1

Security Overview & Cryptography

Drawing some correlations

2

Why Security?

• The Internet was designed for connectivity – Trust was assumed

– Security protocols added on top of the TCP/IP

• The Internet has become fundamental to our daily activities (business, work, and personal)

3

Internet Evolution

Security (threats and challenges) change as the Internet evolves!

LAN connectivity Content driven (email, web, music, video)

Data on the Cloud

4

Recent Incidents

• Slingshot (March 2018) - APT

– Active since 2012!

– Compromise MikroTik routers• not much clarity to on how they do it, but assumed to be based on the

ChimayRed exploit - https://github.com/BigNerd95/Chimay-Red

– replace one of the dll in the router's file system with a malicious one (ipv4.dll)• loaded into user's computer when they run the Winbox tool

– Once infected• capture screenshots, collect network info, passwords on browsers,. key

strokes etc

5

Recent Incidents

• Meltdown/Spectre (Jan 2018)

– Exploits processor vulnerabilities!• Intel, AMD, ARM

– Meltdown (CVE-2017-5754):• Breaks the isolation between programs & OS

• An application could read kernel memory locations

– Spectre (CVE-2017-5753/CVE-2017-5715)• Breaks isolation between applications

• An application could read other application memory

6

Recent Incidents

• (Not)Petya Ransomware/Wiper (June 2017)– Exploited a backdoor in MeDoc accounting suite

• Update pushed on June 22 from an update server (stolen credentials)

• proxied to the attacker’s machine (176.31.182.167)

– Spread laterally across the network (June 27)• EternalBlue exploit (SMB exploit: MS17-010)

• through PsExec/WMIC using clear-text passwords from memory

• C:\Windows\perfc.dat hosted the post-exploit code (called by rundll32.exe)

7

Recent Incidents• WannaCry Ransomware (May 2017)

– As of 12 May, 45K attacks across 74 countries

– Remote code execution in SMBv1 using EternalBlue exploit• TCP 445, or via NetBIOS (UDP/TCP 135-139)

– Patch released on 14 March 2017 (MS17-010)• https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

– Exploit released on 14 April 2017

8

Not-so Recent Incident

• SHA-1 is broken (Feb 23, 2017)– colliding PDF files: obtain same SHA-1 hash of two different

pdf files, which can be abused as a valid signature on the second PDF file.• https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html

9

shodan.io

10

• Find any internet connected device

haveibeenpwned.com

11

abc@test.com

• Have you been compromised?

Securing the device (Hardening)

12

Think of ALL devices

• 21 Sept 2016– 600Gbps+ attack on Brian Krebs site (hosted by Akamai)

• https://krebsonsecurity.com

• 30 Sept 2016 – Mirai source code released to https://hackforums.net– More (smarter and competing) variants

• 21 Oct 2016– ~1Tbps attack on Dyn

• 26 Nov 2016– 900K+ Deutsche Telecom subscribers offline

• Feb 2018– 1.35Tbps attack on Github– Memcache (UDP11211) with spoofed source addresses

• 10000x!

What caused all these?

• “Internet of STUPID Things (IoT)” – Geoff Huston– CPEs, IP Cameras/webcams, DVRs, etc

• The issue?– Admin password exposed via web interface

– Factory (OEM) default admin credentials

– WAN management allowed (this means anyone on Internet)• TR-069 (CWMP)

And the techniques?

• Attack techniques were common (and not so common ones too)

– SYN floods

– Low bandwidth HTTP floods

– DNS water torture (Query floods reported since 2014)

– GRE floods*

Password visible - Web Interface

Allow remote access

How difficult is it to find one?

