Date post: | 06-May-2015 |
Category: |
Technology |
Upload: | jai4uk |
View: | 1,476 times |
Download: | 1 times |
Network Security
and Hacking Techniques
Day 5
Network Security and Hacking Techniques DAY 5
Introduction
Introduction
What is a Honeypot?
Value of Honeypot
Types of Honeypot
Solutions
Honeynet
Etc.
References
“The Linux Based Services that Mean Business Securing Internet”
Network Security and Hacking Techniques DAY 5
Honeypot
The Honepot Project is an all-volunteer, non-profit research organization
Dedicated to learning the tools, tactics, and motives of the blackhat community and sharing the lessons learned
Traditional honeypots have been for deception or detecting attacks
Network Security and Hacking Techniques DAY 5
Introduction
Term originally from the military
fake target or ambush
used in network security environment
Background
lack of information on blackhat communities
Network Security and Hacking Techniques DAY 5
Goal
Primary
an instrument for information gathering and learning.
other possibilities for a honeypot
divert hackers from productive system
catch a hacker while conducting an attack
etc...
Network Security and Hacking Techniques DAY 5
Honeypot (Cont…)
1st Generation Honeypot
Firewall separating
the Honeynet into three different networks
Network Security and Hacking Techniques DAY 5
Honeypot (Cont…)
2nd Generation Honeypot
Network Security and Hacking Techniques DAY 5
Honeypot (Cont…)
2nd Generation (2002-)
easier to deploy, yet more difficult to detect
gather greater information
all requirements combined onto a single device
• easier to both deploy and manage
a layer2 gateway, its acts as a bridge
• more difficult to detect (it has no IP Stack)
• control and capture all traffic in the single device
Network Security and Hacking Techniques DAY 5
Information Security-Cryptography
Basic Concepts
Classical Cryptosystem
Mathematics of Cryptography
Modern Cryptographic techniques
Secret Key Encryption
Public Key Encryption
Key Management
Legal Considerations
Network Security and Hacking Techniques DAY 5
Information Security-Cryptography
Definitions
Introduction to Crytograhpy
Example Ciphers
Types of Ciphers
Methods of Encryption
Network Security and Hacking Techniques DAY 5
Definitions
Algorithm: The set of mathematical rules used in encryption and decryption.
Cryptography: Science of secret writing that enables you to store and transmit data in a form that is available only to the intended individuals.
Cryptosystem: Hardware or software implementation of cryptography that transforms a message to ciphertext and back to plaintext.
Cryptoanalysis: Practice of obtaining plaintext from ciphertext without a key or breaking the encryption.
Cryptology: The study of both cryptography and cryptoanalysis.
Ciphertext: Data in encrypted or unreadable format. Encipher: Act of transforming data into an unreadable
format.
Network Security and Hacking Techniques DAY 5
Definitions (Conts…)
Decipher: Act of transforming data into a readable format.
Key: Secret sequence of bits and instructions that governs the act of encryption and decryption.
Key clustering: Instance when two different keys generate the same cipher text from the same plaintext.
Keyspace: Possible values used to construct keys.
Plaintext: Data in readable format, also referred to as cleartext.
Work factor: Estimated time, effort, and resources necessary to break a cryptosystem.
Network Security and Hacking Techniques DAY 5
Cryptography
The most widely used tool for securing information and services is cryptography.
Cryptography relies on ciphers: mathematical function used for encryption and decryption of a message.
Encryption: the process of disguising a message in such a way as to hide its substance.
Ciphertext: an encrypted message
Decryption: the process of returning an encrypted message back into plaintext.
Encryption DecryptionPlaintext Ciphertext
OriginalPlaintext
Network Security and Hacking Techniques DAY 5
Example Ciphers
Caesar cipher: each plaintext characters is replaced by a character k to the right. “Watch out for Brutus!” => “Jngpu bhg sbe
Oehghf!”
Only 25 choices! Not hard to break by brute force.
Substitution Cipher: each character in plaintext is replaced by a corresponding character of ciphertext.
