Network and Web Security

Network and Web Security Furkan Alaca furkan.alaca@carleton.ca Carleton University SYSC 4700, Winter 2016 Furkan Alaca (Carleton University) Network and Web Security SYSC 4700 Winter 2016 1 / 27

Network Security Goals Network security aims to protect network communication by guaranteeing the following properties: Confidentiality: Ensures that only authorized parties can read the information Integrity: Ensures that messages have not been tampered with Also that network services operate as intended Authenticity: Ensures that the originator of the message is known Non-repudiation: Ensures that no entity can credibly deny that they have sent a message Availability: Ensures the availability of network communication and network services to all authorized parties Furkan Alaca (Carleton University) Network and Web Security SYSC 4700 Winter 2016 2 / 27

Review: Cryptographic Tools Symmetric encryption: Same key used for encryption and decryption Sender and receiver must securely establish a shared secret key Can be a block cipher or a stream cipher Guarantees confidentiality Public-key encryption: One key is used for encryption, the other for decryption If Alice encrypts a message with Bob s public key, only Bob can decrypt the message, using his private key Guarantees confidentiality Digital signatures: Alice signs a message using her private key, and sends it to Bob The message itself may or may not be encrypted Bob verifies the signature using Alice s public key Guarantees source authenticity, integrity, and non-repudiation Furkan Alaca (Carleton University) Network and Web Security SYSC 4700 Winter 2016 3 / 27

Review: Cryptographic Tools (2) Cryptographic hash functions: A hash function maps any variable-length input to a fixed-length output A cryptographic hash function must be: Computationally efficient in computing the hash of a message Infeasible to recover the original message from its hash Given the hash of a message, it is infeasible to find another message with the same hash It is infeasible to find two different messages with the same hash Message Authentication Codes (MAC): Computed and verified using a shared secret key Guarantees the integrity and source authenticity of a message Often implemented by embedding the key into the message and then computing the hash (known as HMAC) Authenticated Encryption: A block cipher mode of operation which provides both (1) the confidentiality guarantees of symmetric encryption and (2) the integrity and authenticity guarantees of MACs Furkan Alaca (Carleton University) Network and Web Security SYSC 4700 Winter 2016 4 / 27

Security Properties of Encryption Algorithms For symmetric encryption: Should be secure against cryptanalysis, i.e., the attacker should be unable to decrypt ciphertext or discover the key, even when in possession of a large collection of ciphertext-plaintext mappings Key size should be at least 128 bits, to resist brute-force attacks which iterate through all possible keys For public-key encryption: Resistant towards cryptanalysis Infeasible to compute the private key, using knowledge of the public key Key size should be 2048 bits for most public-key encryption (elliptic curve cryptography requires less) Popular algorithms which satisfy modern security requirements: RSA for public-key cryptography DSA, ECDSA for digital signatures AES block cipher for symmetric-key encryption SHA-2 & SHA-3 family of hash functions (used by HMACs and digital signatures), with digest size of 256 bits or higher Furkan Alaca (Carleton University) Network and Web Security SYSC 4700 Winter 2016 5 / 27

Block Cipher Modes of Operation The mode of operation specifies how to repeatedly apply a block cipher algorithm to encrypt a message which is larger than the size of one block Electronic Code Book (ECB) divides the message into blocks and encrypts each block separately. Not recommended (see (b) on the right) Cypher-Block Chaining (CBC) XORs each block of plaintext with the previous block of ciphertext before encrypting it Counter (CTR) turns a block cipher into a stream cipher (a) Original image (b) Encrypted with ECB mode (c) Other modes (e.g., CBC) result in pseudorandomness Source of images: Wikipedia. Picture of Tux (Linux mascot) created by Larry Ewing. Furkan Alaca (Carleton University) Network and Web Security SYSC 4700 Winter 2016 6 / 27

Symmetric Encryption: CBC Mode of Operation IV Time = 1 P 1 Time = 2 P 2 Time = N P N C N 1 K Encrypt K Encrypt K Encrypt C 1 C 2 C N (a) Encryption C 1 C 2 C N K Decrypt K Decrypt K Decrypt IV C N 1 P 1 P 2 P N (b) Decryption Figure 20.6 Cipher Block Chaining (CBC) Mode Furkan Alaca (Carleton University) Network and Web Security SYSC 4700 Winter 2016 7 / 27

Symmetric Encryption: Exhaustive Key Search Table 2.2 Average Time Required for Exhaustive Key Search Key size (bits) Cipher Number of Alternative Keys Time Required at 10 9 decryptions/s Time Required at 10 13 decryptions/s 56 DES 2 56 7.2 10 16 2 55 ns = 1.125 years 1 hour 128 168 AES Triple DES 2 128 3.4 10 38 2 127 ns = 5.3 10 21 years 2 168 3.7 10 50 2 167 ns = 5.8 10 33 years 192 AES 2 192 6.3 10 57 2 191 ns = 9.8 10 40 years 256 AES 2 256 1.2 10 77 2 255 ns = 1.8 10 60 years 5.3 10 17 years 5.8 10 29 years 9.8 10 36 years 1.8 10 56 years Furkan Alaca (Carleton University) Network and Web Security SYSC 4700 Winter 2016 8 / 27

