala WPI

  9. Course Projects - 2 • SOHO network security • Davis, Syversen, Kintigh • Sniffing switched networks • Michaud, Lindsay, VanRandwyk • Broadband access security • Sumeet, Nurmit, Harsh • Trojan Horse security • Aparma, Subramanian WPI

  10. Course Projects - 3 • Java security • Malloy • Router security • Mansour, • DDoS Security • Gorse, Pushee • Network Security Processors • McLaren, Brown WPI

  11. Projects -4 • Network cryptography • Lee WPI

  12. HTTP • Hypertext transfer protocol • 4-stage transaction • Establish a connection • Client issues a request • Server issues a response to the request • Server terminates the connection WPI

  13. HTTP Characteristics • Stateless • Supports dynamic formats • Client sends list of formats it recognizes • Server replies, using appropriate format if it can • Human-readable • Generic protocol • Message formats independent of protocol WPI

  14. Secure HTTP • Extends HTTP instruction set to support secure transmission • Uses signature, encryption, message sender, and authenticity checks for security • Uses both symmetric & asymmetric keys • Supports certificates and key signing • Supports end-to-end encryption • Useful only with HTTP WPI

  15. How S-HTTP Creates Messages • Server obtains plain-text message it will send to the client • Server processes client’s crypto preferences and keying material, which client provided during initial handshake connection • Server processes its own crypto preferencec and keying material WPI

  16. How S-HTTP Recovers Messages • Client tries to match transmission against its crypto preferences provided to server • If no match, tries to match message against client’s current crypto preferences & keys • If still no match, client tries to decrypt message using server’s previously-stated crypto preferences WPI

  17. S-HTTP Key Arrangements • In-band key • server encrypts session key with client’s public key and sends session key to client • Externally arranged key • server and client manually exchange secret key prior to session • In-band keying is by far the more common WPI

  18. Secure Sockets Layer • Developed by Netscape • Open, nonproprietary protocol, like S-HTTP • Provides data encryption, server & client authentication, message integrity • Compatible with firewalls & tunneling • Can be layered between HTTP and other application protocols and TCP/IP WPI

  19. SSL and the Internet Protocol Stack HTTP, SMTP, Telnet, FTP, etc. Application layer Secure socket layer SSL TCP, UDP Transport layer Network layer IP, ICMP, IGMP Data-link layer ARP, RARP Physical layer WPI

  20. SSL Services • Server authentication w/digital certificates • Transmission security w/encryption • Data integrity across end-to-end connections • SSL uses RSA private-key encryption WPI

  21. Client.Hello message • Sent by client to server • Server evaluates info in message • If client supports an encryption type that is supported by the server, and other SSL protocols match server, server sends reply • Reply is encrypted with client’s public key • Reply includes server’s public key and connection info WPI

  22. Server.Hello response • Client receives, sends another request to server • Second request encrypted with server’s public key from Client.Hello message • Requests session key from server WPI

  23. Server response • Session key, encrypted with client’s public key • Communications proceeds securely using the protocol of the application running above SSL • How do you know when this has happened? • The URL will have an “s” appended to <scheme>, e.g. https vs. http WPI

  24. SSL Security Pointers • Secure all the auth-clients ports • An auth-client port lets anyone who can connect to that port do SSL authentication as if they were you, and use your certificate • Secure all client mode ports • A client mode port lets anyone who can connect to the port transmit to other ports as if they were your machine WPI

  25. So, with these protocols, everything is OK, right? Not quite. WPI

  26. One Worry • This is a stegosaurus • We need to worry about steganography WPI

  27. Steganography • “Covered writing” • from the Greek steganos and graphos • steganos = covered (or roofed) • graphos = writing • Includes such arcana as invisible ink, hollow heels in shoes, open codes • A real problem for network security, as we shall see WPI

  28. Null Cipher Example News Eight Weather: Tonight increasing snow. Unexpected precipitation smothers eastern towns. Be extremely cautious and use snowtires especially heading east. The highways are knowingly slippery. Highway evacuation is suspected. Police report emergency situations in downtown ending near Tuesday. Decodes as: Newt is upset because he thinks he is President. WPI

  29. Actual WWII Null Cipher Apparently neutral's protest is thoroughly discounted and ignored. Isman hard hit. Blockade issue affects pretext for embargo on by products, ejecting suets and vegetable oils. Decodes as: Pershing sails from NY June 1. WPI

  30. Another Example S0: S1: Result: WPI

  31. Interesting, but So What? • What if we were to replace the least significant bits of a complex data file with information we wanted to transmit secretly? • File compression • Lossless (e.g., GIF, BMP) • Lossy (e.g. MPEG, JPEG) • Downgrading information--how can you be sure what you downgraded? WPI

  32. King’s College, Cambridge (UK) The image in which another image will be hidden using steganography WPI

  33. WPI

  34. WPI

  35. WPI

  36. Stego Summary • Careful comparison of the two King’s College photos shows the stego image is slightly less sharp than the original • Careful examination of the Pentagon aerial photos shows the recovered image is slightly less sharp than the original • BUT…you knew what to look for WPI

  37. Stego Implications • How can you be sure that what has been downgraded does not hide other information? • Steganography can be used as a covert channel that is very hard to find • Steganography also provides a tool that can be used to watermark a complex file WPI

  38. Fortunately, Steganography is so complex and hard to implement that is not likely the average hacker or crook would be able to exploit it. Equally fortunately, we have discovered that the moon is made of green cheese. WPI

  39. WPI

  40. Other Stego Uses • Covert information distribution • eBay images have been found which contain stego information believed to be messages to terrorist cells • Much of the imagery on the Internet contains stego data, which could be executables • Don’t get too cute -- why would you suddenly start trading pictures with someone? WPI

  41. Some Thoughts • What about Bell and Lapadula’s model? • No write down? • No read up? • The Internet thrives on visual imagery. What does this imply for security based on what we have studied tonight? • Why did it take 15 years to catch Hanssen? How long would it find to uncover stego? WPI

  42. Summary • Protocols exist to provide end-to-end security over the Internet and other hop-by-hop networks • The existence of such protocols is not a guarantee of security • Steganography is one way for information to leak out of a system • Steganography can be very hard to find, but it is very easy to implement at low cost WPI

  43. Homework - 1 1. Using the Internet, conduct a survey of steganography tools available for download, and -- to the best of your ability based on the descriptions provided -- compare and contrast them. 2. How would you protect your network against steganography, both looking inwards and looking outwards? WPI

  44. Assignment for Next Week • Finalize your project outlines, with the members of your team. Hand in next week. • Read Chapter 16 in the course text. • Next week’s topic: An Introduction to Network-Based Attacks WPI

More Related