buku2 Computer Network Security Theory and Practice
Jie Wang
Computer Network Security
Theory and Practice
JieWang
Computer
Network Security
Theory and Practice
With 81 figures
-til! セヲNエゥャjFZᄆ
HIGHER EDUCATION PRESS
f1 Springer
IAlJTHOR'
IProf. Jie Wang
IDepartment of Computer Science
IUnIverslty of Massachusetts
Lowell, MA 01854, USA
IE-mail: wang.uml@gmail.com
IISBN 978-7-04-024162-4 Higher Education Press,Beijing
ISBN 978-3-540-79697-8 Springer Berlin Heidelberg New York
e ISBN 978-3-540-79698-5 Springer Berlin Heidelberg New York
ILlbrary of Congress Control Number: 2008925345
This work is subject to copyright. All rights are reserved, whether the whole or part of the
matenal IS concerned, speCifically the nghts of translatIOn, repnntmg, reuse of Illustrations,
recitation, broadcasting, reproduction on microfilm or in any other way, and storage in data
banks. Duplication of this publication or parts thereof is permitted only under the provisions
of the German Copynght Law of September 9, 1965, m ItScurrent version, and permission for
use must always be obtained from Springer-Verlag. Violations are liable to prosecution under
ItheGerman Copynght Law.
@2009 Higher Education Press, Beijing and Springer-Verlag GmbH Berlin Heidelberg
Co-published by Higher Education Press, Beijing and Springer-Verlag GmbH Berlin Heiセ・ャ「イァ
ISpringer is a part of Springer Science+ Business Media
springer.com
The use of general descnptlve names, registered names, trademarks, etc. in thiS pubhcatlOn
does not imply, even in the absence of a specific statement, that such names are exempt from
Itherelevant protective laws and regulations and therefore free for general use.
ICover deSign: fndo Stemen-Broo, EStudlo Calamar, Spam
IPrinted on acid-free paper
Preface
People today are mcreasmgly relymg on pubhc computer networks to conduct bUSIness and take care of household needs. However, public networks may be insecure
because data stored in networked computers or transmitted through networks can
be stolen, modified, or fabricated by malicious users. Thus, it is important to know
what securIty measures are aVaIlable and how to use them. Network securIty practrees are desIgned to prevent these potentIal problems. Network security, orIgmated
from meeting the needs of providing data confidentiality over public networks, has
grown into a major academic discipline in both computer science and computer
engineering, and also an important sector in the information industry.
The goal of network securIty IS to gIve people the hberty of enJoymg computer
networks wIthout fear of compromlsmg theIr rIghts and mterests. Network secunty accomphshes thIs goal by provldmg confidentlahty, integrtty, non-repudIatIon,
and availability of useful data that are transmitted in open networks or stored in
networked computers.
Network securIty wIll remam an actIve research area for several reasons. FIrst,
securIty measures that are effectIve today may no longer be effectIve tomorrow
because of advancements and breakthroughs in computmg theory, algorIthms, and
computer technologies. Second, after the known security problems are solved, other
security loopholes which were previously unknown may at some point be discovered and exploited by attackers. Third, when new applications are developed or new
technologIes are mvented, new securIty problems may also be created wIth them.
Thus, network secunty IS meant to be a long lastmg scuffle between the offenders
and the defenders.
Research and development in network security have mainly followed two lines.
One line studies computer cryptography and uses it to devise security protocols. The
other lme exammes loopholes and sIde effects of eXlstmg network protocols, software, and system configuratIOns. It develops firewalls, antl-mahclOus-software software, intrusion detectIOn systems, and other countermeasures. Interweavmg these
two lines together provides the basic building blocks for constructing deep layered
defense systems against network security attacks.
vi
Preface
This book is intended to provide a balanced treatment of network security along
these two lines, with adequate materials and sufficient depth for teaching a onesemester introductory course on network security for graduate and upper-level undergraduate students. It is intended to inspire students to think about network security and prepare them for taking advanced network security courses. This book may
also be used as a reference for IT professionals.
This book is structured into nine chapters.
Chapter 1 presents an overview of network security. It discusses network security goals, describes common network attacks, characterizes attackers, and defines a
basic network security model.
Chapter 2 presents standard symmetric-key encryption algorithms, including
DES, AES, and RC4. It discusses their strength and weaknesses. It also describes
common block-cipher modes of operations and presents key generation algorithms.
Chapter 3 presents standard public-key encryption algorithms and key-exchange
algorithms, including Diffie-Hellman key exchange, RSA public-key cryptosystem,
and elliptic-curve cryptography. It also discusses how to transmit and manage keys.
Chapter 4 presents secure hash functIOns and message authentIcatIOn code algorithms for the purpose of authenticating data, including the SHA-512 secure hash
functIOn, the WHIRLPOOL hash algonthm, cryptographIc checksums, and the standard hash message authentication codes. It also presents the block-cipher offsetcodebook mode of operations for producing ciphertext and message authentication
code. It then dIscusses bIrthday attacks on secure hash functIOns, and descnbes the
dIgItal sIgnature standard. Fmally, thIS chapter mtroduces a dual sIgnature scheme
used for electromc transactions and a blmd signature scheme used for producmg
electronic cash.
Chapter 5 presents several network security protocols commonly used in practice. It first describes a standard public-key infrastructure for managing public-key
certIficates. It then presents IPsec, a network-layer secunty protocol; SSLlTLS, a
transport-layer security protocol; and several applIcatIOn-layer security protocols,
including POP and S/MIME for sending secure email messages, Kerberos for authenticating users in local area networks, and SSH for protecting remote logins.
Chapter 6 presents common security protocols for wireless local-area networks
at the data-Imk layer, mcludmg WEP for provldmg WIred-eqUIvalent pnvacy, WPA
and IEEE 802. I l1IWPA2for provldmg WIreless protected access, and IEEE 802.1 X
for authentlcatmg WIreless users. It then presents the Bluetooth security protocol
for wireless personal-area networks. Finally, it discusses security issues in wireless
mesh networks.
Chapter 7 presents firewall technologIes and basIc structures, mcludmg networklayer packet fiJtenng, transport-layer stateful mspectlOns, transport-layer gateways,
applIcatIOn-layer proxies, trusted systems and bastIOn hosts, firewall configuratIOns
and screened subnets, and network address translations.
Chapter 8 describes malicious software, such as viruses, worms, and Trojan
horses, and introduces countermeasures. It also covers Web security and discusses
mechamsms agamst demal of service attacks.
Preface
vii
Chapter 9 presents intrusion detection technologies, including intrusion detection system architecture and common intrusion detection methods. It also discusses
event signatures, statistical analysis, and data mining methods. Finally, it introduces
honeypot technologies.
To get the most out of this book, readers are assumed to have taken undergraduate
courses on discrete mathematics, algorithms, data communications, and network
programming; or have equivalent preparations. For convenience, Chapter 3 includes
a section reviewing basic concepts and results of number theory used in public-key
cryptography. While it does not introduce socket programming, the book contains
socket API client-server programming exercises. These exercises are designed for
computer science and computer engineering students. Readers who do not wish to
do them or simply do not have time to write code may skip them. Doing so would
not affect learning the materials presented in the book.
Exercise problems are designed to have three levels of difficulty: regular, difficult (designated with "), and challenging (designated with **). This book contains a
number of hands-on drills, presented as exercise problems. Readers are encouraged
to try them all.
I have taught network secunty courses to graduate and senIor undergraduate
students for over ten years. And I have longed for a concise textbook WIth a balanced treatment of network security and sufficient depth suitable for teaching a onesemester introductory course for my students. This book is the result of this quest.
It was wntten based on what I learned and expenenced from teachIng these courses
and on student feedbacks accumulated over the years. In partIcular, I used an early
draft of this book to teach a graduate network security course in 2006 and 2008 at
University of Massachusetts Lowell, which helped me revise and enhance the materials presented in this book. Powerpoint slides of these lectures can be found at
ィエーZOキN」ウオュャ・、セ。ョアns
Due to space lImItatIOns, some InterestIng tOpICS and matenals are not presented
In thIS book. After all, one book can only accomplIsh one book's mISSIOn. I only
hope that this book can achieve its objective. Of course, only you, the reader, can be
the judge of it. I will be grateful if you can please offer your comments, suggestions,
and corrections to me at wang@cs.um1.edu.
I have benefited a great deal from numerous dISCUSSIons over the years WIth
my colleagues and teachIng aSSIstants, as well as current and former students. I
am full of gratItude to them. I am grateful to Sarah Agha, Samip Banker, Stephen
Brinton, Jeff Brown, William Brown, Jason Chan, Guanling Chen, Michael Court,
Chunyan Du, Paul Duvall, Adam Elbirt, Zheng Fang, Jami Foran, Swati Gupta,
Llwu Hao, Qlang Hou, Bel Huang, Jared Karro, MInghm (Mark) LI, Benyuan LIU,
Yan (Jenny) LIU, WenJIng Lou, Jle Lu, DaVId MartIn, Paul Nelson, Alexander Pennace, Sandeep Sahu, Blake SkInner, Hengky Susanto, NathanIel Tuck, Tao Wang,
Christopher Woodard, Fang Wu, Jianhui Xie, Jie (Jane) Yang, Zhijun Yu, and Ning
Zhong for their help. In particular, I thank Jared Karro for reading the early draft of
this book, Stephen Brinton for reading Chapters 1-5 and 7-8, Guanling Chen for
reading Chapter 6, and Wenjing Lou for reading Chapters 1-2 and 6. Their comments have helped Improve thIS book In many ways.
viii
Preface
I thank Ying Liu at the Higher Education Press for initiating this book project
and editing this book.
lowe more than I can express to my wife Helen, my son Jesse, and my daughter
Sharon for their understanding that I needed to spend long hours working on this
project.
Lowell, Massachusetts
June 2008
lie Wang
About the Author
lIe Wang IS Professor and Chair of Computer SCIence at the University of Massachusetts Lowell (UML). He is also Director of the Center for Network and Information Security of UML. His first name "lie" in Mandarin is pronounced similar
to "led." He received Ph.D. degree in Computer Science from Boston University in
1990, M.S. degree in Computer Science from Zhongshan University in 1985, and
B.S. degree In ComputatIOnal MathematIcs from Zhongshan University In 1982. He
has over 18 years of teaching and research experience and is equipped with network
security consulting experience in financial industry. His research interests include
network security, algorithms and computational optimization, computational complexIty theory, and wIreless sensor networks. HIS research has been funded continuously by the NatIOnal SCIence FoundatIon since 1991 and has also been funded by
IBM, Intel, and the Natural Science Foundation of China. He has published over 95
journal and conference papers, two books and three edited books. He is active in
professional service, including chairing conference program committees and orgarnzmg workshops.
Contents
1
Network Security Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.1 MISSIOn and DefimtlOns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.2 Common Attacks and Defense Mechamsms
1.2.1 Eavesdroppmg.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.2.2 Cryptanalysis.......................................
1.2.3 Password Pilfering. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.2.4 IdentIty Spoofing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..