SSL/TLS Secure Sockets Layer (SSL) and its successor Transport Layer Security (TLS) use TCP to provide reliable end-to-end secure service HTTPS is the most popular application-layer protocol built on SSL/TLS As of 2014, SSLv3 is considered insecure due to POODLE vulnerability TLS 1.2 (RFC 5246, Aug. 2008) is the most recent iteration Uses public-key cryptography for server authentication (client authentication is supported, not commonly used) and for key exchange Uses symmetric-key cryptography for encrypting application-layer data Furkan Alaca (Carleton University) Network and Web Security SYSC 4700 Winter 2016 9 / 27

TLS Handshake Protocol Initiates the TLS connection Allows the server and client to: Authenticate each other Negotiate encryption and MAC algorithms Negotiate cryptographic keys to be used Time Client client_hello server_hello certificate server_key_exchange certificate_request server_hello_done certificate client_key_exchange certificate_verify Server Phase 1 Establish security capabilities, including protocol version, session ID, cipher suite, compression method, and initial random numbers. Phase 2 Server may send certificate, key exchange, and request certificate. Server signals end of hello message phase. Phase 3 Client sends certificate if requested. Client sends key exchange. Client may send certificate verification. Precedes any exchange of application-level data change_cipher_spec finished change_cipher_spec finished Phase 4 Change cipher suite and finish handshake protocol. Furkan Alaca (Carleton University) Network and Web Security SYSC 4700 Winter 2016 10 / 27

Diffie-Hellman Key Exchange Provides perfect forward secrecy: If an eavesdropper records all network traffic, they will be unable to decrypt the data even in the event of a future compromise of the server s private key Simple example to illustrate the concept (adapted from Wikipedia): Alice and Bob agree to use a prime number p = 23 and base g = 5 Alice chooses a secret integer a = 6, and sends Bob: A = 5 6 mod 23 = 8 Bob chooses a secret integer b = 15, and sends Alice: B = 5 15 mod 23 = 19 Alice computes the shared secret: s = 19 6 mod 23 = 2 Bob computes the shared secret: s = 8 15 mod 23 = 2 In practice, variations of the Diffie-Hellman key exchange are used which digitally sign the exchanged messages in order to protect integrity and authenticity No need to protect confidentiality of the messages, since the shared key is never transmitted over the network Furkan Alaca (Carleton University) Network and Web Security SYSC 4700 Winter 2016 11 / 27

TLS Record Protocol Encapsulates application-layer protocol packets Confidentiality is provided by symmetric encryption of all application-layer data using a shared secret key Message integrity is provided by a MAC, which uses a separate shared secret key Application Data Fragment Compress Add MAC Encrypt Append SSL Record Header Furkan Alaca (Carleton University) Network and Web Security SYSC 4700 Winter 2016 12 / 27

X.509 Certificates SSL/TLS (and many other protocols, e.g., IPsec) use X.509 public-key certificates for authentication Typically signed by a Certificate Authority (CA), which is a trusted third-party whose public key is pre-installed in the operating system or web browser A CA may also sign a certificate which designates the entity to act as an Intermediate CA, using the Basic Constraints extension field The subject wishing a certificate provides their public key and any other required fields in the certificate, and present it to the CA to be signed The subject may wish to revoke their certificate: In the event of a key compromise To upgrade to a larger key size It is up to the client to check whether or not a certificate has been revoked: Often neglected in practice Furkan Alaca (Carleton University) Network and Web Security SYSC 4700 Winter 2016 13 / 27

X.509 Certificates: Structure Signature algorithm identifier Period of validity Version Certificate Serial Number algorithm parameters Issuer Name not before not after Version 1 Version 2 Signature algorithm identifier Revoked certificate algorithm parameters Issuer Name This Update Date Next Update Date user certificate serial # revocation date Subject's public key info Subject Name algorithms parameters key Issuer Unique Identifier Subject Unique Identifier Version 3 Revoked certificate Signature user certificate serial # revocation date algorithms parameters encrypted hash Extensions (b) Certificate Revocation List Signature algorithms parameters encrypted hash all versions (a) X.509 Certificate Furkan Alaca (Carleton University) Network and Web Security SYSC 4700 Winter 2016 14 / 27

Browser Cues: Domain vs. Extended Validation A domain-validated certificate proves that the web server presenting the certificate is the legitimate owner of the domain specified in the certificate CA typically verifies by sending an e-mail to an admin e-mail address associated with the domain name Extended validation certificates can only be issued by CAs who have demonstrated their adherence to a strict methodology for how they confirm the subject s identity Furkan Alaca (Carleton University) Network and Web Security SYSC 4700 Winter 2016 15 / 27

