Network Security and Privacy

Vitaly Shmatikov

CS 378

http://www.cs.utexas.edu/~shmat/courses/cs378_spring05/

Course Personnel Instructor: Vitaly Shmatikov

• Office: TAYLOR 4.115C• Office hours: Thursday, 3:30-4:30pm (after

class)• Open door policy – don’t hesitate to stop by!

TA: Justin Brickell• Office hours TBA

Watch the course website• Assignments, reading materials, lecture notes

This course is an experiment!• First UT course on network security

Prerequisites Required: CS 372 (Operating Systems)

• My course has a substantial implementation component

• No waivers! Recommended: Introduction to Computer

Security; Cryptography; Computer Networks• Not much overlap with this course, but will help gain

deeper understanding of security mechanisms and where they fit in the big picture

Recommended: exposure to C programming• Project will involve implementing buffer overflow

exploits in C

Class Poll Introduction to computer security?

• Access control, Web security, sandboxing, firewalls? Cryptography?

• Public-key and symmetric encryption, digital signatures, cryptographic hash, random-number generators?

Computer networks?• Network architecture, application and transport

layer protocols? Programming in C?

Course Logistics Lectures

• Tuesday, Thursday 2-3:30pm Five homeworks (40% of the grade)

• One or two may involve implementation Project (15% of the grade)

• Involves a fair bit of implementation• Security is a contact sport!

Midterm (20% of the grade) Final (25% of the grade) UTCS Code of Conduct will be strictly

enforced

Course Materials Textbook: William Stallings. “Network Security

Essentials: Applications and Standards.”• Focuses on details of deployed security systems• Lectures will focus on “big-picture” principles and

ideas of network attack and defense• Attend lectures! Lectures will cover some material

that is not in the textbook – and you will be tested on it!

Occasional assigned readings• Start reading “Smashing the Stack For Fun and

Profit” by Aleph One (from Phrack hacker magazine)• Understanding it will be essential for your project

Other Helpful Books Ross Anderson. “Security Engineering”.

• Focuses on design principles for secure systems• Wide range of entertaining examples: banking,

nuclear command and control, burglar alarms• Ross Anderson is famous for hacking tamper-

resistant hardware Kaufman, Perlman, Speciner. “Network

Security: Private Communication in a Public World”. • Comprehensive network security textbook

Main Themes of the Course Vulnerabilities of networked applications

• Worms, denial of service attacks, malicious code arriving from the network, attacks on infrastructure

Defense technologies• Protection of information in transit: cryptography,

application- and transport-layer security protocols • Protection of networked applications: firewalls and

intrusion detection Study a few deployed systems in detail: from

design principles to gory implementation details• Kerberos, SSL/TLS, IPSec

What This Course is Not About Not a comprehensive course on computer

security Not a course on ethical, legal or economic issues

• No file sharing, DMCA, free speech issues Only cursory overview of cryptography

• Take CS 346 for deeper understanding Only some issues in systems security

• No access control, OS security, secure hardware• Will cover buffer overflow: #1 cause of remote

penetration attacks No language-based security

Motivationhttps://

Excerpt From “General Terms of Use”

YOU ACKNOWLEDGE THAT NEITHER WELLS FARGO, ITS AFFILIATES NOR ANY OF THEIR RESPECTIVE EMPLOYEES, AGENTS, THIRD PARTY CONTENT PROVIDERS OR LICENSORS WARRANT THAT THE SERVICES OR THE SITE WILL BE UNINTERRUPTED OR ERROR FREE; NOR DO THEY MAKE ANY WARRANTY AS TO THE RESULTS THAT MAY BE OBTAINED FROM USE OF THE SERVICES OR THE SITE, OR AS TO THE TIMELINESS, SEQUENCE, ACCURACY, RELIABILITY, COMPLETENESS OR CONTENT OF ANY INFORMATION, SERVICE, OR MERCHANDISE PROVIDED THROUGH THE SERVICES AND THE SITE.

“Privacy and Security”

“As a Wells Fargo customer, your privacy and security always come first.”• Privacy policy for individuals• Online privacy policy• Our commitment to online security• Online and computer security tips• How we protect you• General terms of use

What Do You Think?What do you think should be included in “privacy and security” for an e-commerce

website?

?

Desirable Security Properties Authenticity Confidentiality Integrity Availability Non-repudiation Freshness Access control Privacy of collected information Integrity of routing and DNS infrastructure

Syllabus (1): Security Mechanisms Basics of cryptography

• Symmetric and public-key encryption, certificates, cryptographic hash functions, pseudo-random generators

Authentication and key establishment• Case study: Kerberos

IP security• Case study: IPSec protocol suite

Web security• Case study: SSL/TLS (Transport Layer Security)

Syllabus (2): Attacks and Defenses Buffer overflow attacks Network attacks

• Distributed denial of service• Worms and viruses• Attacks on routing infrastructure

Defense tools• Firewalls and intrusion detection systems

Wireless security Privacy-enhancing technologies

network

Attack on Confidentiality Confidentiality is concealment of

informationEavesdropping,packet sniffing,illegal copying

network

Attack on Integrity Integrity is prevention of unauthorized

changesIntercept messages,tamper, release again

network

Attack on Authenticity Authenticity is identification and assurance

of origin of informationUnauthorized assumption ofanother’s identity

network

Attack on Availability Availability is ability to use information or

resources desiredOverwhelm or crash servers,disrupt infrastructure

Network Stack

application

presentation

session

transport

network

data link

physical

IP

TCP

email, Web, NFS

RPC

802.11

Sendmail, FTP, NFS bugs, chosen-protocol andversion-rollback attacks

SYN flooding, RIP attacks,sequence number prediction

IP smurfing and otheraddress spoofing attacks

RPC worms, portmapper exploits

WEP attacks

Only as secure as the single weakest layer…

Network Defenses

Cryptographic primitives

Protocols and policies

Implementations

Building blocks

Blueprints

Systems

RSA, DSS, SHA-1…

SSL, IPSec, access control…

Firewalls, intrusiondetection…

…all defense mechanisms must work correctly and securely

Correctness versus Security Program or system correctness: program satisfies specification

• For reasonable input, get reasonable output Program or system security: program properties preserved in face of attack

• For unreasonable input, output not completely disastrous Main difference: active interference from adversary Modular design may increase vulnerability

• Abstraction is very difficult to achieve in security: what if the adversary operates below your level of abstraction?

Bad News Security often not a primary consideration

• Performance and usability take precedence Feature-rich systems may be poorly understood

• Higher-level protocols make mistaken assumptions Implementations are buggy

• Buffer overflows are the “vulnerability of the decade” Networks are more open and accessible than

ever • Increased exposure, easier to cover tracks

Many attacks are not even technical in nature• Phishing, impersonation, etc.

Better News There are a lot of defense mechanisms

• We’ll study some, but by no means all, in this course It’s important to understand their limitations

• “If you think cryptography will solve your problem, then you don’t understand cryptography… and you don’t understand your problem” -- Bruce Schneier

• Many security holes are based on misunderstanding Security awareness and user “buy-in” help Other important factors: usability and

economics

Reading Assignment Stallings, sections 1.1-1.5 Start reading buffer overflow materials on

the website