1.2.5 Buffer-Overflow Exploitations . . . . . . . . . . . . . . . . . . . . . . . ..
1.2.6 Repudiation.........................................
1.2.7 Intrusion...........................................
1.2.8 Traffic Analysis
1.2.9 Denial of Service Attacks
1.2.10 MahclOus Software
1.3 Attacker Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..
1.3.1 Hackers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..
1.3.2 Script Kiddies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..
1.3.3 Cyber Spies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..
1.3.4 VICIOUS Employees. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..
1.3.5 Cyber Terrorists
1.3.6 Hypothetical Attackers
1.4 Basic Security Model .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..
1.5 Security Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..
1.6 Closmg Remarks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..
1.7 ExercIses.................................................
1
2
3
3
4
4
12
16
17
18
18
19
22
25
25
27
27
28
28
28
28
30
31
31
2
Data Encryption Algorithms
2.1 Data EncryptIOn Algonthm DeSIgn Cntena . . . . . . . . . . . . . . . . . . . ..
2.1.1 ASCII Code. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..
2.1.2 XOR Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..
2.1.3 Criteria of Data Encryptions. . . . . . . . . . . . . . . . . . . . . . . . . ..
39
40
40
41
42
xii
Contents
2.1.4 Implementation Criteria. . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..
Data Encryption Standard. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..
2.2.1 Feistel's Cipher Scheme
2.2.2 DES Subkeys
2.2.3 DES Substitution Boxes
2.2.4 DES Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..
2.2.5 DES Decryption and Correctness Proof. . . . . . . . . . . . . . . . ..
2.2.6 DES Security Strength. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..
Multiple DES. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..
2.3.1 Triple-DES with Two Keys. . . . . . . . . . . . . . . . . . . . . . . . . . ..
2 3 2 2DES and 3DESL3
2.3.3 Meet-in-the-Middle Attacks on 2DES . . . . . . . . . . . . . . . . . ..
Advanced Encryption Standard. . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..
2.4.1 AES Basic Structures. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..
2.4.2 AES S-Boxes
2.4.3 AES-128 Round Keys .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..
2.4.4 Add Round Keys
2.4.5 Substitute-Bytes.....................................
2.4.6 Shift-Rows.........................................
2.4.7 Mix-Columns.......................................
2.4.8 AES-128 Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..
2.4.9 AES-128 Decryption and Correctness Proof. . . . . . . . . . . . ..
2.4.10 Galois Fields. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..
2.4.11 Construction of the AES S-Box and Its Inverse ..... . . . . ..
2.4.12 AES Security Strength. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..
Standard Block-Cipher Modes of Operations. . . . . . . . . . . . . . . . . . ..
2.5.1 Electronic-Codebook Mode
2.5.2 Cipher-Block-Chaining Mode. . . . . . . . . . . . . . . . . . . . . . . . ..
2.5.3 Cipher-Feedback Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..
2.5.4 Output-Feedback Mode
2.5.5 Counter Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..
Stream Ciphers
2.6.1 RC4 Stream Cipher
2.6.2 RC4 Security Weaknesses. . . . . . . . . . . . . . . . . . . . . . . . . . . ..
Key Generattons
2.7.1 ANSI X9.17 PRNG
2.7.2 BBS Pseudorandom Bit Generator
ClOSIng Remarks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..
ExercIses.................................................
45
45
45
48
49
51
53
54
54
55
Public-Key Cryptography and Key Management. . . . . . . . . .. . . . . . ..
3.1 Concepts of Public-Key Cryptography. . . . . . . . . . . . . . . . . . . . . . . ..
3.2 Elementary Concepts and Theorems In Number Theory
3.2.1 Modular Anthmetlc and Congruence Re1attons . . . . . . . . . ..
3 2 2 Modular Inverse
89
89
92
92
93
2.2
2.3
2.4
2.5
2.6
2.7
2.8
2.9
3
55
56
57
57
60
61
62
63
63
64
65
65
67
70
7l
71
72
72
73
74
74
75
75
76
78
78
79
80
81
Contents
3.3
3.4
3.5
3.6
3.7
3.8
4
xiii
3 2 3 Primitive Roots
3.2.4 Fast Modular Exponentiation . . . . . . . . . . . . . . . . . . . . . . . . ..
3.2.5 Finding Large Prime Numbers. . . . . . . . . . . . . . . . . . . . . . . ..
3.2.6 The Chinese Remainder Theorem
3.2.7 Finite Continued Fractions. . . . . . . . . . . . . . . . . . . . . . . . . . ..
Diffie-Hellman Key Exchange
3.3.1 Key Exchange Protocol
3.3.2 Man-in-the-Middle Attacks
3.3.3 Elgamal PKC
RSA Cryptosystem
3.4.1 RSA Key Pairs, Encryptions, and Decryptions
3.4.2 RSA Parameter Attacks
3.4.3 RSA Challenge Numbers
Elliptic-Curve Cryptography
3.5.1 Commutative Groups on Elliptic Curves
3.5.2 Discrete Elliptic Curves
3.5.3 ECC Encodings
3.5.4 ECC Encryption and Decryption
3.5.5 ECC Key Exchange
3.5.6 ECC Strength
Key Distributions and Management
3.6.1 Master Keys and Session Keys
3.6.2 Public-Key Certificates
3.6.3 CA Networks
3.6.4 Key Rings
Closing Remarks
Exercises
Data Authentication
4.1 Cryptographic Hash Functions
4.1.1 DeSIgn CrIterIa of CryptographIC Hash FunctIOns
4.1.2 Quest for CryptographIC Hash FunctIOns
4.1.3 BaSIC Structure of Standard Hash Functions
4.1.4 SHA-512
4.1.5 WHIRLPOOL
4.2 Cryptographic Checksums
4.2.1 ExclUSIve-OR CryptographIC Checksums
4.2.2 Design Criteria of MAC AlgOrIthms
4.2.3 Data Authentication Algorithm
4.3 HMAC
4.3.1 Design Criteria of HMAC
4.3.2 HMAC AlgorIthm
4.4 Offset Codebook Mode of OperatIOns
4.4.1 BaSIC Operations
4.4.2 OCB Encryption and Tag Generation
94
95
96
98
99
100
101
101
102
104
104
107
111
112
112
113
114
116
117
117
117
118
118
120
122
123
123
129
130
130
131
132
133
136
140
140
141
142
142
142
143
143
143
145
xiv
Contents
4.4.3 aCB Decryption and Tag Verification
Birthday Attacks
4.5.1 Complexity Upper Bound of Breaking Strong Collision
Resistance
4.5.2 Set Intersection Attack
4.6 Digital Signature Standard
4.7 Dual Signatures and Electronic Transactions
4.7.1 Dual Signature Applications
4.7.2 Dual Signatures and Electronic Transactions
4.8 Blind Signatures and Electronic Cash
4.8.1 RSA Blind Signatures
4.8.2 Electronic Cash
4.9 Closing Remarks
4.10 Exercises
4.5
5
Network Security Protocols in Practice
5.1 Crypto Placements in Networks
5.1.1 Crypto Placement at the Application Layer
5.1.2 Crypto Placement at the Transport Layer
5.1.3 Crypto Placement at the Network Layer
5.1.4 Crypto Placement at the Data-Link Layer
5.1.5 Hardware versus Software Implementations of
Cryptographic Algorithms
5.2 Public-Key Infrastructure
5.2.1 X.509 Public-Key Infrastructure
5.2.2 X.509 Certificate Formats
5.3 IPsec: A Security Protocol at the Network Layer
5.3.1 Security Association
5.3.2 Application Modes and Security Associations
5.3.3 AH Format
5.3.4 ESP Format
5.3.5 Secret Key Determination and Distribution
5.4 SSLlTLS: Security Protocols at the Transport Layer
5.4.1 SSL Handshake Protocol
5.4.2 SSL Record Protocol
5.5 PGP and SIMIME: Email Security Protocols
5.5.1 Basic Email Security Mechanisms
5.5.2 PGP
5.5.3 S/MIME
5 6 Kerberos' An Authentication Protocol
5 6 1 Basic Ideas
5.6.2 Smgle-Realm Kerberos
5.6.3 Multiple-Realm Kerberos
5.7 SSH: Secunty Protocols for Remote Logms
5.8 Closing Remarks
146
146
147
149
150
153
154
154
155
156
156
158
158
165
165
168
168
169
169
170
170
170
172
173
174
175
177
179
180
184
185
189
190
191
192
193
194
194
195
198
200
201
xv
Contents
59
Exercises
201
6
Wireless Network Security
207
207
208
210
211
211
212
212
214
215
218
219
219
222
224
227
229
229
230
230
231
232
232
233
234
238
239
240
242
242
245
245
7
Network Perimeter Security
249
250
251
252
254
255
255
257
257
258
6 1 Wireless Communications and 802 11 WLAN Standards
6.1.1 WLAN Architecture
6.1.2 802.11 Essentials
6.1.3 Wireless Security Vulnerabilities
62 WEP
6 2 1 Device Authentication and Access Control
6.2.2 Data Integrity Check
6.2.3 LLC Frame Encryption
6.2.4 Security Flaws of WEP
63 WPA
6.3.1 Device Authentication and Access Controls
6.3.2 TKIP Key Generations
6.3.3 TKIP Message Integrity Code
6.3.4 TKIP Key Mixing
6.3.5 WPA Encryption and Decryption
6.3.6 WPA Security Strength and Weaknesses
6.4 IEEE 802.11 i/wPA2
6.4.1 Key Generations
6.4.2 CCMP Encryptions and MIC
6.4.3 802.11 i Security Strength and Weaknesses
6.5 Bluetooth Security
6.5.1 Piconets
6.5.2 Secure Pairings
6.5.3 SAFER+ Block Ciphers
6.5.4 Bluetooth Algorithms E1, E2l, and E22
6.5.5 Bluetooth Authentication
6.5.6 A PIN Cracking Attack
6.5.7 Bluetooth Secure Simple Pairing
6.6 Wireless Mesh Network Security
6.7 Closing Remarks
6.8 Exercises
7.1
7.2
7.3
7.4
General Framework
Packet Filters
7.2.1 Stateless Filtering
7.2.2 Stateful FJltenng
CIrCUIt Gateways
7.3.1 Basic Structures
7.3.2 SOCKS
Application Gateways
7.4.1 Cache Gateways
Contents
xvi
7.4.2 Stateful Packet Inspections
Trusted Systems and Bastion Hosts
7.5.1 Trusted Operating Systems
7.5.2 Bastion hosts and Gateways
7.6 Firewall Configurations
7.6.1 Single-Homed Bastion Host System
7.6.2 Dual-Homed Bastion Host System
7.6.3 Screened Subnets
7 6 4 Demilitarized Zones
7.6.5 Network Security Topology
7 7 Network Address Translations
7.7.1 Dynamic NAT
7.7.2 Virtual Local-Area Networks
7.7.3 Small Office and Home Office Firewalls
7.8 Setting Up Firewalls
7.8.1 Security Policy
7.8.2 Building A Linux Stateless Packet Filter
7.9 Closmg Remarks
7.10 Exercises
259
259
259
260
261
261
262
263
264
265
265
266
267
267
268
268
269
270
270
The Art of Anti Malicious Software
277
277
278
280
282
283
284
285
287
287
288
288
289
290
292
293
294
295
296
297
298
298
299
301
301
7.5
8
8.1
8.2
8.3
8.4
8.5
8.6
VIruses
8.1.1 Virus Types
8.1.2 Virus Infection Schemes
8.1.3 Virus Structures
8.1.4 Compressor VIruses
8.1.5 Virus Disseminations
8.1.6 Win32 Virus Infection Dissection
8.1.7 Virus Creation Toolkits
Worms
8.2.1 Common Worm Types
8.2.2 The Morns Worm
8.2.3 The Mehssa Worm
8.2.4 Email Attachments
8.2.5 The Code Red Worm
8.2.6 Other Worms Targeted at Microsoft Products
VIrus Defense
8.3.1 Standard Scannmg Methods
8.3.2 Anti-Virus Software Products
8 3 3 Virus Emulator
Trojan Horses
Hoaxes
Peer-to-Peer Secunty
8.6.1 P2P Secunty Yulnerablhtles
8.6.2 P2P Security Measures
Contents
8.6.3 Instant Messaging
Web Security
8.7.1 Basic Types of Web Documents
8.7.2 Security of Web Documents
8 7 3 ActiveX
8.7.4 Cookies
8.7.5 Spyware
8.7.6 AJAX Security
8.7.7 Safe Web Surfing
8 8 Distributed Denial of Service Attacks
8 8 1 Master-Slave DDoS Attacks
8.8.2 Master-Slave-Reflector DDoS Attacks
8.8.3 DDoS Attacks Countermeasures
8.9 Closing Remarks
8.10 Exercises
301
302
303
304
305
306
307
308
309
310
310
310
311
313
313
The Art of Intrusion Detection
Basic Ideas of Intrusion Detection
9.1.1 Basic Methodology
9.1.2 Auditing
9.1.3 IDS Components
9.1.4 IDS ArchItecture
9.1.5 Intrusion Detection Policies
9.1.6 Unacceptable Behaviors
9.2 Network-Based Detections and Host-Based Detections
9.2.1 Network-Based Detections
9.2.2 Host-Based Detections
9.3 SIgnature Detections
9.3.1 Network Signatures
9.3.2 Host-Based Signatures
9.3.3 OutSIder BehaVIOrs and InSIder MIsuses
9.3.4 SIgnature Detection Systems
9.4 StatIstIcal AnalySIS
9.4.1 Event Counter
9.4.2 Event Gauge
9.4.3 Event Timer
9.4.4 Resource UtIlIzatIOn
9.4.5 StatIstIcal Techmques
9.5 Behavioral Data Forensics
9.5.1 Data Mining Techniques
9.5.2 A Behavioral Data Forensic Example
9.6 Honeypots
9.6.1 Types of Honeypots
9.6.2 Honeyd
9.6.3 MWCollect Projects
317
317
318
319
320
322
324
325
325
326
328
329
329
330
332
333
334
334
335
335
335
336
336
337
337
338
338
340
343
8.7
9
xvii
9.1
xviii
Contents
9.7
98
9.6.4 Honeynet Projects
Closing Remarks
Exercises
343
344
344
A
7-bit ASCII code
349
B
SHA-512 Constants (in hexadecimal)
351
C
Data Compression using ZIP
353
D
Base64 Encoding
355
E
Cracking WEP Keys using WEPCrack
E.l System Setup
E.2 Experiment Details
E.3 Sample Code
357
357
358
360
F
Acronyms
365
References
371
Index
377
Chapter 1
Network Security Overview
lj you know your enemies and know yourself, you will win hundred times in hundred battles.