Source: https://www.flickr.com/photos/kylaborg/12887906353/

Mirai brute force –OEM default UN and PW

19

https://www.incapsula.com/blog/malware-analysis-mirai-ddos-botnet.html

root xc3511 root vizxv root admin admin admin root 888888 root xmhdipc root default root juantech root 123456 root 54321 support support root (none) admin password root root root 12345 user user admin (none) root pass admin admin1234 root 1111 admin smcadmin admin 1111 root 666666 root password root 1234 root klv123 Administrator admin service service supervisor supervisor guest guest guest 12345 guest 12345 admin1 password administrator 1234 666666 666666 888888 888888 ubnt ubnt root klv1234 root Zte521 root hi3518 root jvbzd root anko root zlxx. root 7ujMko0vizxv root 7ujMko0admin root system root ikwb root dreambox root user root realtek root 00000000 admin 1111111 admin 1234 admin 12345 admin 54321 admin 123456 admin 7ujMko0admin admin 1234 admin pass admin meinsm tech tech

What was/is the scale?

• Geo-locations of Mirai-infected devices as of Oct 2016

https://www.incapsula.com/blog/malware-analysis-mirai-ddos-botnet.html

What was/is the scale?• As many as 20 million devices vulnerable to CWMP

exploits (Oct 2017)

https://maps.shodan.io

Current Status?• Please check shodan maps and update here!

https://maps.shodan.io

Packet Filtering

23

Firewalls in Network?

• Run a dirty but fast network – Maz (IIJ)– FWs in front of your services/applications

• Firewall in modern networks (Randy Bush –IIJ):

iACL– IPv4 (equivalent for v6!) ip access-list extended TRAFFIC-INdeny udp/tcp any any eq 19 ! Chargendeny udp/tcp any any range 135 139 ! netbios stuff deny udp any any eq 123 ! no one should use our NTP deny tcp any any eq 445 ! Blaster/SMB worm deny tcp any any eq 1025 ! uSoft RPC exploit deny tcp any any eq 1337 ! Redshell backdoor deny tcp any any eq 1433 ! MS SQL worm deny udp any any eq 1434 ! MS SQL worm deny udp any any eq 2049 ! Sun NFS deny tcp any any eq 2745 ! Blaster worm deny tcp any any eq 3001 ! NessusD backdoor deny tcp any any eq 3127 ! MyDoom worm deny tcp any any eq 3128 ! MyDoom worm deny tcp any any eq 5000 ! WindowsXP UPnP port deny tcp any any eq 6129 ! Dameware backdoordeny udp/tcp any any eq 11211 ! Memcached exploitdeny tcp any any eq 11768 ! Dipnet/Oddbob worm deny tcp any any eq 15118 ! Dipnet/Oddbob wormdeny icmp any any fragments ! Block ICMP fragmentspermit icmp any anydeny ip <your-address> <wildcard> anypermit ip any any

Source IP spoofing – Defense

• BCP38 (RFC2827)– Since 1998!

– https://tools.ietf.org/html/bcp38

• Only allow traffic with valid source addresses to– Leave your network

• Only packets with source address from your own address space

– To enter/transit your network• Only source addresses from downstream customer address space

26

uRPF – Unicast Reverse Path

• Unicast Reverse Path Forwarding (uRPF)– Router verifies if the source address of any packets received

is in the FIB table and reachable (routing table)• Drop if not!

– Recommended on customer facing interfaces

27

(config-if)#ipv6 verify unicast source reachable-via {rx | any}

uRPF – Unicast Reverse Path

28

• Modes of Operation:

– Strict: verifies both source address and incoming interface with FIB entries

– Loose: verifies existence of route to source address

pos0/0ge0/0

Src = 2406:6400:100::1

Src = 2406:6400:200::1

FIB:2400:6400:100:/48 ge0/02400:6400:200:/48 fa0/0

pos0/0ge0/0

Src = 2406:6400:100::1

Src = 2406:6400:200::1

Image source: “Cisco ISP Essentials”, Barry Greene & Philip Smith 2002

Configuration backup/ archiving

29

Configuration Files

• Careful sending config files - people can snoop the wire– MD5 validation

– SCP to copy files/images• Avoid TFTP and FTP!

• Use tools like ‘rancid’ or ‘oxidized’ to periodically check them against modified configuration files

scp <file|image> user@router-ip:bootflash:<file-image>!scp user@router-ip:bootflash:<file-image> .