E.g., cryptograms in newspapers. plaintext code: a b c d e f g h i j k l m n o p q r s t u v w x y z
ciphertext code: m n b v c x z a s d f g h j k l p o i u y t r e w q
26! Possible pairs.
Network Security and Hacking Techniques DAY 5
Ciphers
For some message M, let’s denote the encryption of that message into cipher text as
Ek(M) = C
Similarly, the decryption into plain text as
Dk(C) = M
Notice,
Dk(Ek(M)) = M symmetric key algorithms.
Some algorithms use different keys for each operation:
Dk1(Ek2(M))= M public-key algorithms.
Network Security and Hacking Techniques DAY 5
Simplified Model of Symmetric Encryption
Network Security and Hacking Techniques DAY 5
Ingredients
Plain text
Encryption algorithm
Secret key
Cipher text
Decryption algorithm
Network Security and Hacking Techniques DAY 5
Requirements for Security
Strong encryption algorithm
Even if known, should not be able to decrypt or work out key
Even if a number of cipher texts are available together with plain texts of them
Sender and receiver must obtain secret key securely
Once key is known, all communication using this key is readable
Network Security and Hacking Techniques DAY 5
Attacking Encryption
Cryptanalysis
Relay on nature of algorithm plus some knowledge of general characteristics of plain text
Attempt to deduce plain text or key
Brute force
Try every possible key until plain text is achieved
Network Security and Hacking Techniques DAY 5
Cryptanalysis
plaintext EncryptEncrypt DecryptDecrypt
Ke Kd
C = EKe(plaintext)
InvaderInvaderSide information plaintext
plaintext
Cryptanalysis
Network Security and Hacking Techniques DAY 5
Cryptanalysis
Cryptanalysis is the science of recovering the plaintext of a message without access to the key.
• Doesn’t have to discover the key necessarily.
• The loss of a key without cryptanalysis is called a compromise.
Ciphertext-only attack The attacker has to recover the plaintext from only
the ciphertext. Known-plaintext attack
Portions of the cipher are known as plaintext. The rest may be easier to recover
Chosen-plaintext attack The attacker can choose what plaintext to encrypt,
again making it easier to recover other ciphertext.
Network Security and Hacking Techniques DAY 5
Encryption Algorithms
Block cipher
Process plain text in fixed block sizes producing block of cipher text of equal size
Data encryption standard (DES)
Triple DES (TDES)
Advanced Encryption Standard
Network Security and Hacking Techniques DAY 5
Simple Block Cipher
Plaintext message
B2 B1 B0
encrypt
B3
B3
B2B1B0
Network Security and Hacking Techniques DAY 5
Problem
If the same block is encrypted twice with the same key, the resulting ciphertext blocks are the same
It is desirable to make identical plaintext blocks encrypt to different ciphertext blocks.
Two methods are commonly used for this:
CBC mode: a ciphertext block is obtained by first xoring the plaintext block with the previous ciphertext block, and encrypting the resulting value.
CFB mode: a ciphertext block is obtained by encrypting the previous ciphertext block, and xoring the resulting value with the plaintext.