If you know yourself but not your enemies, you will suffer a defeat for every victory won. If
you do not know yourselj or your enemies, you will always lose.
- Sun Tzu, "The Art of War"
The goal of network security is to give people the freedom to enjoy computer networks without fear of compromising their rights and interests. Network security
therefore needs to guard networked computer systems and protect electromc data
that IS eIther stored 10 networked computers or transmItted 10 the networks. The Internet whIch IS bUIlt on the IP comrnumcation protocols has become the dommant
computer network technology. It interconnects millions of computers and edge networks into one immense network system. The Internet is a public network, where
individuals or organizations can easily become subscribers of the Internet service by
connectmg theIr own computers and networkmg deVIces (e.g. routers and smfters)
to the Internet and paymg a small subscnptlOn fee.
Since IP is a store-forward switching technology, where data is transmitted using
routers controlled by other people, user A can read user B's data that goes through
user A's network equipment. Likewise, user A's data transmitted in the Internet may
also be read by user B. Hence, any mdlvldual or any orgamzatlOn may become an
attacker, a target, or both. Even If one does not want to attack other people, It IS
stIll pOSSIble that one's networked computers may be compromIsed mto becommg
an attacking tool. Therefore, to achieve the goal of network security, one must first
understand the attackers, what could become their targets, and how these targets
mIght be attacked.
2
I Network Security Overview
1.1 Mission and Definitions
The tasks of network security are to provide confidentiality, integrity, non-repudiation, and availability of useful data that are transmitted in public networks or stored
in networked computers.
The concept of data has a broad sense in the context of network security. Any object that can be processed or executed by computers is data. Thus, source code, executable code, files in various formats, email messages, digital music, digital graphics, and digital video are each considered data. Data should only be read, written, or
modified by legitimate users. That is, unauthorized individuals or organizations are
not allowed to have access to data.
Just as CPU, RAM, hard disk, and network bandwidth are resources, data is also
a resource. Data is sometimes referred to as information or message.
Each piece of data has two possible states, namely, the transmission state and the
storage state. Data In the transmISSIOn state IS SImply data In the process of beIng
dehvered to a network destInatIOn.Data In the storage state IS that whIch IS stored In
a local computer or In a storage deVIce. Thus, the meamngs of data confidentlahty
and data integrity have the following two aspects:
1. Provide and maintain the confidentiality and integrity of data that is in the transmISSIOn state. In thIS sense, confidentlahty means that data durIng transmISSIOn
cannot be read by any unauthonzed user and integrity means that data dunng
transmission cannot be modified or fabricated by any unauthorized user.
2. Provide and maintain the confidentiality and integrity of data that is in the storage state. Within this state, confidentiality means that data stored in a local device
cannot be read by any unauthonzed user through a network and Integnty means
that data stored In a local deVIce cannot be modIfied or fabncated by any unauthonzed user through a network.
Data non-repudiation means that a person who owns the data has no way to
convince other people that he or she does not own it.
Data avaIlablhty means that attackers cannot block legItImate users from USIng
aVaIlable resources and servIces of a networked computer. For example, a computer
system Infected WIth a VIruS should be able to detect and dISInfect the VIruS WIthout
much delay, and a server hit by denial of service attacks should still be able to
provide services to its users.
UnIntentIOnal components In protocol speCIficatIOns, protocol ImplementatIOns,
or other types of software that are explOItable by attackers are often referred to as
loopholes, flaws, or dejects. They mIght be an Imperfect mmor step In a protocol
design, an unforeseen side effect of a certain instruction in a program, or a misconfigured setting in a system.
Defense is the guiding principle of network security, but it is a passive defense
because before beIng attacked the vIctIm has no Idea who the attackers are and
from whIch computers In the Jungle of the Internet the attackers wIll launch theIr
attacks. After a victim is attacked, even if the attacker's identity and computer system is known, the victim still cannot launch a direct assault at the attacker, for such
1.2 Common Attacks and Defense Mechanisms
3
actions may be illegal. What constitutes legal actions against attackers involves a
discussion of relevant laws, which is beyond the scope of this book. Therefore, even
though offense may be the best defense, this tactic may not apply to network security. Building a deep layered defense system is instead the best possible defense
tactic in network security. Within this type of defense system, multiple layers of
defense mechanisms are used to resist possible attacks.
Network security is a major part of information security. In addition to network
security, information security deals with many other security issues, including security policies, security auditing, security assessment, trusted operating systems,
database security, secure code, emergency response, computer forensics, software
forensics, disaster recovery, and security training. This book does not cover these
issues, but it may touch certain aspects of them.
1.2 Common Attacks and Defense Mechanisms
Common network security attacks can be characterized mto a few basIc types. Almost every known network security attack IS eIther one of these basIc types or a
combination of several basic types.
1.2.1 Eavesdropping
Eavesdropping is an old and effective method for stealing private information. In
network communications, the purpose of eavesdropping is to intercept data from
network traffic usmg a networkmg devIce and a packet smffer. A packet smffer,
a.k.a. network smffer, IS a program for momtoring mcommg network traffic. When
connecting a router to the Internet, for example, one can use a packet sniffer to
capture all the IP packets going through that router. TCPdump and Wireshark
(formerly known as Ethereal) are the two most widely-used network sniffers
today, whIch are aVaIlable as free downloads from theIr Websltes (see ExercIse 1.3).
Usmg thIs eavesdroppmg techmque, the eavesdropper can mtercept IP packets
that go through the router he controls. To capture a partIcular IP packet, however,
the eavesdropper must first determine which communication path the IP packet will
travel through. Then he could either try to get control of a certain router on the path
or try to msert a new router of hIs own on the path. ThIs task IS more dIfficult, but
IS not ImpossIble. For example, the eavesdropper may try to compromIse a router
on the path and mstall a packet smffer m It to mtercept the IP packets he IS after.
The eavesdropper may also use an ARP spoofing technique (see Section 1.2.4) to
reroute IP packets to his sniffer without compromising a router.
Eavesdropping wireless communications is easier. In this case, the attacker simply needs to place a receIver wIth the same radIO frequency of the wIreless network
wlthm the commumcation range of the network.
4
I Network Security Overview
There is no way to stop eavesdropping in public networks. To counter eavesdropping, the best thing one can do is to encrypt data. Computer cryptography is
developed for this purpose, where the sender encrypts data before he transmits it.
Data encryption is a major component of computer cryptography. It uses an encryption key to break the original data into pieces and mix them up into an unintelligible
form, making it difficult for the eavesdropper to obtain any useful information out
of it. Thus, even if the eavesdropper is able to intercept the encrypted data, he is
still not able to obtain the original data without knowing the decryption key. Original data is also referred to as plaintext data, while encrypted data is referred to as
ciphertext data.
Ciphertext data can be converted back to plaintext data using a decryption key.
The encryption (and decryption) key is a string of characters, which is also referred
to as a secret key. In a symmetric-key encryption algorithm, the encryption key and
the decryption key are identical.
1.2.2 Cryptanalysis
Cryptanalysis is the art of finding useful information from ciphertext data without
knowing the decryption keys. For example, in a substitution cipher that substitutes
plamtext letters wIth cIphertext letters, If a cIphertext message reveals a certam statIstIcal structure, then one may be able to decIpher It. To obtam a statIstIcal structure
of the data one may calculate the frequency of each character m the cIphertext data
and compare it against the known statistical frequency of each character in the language used in the plain text. For example, in the English language, the letter "e"
has the highest frequency. Thus, in a substitution cipher, the character that has the
hIghest frequency m the cIphertext data IS ltkely to correspond to the plamtext letter
"e" (see e.g. Exercise 1.5). Analyzing statistical structures of ciphertext messages
was an effective method to break encryption algorithms before the computer era.
Modern encryption algorithms can produce ciphertext without showing any statistical structure. Therefore, cryptanalysis is focused on analyzing encryption algonthms usmg mathematIcal tools and hIgh-performance computers.
The best way agamst cryptanalysIs IS to devIse encryptIon algonthms that reveal
no statIstIcal structures m cIphertext messages and use longer encryption keys. Using longer keys makes brute force analysis more impractical. In addition to having
stronger encryption algorithms, it is equally important to distribute and manage keys
and to Implement encryption algonthms wIthout explOItable loopholes.
1.2.3 Password Pi{[ering
Computer users need to prove to the system that they are legItImate users. The most
WIdely used authentIcatIOn mechamsm IS m the form of user names and user pass-
1.2 Common Attacks and Defense Mechanisms
5
words. User names are public information, but user passwords must be kept secret.
Only two parties should have knowledge of the password, namely, the user and the
underlying computer program (e.g. an operating system or a specific application). A
password is a sequence of letters, digits, or other characters, which is often selected
by the user. Legitimate users enter their user names and passwords to prove their
legitimacy to the computer program with their account information. An unauthorized user may impersonate a legitimate user to "legitimately" log on to a passwordprotected device, if he can get hold of a legitimate user name/password pair. He can
then gain a]] the "legal" rights to transmit, receive, modify, and fabricate data.
