Courses/Computer Science/CPSC 526.W2015/Lecture Notes

From wiki.ucalgary.ca
< Courses‎ | Computer Science‎ | CPSC 526.W2015
Revision as of 19:23, 6 April 2015 by Locasto (talk | contribs) (April 6: Groupwork: Thinking through poor network security examples)
Jump to: navigation, search

Lecture Notes

Contents

Scribe Notes

Courses/Computer_Science/CPSC_526.W2015/Lecture Notes/Scribe1

Week 1

January 12: Intro and Overview

  • Course policies, grading, etc.
  • Concepts / Organization

With some background in security concepts and principles, we set security challenges and problems into a networked environment. Basic crypto primitives become building blocks of systems whose major focus is authentication and protecting the confidentiality and integrity of communications channels. This major topic is complemented with a variety of security mechanisms that attempt to provide C-I-A in other ways (e.g., firewalls, IDS, authentication systems & standards).

  • Topics (i.e., knowledge & skills I want you to know by the end of the semester)
    • common networking tools
    • bit-level agility (packet crafting)
    • working knowledge of common applied crypto
    • authentication and secure protocols (design and major examples)
    • network security application domains: routing security, web security
    • network security mechanisms: firewalls, IDS, etc.
  • Semester Highlights
    • EDURange
    • ScapyHunt
    • PGP key signing party
    • web application hacking (Google Gruyere)
    • build a VPN
    • build a CA
    • network introspection


  • Telephone
  • Burning Question
    • Name / Psuedonym
    • One question you want answered by the end of the semester

Jan 14: Important Concepts

Jan 16: Basic Threats and Adversaries

  • QoD
  • Alice, Bob, Charlie, Eve, Trudy, Mallory, Trent etc. diagrams
  • Types of threats: {eavesdropping, mapping/enumerating, probing, injection, M-i-t-M, DoS, DDoS, worms, trojans, spoofing} X {active,passive}
  • Simple threat demonstrations with ICMP

Week 2: The Untrustworthy Network Medium i.e., "The Deception Surface"

An exploration of the properties of the basic network fabric (layers 2 and 3) and the elements, protocols, and services living at these layers.

  • hub, switch, bridge, router, gateway
  • Ethernet
  • ARP
  • IP
  • ICMP
  • TCP
  • DHCP
  • DNS

Jan 19: Sniffing and Spoofing

Last time we reviewed some types of threats. We will continue on this path and see how easy (a) eavesdropping (b) spoofing and (c) flooding can be. We will also consider the limits of the basic forms of these techniques. We will consider some types of basic protection and where that protection fails.

One way to look at this problem is that sniffing, spoofing, and flooding are actually completely legitimate activities that hosts engage in to orient themselves to the network environment they join.

  • QoD
  • An introduction to the Deception Surface
    • How does that ICMP packet get where it is going? How does the reply come back?
  • CEH practice test 2, Q6-13
  • Reading:
    • Kaufman et al. Chapter 1.5, 1.6, 1.7, 1.12
    • "Legal Issues Surrounding Monitoring During Network Research (Invited Paper)" IMC 2007 PDF

Jan 21: Trustworthiness of Layer 2 and Layer 3 Information

Today, we will review our knowledge of the Ethernet, IP, and ICMP header structure.

We'll continue to build our little example network from scratch and get hosts Alice and Bob to communicate on a local broadcast medium, and then through a gateway.

Links

Jan 23: Building Blocks for Listening and Intercepting Other Traffic

General philosophy: let's fight "buttonology"

See section 3, section 4.1, and Section 7 "Security Considerations"