#verify /md5 nvram:startup-config.Done!verify /md5 (nvram:startup-config) = 7b9e589178bd133fecb975195701447d

OOB Management

31

• OOB device management should be used - DoS attacks do not hinder access to critical devices

• Reverse Telnet is a good tool in emergencies!AUX <-> Console

telnet <your-IP>:<2000+TTY#>

sh line

Acknowledgment

• Most of the content is from:

– Steven M.Bellovin’s “Thinking Security”

– https://www.cs.columbia.edu/~smb/

32

Before we start…

• What are we protecting?, and

• Against whom?

33

• All security system designs should be based on these questions!

Attack Motivation (Who are your Enemies?)

• Nation states want SECRETS

• Organized criminals want MONEY

• Protesters or activists want ATTENTION

• Hackers and researchers want KNOWLEDGE

34

Source: NANOG60 keynote presentation by Jeff Moss, Feb 2014

http://cartoonsmix.com/cartoons/national-security-agency-cartoon.html

Who are your Enemies?

35

• Script kiddies: little real ability, but can cause damage if you’re careless

• Money makers: Hack into machines, turn them into spam engines, etc.

• Government intelligence agencies, AKA Nation State Adversaries

The Threat Matrix

36

Degree of Focus

Opportunistic hacks

Joy hacks Targeted attacks

Advanced Persistent Threats

Source: Thinking Security – Steve M. Bellovin

Joy Hacks

• For fun – with little skill using known exploits

• Minimal damage– especially unpatched machines

• Random targets– anyone they can hit

• Most hackers start this way– learning curve

37

Opportunistic Hacks

• Skilled (often very skilled) - also don’t care whom they hit– Know many different vulnerabilities and techniques

• Profiting is the goal - bank account thefts, botnets, ransomwares….– WannaCry?

• Most phishers, virus writers, etc.

38

Targeted Attacks

• Have a specific target!

• Research the target and tailor attacks– physical reconnaissance

• At worst, an insider (behind all your defenses)– Not-so happy employee

• Watch for “spear-phishing”

• May use 0-days

39

Advanced Persistent Threats

• Highly skilled (well funded) - specific targets– Mostly 0-days

• Sometimes (not always) working for a nation-state– Think Stuxnet (up to four 0-days were used)

• May use non-cyber means:– burglary, bribery, and blackmail

• Note: many lesser attacks blamed on APTs

40

Are you a Target?

• Biggest risk?– assuming you are not interesting enough!

• Vendors/System Integrators and their take on security:– Either underwhelming or Overwhelming

41

Defense Strategies

• Depends on what you’re trying to protect

• Tactics that keep out teenagers won’t keep out a well-funded agency

• But stronger defenses are often much more expensive and cause great inconvenience

42

What Are You Protecting?

• Identify your critical Assets– Both tangible and intangible (patents, methodologies) assets

• Hardware, software, data, people, documents

– Who would be interested?

• Place a Value on the asset– Different assets require different level of protection

– Security measures must be in proportion with asset value• How much can you afford?

• Determine Likelihood of breaches– threats and vulnerabilities ?

43

Against Joy Hacks

• By definition, joy hackers use known exploits

• Patches exist for known exploits:– Up to date system patches

– Up to date antivirus database

• Ordinary enterprise-grade firewalls will also repel them

44

Against Opportunistic Hacks

• Sophisticated techniques used

• You need multiple layers of defense– Up to date patches and anti-virus

– Firewalls

– Intrusion detection

– Lots of attention to log files

45

Against Targeted Attacks

• Targeted attacks exploit knowledge of target– Try to block or detect reconnaissance

– Security policies and procedures matter a lot• How do you respond to phone callers?

• What do people do with unexpected email attachments?

• USB sticks in the parking lot?

• Hardest case: disgruntled employee or ex-employee– Already behind your defenses

– Think Manning & Snowden

46

Against APTs

• VERY VERY hard to defend against!