Password protection is often the first defense line, and sometimes it is the only
defense mechanism available in the system. Thus, we must take measures to ensure that user passwords are we]] protected against larcenies. For this purpose we
will look at several common methods for pilfering user passwords. These methods include guessing, social engineering, dictionary attacks, and password sniffing.
Phishing attacks have become a most common form of mass social engineering attacks in recent years.
Guessing
Guessing is the easiest method to i11egitimately acquire a password. The attacker
may get lucky If the user uses a short password or If he forgets to change the default
password created for hIm. Also, users have a tendency to use the same passwords.
Accordmg to a recent survey by PC Magazme, the ten most common passwords
used by users, listed in decreasing order of popularity, are as follows:
1. password
2. 123456
3. qwerty (which are keys below 123456 on standard keyboards)
4. abc123
5 Jetmein
6. monkey
7. myspace1
8. password1
9. blink182
10. the user's own first name
If the user chooses a simple password such as these ten easy ones then the guesser
would mdeed have an easy task.
Social Engineering
Social engineering is a method of using social ski11s to pilfer secret information from
the vIctIms. For example, attackers may try to Impersonate people WIth authonty or
organizations of reputation to tnck un-vlgdant people to reveal theIr user names and
1 Network Security Overview
6
user passwords to the attackers. Impersonation may be carried out either in person or
in an electronic form. Phishing is an electronic form of social engineering targeted
at a large number of people.
There are other forms of social engineering attacks. For example, attackers may
try to collect recycled papers from the recycle bins in a corporation's office building,
hoping to find useful login information. Attackers may also make a Web browser
pop up a window asking for user login information.
Physical Impersonation
Physical impersonation means that the attacker pretends to be a different person to
delude the victim. For example, the following imaginary conversion between the attacker and a receptionist named Betty demonstrates how a social engineering attack
might be carried out in person:
Attacker: (Speaking with an authoritative voice.) "Hello, Betty, this is Nina Hatcher. I am
Marketing Manager of the China branch office."
Betty: (Thinking that this woman knew my name, my number, and spoke like a manager,
she must be whom she said she was.) "IIello, Nina, what can I do for you?"
Attacker: "Betty, I am attending a meeting in Guangzhou to finalize an important deal with
a large corporatIOn In China. To close the deal, I'll need to venfy certain techmcal data produced by your group that I believe is still stored in the computer at your site. This is urgent.
I tned to log on to your system today, but for some reason It dIdn't work. I was able to log
on to It yesterday though. Is your computer down? Can you help me out here?"
Belly: "Well, I don't know what happened. But you may try the {olloWIng ... " (Thinking
that she is doing the company a favor by telling the marketing manager how to get into the
system.)
PhIshmg
PhIshmg attacks are mass SOCIal engmeermg attacks that take advantage of people with a tendency to trust authorities. The main forms of phishing attacks are
disguised email messages or masqueraded Websites. For example, attackers (also
called phishers) send disguised email messages to people as if these messages were
from banks, credIt card companIes, or other financIal mstltutlOns that people may
pay attention to. People who recerve such messages are told that there was a secunty
breach in their accounts, and so they are required to verify their account information for security purposes. They are then directed to a masqueraded Website to enter
their user names and passwords (e.g. see Exercise 1.8). The following example is a
real phlshmg message verbatIm:
Date: Fri, 5 Oct 2007 16:11 :46 -0700
From: US Bank
1.2 Common Attacks and Defense Mechanisms
7
Subject: US Bank - Internet Online Access is Locked - October 5, 2007 at 12:23:05
PM
Dear US Bank customer,
We're sorry, but you reached the maximum number of attempts allowed to login
into your US Bank account. For your protection, we have locked your account.
Consequently, we placed a temporary restriction on your account. We did this to
protect your account from any fraudulent activity.
Please click below and complete the steps to Remove Limitations. This allows us
to confirm your identity and unlock your US Bank online account
http://www4-usbank.com/
If we do no receive the appropriate account verification within 48 hours, then we
will assume this US Bank account is fraudulent and will be suspended.
US Bank, Member FDIC. @2007 US Bank Corporation. All Rights Reserved.
The link in the email is of course a trap, which links to a Website set up by the
phisher to capture the account information entered by the victims. Here the email
and the WebsIte are the baIt. The SnIffing mechanIsms hldmg behmd the Web page
are the hook. Even you do not plan to enter any mformatlOn on the WebSIte, clIckmg the lmk m a phlshmg emaIl may already compromise your computer, for modern
phishing techniques make it possible to embed exploits in a Web page and the exploits will be activated when you open the Web page.
In general, any phishing email would contain a link to a bogus Website, called a
phishing site. Phlshmg sItes look Just lIke the real ones, wIth the purpose of lurmg
careless users to enter usefullogm mformatlon to be captured by the phlsher. Antiphishing extensions of Web browsers are emerging technology for detecting and
blocking phishing sites.
Dictionary Attacks
For security reasons, only encrypted passwords, i.e. not in their original form, should
be stored in a computer system. This prevents attackers from learning the passwords
even If they break mto the system. In early versIOns of UNIX and Lmux operatmg
systems, for example, the encrypted user passwords of the system are stored m a
file named passwd under dIrectory / etc. ThIS encryption IS not a one-to-one encryption. Namely, the encryption algorithm can calculate the ciphertext string of
a given password, but the ciphertext string cannot be uniquely decrypted. Such an
encryption is also referred to as an encrypted hash. In early versions of UNIX and
Lmux operatmg systems, user names and the correspondmg encrypted user passwords stored tn the passwd file were ASCII stnngs that could be read by users. In
later versions of UNIX and Linux operating systems, however, the encrypted user
passwords of the system are no longer stored this way. Instead, they are stored in a
8
I Network Security Overview
file named shadows under directory / etc, which is an access-restricted system
file.
In the Windows NT/XP operating system, for another example, the user names
and the encrypted user passwords are stored in the system's registry in a file named
SAM. They can be read using special tools, e.g. pwdump.
Dictionary attacks take advantage of the way some people use dictionary words,
names, and dates as passwords. These attacks find user passwords from their encrypted forms. A typical dictionary attack proceeds as follows:
1. Obtain information of user names and the corresponding encrypted passwords.
This was done, for example, in early versions of Linux or Linux by getting a
copy ofthe / etc/passwd file. In Windows XP, it can be done using pwdump
to read the system registry.
2. Run the encryption routine used by the underlying system on all dictionary
words, names, and dates. That IS, compute the encrypted hash for each dIctIOnary word, each name, and each date.
3. Compare each output obtained from Step 2 with the encrypted passwords obtained from Step 1. If a match presents, a user password is found. In other words,
suppose w is a word and Wi = crypt ( w) is the output of the encryption routine
crypt on input w. Suppose u and Pu are a pair of user name and encrypted password of user u. If Wi = Pu, then w is user u's password or is equivalent to user u's
password, for w may not be unique.
Step 2 is computationally intensive, for there are many words, names, and dates.
To avoid carrying out this costly computation each time an encrypted hash is given,
one would want to pre-compute Step 2 and store the results (i.e. password-hash
pairs) m one table, so that one only needs to do a table lookup to find the correspondmg plamtext password from the grven encrypted hash. But such a table WIll
be humongous. Constructing a Rainbow table helps to reduce the table size and
make the computation at Step 2 manageable.
Rambow Tables
A rainbow table is a table of two columns constructed as follows: Let r be a function
that maps an encrypted hash of a password to a string in the domain of possible
passwords. ThIs functIOn r IS referred to as a reduction functIOn, for the length of
a password IS typIcally shorter than the length of ItS encrypted hash value. The
functIOn r can be defined in a number of ways. For example, suppose the domam of
passwords is a set of all possible 8-character strings. Let h be a cryptographic hash
function that, on an 8-character password, generates a 16-character long hash value.
Then we may define r as follows: For any 8-character string w, function r on input
h(w) returns the last eight characters of h(w). Function r may also return the first
eight characters of h(w) or any combination of eight characters selected from h(w).
Note that r is not an inverse function of h.
1.2 Common Attacks and Defense Mechanisms
9
Let WII be a given password. Apply hand r alternatively to obtain a chain of
passwords that are different pairwise:
Wll, W12,'" , WIn] ,
where nl is a number chosen by the user, and
Wli = r(h(wl,i_J)),
i
= 2,3,··· ,nl.
(WII ,h(Wln]))
in the rainbow table, where Wll is in the first column and h(Wlnl) is in the second
column.
Now choose a new password W21 (i.e. W21 has not been generated in previous
chains). Repeat the same procedure for another round to obtain
where n2 is a number chosen by the user and W2i = r(h( W2,i- d for i = 2,3, .. · ,n2,
such that the first cham and the second cham are dlsJomt. That IS, for any 1 < u < nl
and 1 :::; v :::; na. we have WI u -I=- W2v. Store
in the rainbow table. Performing this procedure k times will generate k rows in the
rambow table as follows:
assword hash value
h(Wl n1)
WIl
h(W2nz}
W21
Wkl
h(Wknk)
where W jl is the first password in the jth chain, h( W jnj) is the encrypted hash of the
last password m the same cham, and the chams are dlsJomt pmrwlse.
Let j : A ----+ Band g : B ----+ A be two functIons. Let y E Band i ::;, O. Define
(jog)l(y) as follows:
i( )
(J og ) y =
ifi = 0,
J(g((fog)i-l(y))),ifi::;'1.
{ y,
Let Qo be an encrypted value of a password w. That is, Qo = h(w). If
10
I Network Security Overview
for some i > 0 and some j with 1 < j < k and i < j, then W is possible to appear in
the jth chain of Wj1 , ... ,Wjn i: Thus, the following algorithm may help find w.
1. Set Q1 f - Qo and t f - O. Let n = max{nl,'" ,nd.
2. Check if there is a 1 :s; j :s; k such that Ql = h( Wjn j) and t :s; n. If yes, goto Step
3; otherwise, goto Step 4.
3. Apply rand h alternatively on Wj1 for 0 :s; i :s; j times until Wjn, = (r 0 h)i (wjl )
is generated such that h(wjnJ = Qo. If such a Wjni is found, return W = Wjni;
otherwise, goto Step 4.
4. Set QI f - h(r(Q1)) and t f - t + 1. If t :s; n then goto Step 2. Otherwise, return
"password not found." (The rainbow table does not contain the password whose
hash value equals Qo).
Note that several different reduction functions may be used in the same password
chain. This may help avoid collisions that two different chains, starting from different passwords, may end up at the same password or at the same hash value at some
pomt.
Remarks
It IS worth notmg that dIctIOnaryattacks may also be used
10 a pOSItIVe way. For example, Wmdows Office allows users to encrypt MIcrosoft Word documents, where
secret keys used for encryption are generated based on the passwords selected by
users. If, after a long while, a user forgets the password of a password-protected document, then the file will no longer be useful, for the user cannot decrypt it. To solve
thIs problem, a company named Elcomsoft developed a password recovery software
program usmg the dIctIOnary-attack techmques. ThIs IS a positrve apphcatlOn of dICtionary attacks. On the other hand, we note that if an encrypted office document is
stolen, then the thief can also use this program to decrypt the document. There is a
positive side and a negative side in every thing. A kitchen knife is intended to chop
food, but It can also be used to harm people. Water can carry boats, but It can also
topple them.
We also note that the file / etc/passwd 10 recent versions of UNIX and Lmux
no longer displays the encrypted user passwords (see Exercise 1.6). This makes it
more difficult for the attackers to obtain the list of encrypted passwords for launch109 a dIctIOnaryattack.
