Unit 1


Published on

Cryptography and Network Security UNIT-1

Published in: Technology, Business
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Unit 1

  1. 1. 1 INFORMATION SECURITY UNIT - I SECURITY ATTACKS Security attacks are of two types  Passive attacks and  Active attacks A passive attack attempts to learn or make use of information from the system but does not affect system resources. An active attack attempts to alter system resources or affect their operation. Passive Attacks Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions. The goal of the opponent is to obtain information that is being transmitted. Two types of passive attacks are • Release of message contents and • Traffic analysis. The release of message contents is easily understood. A telephone conversation, an electronic mail message, and a transferred file may contain sensitive or confidential information. We would like to prevent an opponent from learning the contents of these transmissions. A second type of passive attack, traffic analysis, if we had encryption protection in place, an opponent might still be able to observe the pattern of these messages. The opponent could determine the location and identity of communicating hosts and could observe the frequency and length of messages being exchanged. This information might be useful in guessing the nature of the communication that was taking place. Passive attacks are very difficult to detect because they do not involve any alteration of the data. Typically, the message traffic is sent and received in an apparently normal fashion and neither the sender nor receiver is aware that a third party has read the messages or observed the traffic pattern. However, it is feasible to prevent the success of these attacks, usually by means of encryption. Thus, the emphasis in dealing with passive attacks is on prevention rather than detection. Active Attacks Active attacks involve some modification of the data stream or the creation of a false stream and can be subdivided into four categories: • Masquerade, • Replay, • Modification of messages, and • Denial Of Service. A masquerade takes place when one entity pretends to be a different entity (Figure 1.4a). A masquerade attack usually includes one of the other forms of active attack. For example, authentication sequences can be captured and replayed after a valid authentication sequence has taken place, thus enabling an authorized entity with few privileges to obtain extra privileges by impersonating an entity that has those privileges. Replay involves the passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect. Modification of messages simply means that some portion of a legitimate message is altered, or that messages are delayed or reordered, to produce an unauthorized effect. For example, a message meaning "Allow John Smith to read confidential file accounts" is modified to mean "Allow Fred Brown to read confidential file accounts." The Denial Of Service prevents or inhibits the normal use or management of communications facilities. This attack may have a specific target; for example, an entity may suppress all messages directed to a particular destination (e.g., the security audit service). Another form of service denial is SECURITY SERVICES Authentication The authentication service is concerned with assuring that a communication is authentic. Two specific authentication services are defined: • Peer entity authentication: Provides for the confirmation of the identity of a peer entity in an association. It is provided for use at the establishment of, or at times during the data transfer phase of, a connection. It attempts to provide confidence that an entity is not performing either a masquerade or an unauthorized replay of a previous connection. A.DHASARADHI
  2. 2. • Data origin authentication: Provides for the confirmation of the source of a data unit. It does not provide protection against the duplication or modification of data units. This type of service supports applications like electronic mail where there are no prior interactions between the communicating entities. Access Control In the context of network security, access control is the ability to limit and control the access to host systems and applications via communications links. To achieve this, each entity trying to gain access must first be identified, or authenticated, so that access rights can be tailored to the individual. Data Confidentiality Confidentiality is the protection of transmitted data from passive attacks. With respect to the content of a data transmission, several levels of protection can be identified. The broadest service protects all user data transmitted between two users over a period of time. The other aspect of confidentiality is the protection of traffic flow from analysis. This requires that an attacker not be able to observe the source and destination, frequency, length, or other characteristics of the traffic on a communications facility. Data Integrity A connection-oriented integrity service, one that deals with a stream of messages, assures that messages are received as sent, with no duplication, insertion, modification, reordering, or replays. The destruction of data is also covered under this service. Thus, the connection-oriented integrity service addresses both message stream modification and denial of service. On the other hand, a connectionless integrity service, one that deals with individual messages without regard to any larger context, generally provides protection against message modification only. We can make a distinction between the service with and without recovery. Because the integrity service relates