• Use all of the previous defenses– There are no sure answers

• Pay special attention to policies and procedures

• Investigate all oddities

47

Varying Defenses

• Don’t use the same defenses for everything– Keep them guessing ☺

• Layer them– protect valuable systems more carefully

• Maybe you can’t afford to encrypt everything– but you probably can encrypt all communications among

and to/from your high-value machines

48

However…

• Every machine (connected) is valuable

• They could be turned into bots– Send spam, launch DDoS, host phishing sites

– Sniff your local traffic

• Defense: – watch outbound traffic from your network

49

Summary

• Use proper crypto

• Multi-layered security– Updated patches and AVs

– Backup important data

– Firewalls

– IDS/IPS (anomaly detection)

• Strictly follow security procedures– Revise and audit frequently

50

Target

• Targets could be:– Network infrastructure

– Network services

– Application services

– End user machines

Uneven Playing Field

• The defender has to think about the entire perimeter– all the weakness

• The attacker has to find only one weakness

• This is not good news for defenders

52

Attack Surface

• Entire Perimeter you have to Defend

53

Web ServerDNS

SMTP

Power Fiber

Application

Firewall

Soft Gooey Inside

• But it is not just the perimeter!

54

Web Server DNS

SMTP

PowerFiber

Application

Firewall

USB SticksSpearfishingPasswords

Ex-EmployeesSysAdmins

Cryptography

55

• All about hiding information in plain sight!

Key is the key

• key length is a measure in bits

• key space is the number of possibilities that can be generated by a specific key length

• Example : – 22 key = a keyspace of 4

– 24 key = a keyspace of 16

– 240 key = a keyspace of 1,099,511,627,776

56

• Assume everyone knows your encryption/decryption algorithm– Security of encryption lies in the secrecy of the keys, not the

algorithm! • Kerckhoff’s Principle (1883)

• How do we keep them safe and secure?

57

Key is the key

Work Factor

• The amount of processing power and time to break a crypto system– No system is unbreakable!

• The idea is to make it “expensive” to break/guess

58

Encryption and Decryption

Plaintext (P) Cipher Text (C) Plaintext (P)

ENCRYPTION

ALGORITHM

DECRYPTION

ALGORITHM

Encryption Key Decryption Key

59

Symmetric & Asymmetric keys

• Two categories of cryptographic methods– Symmetric and Asymmetric key encryption

60

Symmetric Encryption

• Same key is used to encrypt and decrypt – Both sender and receiver needs to know the key

• Also called shared secret-key cryptography

– The key must be kept a “secret” to maintain security

• Follows the more traditional form of cryptography (pre 1970) – key lengths ranging from 40 to 256 bits

• Widely used examples:– DES/3DES, AES, RC4/6

61

Same shared secret-key

Plain text

ENCRYPTION

ALGORITHM

DECRYPTION

ALGORITHM

Cipher text Plaintext

Encryption Key Decryption Key

Symmetric Encryption

62

Symmetric Encryption

• Advantages– fast computation since the algorithms require small number

of operations

• Disadvantages:– The sender and receiver needs to know the shared secret

key before any encrypted conversation starts• How do we securely distribute the shared secret-key between the sender

and receiver?

– What if you want to communicate with multiple people, and each communication needs to be confidential?• How many keys do we have to manage? A key for each!

• Key EXPLOSION!

63

Diffie-Hellman key ‘exchange’

• DH algorithm– secure way to generate a shared secret between two

parties

– The key is NEVER exchanged or transmitted

64

DH key ‘exchange’

– Alice and Bob agree on two random primes (x and y)

– Alice and Bob pick a secret number each (a and b)

• Which they DON’T share

– Alice computes and sends to Bob

– Bob computes and sends to Alice

– Alice then computes:

– Bob also computes:

65

A = xa mod y

B = xb mod y

S = Ba mod y

S = Ab mod y

= (xb mod y)a mod y = xba mod y

= (xa mod y)b mod y = xab mod y

DH in Colour ☺

66

+ +

+ +

Image source: https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange

Diffie-Hellman key ‘exchange’

• Without even knowing what secret each used, Alice and Bob generated the same result!– The shared-secret

– Even if evil “Eve” is listening on the wire • Can see x, y, A, B

– She cannot compute the same result since she would not know Bob and Alice’s secret