Man-in-the-Middle Attacks Man-in-the-middle (MITM) attacks involve an attacker which actively relays messages between two hosts, while making them believe that they are communicating directly with each other Requires the attacker to be able to intercept messages passing between two hosts, e.g., on an unencrypted WiFi network or a compromised router/gateway Basic approach for attacking a web browsing session: SSL stripping Very easy to do Users often do not notice the absence of security indicators More complex approach: Use a forged or compromised certificate Requires attacker to know the server s private key, or to produce a fraudulent certificate signed by a trusted CA User will still see HTTPS indicators Furkan Alaca (Carleton University) Network and Web Security SYSC 4700 Winter 2016 16 / 27

Browser Cues: Certificate Errors The web browser can detect certificate errors (e.g., expired, invalid, not signed by a trusted CA, revoked) but typically gives the option to the user of proceeding anyway. Furkan Alaca (Carleton University) Network and Web Security SYSC 4700 Winter 2016 17 / 27

Public-Key Infrastructure (PKI) Challenges PKI: Set of hardware, software, people, policies, and procedures needed to create, manage, store, distribute, and revoke digital certificates based on public-key cryptography PKI challenges: Reliance on users to make an informed decision when there is a problem verifying a certificate Assumption that all CAs in the trust store are equally trusted, equally well managed, and apply equivalent policies Different trust stores in different browsers and OSs Some recent proposals & standards: HTTP Strict Transport Security (HSTS) Certificate pinning Certificate transparency Perspectives/Convergence DANE Furkan Alaca (Carleton University) Network and Web Security SYSC 4700 Winter 2016 18 / 27

