I. protecting-traffic A. network attacks ------------------------------------------ NETWORK ATTACKS Evesdropping 1. Attacker records network traffic 2. Uses that to Replay 1. Attacker records network traffic 2. Attacker replays data to Spoofing 1. Attacker pretends to be server Tampering 1. Attacker modifies traffic Hijacking 1. Attacker waits for a connection 2. Spoofs one of the parties ------------------------------------------ What security service does evesdropping attack? What security service does replay attack? What security service does spoofing attack? B. background ------------------------------------------ BACKGROUND IN NETWORK SECURITY Hub: Attackers in the LAN can see Switch: Address Resolution Protocol (ARP) spoofing - pretend to be a gateway and ARP maps MAC addresses to IP addresses Router: - Routers are big - Have default passwords ------------------------------------------ ------------------------------------------ MORAL Assume attackers can: - read traffic - modify traffic even in a LAN An application needs to provide: 1. Initial authentication to 2. Ongoing authentication to 3. Confidentiality/Privacy ------------------------------------------ If you care about confidentiality do you need to worry about authentication also? C. remediation ------------------------------------------ REMEDIATION 1. Identify all attack points 2. Use known authentication/encryption such as SSL/TLS, Kerberos, or DCOM 3. Use a hash or HMAC to check for corruption or tampering ------------------------------------------ II. improper use of PKI and especially SSL A. background ------------------------------------------ BACKGROUND PKI = Public Key Infrastructure SSL/TLS = Secure Socket Layer / Transport Layer Security ------------------------------------------ ------------------------------------------ TWO WAYS TO USE SSL Use HTTPS (HTTP over SSL) easy because Use SSL in your own app harder because ------------------------------------------ B. attacks ------------------------------------------ PKI/SSL ATTACKS Problem: PKI is hard to use correctly Attacks 1. App fails to validate certificates 2. Attacker can OR 1. App fails to securely log in client 2. Attacker can ------------------------------------------ C. problems ------------------------------------------ SSL'S SERVICES ARE OPTIONAL security services: - authentication (server and/or client) - encryption of the channel - integrity checking for the channel Can you have secure communication without authentication? ------------------------------------------ ------------------------------------------ CHECKS NEEDED FOR AUTHENTICATION Certificates need to check (X.509 PKI): - server certificate signed by trusted Certification Authority (CA) - server certificate is currently valid - name of server in certificate matches - certificate is for the correct purpose (server authentication) - certificate is not revoked ------------------------------------------ Who are some certification authorities? What step would you guess is left out most often? D. auditing ------------------------------------------ WHAT TO LOOK FOR IN AN AUDIT - PKI is used (SSL or TLS), and - HTTPS is not used, and - code fails to ------------------------------------------ ------------------------------------------ STEPS CODE SHOULD TAKE 1. Certificate signed by known CA, or has a chain of signatures leading to a known CA 2. Certificate and all in the chain are within validity period 3. Hostname is compared to the proper subfield 4. Certificate usage is correct 5. Certificate is not revoked 6. Algorithm used by the certificates is not broken 7. Program treats a failure at any step as a failure and refuses to connect Check that cryptographic signature operations are performed ------------------------------------------ What should be done if the revocation server is not available? E. testing ------------------------------------------ TESTING try to automate a man-in-the-middle attack try to set up bogus certificates - signed by untrusted CA - self-signed - not yet valid - expired - bogus subject name - incorrect key usage - broken encryption algorithm (MD5) - revoked certificate ------------------------------------------ Why are self-signed certificates not acceptable? F. extra defensive steps ------------------------------------------ EXTRA DEFENSES Can use hardware for SSL acceleration - keeps certificate in the hardware, so can't be ------------------------------------------ III. improper use of PKI and especially SSL A. background ------------------------------------------ BACKGROUND Name resolution turns www.cs.ucf.edu into 132.170.216.158 DNS = Domain Name Service runs on UDP protocol How a DNS server works: - receives request (name + 16 bit ID) - answers if it is authority for domain or if it has a cached copy - otherwise forwards up the chain www.cs.ucf.edu cs.ucf.edu ucf.edu edu ------------------------------------------ What's the significance of using UDP? B. attack ------------------------------------------ DNS ATTACK First step, find your DNS server 1. Attacker controls DNS server 2. Attacker sends your computer a packet, for intrusion protection your computer does a reverse lookup 3. Attacker reads out address of your DNS server Second step, find port you are using - only a search of 16 bits of ports Third step, find request ID - it increments monotonically in many implementations Forth step, forge reply with long time to live field. ------------------------------------------ ------------------------------------------ DHCP Even less secure than DNS ------------------------------------------ C. lessons ------------------------------------------ LESSONS Moral: name and IP address are not secure So designs should not trust DNS Don't use name to make security decisions Cryptography needs to handle ------------------------------------------ D. code audit ------------------------------------------ AUDITING CODE Look for: - host names being used - gethostbyaddr - use of UDP protocol ------------------------------------------ Why is UDP bad? E. testing ------------------------------------------ TESTING With real client and server: record and view information sent - look for anything that would be Build - evil server - evil client See what happens to client with See what happens to server with ------------------------------------------ F. redemption ------------------------------------------ REDEMPTION Use SSL, do all PKI checks Or use IPSec Or use Kerberos or Windows authentication ------------------------------------------ What could be the problem with checking passwords over HTTP?