to active attacks, we are concerned with detection rather than prevention. If a violation of integrity is detected, then the service may simply report this violation, and some other portion of software or human intervention is required to recover from the violation. Nonrepudiation Nonrepudiation prevents either sender or receiver from denying a transmitted message. Thus, when a message is sent, the receiver can prove that the alleged sender in fact sent the message. Similarly, when a message is received, the sender can prove that the alleged receiver in fact received the message. Availability Service Property of a system or a system resource being accessible and usable upon demand by an authorized system entity, according to performance specifications for the system (i.e., a system is available if it provides services according to the system design whenever users request them). A variety of attacks can result in the loss of or reduction in availability. Some of these attacks are amenable to automated countermeasures, such as authentication and encryption, whereas others require some sort of physical action to prevent or recover from loss of availability of elements of a distributed system. This service addresses the security concerns raised by denial-of-service attacks. It depends on proper management and control of system resources and thus depends on access control service and other security services. SECURITY MECHANISMS • Encipherment The use of mathematical algorithms to transform data into a form that is not readily intelligible. The transformation and subsequent recovery of the data depend on an algorithm and zero or more encryption keys. • Digital Signature Data appended to, or a cryptographic transformation of, a data unit that allows a recipient of the data unit to prove the source and integrity of the data unit and protect against forgery (e.g., by the recipient). • Access Control A variety of mechanisms that enforce access rights to resources. • Data Integrity A variety of mechanisms used to assure the integrity of a data unit or stream of data units. • Authentication Exchange A mechanism intended to ensure the identity of an entity by means of information exchange. A.DHASARADHI
  3. 3. 3 INFORMATION SECURITY • Traffic Padding The insertion of bits into gaps in a data stream to frustrate traffic analysis attempts. • Routing Control Enables selection of particular physically secure routes for certain data and allows routing changes, especially when a breach of security is suspected. • Notarization The use of a trusted third party to assure certain properties of a data exchange. • Pervasive Security Mechanisms • Mechanisms those are not specific to any particular OSI security service or protocol layer. • Trusted Functionality That which is perceived to be correct with respect to some criteria (e.g., as established by a security policy). • Security Label The marking bound to a resource (which may be a data unit) that names or designates the security attributes of that resource. • Event Detection Detection of security-relevant events. • Security Audit Trail Data collected and potentially used to facilitate a security audit, which is an independent review and examination of system records and activities. • Security Recovery Deals with requests from mechanisms, such as event handling and management functions, and takes recovery actions. A MODEL FOR NETWORK SECURITY A message is to be transferred from one party to another across some sort of internet. The two parties, who are the principals in this transaction, must cooperate for the exchange to take place. A logical information channel is established by defining a route through the internet from source to destination and by the cooperative use of communication protocols (e.g., TCP/IP) by the two principals. Security aspects come into play when it is necessary or desirable to protect the information transmission from an opponent who may present a threat to confidentiality, authenticity, and so on. All the techniques for providing security have two components: Figure: Model for Network Security • A security-related transformation on the information to be sent. Examples include the encryption of the message, which scrambles the message so that it is unreadable by the opponent, and the addition of a code based on the contents of the message, which can be used to verify the identity of the sender • Some secret information shared by the two principals and, it is hoped, unknown to the opponent. An example is an encryption key used in conjunction with the transformation to scramble the message before transmission and unscramble it on reception A trusted third party may be needed to achieve secure transmission. For example, a third party may be responsible for distributing the secret information to the two principals while keeping it from any opponent. Or a third party may be needed to arbitrate disputes between the two principals concerning the authenticity of a message transmission. This general model shows that there are four basic tasks in designing a particular security service: 1. Design an algorithm for performing the security-related transformation. The algorithm should be such that an opponent cannot defeat its purpose. 2. Generate the secret information to be used with the algorithm. 3. Develop methods for the distribution and sharing of the secret information. A.DHASARADHI