Swisscom VISA Baltimore IZENPE S.A. EDICOM PTT Post POSTA FNMT-RCM certsign Disig a.s. An Post ICP-Brasil Macao Post SwissSign AG ABA.ECOM, INC. Equifax Secure ANCE Thawte Sonera Microsec Ltd. AC CAMERFIRMA S.A. AC Camerfirma SA CIF A82743287 AC Camerfirma SA AC Camerfirma S.A. Wells Fargo WellsSecure NetLock Kft. Microsoft Trust Network Serasa S.A. EUnet International Echoworx Corporation Wells Fargo AS Sertifitseerimiskeskus TeliaSonera AOL Time Warner Inc. KEYNECTIS Unizeto Technologies S.A. Cisco Systems Telstra Corporation Limited Medizinische Hochschule Hannover Helmholtz-Zentrum Berlin fuer Materialien und Energie GmbH Helmut-Schmidt-Universitaet Universitaet der Bundeswehr Hamburg Leibniz-Institut fuer Analytische Wissenschaften - ISAS - e.v. Consejo General de la Abogacia NIF:Q-2863006I C=hk, O=C&W HKT SecureNet CA Class A Netrust Certificate Authority 1 Buypass AS-983163327 B.A.T. Jabber Software Foundation O=Mortgage and Settlement Service Trust CA Coventry City Council Trustis Limited Japan Certification Services, Inc. Generalitat Valenciana MessageLabs CEDICAM Certplus CERTINOMIS C=au, O=SecureNet CA Class B C=au, O=SecureNet CA Class A Telekom-Control-Kommission Forschungsverbund Berlin e.v. Universitaet Ulm Universitaet Mannheim Universitaet Dortmund Fachhochschule Osnabrueck Berufsakademie Sachsen Staatliche Studienakademie Bautzen Technische Universitaet Darmstadt Leibniz-Institut fuer Polymerforschung Dresden e.v. Deutsches Zentrum fuer Luft- und Raumfahrt e.v. (DLR) Hochschule fuer Wirtschaft und Umwelt Nuertingen-Geislingen Georg-Simon-Ohm-Hochschule f. angewandte Wissenschaften FH Nbg Hochschule fuer angewandte Wissenschaften Fachhochschule Hof Leibniz-Institut fuer Plasmaforschung und Technologie e.v. Hochschule fuer Angewandte Wissenschaften Hamburg Fachhochschule Regensburg Universitaet Bonn Fachhochschule Hannover Universitaet Tuebingen Hochschule Amberg-Weiden Fraunhofer E-Telbank Sp. z o.o. ABB Ltd. GDT-EntSubCA-Public American Express Channel Server CA 3 Actalis S.p.A. SECOM Trust.net National Institute of Informatics SECOM Trust Systems CO.,LTD. Network Associates NTT DOCOMO, INC. GeoTrust, Inc. EON T-Systems SfR Technische Fachhochschule Georg Agricola zu Bochum Institut fuer Photonische Technologien e.v. Hochschule fuer Technik und Wirtschaft Berlin Helmholtz-Zentrum fuer Infektionsforschung GmbH Regionales Hochschulrechenzentrum Kaiserslautern Hochschule Mittweida (FH) - University of Applied Sciences Konrad-Zuse-Zentrum fuer Informationstechnik Berlin (ZIB) Helmholtz-Zentrum fuer Umweltforschung GmbH - UFZ Kath. Universitaet Eichstaett-Ingolstadt Fachhochschule Brandenburg Gesellschaft fuer wissenschaftliche Datenverarbeitung LUPKI01 Earthlink Inc Hochschule Fulda Deutsches Institut fuer Internationale Paedagogische Forschung Deutsches BiomasseForschungsZentrum gemeinnuetzige GmbH Fachhochschule fuer Technik und Wirtschaft Berlin Hochschule fuer angewandte Wissenschaften Fachhochschule Coburg StartCom Ltd. ADMINISTRACION NACIONAL DE CORREOS C=au, O=SecureNet CA SGC Root ComSign Advanced Security CA Certisign Certificadora Digital Ltda. I.CA - Standard root certificate, O Digital Signature Trust Co. NetLock Halozatbiztonsagi Kft. Certeurope Unizeto Sp. z o.o. Firstserver, Inc. FNMT RSA Security Inc Universitaet Jena Fachhochschule Wuerzburg-Schweinfurt Badische Landesbibliothek TuTech Innovation GmbH Fachhochschule Dortmund Hochschulbibliothekszentrum NRW Karlsruhe Institute of Technology T-Systems Enterprise Services GmbH Belgium Root CA2 GlobalSign nv-sa AURA - Gemini Observatory Northern Arizona University XRamp Security Services Inc BAH GlobalSign Nestle Serasa Centro Nazionale per l Informatica nella PA GoDaddy.com, Inc. Deutsche Telekom AG Starfield Technologies, Inc. Wachovia Corporation MasterCard Worldwide SunGard Availability Services shcica Bechtel Corporation I.T. Telecom TAIWAN-CA.COM Inc. TAIWAN-CA IDEACROSS INC. SHCRoot Accenture TC TrustCenter GmbH UIS-IsuB1-CA ChainedSSL Energie-Control GmbH Saphety GeoTrust Inc ARGE DATEN - Austrian Society for Data Protection and Privacy Campus Berlin-Buch Hochschule Furtwangen Hochschule Biberach BESSY InfoCert SpA Universitaet Karlsruhe KIBS AD Skopje global Cybertrust Japan Co., Ltd. SIA S.p.A. Fachhochschule Rosenheim Alpha ValiCert, Inc. Equifax TC TrustCenter for Security in Data Networks GmbH ARGE DATEN - Austrian Society for Data Protection Fuji Xerox Universitaet Bayreuth Hochschule Wismar Helmholtz Zentrum Muenchen Universitaet Kassel Hochschule Muenchen Deutsches Krebsforschungszentrum (DKFZ) Bundesamt fuer Kartographie und Geodaesie ZF FINMECCANICA SAIC Nederlandse Orde van Advocaten Johann Wolfgang Goethe-Universitaet Universitaet Siegen Hochschule fuer Technik, Wirtschaft und Kultur Leipzig Deutscher Wetterdienst Deutsche Post World Net Jack Henry and Associates, Inc. Westsaechsische Hochschule Zwickau FIZ CHEMIE Berlin GmbH Hochschule Bremen Universitaet Bremen Bergische Universitaet Wuppertal GESIS Belgium Root CA Audkenni hf. Humboldt-Universitaet zu Berlin NEC Europe Ltd. Hochschule fuer Technik Stuttgart Ruhr-Universitaet Bochum Fachhochschule Augsburg Alfred-Wegener-Institut Technische Universitaet Dresden Comodo Limited MULTICERT-CA Deutsche Nationalbibliothek Wissenschaftszentrum Berlin fuer Sozialforschung ggmbh Deutsches Institut fuer Wirtschaftsforschung e.v. (DIW Berlin) Technische Fachhochschule Wildau Dioezese Rottenburg-Stuttgart Dell Inc. Google Inc GeoTrust Inc. Universitaet Muenster Hochschule Magdeburg Stendal (FH) Leibniz Universitaet Hannover Hochschule Offenburg Fachhochschule Wiesbaden Universitaet Erlangen-Nuernberg Max-Planck-Institut fuer Biophysik Technische Universitaet