Password Sniffing
Password sniffers are software programs, us
Computer Network Security
Theory and Practice
JieWang
Computer
Network Security
Theory and Practice
With 81 figures
-til! セヲNエゥャjFZᄆ
HIGHER EDUCATION PRESS
f1 Springer
IAlJTHOR'
IProf. Jie Wang
IDepartment of Computer Science
IUnIverslty of Massachusetts
Lowell, MA 01854, USA
IE-mail: wang.uml@gmail.com
IISBN 978-7-04-024162-4 Higher Education Press,Beijing
ISBN 978-3-540-79697-8 Springer Berlin Heidelberg New York
e ISBN 978-3-540-79698-5 Springer Berlin Heidelberg New York
ILlbrary of Congress Control Number: 2008925345
This work is subject to copyright. All rights are reserved, whether the whole or part of the
matenal IS concerned, speCifically the nghts of translatIOn, repnntmg, reuse of Illustrations,
recitation, broadcasting, reproduction on microfilm or in any other way, and storage in data
banks. Duplication of this publication or parts thereof is permitted only under the provisions
of the German Copynght Law of September 9, 1965, m ItScurrent version, and permission for
use must always be obtained from Springer-Verlag. Violations are liable to prosecution under
ItheGerman Copynght Law.
@2009 Higher Education Press, Beijing and Springer-Verlag GmbH Berlin Heidelberg
Co-published by Higher Education Press, Beijing and Springer-Verlag GmbH Berlin Heiセ・ャ「イァ
ISpringer is a part of Springer Science+ Business Media
springer.com
The use of general descnptlve names, registered names, trademarks, etc. in thiS pubhcatlOn
does not imply, even in the absence of a specific statement, that such names are exempt from
Itherelevant protective laws and regulations and therefore free for general use.
ICover deSign: fndo Stemen-Broo, EStudlo Calamar, Spam
IPrinted on acid-free paper
Preface
People today are mcreasmgly relymg on pubhc computer networks to conduct bUSIness and take care of household needs. However, public networks may be insecure
because data stored in networked computers or transmitted through networks can
be stolen, modified, or fabricated by malicious users. Thus, it is important to know
what securIty measures are aVaIlable and how to use them. Network securIty practrees are desIgned to prevent these potentIal problems. Network security, orIgmated
from meeting the needs of providing data confidentiality over public networks, has
grown into a major academic discipline in both computer science and computer
engineering, and also an important sector in the information industry.
The goal of network securIty IS to gIve people the hberty of enJoymg computer
networks wIthout fear of compromlsmg theIr rIghts and mterests. Network secunty accomphshes thIs goal by provldmg confidentlahty, integrtty, non-repudIatIon,
and availability of useful data that are transmitted in open networks or stored in
networked computers.
Network securIty wIll remam an actIve research area for several reasons. FIrst,
securIty measures that are effectIve today may no longer be effectIve tomorrow
because of advancements and breakthroughs in computmg theory, algorIthms, and
computer technologies. Second, after the known security problems are solved, other
security loopholes which were previously unknown may at some point be discovered and exploited by attackers. Third, when new applications are developed or new
technologIes are mvented, new securIty problems may also be created wIth them.
Thus, network secunty IS meant to be a long lastmg scuffle between the offenders
and the defenders.
Research and development in network security have mainly followed two lines.
One line studies computer cryptography and uses it to devise security protocols. The
other lme exammes loopholes and sIde effects of eXlstmg network protocols, software, and system configuratIOns. It develops firewalls, antl-mahclOus-software software, intrusion detectIOn systems, and other countermeasures. Interweavmg these
two lines together provides the basic building blocks for constructing deep layered
defense systems against network security attacks.
vi
Preface
This book is intended to provide a balanced treatment of network security along
these two lines, with adequate materials and sufficient depth for teaching a onesemester introductory course on network security for graduate and upper-level undergraduate students. It is intended to inspire students to think about network security and prepare them for taking advanced network security courses. This book may
also be used as a reference for IT professionals.
This book is structured into nine chapters.
Chapter 1 presents an overview of network security. It discusses network security goals, describes common network attacks, characterizes attackers, and defines a
basic network security model.
Chapter 2 presents standard symmetric-key encryption algorithms, including
DES, AES, and RC4. It discusses their strength and weaknesses. It also describes
common block-cipher modes of operations and presents key generation algorithms.
Chapter 3 presents standard public-key encryption algorithms and key-exchange
algorithms, including Diffie-Hellman key exchange, RSA public-key cryptosystem,
and elliptic-curve cryptography. It also discusses how to transmit and manage keys.
Chapter 4 presents secure hash functIOns and message authentIcatIOn code algorithms for the purpose of authenticating data, including the SHA-512 secure hash
functIOn, the WHIRLPOOL hash algonthm, cryptographIc checksums, and the standard hash message authentication codes. It also presents the block-cipher offsetcodebook mode of operations for producing ciphertext and message authentication
code. It then dIscusses bIrthday attacks on secure hash functIOns, and descnbes the
dIgItal sIgnature standard. Fmally, thIS chapter mtroduces a dual sIgnature scheme
used for electromc transactions and a blmd signature scheme used for producmg
electronic cash.
Chapter 5 presents several network security protocols commonly used in practice. It first describes a standard public-key infrastructure for managing public-key
certIficates. It then presents IPsec, a network-layer secunty protocol; SSLlTLS, a
transport-layer security protocol; and several applIcatIOn-layer security protocols,
including POP and S/MIME for sending secure email messages, Kerberos for authenticating users in local area networks, and SSH for protecting remote logins.
Chapter 6 presents common security protocols for wireless local-area networks
at the data-Imk layer, mcludmg WEP for provldmg WIred-eqUIvalent pnvacy, WPA
and IEEE 802. I l1IWPA2for provldmg WIreless protected access, and IEEE 802.1 X
for authentlcatmg WIreless users. It then presents the Bluetooth security protocol
for wireless personal-area networks. Finally, it discusses security issues in wireless
mesh networks.
Chapter 7 presents firewall technologIes and basIc structures, mcludmg networklayer packet fiJtenng, transport-layer stateful mspectlOns, transport-layer gateways,
applIcatIOn-layer proxies, trusted systems and bastIOn hosts, firewall configuratIOns
and screened subnets, and network address translations.
Chapter 8 describes malicious software, such as viruses, worms, and Trojan
horses, and introduces countermeasures. It also covers Web security and discusses
mechamsms agamst demal of service attacks.
Preface
vii
Chapter 9 presents intrusion detection technologies, including intrusion detection system architecture and common intrusion detection methods. It also discusses
event signatures, statistical analysis, and data mining methods. Finally, it introduces
honeypot technologies.
To get the most out of this book, readers are assumed to have taken undergraduate
courses on discrete mathematics, algorithms, data communications, and network
programming; or have equivalent preparations. For convenience, Chapter 3 includes
a section reviewing basic concepts and results of number theory used in public-key
cryptography. While it does not introduce socket programming, the book contains
socket API client-server programming exercises. These exercises are designed for
computer science and computer engineering students. Readers who do not wish to
do them or simply do not have time to write code may skip them. Doing so would
not affect learning the materials presented in the book.
Exercise problems are designed to have three levels of difficulty: regular, difficult (designated with "), and challenging (designated with **). This book contains a
number of hands-on drills, presented as exercise problems. Readers are encouraged
to try them all.
I have taught network secunty courses to graduate and senIor undergraduate
students for over ten years. And I have longed for a concise textbook WIth a balanced treatment of network security and sufficient depth suitable for teaching a onesemester introductory course for my students. This book is the result of this quest.
It was wntten based on what I learned and expenenced from teachIng these courses
and on student feedbacks accumulated over the years. In partIcular, I used an early
draft of this book to teach a graduate network security course in 2006 and 2008 at
University of Massachusetts Lowell, which helped me revise and enhance the materials presented in this book. Powerpoint slides of these lectures can be found at
ィエーZOキN」ウオュャ・、セ。ョアns
Due to space lImItatIOns, some InterestIng tOpICS and matenals are not presented
In thIS book. After all, one book can only accomplIsh one book's mISSIOn. I only
hope that this book can achieve its objective. Of course, only you, the reader, can be
the judge of it. I will be grateful if you can please offer your comments, suggestions,
and corrections to me at wang@cs.um1.edu.
I have benefited a great deal from numerous dISCUSSIons over the years WIth
my colleagues and teachIng aSSIstants, as well as current and former students. I
am full of gratItude to them. I am grateful to Sarah Agha, Samip Banker, Stephen
Brinton, Jeff Brown, William Brown, Jason Chan, Guanling Chen, Michael Court,
Chunyan Du, Paul Duvall, Adam Elbirt, Zheng Fang, Jami Foran, Swati Gupta,
Llwu Hao, Qlang Hou, Bel Huang, Jared Karro, MInghm (Mark) LI, Benyuan LIU,
Yan (Jenny) LIU, WenJIng Lou, Jle Lu, DaVId MartIn, Paul Nelson, Alexander Pennace, Sandeep Sahu, Blake SkInner, Hengky Susanto, NathanIel Tuck, Tao Wang,
Christopher Woodard, Fang Wu, Jianhui Xie, Jie (Jane) Yang, Zhijun Yu, and Ning
Zhong for their help. In particular, I thank Jared Karro for reading the early draft of
this book, Stephen Brinton for reading Chapters 1-5 and 7-8, Guanling Chen for
reading Chapter 6, and Wenjing Lou for reading Chapters 1-2 and 6. Their comments have helped Improve thIS book In many ways.
viii
Preface
I thank Ying Liu at the Higher Education Press for initiating this book project
and editing this book.
lowe more than I can express to my wife Helen, my son Jesse, and my daughter
Sharon for their understanding that I needed to spend long hours working on this
project.
Lowell, Massachusetts
June 2008
lie Wang
About the Author
lIe Wang IS Professor and Chair of Computer SCIence at the University of Massachusetts Lowell (UML). He is also Director of the Center for Network and Information Security of UML. His first name "lie" in Mandarin is pronounced similar
to "led." He received Ph.D. degree in Computer Science from Boston University in
1990, M.S. degree in Computer Science from Zhongshan University in 1985, and
B.S. degree In ComputatIOnal MathematIcs from Zhongshan University In 1982. He
has over 18 years of teaching and research experience and is equipped with network
security consulting experience in financial industry. His research interests include
network security, algorithms and computational optimization, computational complexIty theory, and wIreless sensor networks. HIS research has been funded continuously by the NatIOnal SCIence FoundatIon since 1991 and has also been funded by
IBM, Intel, and the Natural Science Foundation of China. He has published over 95
journal and conference papers, two books and three edited books. He is active in
professional service, including chairing conference program committees and orgarnzmg workshops.
Contents
1
Network Security Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.1 MISSIOn and DefimtlOns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.2 Common Attacks and Defense Mechamsms
1.2.1 Eavesdroppmg.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.2.2 Cryptanalysis.......................................
1.2.3 Password Pilfering. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.2.4 IdentIty Spoofing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..