4.1:
  ...
  DHCP uses UDP as its transport protocol.  DHCP messages from a client
  to a server are sent to the 'DHCP server' port (67), and DHCP
  messages from a server to a client are sent to the 'DHCP client' port
  (68).
7. Security Considerations
  DHCP is built directly on UDP and IP which are as yet inherently
  insecure.  Furthermore, DHCP is generally intended to make
  maintenance of remote and/or diskless hosts easier.  While perhaps
  not impossible, configuring such hosts with passwords or keys may be
  difficult and inconvenient.  Therefore, DHCP in its current form is
  quite insecure.
  Unauthorized DHCP servers may be easily set up.  Such servers can
  then send false and potentially disruptive information to clients
  such as incorrect or duplicate IP addresses, incorrect routing
  information (including spoof routers, etc.), incorrect domain
  nameserver addresses (such as spoof nameservers), and so on.
  Clearly, once this seed information is in place, an attacker can
  further compromise affected systems.
  Malicious DHCP clients could masquerade as legitimate clients and
  retrieve information intended for those legitimate clients.  Where
  dynamic allocation of resources is used, a malicious client could
  claim all resources for itself, thereby denying resources to
  legitimate clients.


Week 3: Subverting Network Trust

Jan 26: Becoming a gateway via ARP Poisoning, +DHCP Overview

Jan 28: DNS

One of the last pieces of the deception surface (i.e., core network services) we will examine for now is DNS -- the service that helps map human-readable names to IP addresses.

You should begin noting a pattern about all these bindings between pairs of identifiers. Much of security (perhaps that it better written as "most simple security mechansims") is predicated on some type of namespace control: preventing bad, malicious, or otherwise unacceptable identifiers from participating in a protocol or network environment. Here is my informal definition of 'namespace control':

Namespace control (n).: the ability to control the set, format, content, and presence of identifiers in a system.

We've seen how one can modify and manipulate layer 2 and layer 3 addresses and identifiers as well as some of the state and tables both network elements and end hosts keep about these identifiers.

Notes from Today'

We didn't get to a real deep discussion of DNS, so here are some uses of dig and a simple scapy script for a dig-like client. Challenge: modify the scapy script to create fake replies.

The Tale of Alice and Bob and AirUC

Bob has no money to pay for hotel Wifi, so he has to resort to copying Alice's IP address and MAC address.

Here is a file showing Alice associating (normally) with an 'airuc' access point. She has no idea that Bob is going to clone her information and bypass any need to authenticate to the web portal.


Here is Bob configuring himself (nothing exotic) with Alice's information and receiving network connectivity from the AP because the AP's security decision is not completely mediated (one of the Saltzer-Shroeder principles). After the initial password-based authentication, the AP only identifies Alice's packets from her IP and MAC, not any other information.

Jan 30: Network Recon: Understanding the State of Alice, Bob, and Everyone in Between (Scanning, Sniffing, etc.)

Today I want to discuss the concepts and tradeoffs involved in scanning the network for other hosts. We will also explore the relationship between scanning and sniffing. Sniffing can be seen as one form of passive scanning.

Neither scanning nor sniffing is inherently "bad"; both good guys and bad guys can undertake scanning and sniffing at various times and for various purposes.

  • penetration testing
  • network auditing (any rogue or forgotten hosts?)
  • reconnaissance, host and service enumeration
  • listening for unwanted traffic, data exfiltration
  • listening for unencrypted traffic, authentication tokens
  • listening for communication flows (traffic analysis)

Sniffing (i.e., listening) complements scanning (i.e., actively probing). Sniffing will only sample the network, and provide only a partial view of who is talking during the sampling period. Scanning allows you to attempt to contact and enumerate hosts and open ports, but hosts are under no obligation to respond to your probes. Thus, sniffing and scanning complement each other, but even together may not provide a complete picture of the network.

The "Big Picture" concept for today is that you'll often be asked some form of the question "how good is this tool?"; evaluating the power and limitations of tools, frameworks, techniques, mechanisms, algorithms, etc. entails an understanding how how they work, how they might fail, etc.

Class Activities

Today we will play a bit with traceroute and nmap. You will have a tutorial on nmap itself soon.

We've already spent 1.5 weeks on the "who am I" question. Here are some other questions

  • Where am I? Where are you? What are you (running)?

We can seek to answer these questions with:

  • netstat (what services am I offering to the world? local broadcast? local machine?)
  • iptables (what communication flows or packets is my kernel actually blocking for me? How? What is 'stealth mode'?)
  • traceroute (where are you in relation to me? How do I anticipate this affecting the flow of packets between us?)
  • nmap (what services are you running (that I can see?))
  • tcpdump (how does nmap actually work? what is scanning, after all? what does a scan produce, and what are the expected replies?)