Hamburg-Harburg Universitaet Osnabrueck Ford Motor Company - Enterprise CA Jo Tankers Giesecke and Devrient Etisalat GDT-SubCA-Public Sacred Heart University CA YandexExternalCA Cybertrust Inc CNNIC Deutsches Klimarechenzentrum GmbH Georg-August-Universitaet Goettingen Fachhochschule Weihenstephan Hochschule fuer Gestaltung Karlsruhe Deutsches Herzzentrum Berlin Physikalisch-Technische Bundesanstalt Aetna Inc. DFN-CERT Services GmbH Universitaet Leipzig HAWK Fachhochschule Hildesheim/Holzminden/Goettingen Deutsches Elektronen-Synchrotron DESY Universitaet Wuerzburg Fachhochschule Oldenburg/Ostfriesland/Wilhelmshaven Hochschule fuer Grafik und Buchkunst Leipzig FernUniversitaet in Hagen Jacobs University Bremen ggmbh Universitaet Augsburg IPK Gatersleben Technische Universitaet Bergakademie Freiberg BGC-OffSubCA The Walt Disney Company Enterprise CA Hochschule Bremerhaven Deutsche Telekom AG, Laboratories Universitaet der Kuenste Berlin Trusted Secure Certificate Authority Wotone Communications, Inc. Universitaet zu Luebeck Hochschule Merseburg (FH) Hochschule Ulm Bundesamt fuer Strahlenschutz Fachhochschule Gelsenkirchen HS-Harz Universitaet Heidelberg Department of Education and Training Mobile Armor Enterprise CA Cybertrust TaiOne International Ltd. INTEC Communications Inc. Miami University Intesa Sanpaolo S.p.A. CA Servizi Esterni Telstra RSS Issuing CA1 The Walt Disney Company Commerce CA SCEE RSA Security Inc. Fachhochschule Muenster Government CA/serialNumber KBC Group Marks and Spencer Group plc Sempra Energy Universitaet Flensburg Fachhochschule Flensburg IFW Dresden e.v. Bundesanstalt fuer Wasserbau Max-Planck-Gesellschaft esign Australia Servision Inc. Hochschule Aalen Fachhochschule Jena Coop Genossenschaft RegisterFly.com, inc. Bayerische Staatsbibliothek Coop CrossCert RBC Hosting Center T-Systems SfR GmbH Leibniz-Rechenzentrum IFM-GEOMAR Universitaet Bielefeld Mitteldeutscher Rundfunk Hochschul-Informations-System GmbH Leuphana Universitaet Lueneburg DFN-Verein Fundacion FESTE DigiNotar Universitaet Erfurt Fachhochschule Ansbach ICC-CPI C=hk, O=C&W HKT SecureNet CA SGC Root D-Trust GmbH Sempra Energy Secure Server CA1 Fachhochschule Ingolstadt Paedagogische Hochschule Heidelberg Technische Fachhochschule Berlin Forschungszentrum Juelich GmbH Max-Planck-Institut fuer Gesellschaftsforschung Hochschule Ravensburg-Weingarten Hochschule Neubrandenburg Ford Motor Company - Enterprise Issuing CA01 DigiCert Inc. SCEE - Sistema de CertificaxE7xE3o ElectrxF3nica do Estado NalcoExternalPolicyCA-1 General Electric Company NalcoExternalIssuingCA-1 DRS-TEM e-commerce monitoring GmbH Intesa Sanpaolo S.p.A. Unicert Brasil Certificadora The Walt Disney Company CA KAGOYA JAPAN Inc. SCEE - Sistema de CertificaxC3xA7xC3xA3o ElectrxC3xB3nica do Estado Equifax Secure Inc. Digicert Sdn. Bhd. Certipost s.a./n.v. Vodafone Group adidas AG Government CA Postecom S.p.A. Anthem Inc UIS-IntB-CA LGPKI Microsoft Internet Authority Cybertrust, Inc GTE Corporation WebSpace-Forum, Thomas Wendt Intel Corporation CNNIC SSL Universitaet Giessen Fachhochschule Suedwestfalen Uni-Konstanz Universitaet der Bundeswehr Muenchen Hochschule Zittau/Goerlitz Hahn-Meitner-Institut Berlin GmbH Universitaet Greifswald NORDAKADEMIE gag Hochschule Niederrhein Fachhochschule Erfurt Universitaet Marburg Hochschule Kempten yessign Universitaet Stuttgart Universitaet Potsdam Universitaet zu Koeln Duale Hochschule Baden-Wuerttemberg EUNETIC GmbH Fachhochschule Landshut Universitaet Passau Bibliotheksservice-Zentrum Baden-Wuerttemberg Technische Universitaet Ilmenau Charite - Universitaetsmedizin Berlin Universitaet Freiburg Paedagogische Hochschule Freiburg DigiCert Inc Comodo CA Limited InfoNotary PLC QuoVadis Limited, Bermuda Migros Comodo Japan Inc. Betrusted Japan Co., Ltd. Syncrude Canada Ltd The Go Daddy Group, Inc. First Data Corporation TDC GAD eg XiPS Universitaet Kiel QuoVadis Limited Siemens Issuing CA Class STE Network Solutions L.L.C. Entrust.net MindGenies Hochschule Bonn-Rhein-Sieg Fachhochschule Frankfurt am Main QuoVadis Trustlink Schweiz AG SignKorea Secure Business Services, Inc. GAD EG ebiz Networks Ltd Configuration, CN Entrust, Inc. Munich Re Group AusCERT TradeSign KICA The USERTRUST Network WebSpace-Forum e.k. Fachhochschule Luebeck A-Trust UGIS S.p.A. TDC Internet Rheinische Fachhochschule Koeln ggmbh Hochschule Anhalt (FH) Friedrich-Loeffler-Institut Fritz-Haber-Institut der Max-Planck-Gesellschaft Hochschule Darmstadt Hochschule Ostwestfalen-Lippe Land Niedersachsen Hongkong Post Fachhochschule Giessen-Friedberg Universitaet Hamburg Freie Universitaet Berlin Fachhochschule Stralsund Fachhochschule Neu-Ulm DigiNotar B.V. Trustwave Holdings, Inc. SecureTrust Corporation Forschungszentrum Dresden-Rossendorf e.v. Paedagogische Hochschule Ludwigsburg Technische Universitaet Dortmund Bauhaus-Universitaet Weimar Xcert EZ by DST Certicamara S.A. Entidad de Certificacion SGssl Fachhochschule Bielefeld Beuth Hochschule fuer Technik Berlin Universitaet Regensburg Hochschule fuer Wirtschaft und Recht Berlin Universitaet des Saarlandes Deutscher Bundestag Hochschule Mannheim Hochschule Heilbronn Belgacom ACE Limited Hochschule Esslingen Siemens Issuing CA Class Internet Server V1.0 KISA Digi-Sign Limited Microsoft Secure Server Authority COMODO CA Limited FreeSSL GeoForschungsZentrum Potsdam Universitaet Rostock Fachhochschule Kiel HafenCity Universitaet Hamburg ViaCode CENTRAL SECURITY PATROLS CO., LTD. Technische Universitaet Braunschweig Fachhochschule Bonn-Rhein-Sieg C=hk, O=C&W HKT SecureNet CA Root E-CERTCHILE MINEFI TxC3x9CRKTRUST Bilgi xc4xb0letixc5x9fim ve BilixC5x9Fim GxC3xBCvenlixC4x9Fi Hizmetleri A.xC5x9E. (c) KasxC4xB1m 