Network Security and Hacking Techniques DAY 5
Stream Ciphers
For some applications encryption in blocks will not work
Telephone conversation
Radio Broadcast
…
White noise…
Network Security and Hacking Techniques DAY 5
Stream Cipher
encrypt
XOR
K0K1K2K3
numbergenerator
keystream
buffer
Plaintext stream
Encrypted stream
Network Security and Hacking Techniques DAY 5
Data Encryption Standard
US standard
64 bit plain text blocks
56 bit key
Broken in 1998 by Electronic Frontier Foundation
Special purpose machine
Less than three days
DES now worthless
Network Security and Hacking Techniques DAY 5
Triple DES
ANSI X9.17 (1985)
Incorporated in DES standard 1999
Uses 3 keys and 3 executions of DEA algorithm
Effective key length 112 or 168 bit
Slow
Block size (64 bit) too small
Network Security and Hacking Techniques DAY 5
Advanced Encryption Standard
National Institute of Standards and Technology (NIST) in 1997 issued call for Advanced Encryption Standard (AES)
Security strength equal to or better than 3DES
Improved efficiency Symmetric block cipher Block length 128 bits Key lengths 128, 192, and 256 bits Evaluation include security, computational
efficiency, memory requirements, hardware and software suitability, and flexibility
2001, AES issued as federal information processing standard (FIPS 197)
Network Security and Hacking Techniques DAY 5
AES Description
Assume key length 128 bits
Input is single 128-bit block Depicted as square matrix of bytes
Block copied into State array
• Modified at each stage
After final stage, State copied to output matrix
128-bit key depicted as square matrix of bytes Expanded into array of key schedule words
Each four bytes
Total key schedule 44 words for 128-bit key
Byte ordering by column First four bytes of 128-bit plaintext input occupy first column of in
matrix
First four bytes of expanded key occupy first column of w matrix
Network Security and Hacking Techniques DAY 5
AES Encryption and Decryption
Network Security and Hacking Techniques DAY 5
AES Comments (1)
Key expanded into array of forty-four 32-bit words, w[i]
Four distinct words (128 bits) serve as round key for each round
Four different stages
One permutation and three substitution
• Substitute bytes uses S-box table to perform byte-by-byte substitution of block
• Shift rows is permutation that performed row by row
• Mix columns is substitution that alters each byte in column as function of all of bytes in column
• Add round key is bitwise XOR of current block with portion of expanded key
Network Security and Hacking Techniques DAY 5
AES Comments (1)
Simple structure
For both encryption and decryption, cipher begins with Add Round Key stage
Followed by nine rounds,
• Each includes all four stages
Followed by tenth round of three stages
Network Security and Hacking Techniques DAY 5
AES Encryption Round
Network Security and Hacking Techniques DAY 5
AES Comments (2)
Only Add Round Key stage uses key
Begin and ends with Add Round Key stage
Any other stage at beginning or end, reversible without key
• Adds no security
Add Round Key stage by itself not formidable
Other three stages scramble bits
By themselves provide no security because no key
Each stage easily reversible
Decryption uses expanded key in reverse order
Not identical to encryption algorithm
Easy to verify that decryption does recover plaintext
Final round of encryption and decryption consists of only three stages
Network Security and Hacking Techniques DAY 5
Location of Encryption DevicesEncryption Across a Packet Switching Network
Network Security and Hacking Techniques DAY 5
Link Encryption
Each communication link equipped at both ends
All traffic secure
High level of security
Requires lots of encryption devices
Message must be decrypted at each switch to read address (virtual circuit number)
Security vulnerable at switches
Particularly on public switched network
Network Security and Hacking Techniques DAY 5
End to End Encryption
Encryption done at ends of system
Data in encrypted form crosses network unaltered
Destination shares key with source to decrypt
Host can only encrypt user data Otherwise switching nodes could not read header or route
packet
Traffic pattern not secure
Use both link and end to end
Network Security and Hacking Techniques DAY 5
Key Distribution
Question: How to deliver a shared key to 2 parties that wish to exchange data without others to see the key?