For example, how far away from scanme.nmap.org are we? http://pages.cpsc.ucalgary.ca/~locasto/teaching/2015/CPSC526/Winter/files/traceroute-nmap.org

Scan Activity

Pick a partner. One of you is Alice, the other is Bob.

Have Bob list his open ports:

  netstat -lptun

Have Bob list his firewall rules:

  iptables -L   //for Linux, for Windows, see [netsh http://windowsitpro.com/windows-server/top-10-windows-firewall-netsh-commands] for Mac, see ipfw or pfctl

Have Bob start up tcpdump:

  tcpdump -i eth1 -n

Have Alice nmap Bob with

  nmap -sS -sV -O -n --reason --traceroute bob.ip.addr.ess 

What packets does Bob see? What ports does Alice see? If Bob flushes his firewall:

  iptables --flush

does this change the scan results?

Weekend Activity

Pick an arbitrary class B network. Traceroute to all hosts in it. Bring back the edge pairs in a format suitable for dot/graphviz.

Reflections

For the past two weeks, we've looked at the (inherent!) weaknesses of the basic network fabric and low-level services/protocols --- the so-called deception surface. We made the point that these weaknesses are also strengths in terms of providing low-configuration connectivity and plug-and-talk type communication. The Internet probably wouldn't have taken off if participants had to sign complex multilateral treaties and do complex cryptographic dances simply to bind an IP address to a MAC address.

While countermeasures exist to detect many basic forms of layer2 and layer3 spoofing, poisoning, and flooding attacks and there are authentication protocols to provide basic network access control, our experience has shown us the need for a combination or composition of functionality that (a) provides connectivity and (b) protects the confidentiality, integrity, and availability of such channels. To this end, we will examine the role cryptography plays in network security over most of the rest of the semester.

However, it is worth noting that even with good crypto, and even with simple countermeasures for protecting against ARP flooding, ARP poisoning, DHCP hijacking, DNS poisoning, DoS, etc., many networks still have an ill-defined "edge" and many often have open doors; for example, management interfaces that may be accessible on a public-facing IP via telnet (perhaps on a "hidden/undocumented" port, or available via port-knocking). BYOD also makes the definition of "your" network quite fuzzy. Networks are also composed of more than just desktop computers and servers. See the links below for efforts that provide scanners, a census of the internet, network topology information, and search engines.

Links

Current Events

Reading

Week 4: Cryptographic Building Blocks

In order to understand how to protect the confidentiality and integrity of messages and network content, we need to review the basics of methods for automatically transforming information in a way that is "hard" to reverse.

Feb 2: Intro to Cryptographic Concepts

  • slides
  • Reading
    • Kaufman et al. Chapter 2

Feb 4: Secret (i.e., Symmetric) Key Cryptography

Motivating question: how do you design (not just throw together) an algorithm that has adequate confusion and diffusion properties?

  • confusion, diffusion
  • One-Time Pad
  • Feistel
  • Data Encryption Standard (DES) History and Operation, 3DES
  • Blowfish, AES, IDEA
  • RC4
  • Considerations
    • sources of randomness
    • S and P box design
    • magic numbers
    • differential cryptanalysis
  • Reading
    • Kaufman et al. Chapter 3

Feb 6: Cipher Modes

Motivating question: What if you have a "large" message (at least, larger than the default block size of the cipher)?

  • Modes of operation (ECB, CBC, OFB, CFB, Counter)
  • Weaknesses and attacks

Reading

  • Kaufman et al., Chapter 4

Supplemental Reading

Week 5: Hashing: Basics and Applications

Feb 9: Hash Functions

Motivating question: how do you protect the message against unintentional or malicious garbling?