  4. 4. 4. Specify a protocol to be used by the two principals that makes use of the security algorithm and the secret information to achieve a particular security service. The hacker can be someone who, with no malign intent, simply gets satisfaction from breaking and entering a computer system. Or, the intruder can be a disgruntled employee who wishes to do damage, or a criminal who seeks to exploit computer assets for financial gain (e.g., obtaining credit card numbers or performing illegal money transfers). Another type of unwanted access is the placement in a computer system of logic that exploits vulnerabilities in the system and that can affect application programs as well as utility programs, such as editors and compilers. Programs can present two kinds of threats: • Information access threats intercept or modify data on behalf of users who should not have access to that data. • Service threats exploit service flaws in computers to inhibit use by legitimate users. Figure: Network Access Security Model Viruses and worms are two examples of software attacks. Such attacks can be introduced into a system by means of a disk that contains the unwanted logic concealed in otherwise useful software. They can also be inserted into a system across a network; this latter mechanism is of more concern in network security. The security mechanisms needed to cope with unwanted access fall into two broad categories. The first category might be termed a gatekeeper function. It includes password-based login procedures that are designed to deny access to all but authorized users and screening logic that is designed to detect and reject worms, viruses, and other similar attacks. Once either an unwanted user or unwanted software gains access, the second line of defence consists of a variety of internal controls that monitor activity and analyse stored information in an attempt to detect the presence of unwanted intruders. INTERNET STANDARDS AND RFC’S By universal agreement, an organization known as the Internet Society is responsible for the development and publication of these standards. The Internet Society is a professional membership organization that oversees a number of boards and task forces involved in Internet development and standardization. The Internet Organizations and RFC Publication The Internet Society is the coordinating committee for Internet design, engineering, and management. Areas covered include the operation of the Internet itself and the standardization of protocols used by end systems on the Internet for interoperability. Three organizations under the Internet Society are responsible for the actual work of standards development and publication: • Internet Architecture Board (IAB): Responsible for defining the overall architecture of the Internet, providing guidance and broad direction to the IETF • Internet Engineering Task Force (IETF): The protocol engineering and development arm of the Internet • Internet Engineering Steering Group (IESG): Responsible for technical management of IETF activities and the Internet standards process Working groups chartered by the IETF carry out the actual development of new standards and protocols for the Internet. Membership in a working group is voluntary; any interested party may participate. During the development of a specification, a working group will make a draft version of the document available as an Internet Draft, which is placed in the IETF's "Internet Drafts" online directory. The document may remain as an Internet Draft for up to six months, and interested parties may review and comment on the draft. During that time, the IESG may approve publication of the draft as an RFC (Request for Comment). If the draft has not progressed to the status of an RFC during the six-month period, it is withdrawn from the directory. The working group may subsequently publish a revised version of the draft. The IETF is responsible for publishing the RFCs, with approval of the IESG. The RFCs are the working notes of the Internet research and development community. A document in this series may be on essentially any topic related to computer communications and may be anything from a meeting report to the specification of a standard. The Standardization Process The decision of which RFC’s become Internet standards is made by the IESG, on the recommendation of the IETF. To become a standard, a specification must meet the following criteria: • Be stable and well understood • Be technically competent A.DHASARADHI
  5. 5. 5 INFORMATION SECURITY • Have multiple, independent, and interoperable implementations with substantial operational experience • Enjoy significant public support • Be recognizably useful in some or all parts of the Internet Figure: Internet RFC Publication Process The Figure shows the series of steps, called the standards track, that a specification goes through to become a standard. At each step, the IETF must make a recommendation for advancement of the protocol, and the IESG must ratify it. The process begins when the IESG approves the publication of an Internet Draft document as an RFC with the status of Proposed standard. The white boxes in the diagram represent temporary states, which should be occupied for the minimum practical time. However, a document must remain a Proposed Standard for at least six months and a Draft Standard for at least four months to allow time for review and comment. The gray boxes represent long-term states that may be occupied for years. For a specification to be advanced to Draft Standard status, there must be at least two independent and interoperable implementations from which adequate operational experience has been obtained. After significant implementation and operational experience has been obtained, a specification may be elevated to Internet Standard. At this point, the Specification is assigned an STD number as well as an RFC number. Finally, when a protocol becomes