Key selected by A and delivered to B
Third party selects key and delivers to A and B
Use old key to encrypt and transmit new key from A to B
Use old key to transmit new key from third party to A and B
Network Security and Hacking Techniques DAY 5
Automatic Key Distribution for Connection-Oriented Protocols
Network Security and Hacking Techniques DAY 5
Automatic Key Distribution
Session Key Used for duration of one logical connection Destroyed at end of session Used for user data
Permanent key Used for distribution of keys
Key distribution center Determines which systems may communicate Provides one session key for that connection
Security service module (SSM) Performs end to end encryption Obtains keys for host
Network Security and Hacking Techniques DAY 5
Message Authentication
Protection against active attacks
Falsification of data
Eavesdropping
Message is authentic if it is genuine and comes from the alleged source
Authentication allows receiver to verify that message is authentic
Message has not altered
Message is from authentic source
Message timeline
Network Security and Hacking Techniques DAY 5
Authentication Using Encryption
Assumes sender and receiver are only entities that know key
Message includes:
error detection code
sequence number
time stamp
Network Security and Hacking Techniques DAY 5
Authentication Without Encryption
Authentication tag generated and appended to each message
Message not encrypted
Useful for:
Messages broadcast to multiple destinations
• Have one destination responsible for authentication
One side heavily loaded
• Encryption adds to workload
• Can authenticate random messages
Programs authenticated without encryption can be executed without decoding
Network Security and Hacking Techniques DAY 5
Message Authentication Code
Generate authentication code based on shared key and message
Common key shared between A and B
If only sender and receiver know key and code matches:
Receiver assured message has not altered
Receiver assured message is from alleged sender
If message has sequence number, receiver assured of proper sequence
Network Security and Hacking Techniques DAY 5
Message Authentication Using a Message Authentication Code
Network Security and Hacking Techniques DAY 5
One Way Hash Function
Accepts variable size message and produces fixed size tag (message digest)
Advantages of authentication without encryption
Encryption is slow
Encryption hardware expensive
Encryption hardware optimized to large data
Algorithms covered by patents
Algorithms subject to export controls (from USA)
Network Security and Hacking Techniques DAY 5
Message Authentication Using a One-Way Hash Function
Network Security and Hacking Techniques DAY 5
Public Key Encryption
Based on mathematical algorithms
Asymmetric
Use two separate keys
Ingredients
Plain text
Encryption algorithm
Public and private key
Cipher text
Decryption algorithm
Network Security and Hacking Techniques DAY 5
Public-Key Cryptography
Network Security and Hacking Techniques DAY 5
Public Key Encryption - Operation
One key made public
Used for encryption
Other kept private
Used for decryption
Infeasible to determine decryption key given encryption key and algorithm
Either key can be used for encryption, the other for decryption
Network Security and Hacking Techniques DAY 5
Steps
User generates pair of keys
User places one key in public domain
To send a message to user, encrypt using public key
User decrypts using private key
Network Security and Hacking Techniques DAY 5
Digital Signature
Sender encrypts message with their private key
Receiver can decrypt using senders public key
This authenticates sender, who is only person who has the matching key
Does not give privacy of data Decrypt key is public
Network Security and Hacking Techniques DAY 5
Signatures
Handwritten signatures can verify that a document is
Authentic
• The signature is mine and has not been altered
Unforgeable
• Proves that I signed the document
Non-repudible
• I cannot deny that I signed the document
Network Security and Hacking Techniques DAY 5
Digital Signatures
Public key systems can also be used to provide message authentication:
The sender’s secret key can be used to encrypt a message, thereby signing it
This creates a digital signature of a message, which the recipient (or anyone else) can check by using the sender's public key to decrypt it.
This proves that the sender was the true originator of the message, and that the message has not been subsequently altered by anyone else
Network Security and Hacking Techniques DAY 5
Digital Properties
The properties of digital documents are different from paper documents
We need to be able to bind a signature to the entire sequence of bits that make up the document
How do I prevent someone from revealing their private key and then claiming they never signed something?
Network Security and Hacking Techniques DAY 5
Message Digests
Message digests are used to create short, fixed-length representations of longer, variable-length messages
The goal is to make H(M) != H(M’)
Digest algorithms are designed to produce unique digests for different messages.
Network Security and Hacking Techniques DAY 5
Digests
{h}Kpri
M
Signing
Verifying
E(Kpri , h)
128 bits
H(M) h
M
hH(doc)
D(Kpub ,{h}) {h}Kpri h'
h = h'?
M
signed doc
Network Security and Hacking Techniques DAY 5
Next Problem
You digitally sign a document
Send the document to a bank
Encrypted using the bank’s public key
How do you
Verify that the public key you used to encrypt the message actually belongs to the bank?
How does the bank verify that you actually signed the document (or where do they get your public key)?