2005 Registry Pro admin WISeKey Touring Club Suisse (TCS) Positive Software Corporation Max-Planck-Institut fuer Zuechtungsforschung Fachhochschule Aachen Hochschule fuer Musik und Theater Hannover Universitaet Duisburg-Essen Hochschule fuer Musik und Theater Leipzig Paedagogische Hochschule Schwaebisch Gmuend Fachhochschule Braunschweig/Wolfenbuettel Deutsches Institut fuer Ernaehrungsforschung (DIfE) Bundesinstitut fuer Risikobewertung Fachhochschule Aschaffenburg Autoridad de Certificacion Firmaprofesional CIF A62634068 GLOBE HOSTING CERTIFICATION AUTHORITY Stiftung Tieraerztliche Hochschule Hannover Otto-Friedrich-Universitaet Bamberg Technische Universitaet Chemnitz Ludwig-Maximilians-Universitaet Muenchen Leibniz-Institut fuer Neurobiologie Magdeburg xc4x8ceskxc3xa1 poxc5xa1ta, s.p. [IxC4x8C 47114983] Firmaprofesional S.A. NIF A-62634068 ESG BV Otto-von-Guericke-Universitaet Magdeburg U.S. Government Betrusted US Inc Colegio de Registradores de la Propiedad y Mercantiles de EspaxC3xB1a Heinrich-Heine-Universitaet Duesseldorf ESO - European Organisation for Astronomical Research Leibniz-Zentrum fuer Agrarlandschaftsforschung (ZALF) e. V. Bundesanstalt f. Geowissenschaften u. Rohstoffe Technische Universitaet Clausthal Leibniz-Institut fuer Atmosphaerenphysik Freistaat Sachsen RWTH Aachen Autoridad Certificadora Raiz de la Secretaria de Economia, OU AddTrust Sweden AB Register.com OVH SAS AddTrust AB OptimumSSL CA Technische Universitaet Berlin Hochschule Karlsruhe - Technik und Wirtschaft Martin-Luther-Universitaet Halle-Wittenberg Elektronik Bilgi Guvenligi A.S. Technische Universitaet Muenchen agentschap Centraal Informatiepunt Beroepen Gezondheidszorg QuoVadis Trustlink BV Berlin-Brandenburgische Akademie der Wissenschaften Staatliche Hochschule f. Musik u. Darstellende Kunst Stuttgart Mathematisches Forschungsinstitut Oberwolfach ggmbh Zentrum fuer Informationsverarbeitung und Informationstechnik Hochschule fuer angewandte Wissenschaften - FH Deggendorf Gesellschaft fuer Schwerionenforschung mbh (GSI) STIFTUNG PREUSSISCHER KULTURBESITZ Hochschule fuer Kuenste Bremen TxC3x9CRKTRUST Elektronik Sertifika Hizmet SaxC4x9FlayxC4xB1cxC4xB1sxC4xB1, C TxC3x9CRKTRUST Elektronik Sunucu SertifikasxC4xB1 Hizmetleri, C WoSign, Inc. TERENA VAS Latvijas Pasts - Vien.reg.Nr.40003052790 Getronics PinkRoccade Nederland B.V. EBG BilixC5x9Fim Teknolojileri ve Hizmetleri A.xC5x9E. GANDI SAS Staat der Nederlanden First Data Digital Certificates Inc. Ministerie van Defensie Dhimyotis MinistxC3xA8re xc3x89cologie, DxC3xA9veloppement et AmxC3xA9nagement durables CDC SHECA DIRECCION GENERAL DE LA POLICIA Ministere de la Justice Digital Signature Trust Ministere Education Nationale (MENESR) Port Autonome de Marseille Autoridad Certificadora del Colegio Nacional de Correduria Publica Mexicana, A.C., O Agencia Notarial de Certificacion S.L. Unipersonal - CIF B83395988 Max-Planck-Institut zur Erforschung von Gemeinschaftsguetern Akademie fuer Lehrerfortbildung und Personalfuehrung Dillingen Halcom Thawte Consulting VeriSign Trust Network UniTrust I.CA - Qualified root certificate, O Thawte Consulting (Pty) Ltd. VeriSign, Inc. Sun Microsystems Inc E-Sign S.A. ComSign Ltd. C=TW, O=Government Root Certification Authority xe8xa1x8cxe6x94xbfxe9x99xa2 Ministere education nationale (MENESR) Mahanagar Telephone Nigam Limited Mahanagar Telephone Nigam Limited IPS Internet publishing Services s.l. VeriSign Japan K.K. Bank Leumi Le-Israel LTD Agencia Catalana de Certificacio (NIF Q-0801176-I) Autoridad Certificadora de la Asociacion Nacional del Notariado Mexicano, A.C., O Thawte Consulting cc INDIA PKI thawte, Inc. India PKI C=hk, O=C&W HKT SecureNet CA Class B CBEC Microsoft Root Certificate Authority IPS Seguridad CA National Informatics Centre IZENPE S.A. - CIF A-01337260-RMerc.Vitoria-Gasteiz T1055 F62 S8 Ministere en charge des affaires sanitaires et sociales x00ax00-x00tx00rx00ux00sx00tx00 x00gx00ex00sx00.x00 x00fx00xfcx00rx00 x00sx00ix00cx00hx00ex00rx00hx00ex00ix00tx00sx00sx00yx00sx00tx00ex00mx00ex00 x00ix00mx00 x00ex00lx00ex00kx00tx00rx00.x00 x00dx00ax00tx00ex00nx00vx00ex00rx00kx00ex00hx00rx00 x00gx00mx00bx00h C=AT, ST=Austria, L=Vienna, O=Arge Daten Oesterreichische Gesellschaft fuer Datenschutz/emailAddress=a-cert@argedaten.at Microsoft Root Authority service-public gouv agriculture RSA Data Security, Inc. Gouv Deutscher Sparkassen Verlag GmbH Vaestorekisterikeskus CA America Online Inc. PM/SGDN Chunghwa Telecom Co., Ltd. state-institutions Secteur public xc3x89cologie DxC3xA9veloppement et AmxC3xA9nagement durables C=SI, O=ACNLB Autoridad de Certificacion Firmaprofesional CIF A62634068/emailAddress MSFT A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH E-ME PSI (PCA) E-ME SI (CA1) Government of Korea Saunalahden Serveri Oy TxC3xBCrkiye Bilimsel ve Teknolojik AraxC5x9FtxC4xB1rma Kurumu - TxC3x9CBxC4xB0TAK Thawte, Inc. E-ME SSI (RCA) xe4xb8xadxe8x8fxafxe9x9bxbbxe4xbfxa1xe8x82xa1xe4xbbxbdxe6x9cx89xe9x99x90xe5x85xacxe5x8fxb8 Entidad de Certificacion Digital Abierta Certicamara S.A. Actalis S.p.A./03358520967 ComSign PrvnxC3xAD certifikaxc4x8dnxc3xad autorita, a.s. Servicio de Certificacion del Colegio de Registradores (SCR) C=au, O=SecureNet CA Root IPS Certification Authority s.l. ipsca AffirmTrust Sociedad Cameral de CertificacixC3xB3n Digital - CerticxC3xA1mara S.A. Skaitmeninio sertifikavimo centras betrusted KAS BANK N.V. TxC3x9CRKTRUST Elektronik xc4xb0xc5x9flem Hizmetleri, C Japanese Government Kas Bank NV Microsoft Corporation Graph of 650 CAs Trusted by Mozilla and Microsoft Source: EFF SSL Observatory Furkan Alaca (Carleton University) Network and Web Security SYSC 4700 Winter 2016 19 / 27