obsolete, it is assigned to the Historic state Internet Standards Categories All Internet standards fall into one of two categories: • Technical specification (TS): A TS defines a protocol, service, procedure, convention, or format. The bulk of the Internet standards are TSs. • Applicability statement (AS): An AS specifies how, and under what circumstances, one or more TSs may be applied to support a particular Internet capability. An AS identifies one or more TSs that are relevant to the capability, and may specify values or ranges for particular parameters associated with a TS or functional subsets of a TS that are relevant for the capability. Other RFC Types There are numerous RFC’s that are not destined to become Internet standards. Some RFC’s standardize the results of community deliberations about statements of principle or conclusions about what is the best way to perform some operations or IETF process function. Such RFC’s are designated as Best Current Practice (BCP). Approval of BCPs follows essentially the same process for approval of Proposed Standards. Unlike standards-track documents, there is not a three-stage process for BCP’s; a BCP goes from Internet draft status to approved BCP in one step. A protocol or other specification that is not considered ready for standardization may be published as an Experimental RFC. After further work, the specification may be resubmitted. If the specification is generally stable, has resolved known design choices, is believed to be well understood, has received significant community review, and appears to enjoy enough community interest to be considered valuable, then the RFC will be designated a Proposed Standard. Finally, an Informational Specification is published for the general information of the Internet community. BUFFER OVERFLOWS A buffer overflows when too much data is put into it. Think of a buffer as a glass of water; you can fill the glass until it is full, but any additional water added to that glass will spill over the edge. Buffers are much like this, and the C language (and its derivatives, like C++), offer many ways to cause more to be put into a buffer than was anticipated. A.DHASARADHI
  6. 6. As you have seen, local variables can be allocated on the stack This means that there is a buffer of a set size sitting on the stack somewhere. Since the stack grows down and there are very important pieces of information stored there, what happens if you put more data into the stack allocated buffer than it can handle? Like the glass of water, it overflows! When 16 bytes of data are copied into the buffer from Figure above, it becomes full. When 17 bytes get copied, one byte spills over into the area on the stack devoted to holding int2.This is the beginning of data corruption. All future references to int2 will give the wrong value. If this trend continues, and we put 28 bytes in, we control what EBP points to, at 32 bytes, we have control of EIP. /* chapter 1 sample 1 This is a very simple program to explain how the stack operates */ #include <stdlib.h> #include <stdio.h> int main(int argc, char **argv) { char buffer[15]="Hello World"; /* a 15 byte character buffer */ int int1=1,int2=2; /* 2 4 byte integers */ return 1; } Figure: How the Stack Operates When a ret happens and it pops our overwritten EIP and then jumps to it, we take control. After gaining control of EIP, we can make it point to anywhere we want, including code we have provided. The C language has a saying attributed to it: “We give you enough rope to hang yourself ”. Basically, this means that with the degree of power over the machine that C offers, it has its potential problems as well. C is a loosely typed language, so there aren’t any safeguards to make you comply with any data rules. Many buffer overflows happen in C due to poor handling of string data types. Table below shows some of the worst offenders in the C language. The table is by no means a complete table of problematic functions, but will give you a good idea of some of the more dangerous and common ones. Table: A Sampling of Problematic Functions in C Function Description char *strcpy( char *strDestination, This function will copy a string from const char *strSource ) strSource to strDestination char *strcat( char *strDestination, This function adds (concatenates) a string const char *strSource ) to the end of another string in a buffer int sprintf( char *buffer, const This function operates like printf, except char *format [, argument] ... ) this copies the output to buffer instead of Printing to the stdout stream. char *gets( char *buffer ) Gets a string of input from the stdin stream and stores it in buffer FORMAT STRING VULNERABILITIES Format String Vulnerabilities versus Buffer Overflows On the surface, format string and buffer overflow exploits often look similar. It is not hard to see why some may group together in the same category. Whereas attackers may overwrite return addresses or function pointers and use shellcode to exploit them, buffer overflows and format string vulnerabilities are fundamentally different problems. In buffer overflow vulnerability, the software flaw is that a sensitive routine such as a memory copy relies on an externally controllable source for the bounds of data being operated on. For example, many buffer overflow conditions are the result of C library string copy operations. In the C programming language, strings are NULL terminated byte arrays of variable length. The strcpy() (string copy) libc function copies bytes from a source string to a destination buffer until a terminating NULL is encountered in the source string. If the source string is externally supplied and greater in size than the destination buffer, the strcpy() function will write to memory neighboring the data buffer until the copy is complete. Exploitation of a buffer overflow is based on the attacker being able to overwrite critical values with custom data during operations such as a string copy. Another source of confusion is that buffer overflows and format string vulnerabilities can both exist due to the use of the sprintf() function. To understand the difference, it is important to understand what the sprintf function actually does. sprintf() allows for a programmer to create a string using printf() style formatting and write it into a buffer. Buffer overflows occur when A.DHASARADHI