1.2.5 Buffer-Overflow Exploitations . . . . . . . . . . . . . . . . . . . . . . . ..
1.2.6 Repudiation.........................................
1.2.7 Intrusion...........................................
1.2.8 Traffic Analysis
1.2.9 Denial of Service Attacks
1.2.10 MahclOus Software
1.3 Attacker Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..
1.3.1 Hackers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..
1.3.2 Script Kiddies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..
1.3.3 Cyber Spies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..
1.3.4 VICIOUS Employees. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..
1.3.5 Cyber Terrorists
1.3.6 Hypothetical Attackers
1.4 Basic Security Model .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..
1.5 Security Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..
1.6 Closmg Remarks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..
1.7 ExercIses.................................................
1
2
3
3
4
4
12
16
17
18
18
19
22
25
25
27
27
28
28
28
28
30
31
31
2
Data Encryption Algorithms
2.1 Data EncryptIOn Algonthm DeSIgn Cntena . . . . . . . . . . . . . . . . . . . ..
2.1.1 ASCII Code. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..
2.1.2 XOR Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..
2.1.3 Criteria of Data Encryptions. . . . . . . . . . . . . . . . . . . . . . . . . ..
39
40
40
41
42
xii
Contents
2.1.4 Implementation Criteria. . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..
Data Encryption Standard. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..
2.2.1 Feistel's Cipher Scheme
2.2.2 DES Subkeys
2.2.3 DES Substitution Boxes
2.2.4 DES Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..
2.2.5 DES Decryption and Correctness Proof. . . . . . . . . . . . . . . . ..
2.2.6 DES Security Strength. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..
Multiple DES. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..
2.3.1 Triple-DES with Two Keys. . . . . . . . . . . . . . . . . . . . . . . . . . ..
2 3 2 2DES and 3DESL3
2.3.3 Meet-in-the-Middle Attacks on 2DES . . . . . . . . . . . . . . . . . ..
Advanced Encryption Standard. . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..
2.4.1 AES Basic Structures. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..
2.4.2 AES S-Boxes
2.4.3 AES-128 Round Keys .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..
2.4.4 Add Round Keys
2.4.5 Substitute-Bytes.....................................
2.4.6 Shift-Rows.........................................
2.4.7 Mix-Columns.......................................
2.4.8 AES-128 Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..
2.4.9 AES-128 Decryption and Correctness Proof. . . . . . . . . . . . ..
2.4.10 Galois Fields. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..
2.4.11 Construction of the AES S-Box and Its Inverse ..... . . . . ..
2.4.12 AES Security Strength. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..
Standard Block-Cipher Modes of Operations. . . . . . . . . . . . . . . . . . ..
2.5.1 Electronic-Codebook Mode
2.5.2 Cipher-Block-Chaining Mode. . . . . . . . . . . . . . . . . . . . . . . . ..
2.5.3 Cipher-Feedback Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..
2.5.4 Output-Feedback Mode
2.5.5 Counter Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..
Stream Ciphers
2.6.1 RC4 Stream Cipher
2.6.2 RC4 Security Weaknesses. . . . . . . . . . . . . . . . . . . . . . . . . . . ..
Key Generattons
2.7.1 ANSI X9.17 PRNG
2.7.2 BBS Pseudorandom Bit Generator
ClOSIng Remarks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..
ExercIses.................................................
45
45
45
48
49
51
53
54
54
55
Public-Key Cryptography and Key Management. . . . . . . . . .. . . . . . ..
3.1 Concepts of Public-Key Cryptography. . . . . . . . . . . . . . . . . . . . . . . ..
3.2 Elementary Concepts and Theorems In Number Theory
3.2.1 Modular Anthmetlc and Congruence Re1attons . . . . . . . . . ..
3 2 2 Modular Inverse
89
89
92
92
93
2.2
2.3
2.4
2.5
2.6
2.7
2.8
2.9
3
55
56
57
57
60
61
62
63
63
64
65
65
67
70
7l
71
72
72
73
74
74
75
75
76
78
78
79
80
81
Contents
3.3
3.4
3.5
3.6
3.7
3.8
4
xiii
3 2 3 Primitive Roots
3.2.4 Fast Modular Exponentiation . . . . . . . . . . . . . . . . . . . . . . . . ..
3.2.5 Finding Large Prime Numbers. . . . . . . . . . . . . . . . . . . . . . . ..
3.2.6 The Chinese Remainder Theorem
3.2.7 Finite Continued Fractions. . . . . . . . . . . . . . . . . . . . . . . . . . ..
Diffie-Hellman Key Exchange
3.3.1 Key Exchange Protocol
3.3.2 Man-in-the-Middle Attacks
3.3.3 Elgamal PKC
RSA Cryptosystem
3.4.1 RSA Key Pairs, Encryptions, and Decryptions
3.4.2 RSA Parameter Attacks
3.4.3 RSA Challenge Numbers
Elliptic-Curve Cryptography
3.5.1 Commutative Groups on Elliptic Curves
3.5.2 Discrete Elliptic Curves
3.5.3 ECC Encodings
3.5.4 ECC Encryption and Decryption
3.5.5 ECC Key Exchange
3.5.6 ECC Strength
Key Distributions and Management
3.6.1 Master Keys and Session Keys
3.6.2 Public-Key Certificates
3.6.3 CA Networks
3.6.4 Key Rings
Closing Remarks
Exercises
Data Authentication
4.1 Cryptographic Hash Functions
4.1.1 DeSIgn CrIterIa of CryptographIC Hash FunctIOns
4.1.2 Quest for CryptographIC Hash FunctIOns
4.1.3 BaSIC Structure of Standard Hash Functions
4.1.4 SHA-512
4.1.5 WHIRLPOOL
4.2 Cryptographic Checksums
4.2.1 ExclUSIve-OR CryptographIC Checksums
4.2.2 Design Criteria of MAC AlgOrIthms
4.2.3 Data Authentication Algorithm
4.3 HMAC
4.3.1 Design Criteria of HMAC
4.3.2 HMAC AlgorIthm
4.4 Offset Codebook Mode of OperatIOns
4.4.1 BaSIC Operations
4.4.2 OCB Encryption and Tag Generation
94
95
96
98
99
100
101
101
102
104
104
107
111
112
112
113
114
116
117
117
117
118
118
120
122
123
123
129
130
130
131
132
133
136
140
140
141
142
142
142
143
143
143
145
xiv
Contents
4.4.3 aCB Decryption and Tag Verification
Birthday Attacks
4.5.1 Complexity Upper Bound of Breaking Strong Collision
Resistance
4.5.2 Set Intersection Attack
4.6 Digital Signature Standard
4.7 Dual Signatures and Electronic Transactions
4.7.1 Dual Signature Applications
4.7.2 Dual Signatures and Electronic Transactions
4.8 Blind Signatures and Electronic Cash
4.8.1 RSA Blind Signatures
4.8.2 Electronic Cash
4.9 Closing Remarks
4.10 Exercises
4.5
5
Network Security Protocols in Practice
5.1 Crypto Placements in Networks
5.1.1 Crypto Placement at the Application Layer
5.1.2 Crypto Placement at the Transport Layer
5.1.3 Crypto Placement at the Network Layer
5.1.4 Crypto Placement at the Data-Link Layer
5.1.5 Hardware versus Software Implementations of
Cryptographic Algorithms
5.2 Public-Key Infrastructure
5.2.1 X.509 Public-Key Infrastructure
5.2.2 X.509 Certificate Formats
5.3 IPsec: A Security Protocol at the Network Layer
5.3.1 Security Association
5.3.2 Application Modes and Security Associations
5.3.3 AH Format
5.3.4 ESP Format
5.3.5 Secret Key Determination and Distribution
5.4 SSLlTLS: Security Protocols at the Transport Layer
5.4.1 SSL Handshake Protocol
5.4.2 SSL Record Protocol
5.5 PGP and SIMIME: Email Security Protocols
5.5.1 Basic Email Security Mechanisms
5.5.2 PGP
5.5.3 S/MIME
5 6 Kerberos' An Authentication Protocol
5 6 1 Basic Ideas
5.6.2 Smgle-Realm Kerberos
5.6.3 Multiple-Realm Kerberos
5.7 SSH: Secunty Protocols for Remote Logms
5.8 Closing Remarks
146
146
147
149
150
153
154
154
155
156
156
158
158
165
165
168
168
169
169
170
170
170
172
173
174
175
177
179
180
184
185
189
190
191
192
193
194
194
195
198
200
201
xv
Contents
59
Exercises
201
6
Wireless Network Security
207
207
208
210
211
211
212
212
214
215
218
219
219
222
224
227
229
229
230
230
231
232
232
233
234
238
239
240
242
242
245
245
7
Network Perimeter Security
249
250
251
252
254
255
255
257
257
258
6 1 Wireless Communications and 802 11 WLAN Standards
6.1.1 WLAN Architecture
6.1.2 802.11 Essentials
6.1.3 Wireless Security Vulnerabilities
62 WEP
6 2 1 Device Authentication and Access Control
6.2.2 Data Integrity Check
6.2.3 LLC Frame Encryption
6.2.4 Security Flaws of WEP
63 WPA
6.3.1 Device Authentication and Access Controls
6.3.2 TKIP Key Generations
6.3.3 TKIP Message Integrity Code
6.3.4 TKIP Key Mixing
6.3.5 WPA Encryption and Decryption
6.3.6 WPA Security Strength and Weaknesses
6.4 IEEE 802.11 i/wPA2
6.4.1 Key Generations
6.4.2 CCMP Encryptions and MIC
6.4.3 802.11 i Security Strength and Weaknesses
6.5 Bluetooth Security
6.5.1 Piconets
6.5.2 Secure Pairings
6.5.3 SAFER+ Block Ciphers
6.5.4 Bluetooth Algorithms E1, E2l, and E22
6.5.5 Bluetooth Authentication
6.5.6 A PIN Cracking Attack
6.5.7 Bluetooth Secure Simple Pairing
6.6 Wireless Mesh Network Security
6.7 Closing Remarks
6.8 Exercises
7.1
7.2
7.3
7.4
General Framework
Packet Filters
7.2.1 Stateless Filtering
7.2.2 Stateful FJltenng
CIrCUIt Gateways
7.3.1 Basic Structures
7.3.2 SOCKS
Application Gateways
7.4.1 Cache Gateways
Contents
xvi
7.4.2 Stateful Packet Inspections
Trusted Systems and Bastion Hosts
7.5.1 Trusted Operating Systems
7.5.2 Bastion hosts and Gateways
7.6 Firewall Configurations
7.6.1 Single-Homed Bastion Host System
7.6.2 Dual-Homed Bastion Host System
7.6.3 Screened Subnets
7 6 4 Demilitarized Zones
7.6.5 Network Security Topology
7 7 Network Address Translations
7.7.1 Dynamic NAT
7.7.2 Virtual Local-Area Networks
7.7.3 Small Office and Home Office Firewalls
7.8 Setting Up Firewalls
7.8.1 Security Policy
7.8.2 Building A Linux Stateless Packet Filter
7.9 Closmg Remarks
7.10 Exercises
259
259
259
260
261
261
262
263
264
265
265
266
267
267
268
268
269
270
270
The Art of Anti Malicious Software
277
277
278
280
282
283
284
285
287
287
288
288
289
290
292
293
294
295
296
297
298
298
299
301
301
7.5
8
8.1
8.2
8.3
8.4
8.5
8.6
VIruses
8.1.1 Virus Types
8.1.2 Virus Infection Schemes
8.1.3 Virus Structures
8.1.4 Compressor VIruses
8.1.5 Virus Disseminations
8.1.6 Win32 Virus Infection Dissection
8.1.7 Virus Creation Toolkits
Worms
8.2.1 Common Worm Types
8.2.2 The Morns Worm
8.2.3 The Mehssa Worm
8.2.4 Email Attachments
8.2.5 The Code Red Worm
8.2.6 Other Worms Targeted at Microsoft Products
VIrus Defense
8.3.1 Standard Scannmg Methods
8.3.2 Anti-Virus Software Products
8 3 3 Virus Emulator
Trojan Horses
Hoaxes
Peer-to-Peer Secunty
8.6.1 P2P Secunty Yulnerablhtles
8.6.2 P2P Security Measures
Contents
8.6.3 Instant Messaging
Web Security
8.7.1 Basic Types of Web Documents
8.7.2 Security of Web Documents
8 7 3 ActiveX
8.7.4 Cookies
8.7.5 Spyware
8.7.6 AJAX Security
8.7.7 Safe Web Surfing
8 8 Distributed Denial of Service Attacks
8 8 1 Master-Slave DDoS Attacks
8.8.2 Master-Slave-Reflector DDoS Attacks
8.8.3 DDoS Attacks Countermeasures
8.9 Closing Remarks
8.10 Exercises
301
302
303
304
305
306
307
308
309
310
310
310
311
313
313
The Art of Intrusion Detection
Basic Ideas of Intrusion Detection
9.1.1 Basic Methodology
9.1.2 Auditing
9.1.3 IDS Components
9.1.4 IDS ArchItecture
9.1.5 Intrusion Detection Policies
9.1.6 Unacceptable Behaviors
9.2 Network-Based Detections and Host-Based Detections
9.2.1 Network-Based Detections
9.2.2 Host-Based Detections
9.3 SIgnature Detections
9.3.1 Network Signatures
9.3.2 Host-Based Signatures
9.3.3 OutSIder BehaVIOrs and InSIder MIsuses
9.3.4 SIgnature Detection Systems
9.4 StatIstIcal AnalySIS
9.4.1 Event Counter
9.4.2 Event Gauge
9.4.3 Event Timer
9.4.4 Resource UtIlIzatIOn
9.4.5 StatIstIcal Techmques
9.5 Behavioral Data Forensics
9.5.1 Data Mining Techniques
9.5.2 A Behavioral Data Forensic Example
9.6 Honeypots
9.6.1 Types of Honeypots
9.6.2 Honeyd
9.6.3 MWCollect Projects
317
317
318
319
320
322
324
325
325
326
328
329
329
330
332
333
334
334
335
335
335
336
336
337
337
338
338
340
343
8.7
9
xvii
9.1
xviii
Contents
9.7
98
9.6.4 Honeynet Projects
Closing Remarks
Exercises
343
344
344
A
7-bit ASCII code
349
B
SHA-512 Constants (in hexadecimal)
351
C
Data Compression using ZIP
353
D
Base64 Encoding
355
E
Cracking WEP Keys using WEPCrack
E.l System Setup
E.2 Experiment Details
E.3 Sample Code
357
357
358
360
F
Acronyms
365
References
371
Index
377
Chapter 1
Network Security Overview
lj you know your enemies and know yourself, you will win hundred times in hundred battles.