Network Security and Hacking Techniques DAY 5
Certificates
A certificate associates a public key with the real identity of an individual, server, or other entity, known as the subject
SubjectDistinguished Name, Public Key
Issuer Distinguished Name, Signature
Period of validity Not Before Date, Not After Date
Administrative information Version, Serial Number
Extended Information
Network Security and Hacking Techniques DAY 5
Certificate Authority
A trusted source of certificates
Verifying certificate requests
Processing certificate requests
Issuing and managing certificates
In previous example
I would get a certificate for the bank to obtain the public key of the bank
The bank would get a certificate to obtain my public key
Network Security and Hacking Techniques DAY 5
The RSA Algorithm
Key Generation
Select p, q p and q both prime, p q
Calculate n = p ´ q
Calculate f(n) = (p – 1)(q – 1)
Select integer e gcd(f(n), e) = 1; 1 < e < f(n)
Calculate d de mod f(n) = 1
Public key KU = {e, n}
Private key KR = {d, n}
Encryption
Plaintext: M < n
Ciphertext: C = Me (mod n)
Decryption
Ciphertext: C
Plaintext: M = Cd (mod n)
Network Security and Hacking Techniques DAY 5
Example of RSA Algorithm
Network Security and Hacking Techniques DAY 5
Public-Key Certificate Use
Network Security and Hacking Techniques DAY 5
Implementing Network Security using VPNs
Introduction to VPNS
Overview of VPNs
CPE-Based VPNs
Provider-Provisioned VPNs
Introduction to RFC 2547
Introduction to CCClLayer 2 MPLS VPN
lETF Standards Update
Conclusions
Network Security and Hacking Techniques DAY 5
What is a VPN?
A private network constructed over a shared infrastructure
Virtual: not a separate physical network
Private: separate addressing and routing
Network: a collection of devices that communicate
Policies are key—global connectivity is not the goal
SharedInfrastructure
SharedInfrastructure
Mobile Users and Telecommuters
Remote AccessRemote Access
BranchOffice
Corporate Headquarters
Suppliers, Partnersand Customers
IntranetIntranet
ExtranetExtranet
Network Security and Hacking Techniques DAY 5
Deploying VPNs in the 1990s
Operational model PVCs overlay the shared infrastructure (ATM/Frame Relay) Routing occurs at customer premise
Benefits Mature technologies Relatively “secure” Service commitments (bandwidth, availability, and more)
Limitations Scalability, provisioning and management Not a fully integrated IP solution
Provider Frame Relay Network
CPE CPE
DLCIDLCI
FR Switch
DLCIDLCI
DLCIDLCI
FR SwitchFR Switch
FR Switch
Network Security and Hacking Techniques DAY 5
Deploying VPNs in the 21st'Century
Uses IP infrastructure
Can be,shared with Internet services increasing importance of IP/MPLS
Subscriber benefits
Lower operational expense
Single network connection Provider benefits
Multiservice infrastructure
Creates additional source of revenue
SharedInfrastructure
SharedInfrastructure
Mobile Users and Telecommuters
Remote AccessRemote Access
BranchOffice
Corporate Headquarters
Suppliers, Partnersand Customers
IntranetIntranet
ExtranetExtranet
Network Security and Hacking Techniques DAY 5
VPN Classification Model
Customer-managed VPN solutions (CPE-VPNs) Layer 2: L2TP and PPTP Layer 3: IPSec
Provider-provisioned VPN solutions (PP-VPNs) Layer 3: MPLS-Based VPNs (RFC 2547bis) Layer 3: Non-MPLS-Based VPNs (Virtual Routers) Layer2: MPLS VPNs
PE
PE
CPE
CPE
SubscriberSite 3
PP-VPN
SubscriberSite 2
CPE
PE
VPN Tunnel
VPN T
unne
l VP
N T
un
nel
CPE
PE
PE
PE
CPE
CPE
CPE-VPN
VPN TunnelSubscriber