  7. 7. 7 INFORMATION SECURITY the string that is created is somehow larger than the buffer it is being written to. This is often the result of the use of the %s format specifier, which embeds NULL terminated string of variable length in the formatted string. If the variable corresponding to the %s token is externally supplied and it is not truncated, it can cause the formatted string to overwrite memory outside of the destination buffer when it is written. TCP SESSION HIJACKING Let’s take a look at how the hijacking of a Transmission Control Protocol (TCP) connection works in general. When attempting to hijack a TCP connection, a hacker must pay attention to all the details that go into a TCP connection. These details include things like:  Sequence numbers, TCP headers, and ACK packets. Let’s look briefly at some relevant portions as a quick reminder. Recall that a TCP connection starts out with the standard TCP three-way handshake: The client sends a SYN (synchronization) packet, the server sends a SYN-ACK packet, and the client responds with an ACK (acknowledgment) packet and then starts to send data or waits for the server to send. During the information exchange, sequence counters increment on both sides, and packet receipt must be acknowledged with ACK packets. The connection finishes with either an exchange of FIN (finish) packets, similar to the starting three-way handshake, or more abruptly with RST (reset) packets. Where during this sequence of packets does the hacker want to send? Obviously, she wants to do it before the connection finishes, or else there will be no connection left to hijack. The hacker almost always wants to hijack in the middle, after a particular event has occurred. The event in question is the authentication step. Think about what would happen if she were to hijack the connection during the initial handshake or before the authentication phase had completed. What would she have control of? The server would not be ready to receive commands until the authentication phase had completed. She’d have a hijacked connection that was waiting for her to provide a password of some sort. In other words, she’d be in exactly the same situation as she would be if she’d just connected as a normal client herself. As mentioned before, the point of hijacking a connection is to steal trust. The trust doesn’t exist before the authentication has occurred. There are some services that can be configured to authenticate on IP address alone, such as the Berkeley “r” services, but if that’s the case, no hijacking is really required; at that point, it becomes a matter of spoofing. If a hacker were in a position to do TCP connection hijacking, she’d also easily be able to spoof effectively. Note that when we say “If a hacker were in a position to…,” we mean that the hacker must have control of the right victim machine to be able to accomplish any of this activity. Just as with sniffing, the hacker will almost certainly need control of a box on the same Layer 2 network segment as either the client or the server. Unless she’s able to pull some heavy route manipulation, the packets won’t come to the hacker—she’ll have to go to the packets. ARP ATTACKS Another way to make sure that your attacking machine gets all the packets going through it is to modify the ARP tables on the victim machine(s). An ARP table controls the Media Access Control (MAC)-address-to-IP-address mapping on each machine. ARP is designed to be a dynamic protocol, so as new machines are added to a network or existing machines get new MAC addresses for whatever reason, the rest update automatically in a relatively short period of time. There is absolutely no authentication in this protocol. When a victim machine broadcasts for the MAC address that belongs to a particular IP address (perhaps the victim’s default gateway), all an attacker has to do is answer before the real machine being requested does. It’s a classic race condition. You can stack the odds in your favor by giving the real gateway a lot of extra work to do during that time so that it can’t answer as fast. As long as you properly forward traffic from the victim (or fake a reasonable facsimile of the servers the victim machine is trying to talk to), the victim might not notice that anything is different. Certainly, there are noticeable differences, if anyone cares to pay attention. For example, after such an attack, each packet crosses the same local area network (LAN) segment twice, which increases traffic somewhat and is suspicious in itself. Furthermore, the biggest giveaway is that the ARP cache on the victim machine is changed. That’s pretty easy to watch for, if someone has prepared for that case ahead of time. One tool for monitoring such changes is arpwatch. A tool for performing an ARP attack is (for lack of a formal name) grat_arp. Note that ARP tricks are good not only for getting traffic to flow through your machine, but also just so you can monitor it at all when you’re in a switched environment. Normally, when there is a switch (or any kind of Layer 2 bridge) between the victim and attacking machine, the attacking machine will not get to monitor the victim’s traffic. ARP games are one way to handle this problem. ROUTE TABLE MODIFICATION Typically, an attacker would be able to put himself in such a position to block packets by modifying routing tables so that packets flow through a system he has control of (Layer 3 redirection), by changing bridge tables by playing games with A.DHASARADHI