If you know yourself but not your enemies, you will suffer a defeat for every victory won. If
you do not know yourselj or your enemies, you will always lose.
- Sun Tzu, "The Art of War"
The goal of network security is to give people the freedom to enjoy computer networks without fear of compromising their rights and interests. Network security
therefore needs to guard networked computer systems and protect electromc data
that IS eIther stored 10 networked computers or transmItted 10 the networks. The Internet whIch IS bUIlt on the IP comrnumcation protocols has become the dommant
computer network technology. It interconnects millions of computers and edge networks into one immense network system. The Internet is a public network, where
individuals or organizations can easily become subscribers of the Internet service by
connectmg theIr own computers and networkmg deVIces (e.g. routers and smfters)
to the Internet and paymg a small subscnptlOn fee.
Since IP is a store-forward switching technology, where data is transmitted using
routers controlled by other people, user A can read user B's data that goes through
user A's network equipment. Likewise, user A's data transmitted in the Internet may
also be read by user B. Hence, any mdlvldual or any orgamzatlOn may become an
attacker, a target, or both. Even If one does not want to attack other people, It IS
stIll pOSSIble that one's networked computers may be compromIsed mto becommg
an attacking tool. Therefore, to achieve the goal of network security, one must first
understand the attackers, what could become their targets, and how these targets
mIght be attacked.
2
I Network Security Overview
1.1 Mission and Definitions
The tasks of network security are to provide confidentiality, integrity, non-repudiation, and availability of useful data that are transmitted in public networks or stored
in networked computers.
The concept of data has a broad sense in the context of network security. Any object that can be processed or executed by computers is data. Thus, source code, executable code, files in various formats, email messages, digital music, digital graphics, and digital video are each considered data. Data should only be read, written, or
modified by legitimate users. That is, unauthorized individuals or organizations are
not allowed to have access to data.
Just as CPU, RAM, hard disk, and network bandwidth are resources, data is also
a resource. Data is sometimes referred to as information or message.
Each piece of data has two possible states, namely, the transmission state and the
storage state. Data In the transmISSIOn state IS SImply data In the process of beIng
dehvered to a network destInatIOn.Data In the storage state IS that whIch IS stored In
a local computer or In a storage deVIce. Thus, the meamngs of data confidentlahty
and data integrity have the following two aspects:
1. Provide and maintain the confidentiality and integrity of data that is in the transmISSIOn state. In thIS sense, confidentlahty means that data durIng transmISSIOn
cannot be read by any unauthonzed user and integrity means that data dunng
transmission cannot be modified or fabricated by any unauthorized user.
2. Provide and maintain the confidentiality and integrity of data that is in the storage state. Within this state, confidentiality means that data stored in a local device
cannot be read by any unauthonzed user through a network and Integnty means
that data stored In a local deVIce cannot be modIfied or fabncated by any unauthonzed user through a network.
Data non-repudiation means that a person who owns the data has no way to
convince other people that he or she does not own it.
Data avaIlablhty means that attackers cannot block legItImate users from USIng
aVaIlable resources and servIces of a networked computer. For example, a computer
system Infected WIth a VIruS should be able to detect and dISInfect the VIruS WIthout
much delay, and a server hit by denial of service attacks should still be able to
provide services to its users.
UnIntentIOnal components In protocol speCIficatIOns, protocol ImplementatIOns,
or other types of software that are explOItable by attackers are often referred to as
loopholes, flaws, or dejects. They mIght be an Imperfect mmor step In a protocol
design, an unforeseen side effect of a certain instruction in a program, or a misconfigured setting in a system.
Defense is the guiding principle of network security, but it is a passive defense
because before beIng attacked the vIctIm has no Idea who the attackers are and
from whIch computers In the Jungle of the Internet the attackers wIll launch theIr
attacks. After a victim is attacked, even if the attacker's identity and computer system is known, the victim still cannot launch a direct assault at the attacker, for such
1.2 Common Attacks and Defense Mechanisms
3
actions may be illegal. What constitutes legal actions against attackers involves a
discussion of relevant laws, which is beyond the scope of this book. Therefore, even
though offense may be the best defense, this tactic may not apply to network security. Building a deep layered defense system is instead the best possible defense
tactic in network security. Within this type of defense system, multiple layers of
defense mechanisms are used to resist possible attacks.
Network security is a major part of information security. In addition to network
security, information security deals with many other security issues, including security policies, security auditing, security assessment, trusted operating systems,
database security, secure code, emergency response, computer forensics, software
forensics, disaster recovery, and security training. This book does not cover these
issues, but it may touch certain aspects of them.
1.2 Common Attacks and Defense Mechanisms
Common network security attacks can be characterized mto a few basIc types. Almost every known network security attack IS eIther one of these basIc types or a
combination of several basic types.
1.2.1 Eavesdropping
Eavesdropping is an old and effective method for stealing private information. In
network communications, the purpose of eavesdropping is to intercept data from
network traffic usmg a networkmg devIce and a packet smffer. A packet smffer,
a.k.a. network smffer, IS a program for momtoring mcommg network traffic. When
connecting a router to the Internet, for example, one can use a packet sniffer to
capture all the IP packets going through that router. TCPdump and Wireshark
(formerly known as Ethereal) are the two most widely-used network sniffers
today, whIch are aVaIlable as free downloads from theIr Websltes (see ExercIse 1.3).
Usmg thIs eavesdroppmg techmque, the eavesdropper can mtercept IP packets
that go through the router he controls. To capture a partIcular IP packet, however,
the eavesdropper must first determine which communication path the IP packet will
travel through. Then he could either try to get control of a certain router on the path
or try to msert a new router of hIs own on the path. ThIs task IS more dIfficult, but
IS not ImpossIble. For example, the eavesdropper may try to compromIse a router
on the path and mstall a packet smffer m It to mtercept the IP packets he IS after.
The eavesdropper may also use an ARP spoofing technique (see Section 1.2.4) to
reroute IP packets to his sniffer without compromising a router.
Eavesdropping wireless communications is easier. In this case, the attacker simply needs to place a receIver wIth the same radIO frequency of the wIreless network
wlthm the commumcation range of the network.
4
I Network Security Overview
There is no way to stop eavesdropping in public networks. To counter eavesdropping, the best thing one can do is to encrypt data. Computer cryptography is
developed for this purpose, where the sender encrypts data before he transmits it.
Data encryption is a major component of computer cryptography. It uses an encryption key to break the original data into pieces and mix them up into an unintelligible
form, making it difficult for the eavesdropper to obtain any useful information out
of it. Thus, even if the eavesdropper is able to intercept the encrypted data, he is
still not able to obtain the original data without knowing the decryption key. Original data is also referred to as plaintext data, while encrypted data is referred to as
ciphertext data.
Ciphertext data can be converted back to plaintext data using a decryption key.
The encryption (and decryption) key is a string of characters, which is also referred
to as a secret key. In a symmetric-key encryption algorithm, the encryption key and
the decryption key are identical.
1.2.2 Cryptanalysis
Cryptanalysis is the art of finding useful information from ciphertext data without
knowing the decryption keys. For example, in a substitution cipher that substitutes
plamtext letters wIth cIphertext letters, If a cIphertext message reveals a certam statIstIcal structure, then one may be able to decIpher It. To obtam a statIstIcal structure
of the data one may calculate the frequency of each character m the cIphertext data
and compare it against the known statistical frequency of each character in the language used in the plain text. For example, in the English language, the letter "e"
has the highest frequency. Thus, in a substitution cipher, the character that has the
hIghest frequency m the cIphertext data IS ltkely to correspond to the plamtext letter
"e" (see e.g. Exercise 1.5). Analyzing statistical structures of ciphertext messages
was an effective method to break encryption algorithms before the computer era.
Modern encryption algorithms can produce ciphertext without showing any statistical structure. Therefore, cryptanalysis is focused on analyzing encryption algonthms usmg mathematIcal tools and hIgh-performance computers.
The best way agamst cryptanalysIs IS to devIse encryptIon algonthms that reveal
no statIstIcal structures m cIphertext messages and use longer encryption keys. Using longer keys makes brute force analysis more impractical. In addition to having
stronger encryption algorithms, it is equally important to distribute and manage keys
and to Implement encryption algonthms wIthout explOItable loopholes.
1.2.3 Password Pi{[ering
Computer users need to prove to the system that they are legItImate users. The most
WIdely used authentIcatIOn mechamsm IS m the form of user names and user pass-
1.2 Common Attacks and Defense Mechanisms
5
words. User names are public information, but user passwords must be kept secret.
Only two parties should have knowledge of the password, namely, the user and the
underlying computer program (e.g. an operating system or a specific application). A
password is a sequence of letters, digits, or other characters, which is often selected
by the user. Legitimate users enter their user names and passwords to prove their
legitimacy to the computer program with their account information. An unauthorized user may impersonate a legitimate user to "legitimately" log on to a passwordprotected device, if he can get hold of a legitimate user name/password pair. He can
then gain a]] the "legal" rights to transmit, receive, modify, and fabricate data.