Software Vulnerability Case Study: OpenSSL Heartbleed Software vulnerabilities are often caused by the programmer s failure to validate program input Root cause of the 2014 OpenSSL Heartbleed vulnerability The SSL/TLS Heartbeat protocol sends a periodic message to indicate that the host is still alive during long idle periods Client sends heartbeat request message which includes payload length, payload, and padding fields Server receives the request, allocates a buffer large enough to hold the message header, payload, and padding Server saves the incoming message into the buffer, and transmits a response message which includes the payload length and payload fields What happens if client sends a heartbeat request with a payload length of 64KB but only includes a 16-byte payload? Furkan Alaca (Carleton University) Network and Web Security SYSC 4700 Winter 2016 20 / 27

Protecting Network Services Hosts on your network may be hosting network services which: Don t follow stringent security practices May be out-of-date, and therefore contain software vulnerabilities Firewalls can regulate access to your network in accordance with a security policy Can filter all traffic based on source and destination IP address and TCP/UDP port Most secure practice is to disallow all traffic by default, and make exceptions for the services which you would like to provide Network Intrusion Detection Systems (NIDS) can monitor network activity and detect: Anomaly detection can detect traffic which deviates from normal patterns Signature detection can detect traffic associated with known attacks Honeypots can be used to observe attacker behaviour and improve firewall policies Furkan Alaca (Carleton University) Network and Web Security SYSC 4700 Winter 2016 21 / 27