  8. 8. spanning-tree frames (Layer 2 redirection), or by rerouting physical cables so that the frames must flow through the attacker’s system (Layer 1 redirection).The last technique implies physical access to your cable plant, so perhaps you’ve got much worse problems than TCP session hijacking in that instance. Most of the time, an attacker will try to change route tables remotely. There has been some research in the area of changing route tables on a mass scale by playing games with the Border Gateway Protocol (BGP) that most Internet service providers (ISPs) use to exchange routes with each other. Insiders have reported that most of these ISPs have too much trust in place for other ISPs, which would enable them to do routing updates. A more locally workable attack might be to spoof Internet Control Message Protocol (ICMP) and redirect packets to fool some hosts into thinking that there is a better route via the attacker’s IP address. Many OS’s accept ICMP redirects in their default configuration. If the attacker has managed to change route tables to get packets to flow through his system, some of the intermediate routers will be aware of the route change, either because of route tables changing or possibly because of an Address Resolution Protocol (ARP) table change. The end nodes would not normally be privy to this information if there are at least a few routers between the two nodes. Possibly the nodes could discover the change via a traceroute-style utility, unless the attacker has planned for that and programmed his “router” to account for it. UDP HIJACKING Now that we’ve seen what TCP session hijacking looks like, the rest is easy. We have problems with TCP due to all the reliability features built into it. If it weren’t for the sequence numbers, ACK mechanism, and other things that TCP uses to ensure that packets get where they need to go, our job would be a lot easier. Well, guess what? The User Datagram Protocol (UDP) doesn’t have those features; at least, it doesn’t as it is. However, a protocol designer can implement the equivalents toall those features on top of UDP. Very few attempt even a small subset of the TCP features. The Network File System (NFS) has something akin to sequence numbers and a retransmit feature, but it’s vastly simpler than TCP. So, most of the time, “hijacking” UDP comes down to a race. Can a hacker get an appropriate response packet in before the legitimate server or client can? In most cases, the answer is probably yes, as long as the hacker can script the attack. The attacker needs a tool that watches for the request, and then produces the response he wants to fake as quickly as possible, and then drops that on the wire. For example, the Domain Name System (DNS) would be a popular protocol to hijack. Assume that the hacker’s attacking machine is near the client and the DNS server is located somewhere farther away on the network. Then: 1. The hacker wants to pretend to be some Web server, say SecurityFocus. 2. The attacker programs his attacking machine to watch for a request for that name and store a copy of the packet. 3. The hacker extracts the request ID and then uses it to finish off a response packet that was prepared ahead of time that points to his IP address. 4. The client then contacts the hacker’s machine instead of SecurityFocus. 5. The client sees a message to the effect of “SecurityFocus has been 0wned.” MAN-IN-THE-MIDDLE ATTACKS MITM attacks are probably the most productive types of attacks used today in conjunction with encrypted protocol hijacking and connection types such as SSH1 and SSL. Let’s say, for example, that a typical user attempts a connection to a site that is SSL enabled. A key exchange occurs with the SSL server and the server’s certificate is compared to the certificates stored in the Web browser’s trusted root certification authority’s store. If the certificate information is valid and the certifying authority is present in the browser’s trusted store with no restrictions, no warning is generated on the client end by the browser, and a session key is offered for encrypting the communication between the SSL-enabled site and the client system. It is Suffice (enough) to say, when an MITM attack is started, the client does not connect to the SSL site that he thinks he does. The hijacker is instead offering bogus credentials and replaying the client’s information to the SSL site. The hijacker is making the connection to the SSL server on behalf of the victim and replaying all the information sent both ways so that he can essentially pick and chose what, if any, traffic to modify for his potential gain. Many people have the unfortunate tendency to ignore generated warnings. These are actual screens from an MITM attack scenario. If you clicked the button View Certificate under the security alert in the first screen, you would find that this certificate is marked “Issued to:VerySign Class 1 Authority.” It’s a cute play on words (VerySign instead of VeriSign), which would slip right by most of the user populace. This is more a social attack on people’s ignorance than it is technological wizardry. A.DHASARADHI