  • MD
  • MIC, MAC
  • HMAC
  • algorithms
  • Pitfalls and attacks
  • MD4, MD5, SHA-1, SHA-2, SHA-3

Links


Reading

  • Kaufman et al. Chapter 4.3, Chapter 5

Feb 11: Guest Lecture on Routing Security

Thanks for your patience as we worked through the technical issues in today's lecture. Hopefully Friday will go more smoothly

Feb 13: Uses of Hashes for Security, Networks, and Systems

Question of the Day

Slides

Links

Week 6: No Lecture or Tutorial (Reading Week)

Feb 16, Feb 18, Feb 20

Week 7: Public Key Crypto

Current Events/Links

Feb 23: Basic Concepts

  • modular arithmetic
  • key structure
  • encryption, decryption, signing, verification

Feb 25: RSA

Aside

Feb 27: Diffie-Hellman

An overview and discussion of DH key exchange.

A chance to practice breaking a small RSA example.

SSHv2 key exchange (see Section 8)

Current events

Week 8: Network Security in Practice

March 2: Midterm Review Session

A review session for the midterm exam.

March 4: Guest Lecture on Digital Crime and Computer Forensics by Calgary Police Service

March 6: Internet Worms

Prof. Locasto will give a remote video lecture about Internet worms.


Links

Week 9: Web Security

March 9: Midterm Exam

March 11: HTTP Authentication and Mid-point Checkup

  • Midterm exam post-mortem
  • Lab 1, Lab 2
  • HW 2

Links

March 13: Web Attacks

Guest lecture by Govind.

Concerns:

  • privacy
  • security
  • systems

Links

Week 10: Authentication

March 16: Challenge-Response Protocols Basics

  • Basic terms: principals, credentials
  • something you have, something you know, something you are
  • Authenticating with a shared secret
    • how do you establish a shared secret?
    • pitfalls

March 18: Challenge-Response Protocols II: Pitfalls/Folklore/Design Principles

A discussion and comparison of some challenge-response protocol variants. Issues around common pitfalls, types of attacks, and combining messages to achieve authentication, confidentiality, and integrity.

Links

March 20: Password-based Authentication (History, Pitfalls, Techniques)


Top 25 passwords listed at http://us.cnn.com/2012/10/25/tech/web/worst-passwords-2012/index.html?hpt=hp_bn5

  1. password
  2. 123456
  3. 12345678
  4. abc123
  5. qwerty
  6. monkey
  7. letmein
  8. dragon
  9. 111111
  10. baseball
  11. iloveyou
  12. trustno1
  13. 1234567

...

Incidents

Week 11: Email Security

March 23: PGP Key Signing Party

PGP Links

March 25: SMTP Refresher, PEM, S/MIME

  • RFC 821
  • RFC 5321

see also, POP and IMAP for mail reception

March 27: Sender Policy Framework, Domain Keys, Anti-spam

Week 12: Applied Crypto (The Good and the Ugly)

March 30: SSH

An overview of the SSH protocol and software.

April 1: Crypto Fails

Lots of Lulz today. A review of poor crypto and implementation mistakes.

Links

April 3: No Lecture, Good Friday

Recent (and not-so-recent) SSL Problems:

Week 13: Authentication/Security Protocols II

April 6: Groupwork: Thinking through poor network security examples

Today we will pick up the thread of our conversation from last Wednesday and think through some broken or poor network security examples and practices.

  • Read cryptofails blog:
  • review sessions schedule for noon and 3pm on Wednesday April 8

April 8: IPsec Modes and Operation

What is IPsec? Terminology, Modes of operation; tunneling, touch on some key agreement concepts

April 10: IPsec Key agreement / establishment protocols (+USRI)

  • IKE
  • JFK
  • Key and policy management
  • distributed firewalls

USRI at 2:30

Week 14: Operational Security Considerations

April 13: Kerberos

  • USRI at 2:30

April 15: Guest Lecture from Enbridge

Stuff That Goes in a "Network Security II" Course

Unfortunately, there is simply too much material to cover in this area of security for a single-semester course.

Here are some things we just didn't get a chance to discuss in depth, even though we may have brushed up against them in some minor way in a tutorial or homework. Most of them could reasonably become courses on their own.

  • Certificates and Public Key Infrastructure (PKI)
  • Identity Management
  • Intrusion detection
  • overlay networks
  • anonymity systems
  • In-depth look at SSL and TLS
  • micropayments, digital currency
  • DDoS, countermeasures: client puzzles Pushback, SOS, WebSOS
  • VPN, tunneling