Virtual Private Networks User system with IPSec secure IP packet IP IPSec Secure IP Header Header Payload Public (Internet) or Private Network plain IP packet IP IP Header Payload IP secure IP packet Header IPSec Header Firewall with IPSec Secure IP Payload secure IP packet IP IPSec Secure IP Header Header Payload Firewall with IPSec plain IP packet IP IP Header Payload A Virtual Private Network Figure 9.4 A VPN (VPN) Security Scenario consists of a set of LANs and remote hosts which are connected securely over a public network Virtual: Uses existing infrastructure Private: Data is encapsulated through a secure (encrypted) protocol Network: The LANs and remote hosts can operate as one network Reduces attack surface by minimizing publicly available services while still allowing access to authorized users Furkan Alaca (Carleton University) Network and Web Security SYSC 4700 Winter 2016 22 / 27

Denial of Service Attacks Denial of Service (DoS) is a form of attack on the availability of some service (typically a network service) Can target network-, transport-, or application-layer resources DoS attacks may originate from: A single system under the attacker s control A large group of compromised hosts (e.g., botnets) Traffic that the attacker reflects off of remote hosts Reflected DoS attacks are enabled by: The ability to spoof the source IP address ISPs should perform egress filtering to filter IP addresses that do not originate from their network Network services on legitimate hosts which respond to any requests e.g., a DNS request ( 60 bytes) can result in a massive 4000-byte response Networks which accept directed broadcast packets Organizations should perform ingress filtering to filter such packets Furkan Alaca (Carleton University) Network and Web Security SYSC 4700 Winter 2016 23 / 27

Denial of Service Attacks Layer 3: Network bandwidth If there is more traffic destined to the organization s network than its link can carry, routers on the path will buffer and subsequently drop packets Hardest type of DoS attack to handle: Need to co-operate with upstream ISPs to install filtering rules on routers Broadband Internet service subscribers provider (ISP) B Broadband subscribers Internet service provider (ISP) A Broadband Broadband users users Router Internet Large Company LAN Medium Size Company LAN Web Server LAN PCs and workstations Web Server Figure 7.1 Example Network to Illustrate DoS Attacks Furkan Alaca (Carleton University) Network and Web Security SYSC 4700 Winter 2016 24 / 27

Denial of Service Attacks Layer 4: System resources Aims to overload network handling software by targeting resources such as incoming packet buffers or tables of open connections Classic example: SYN spoofing overflows a server s TCP connection table to obstruct subsequent incoming connections Recall the TCP three-way handshake: Client initiates the request for a TCP connection by sending a SYN packet to the server Server records the request details (e.g., client address and port number, initial seq. number) in a table and responds with a SYN-ACK packet Client responds with ACK, connection is established An attacker could flood the server with SYN packets with forged unused/inactive source addresses which will not reply to the server s SYN-ACK (typically with a RST, if the SYN-ACK was unsolicited) SYN Cookies: Defensive mechanism where the server encodes connection details into initial sequence number in SYN-ACK packet instead of the connection table Furkan Alaca (Carleton University) Network and Web Security SYSC 4700 Winter 2016 25 / 27

Denial of Service Attacks Layer 7: Application resources An attack on a specific application, e.g., a Web server, typically involves sending valid requests, each of which consumes significant resources Typical example: Flood target with HTTP requests that perform expensive SQL queries Can rate-limit requests and blacklist IP addresses of abusive hosts to prevent overloading Can use Captcha puzzles to help distinguish between legitimate human initiated-traffic and automated bots Other attacks may exploit software vulnerabilities, e.g., a buffer overflow or race condition, to cause a server to crash Software should be kept up-to-date with security patches Application-level firewalls can filter out known attack signatures Furkan Alaca (Carleton University) Network and Web Security SYSC 4700 Winter 2016 26 / 27

Figures credit & Other talks Figures/Tables from slides 7, 8, 10, 12, 14, 22, and 24 taken from Computer Security Principles and Practice 3e by Stallings & Brown (2014) Interesting talks for your interest: Lessons from Surviving a 300Gbps DDoS Attack (Matthew Prince, Black Hat 2013 talk) https://www.youtube.com/watch?v=w04zaxftq_y The History and Evolution of Computer Viruses (Mikko Hypponen, DEFCON 2011 talk) https://www.youtube.com/watch?v=l8la1pnvcz4 SSL and the Future of Authenticity (Moxie Marlinspike, Black Hat 2011 talk) https://www.youtube.com/watch?v=z7wl2fw2tca Furkan Alaca (Carleton University) Network and Web Security SYSC 4700 Winter 2016 27 / 27