Site 1
SubscriberSite 3
SubscriberSite 2
VP
N T
un
nel
VPN Tu
nn
el
SubscriberSite 1
Network Security and Hacking Techniques DAY 5
CPE- Based VPN’s
Network Security and Hacking Techniques DAY 5
CPE-VPNs: L2TP and PPTP
Application: Dial access for remote users Layer 2 Tunneling Protocol (L2TP) RFC2661 Combination of L2f and Point-to-point Tunneling Point-to-Point Tunneling Protocol (PPTP) Bundled with Windows and Windows NT Authentication during setup lPSec can operate over PPP for stronger security
V.x Modem
PPP Dial upService Provider or 或 VPN
L2TPAccess Server
Dial AccessServer L2TP Tunnel
Dial AccessServer
PPTPAccess ServerPPTP Tunel
Dial Access Provider
Network Security and Hacking Techniques DAY 5
CPE-VPNs: IPSec Tunnel Mode
IPSec defines IETF Layer 3 security architecture
Applications - Strong security requirements, across one or multiple Service Providers
Customer responsible for key management
Security services include: Access control
Data originauthentication
Replay protection
Dataintegrity
Data privacy (encryption/decryption)
Key management
Network Security and Hacking Techniques DAY 5
CPE-VPNs: IPSec Example
Uses normal IP services from service provider
Protected packets forwarded by existing routers
Does not address QoS/SLAs
Minimal provider opportunity
Customer manages its own routing
CorporateHQ
BranchOffice
CPE CPE
IPsec ESP TunnelIPsec ESP Tunnel
Public Internet
Network Security and Hacking Techniques DAY 5
Customer Edge Routers
Customer Edge (CE) routers Router or switch device located at customer premises
providing access to the service provider network Layer 2 (FR, ATM, Ethernet) and Layer 3 (IP, IPX, SNA …)
independenceof the service provider network
CEs within a VPN, uses the same L2 technology to access the service provider network
Requires a sub-interface per CE it needs to interconnect to within the VPN
Maintains routing adjacencies with other CEs within the VPN
CEPP
PECE
Customer Edge
CE
CE
PE VPN AVPN A
VPN B VPN B
PE
ATM
FR
ATM
FR
VPN Site
Network Security and Hacking Techniques DAY 5
Provider Edge Routers
Provider Edge (PE) routers
Maintain site-specific VPN Forwarding Tables
Exchange VPN Connection Tables with other PE routers using MP-IBGP or LDP
Use MPLS LSPs to forward VPN traffic
CEPP
PECE
CE
CE
PE VPN AVPN A
VPN B VPN B
PE
Provider Edge
ATM
FR
ATM
FR
Network Security and Hacking Techniques DAY 5
Provider Routers
Provider (P) routers
Forward data traffic transparently over established LSPs
Do not maintain VPN-specific forwarding information
CEPP
PECE
CE
CE
PE VPN AVPN A
VPN B VPN B
PE
Provider Routers
ATM
FR
ATM
FR
Network Security and Hacking Techniques DAY 5
VPN Forwarding Tables (VFT)
Each VFT is populated with:
The forwarding information provisioned for the local CE sites
VPN Connection Tables received from other PEs via iBGP or LDP
P
P
P PE 2
VPN ASite 3
VPN ASite 1
VPN BSite2
VPN BSite 1
PE 1
PE 3
VPN ASite2
CE–A1
CE–B1
CE–A3
CE–A2
CE–B2
P
A VA VFTFT is created is createdfor each site for each site
connected to the connected to the PEPE
OSPF
OSPF
OSPF
ATM
ATM
ATM
Network Security and Hacking Techniques DAY 5
VPN Connection Tables (VCT)
The VCT is a subset of information hold by the VFT
VCTs are distributed by the PEs via iBGP or LDP
Site 1Site 1 Site 2Site 2
Site 1Site 1Site 2Site 2 PE-2
CE-4
PE-1CE-2
CE-2
CE-1
VFTVFT
VFTVFT
A VA VCTCT is is distributed distributed for each VPN site for each VPN site to to
PEPEss
MP-iBGP session / LDP
Network Security and Hacking Techniques DAY 5
END