67

• Unlike normal exponentiation, which we can compute by

• modular exponentiation or modular log(x) is difficult to compute!

ey=logey

Asymmetric Encryption

• Also called public-key cryptography

• Use of Public-Private key pair– The key pairs are mathematically linked

– Messages encrypted with one key can only be decrypted by the other key of the key pair

• The decryption key cannot, at least in a reasonable

amount of time, be calculated from the encryption key and vice-versa

68

Asymmetric Encryption

69

Public KeyPrivate Key🗝 🔑

Plaintext

ENCRYPTION

ALGORITHM

DECRYPTION

ALGORITHM

Ciphertext Plaintext

Encryption Key Decryption Key

🔑

🗝🔑

🗝

Asymmetric Encryption

• Advantages:– Solves the key explosion and distribution problem

– No exchange of confidential information before communication• Public key is published (everyone knows)

• Private key is kept secret (only the owner knows)

• Disadvantages– Much slower than symmetric algorithms

70

Hash Functions

• Takes a message of arbitrary length and outputs a small fixed-length code– called the hash or message digest, or digital fingerprint

• One-way mathematical function– Easy to compute, difficult to reverse

• Single bit change in input => large indeterminate change in output

• Uses: – Verifying integrity

– Digitally signing documents

– Authentication (Hashing passwords)

71

Hash Functions

• A form of signature that uniquely represents a data

72

Hash Function

Arbitrary lengthdata

a88997dfha234Fixed-lengthHash value

Well-known Hash Functions

• Message Digest (MD) Algorithm – Outputs a 128-bit fingerprint of an arbitrary-length input

– MD5 is widely-used

• Secure Hash Algorithm (SHA)– SHA-1 produces a 160-bit message digest similar to MD5

• Widely-used (TLS, SSL, PGP, SSH, S/MIME, IPsec)

– SHA-256, SHA-384, SHA-512 produce longer hash values

73

Digital Signature

• Electronic documents can be signed– to prove the identity of the sender, and

– the integrity of the message

• Encrypted hash of the message– Hash the data

– Encrypt the hash with the sender’s private key

74

HashDigital

SignatureDocument

Encryption

(Sender’s Private Key)

🗝Hashing

Digital Signature Validation

• Sender– Appends the signature to the original document

– Sends to receiver

• Receiver– Computes the hash of the received data

• Using same hash function

– Decrypts the encrypted hash (signature) using sender’s public key• Authentication

– Compares the hashes• If match, the data was not modified (integrity) and signed by the sender

75

Digital Signature Validation

76

Digital

Signature

Document

SENDER RECEIVER

Document HashHash

Function Equal?

Digital

SignatureDecryption

(Sender's Public Key)

Hash🔑

Example

77

https://www.gpg4win.org (Windows)

https://www.gpgtools.org (OS X)

Password Aside:Length vs Complexity

source : http://xkcd.com/936/

Complexity vs Length

• Entropy: randomness in the password

• Bits of Entropy: indicates how difficult it is to crack a password

• Difficulty to guess =

H (bits) = log(C) / log(2) * L

Where C – character setL – password length

– Character sets• Numbers: 0-9

• Alphas (upper): A-Z

• Alphas (lower): a-z

• Specials: *+-%&$#![]{}\@/~ etc

2H

Complexity vs Length

• Password length is more important than complexity!– Ex:

• Same/more level of entropy using passwords with a 26 character set (12 characters long), as a character set of 94 (all possible ASCII) that’s 8 characters long!

Password Length8 12 16 20 24 28 32

Alphanumeric + specials 94 52.4367 78.65507 104.873 131.092 157.3101 183.528 209.7468

Bits of Entropy

Alphanumeric 62 47.6336 71.45036 95.2671 119.084 142.9007 166.717 190.5343

Upper and Lower alpha 52 45.6035 68.40528 91.207 114.009 136.8106 159.612 182.4141

Upper or Lower alpha 26 37.6035 56.40528 75.207 94.0088 112.8106 131.612 150.4141

Numbers 10 26.5754 39.86314 53.1508 66.4386 79.72627 93.014 106.3017

81