Password protection is often the first defense line, and sometimes it is the only
defense mechanism available in the system. Thus, we must take measures to ensure that user passwords are we]] protected against larcenies. For this purpose we
will look at several common methods for pilfering user passwords. These methods include guessing, social engineering, dictionary attacks, and password sniffing.
Phishing attacks have become a most common form of mass social engineering attacks in recent years.
Guessing
Guessing is the easiest method to i11egitimately acquire a password. The attacker
may get lucky If the user uses a short password or If he forgets to change the default
password created for hIm. Also, users have a tendency to use the same passwords.
Accordmg to a recent survey by PC Magazme, the ten most common passwords
used by users, listed in decreasing order of popularity, are as follows:
1. password
2. 123456
3. qwerty (which are keys below 123456 on standard keyboards)
4. abc123
5 Jetmein
6. monkey
7. myspace1
8. password1
9. blink182
10. the user's own first name
If the user chooses a simple password such as these ten easy ones then the guesser
would mdeed have an easy task.
Social Engineering
Social engineering is a method of using social ski11s to pilfer secret information from
the vIctIms. For example, attackers may try to Impersonate people WIth authonty or
organizations of reputation to tnck un-vlgdant people to reveal theIr user names and
1 Network Security Overview
6
user passwords to the attackers. Impersonation may be carried out either in person or
in an electronic form. Phishing is an electronic form of social engineering targeted
at a large number of people.
There are other forms of social engineering attacks. For example, attackers may
try to collect recycled papers from the recycle bins in a corporation's office building,
hoping to find useful login information. Attackers may also make a Web browser
pop up a window asking for user login information.
Physical Impersonation
Physical impersonation means that the attacker pretends to be a different person to
delude the victim. For example, the following imaginary conversion between the attacker and a receptionist named Betty demonstrates how a social engineering attack
might be carried out in person:
Attacker: (Speaking with an authoritative voice.) "Hello, Betty, this is Nina Hatcher. I am
Marketing Manager of the China branch office."
Betty: (Thinking that this woman knew my name, my number, and spoke like a manager,
she must be whom she said she was.) "IIello, Nina, what can I do for you?"
Attacker: "Betty, I am attending a meeting in Guangzhou to finalize an important deal with
a large corporatIOn In China. To close the deal, I'll need to venfy certain techmcal data produced by your group that I believe is still stored in the computer at your site. This is urgent.
I tned to log on to your system today, but for some reason It dIdn't work. I was able to log
on to It yesterday though. Is your computer down? Can you help me out here?"
Belly: "Well, I don't know what happened. But you may try the {olloWIng ... " (Thinking
that she is doing the company a favor by telling the marketing manager how to get into the
system.)
PhIshmg
PhIshmg attacks are mass SOCIal engmeermg attacks that take advantage of people with a tendency to trust authorities. The main forms of phishing attacks are
disguised email messages or masqueraded Websites. For example, attackers (also
called phishers) send disguised email messages to people as if these messages were
from banks, credIt card companIes, or other financIal mstltutlOns that people may
pay attention to. People who recerve such messages are told that there was a secunty
breach in their accounts, and so they are required to verify their account information for security purposes. They are then directed to a masqueraded Website to enter
their user names and passwords (e.g. see Exercise 1.8). The following example is a
real phlshmg message verbatIm:
Date: Fri, 5 Oct 2007 16:11 :46 -0700
From: US Bank
1.2 Common Attacks and Defense Mechanisms
7
Subject: US Bank - Internet Online Access is Locked - October 5, 2007 at 12:23:05
PM
Dear US Bank customer,
We're sorry, but you reached the maximum number of attempts allowed to login
into your US Bank account. For your protection, we have locked your account.
Consequently, we placed a temporary restriction on your account. We did this to
protect your account from any fraudulent activity.
Please click below and complete the steps to Remove Limitations. This allows us
to confirm your identity and unlock your US Bank online account
http://www4-usbank.com/
If we do no receive the appropriate account verification within 48 hours, then we
will assume this US Bank account is fraudulent and will be suspended.
US Bank, Member FDIC. @2007 US Bank Corporation. All Rights Reserved.
The link in the email is of course a trap, which links to a Website set up by the
phisher to capture the account information entered by the victims. Here the email
and the WebsIte are the baIt. The SnIffing mechanIsms hldmg behmd the Web page
are the hook. Even you do not plan to enter any mformatlOn on the WebSIte, clIckmg the lmk m a phlshmg emaIl may already compromise your computer, for modern
phishing techniques make it possible to embed exploits in a Web page and the exploits will be activated when you open the Web page.
In general, any phishing email would contain a link to a bogus Website, called a
phishing site. Phlshmg sItes look Just lIke the real ones, wIth the purpose of lurmg
careless users to enter usefullogm mformatlon to be captured by the phlsher. Antiphishing extensions of Web browsers are emerging technology for detecting and
blocking phishing sites.
Dictionary Attacks
For security reasons, only encrypted passwords, i.e. not in their original form, should
be stored in a computer system. This prevents attackers from learning the passwords
even If they break mto the system. In early versIOns of UNIX and Lmux operatmg
systems, for example, the encrypted user passwords of the system are stored m a
file named passwd under dIrectory / etc. ThIS encryption IS not a one-to-one encryption. Namely, the encryption algorithm can calculate the ciphertext string of
a given password, but the ciphertext string cannot be uniquely decrypted. Such an
encryption is also referred to as an encrypted hash. In early versions of UNIX and
Lmux operatmg systems, user names and the correspondmg encrypted user passwords stored tn the passwd file were ASCII stnngs that could be read by users. In
later versions of UNIX and Linux operating systems, however, the encrypted user
passwords of the system are no longer stored this way. Instead, they are stored in a
8
I Network Security Overview
file named shadows under directory / etc, which is an access-restricted system
file.
In the Windows NT/XP operating system, for another example, the user names
and the encrypted user passwords are stored in the system's registry in a file named
SAM. They can be read using special tools, e.g. pwdump.
Dictionary attacks take advantage of the way some people use dictionary words,
names, and dates as passwords. These attacks find user passwords from their encrypted forms. A typical dictionary attack proceeds as follows:
1. Obtain information of user names and the corresponding encrypted passwords.
This was done, for example, in early versions of Linux or Linux by getting a
copy ofthe / etc/passwd file. In Windows XP, it can be done using pwdump
to read the system registry.
2. Run the encryption routine used by the underlying system on all dictionary
words, names, and dates. That IS, compute the encrypted hash for each dIctIOnary word, each name, and each date.
3. Compare each output obtained from Step 2 with the encrypted passwords obtained from Step 1. If a match presents, a user password is found. In other words,
suppose w is a word and Wi = crypt ( w) is the output of the encryption routine
crypt on input w. Suppose u and Pu are a pair of user name and encrypted password of user u. If Wi = Pu, then w is user u's password or is equivalent to user u's
password, for w may not be unique.
Step 2 is computationally intensive, for there are many words, names, and dates.
To avoid carrying out this costly computation each time an encrypted hash is given,
one would want to pre-compute Step 2 and store the results (i.e. password-hash
pairs) m one table, so that one only needs to do a table lookup to find the correspondmg plamtext password from the grven encrypted hash. But such a table WIll
be humongous. Constructing a Rainbow table helps to reduce the table size and
make the computation at Step 2 manageable.
Rambow Tables
A rainbow table is a table of two columns constructed as follows: Let r be a function
that maps an encrypted hash of a password to a string in the domain of possible
passwords. ThIs functIOn r IS referred to as a reduction functIOn, for the length of
a password IS typIcally shorter than the length of ItS encrypted hash value. The
functIOn r can be defined in a number of ways. For example, suppose the domam of
passwords is a set of all possible 8-character strings. Let h be a cryptographic hash
function that, on an 8-character password, generates a 16-character long hash value.
Then we may define r as follows: For any 8-character string w, function r on input
h(w) returns the last eight characters of h(w). Function r may also return the first
eight characters of h(w) or any combination of eight characters selected from h(w).
Note that r is not an inverse function of h.
1.2 Common Attacks and Defense Mechanisms
9
Let WII be a given password. Apply hand r alternatively to obtain a chain of
passwords that are different pairwise:
Wll, W12,'" , WIn] ,
where nl is a number chosen by the user, and
Wli = r(h(wl,i_J)),
i
= 2,3,··· ,nl.
(WII ,h(Wln]))
in the rainbow table, where Wll is in the first column and h(Wlnl) is in the second
column.
Now choose a new password W21 (i.e. W21 has not been generated in previous
chains). Repeat the same procedure for another round to obtain
where n2 is a number chosen by the user and W2i = r(h( W2,i- d for i = 2,3, .. · ,n2,
such that the first cham and the second cham are dlsJomt. That IS, for any 1 < u < nl
and 1 :::; v :::; na. we have WI u -I=- W2v. Store
in the rainbow table. Performing this procedure k times will generate k rows in the
rambow table as follows:
assword hash value
h(Wl n1)
WIl
h(W2nz}
W21
Wkl
h(Wknk)
where W jl is the first password in the jth chain, h( W jnj) is the encrypted hash of the
last password m the same cham, and the chams are dlsJomt pmrwlse.
Let j : A ----+ Band g : B ----+ A be two functIons. Let y E Band i ::;, O. Define
(jog)l(y) as follows:
i( )
(J og ) y =
ifi = 0,
J(g((fog)i-l(y))),ifi::;'1.
{ y,
Let Qo be an encrypted value of a password w. That is, Qo = h(w). If
10
I Network Security Overview
for some i > 0 and some j with 1 < j < k and i < j, then W is possible to appear in
the jth chain of Wj1 , ... ,Wjn i: Thus, the following algorithm may help find w.
1. Set Q1 f - Qo and t f - O. Let n = max{nl,'" ,nd.
2. Check if there is a 1 :s; j :s; k such that Ql = h( Wjn j) and t :s; n. If yes, goto Step
3; otherwise, goto Step 4.
3. Apply rand h alternatively on Wj1 for 0 :s; i :s; j times until Wjn, = (r 0 h)i (wjl )
is generated such that h(wjnJ = Qo. If such a Wjni is found, return W = Wjni;
otherwise, goto Step 4.
4. Set QI f - h(r(Q1)) and t f - t + 1. If t :s; n then goto Step 2. Otherwise, return
"password not found." (The rainbow table does not contain the password whose
hash value equals Qo).
Note that several different reduction functions may be used in the same password
chain. This may help avoid collisions that two different chains, starting from different passwords, may end up at the same password or at the same hash value at some
pomt.
Remarks
It IS worth notmg that dIctIOnaryattacks may also be used
10 a pOSItIVe way. For example, Wmdows Office allows users to encrypt MIcrosoft Word documents, where
secret keys used for encryption are generated based on the passwords selected by
users. If, after a long while, a user forgets the password of a password-protected document, then the file will no longer be useful, for the user cannot decrypt it. To solve
thIs problem, a company named Elcomsoft developed a password recovery software
program usmg the dIctIOnary-attack techmques. ThIs IS a positrve apphcatlOn of dICtionary attacks. On the other hand, we note that if an encrypted office document is
stolen, then the thief can also use this program to decrypt the document. There is a
positive side and a negative side in every thing. A kitchen knife is intended to chop
food, but It can also be used to harm people. Water can carry boats, but It can also
topple them.
We also note that the file / etc/passwd 10 recent versions of UNIX and Lmux
no longer displays the encrypted user passwords (see Exercise 1.6). This makes it
more difficult for the attackers to obtain the list of encrypted passwords for launch109 a dIctIOnaryattack.
Password Sniffing
Password sniffers are software programs, us