Network and Communications Security (IN3210/IN4210)

Introduction

Introduction

● Nils Gruschka− University Kiel (Diploma in Computer Science)

− T-Systems, Hamburg

− University Kiel (PhD in Computer Science)

− NEC Laboratories Europe, Bonn + Heidelberg

− University of Applied Science Kiel

− University of Oslo

● Contact:− nilsgrus@ifi.uio.no

● Areas of interest:− Security: Network, Web, Cloud Computing, Industrial Networks

− Privacy, Data Protection

2

Introduction

● Nils A. Nordbotten

− Cand.Scient and Ph.D. in informatics from UiO, Executive Master of Management from BI Norwegian Business School

− Simula Research Laboratory (2003-2007)

− UniK-University Graduate Center (20 %) (2012-2014)

− Norwegian Defence Research Establishment (FFI) (2007-2020)

− University of Oslo (20 %) (2014-)

− Thales Norway (2020-)

● Contact

− n.a.nordbotten@its.uio.no

3

Introduction

● Andre Büttner

− TH Köln (Bachelor & Master in Media Technology)

− University of Oslo (Doctoral Research Fellow, Digital Security Research Group)

● Contact:

− andrbut@ifi.uio.no

● Areas of interest:

− Web application security, distributed systems, health information systems

4

Organisation

● “Cloned” course: IN3210 (Bachelor) + IN4210 (Master)

● Semester course page IN3210:

− https://www.uio.no/studier/emner/matnat/ifi/IN3210/h21/

− Exam information, Schedule, Reading list

− Learning resources (next slide)

− Messages

● Semester course page IN4210:

− https://www.uio.no/studier/emner/matnat/ifi/IN4210/h21/

− Exam information, Schedule, Reading list

− All other information/material just on the IN3210 page!

5

Organisation

● Learning Resources:

− Lecture Slides + Recordings▪ Slides

▪ Recordings

▪ Details regarding the recommended reading

− Workshop Material

6

Organisation

● Lecture

− At IFI: Kristen Nygaards hus: Store auditorium

− Lecture recordings (partly from 2020; might be minor differences; check 2021 slides)

● Workshop

− At IFI: Kristen Nygaards hus: Store auditorium

− Practical tasks, done individually or in groups

− Not mandatory, but helps understanding the concepts from the lecture

● Check and follow the UiO Infection prevention measures

7

Organisation

● Canvas course− https://uio.instructure.com/courses/33328

● Announcements− Important messages → check regularly

● Quizzes:− For most topics, a “learning progress control” quiz is offered

− Not mandatory, but highly recommended

● Discussion board:− Ask / answer course-wide questions

● Groups (will be activated mid of September):− For the semester task

− Discuss and exchange files inside the group

8

Examination

● Semester Task (in groups):

− IN3210: write a report

− IN4210: create a seminar presentation

● Written Exam (individually):

− 4 hour digital exam at home

● Both parts of the exam must be passed and must be passed in the same semester.

● Final Grade

9

Semester Task 30%

Written Exam 70%

Examination

● Dates and deadlines (preliminary)

− Submission of seminar handout + slides (IN4210): one day before the presentation

− Submission of report (IN3210): 25. November 2021

− Written Exam: 06. December 2021, 09:00 – 13:00

10

Semester Task (all)

● Select a network security topic (as a group):

− https://uio-my.sharepoint.com/:x:/g/personal/nilsgrus_uio_no/ETCYq53BydRAuHUc2QRsipQB46dMUvS9ObssYfF0SSWuJA?e=pNhjge

● Deadline for selecting group and topic:

− 15. September

● (Optional) Propose own topics:

− Send us an email

− Deadline for topic proposal: 7. September

− Approved topics will be added to the selection spreadsheet

11

Semester Task (just IN3210)

● Group size: 2 or 3 students

● Write a (scientific) report on the selected topic

● Length: 4 – 5 pages per person

● Language: English or Norwegian

● Submission via Inspera (more info later)

● Report must contain indication/statement on contributions of the group members

● Submission deadline: 25. November

12

Semester Task (just IN4210)

● Group size: 3 or 4 students

● Create a seminar presentation on the selected topic

● Presentation (submission of slides: 1 day before the talk)− Approx. 15 min per persons

− Presented to the whole course (teachers + students) in the lecture hall!

− During the scheduled slots in November (details soon)

− Language: English

● Handout (submission: 1 day before the talk)− 2 pages, text + figures

− Summarizes the most important facts

● Final exam (IN3210 + IN4210) will contain questions from seminar talks!

13

Exact length of presentations will be

announced end of September!

Semester Task (just IN4210)

● Tips for seminar presentation:

− Systematic structure (for example: Motivation/Example, Overview/Definition, Details, Evaluation/Comparison/Weaknesses/Countermeasures)

− Technical details (no „management presentation“)

− Good readable layout (font size, amount of text, colors (no “dark mode”)

− Use of illustrations▪ Helps understanding complex systems

▪ Recommended: create figures yourself

▪ Figures from external source must be marked by giving the original source on the same slide!

− Correct grammar/spelling

14

Semester Task (general)

● Scientific work:

− Used sources (books, article, online recourses) must be referenced (at end of the report/on the last slide of the presentation)

− Plagiarism → failed semester task → failed course

− Do not use secondary literature (e.g., lecture slides, Wikipedia)

− Do not use YouTube tutorial or similar

15

Content

● Cryptography

● Key management, certificates & PKI

● Transport Layer Security

● IP Security

● MAC Security

● Wireless LAN Security

● Email Security

● DNS Security

● Firewalls

● Routing Security

16

Recommended Books: Leganto

17

Not all parts of all books are required. Check the individual

lecture topics.

Network Recapitulation

● Networking knowledge required for this course

● Recapitulation online lecture/slides available on the course page

● Gives you a chance to refresh your networking knowledge

18

Further Recapitulation

● Review Q & A from previous course avalailable in Canvas

19

Workshop next week

● Download VM for workshop already before the workshop

20

Questions?

21

Introduction into (Network) Security

22

What is Security?

Attacker

Threat

Assets

Counter-measure

23

Computer Security

● Security of computers and networks

● Protection of digital assets

● Axioms of Computer Security:− Confidentiality (e.g. of transmitted secret information)

− Integrity (e.g. of stored data)

− Availability (e.g. of services)

● Further goals:− Authenticity

− Non-repudiation

− Privacy

24

Motivations for attacks

● Financial advantages− Free of charge use service with costs

− Performing financial transactions

− → Spoofing different identity

● “Fun”− Challenging security systems

● “Revenge”− Vandalism

− Intrigues

● Political or religious motives

25

Security Threats

● Examples for attacks

− Services:▪ Denial-of-Service

− Communication:▪ Eavesdropping

▪ Modification

− Stored data:▪ Espionage

▪ Deletion

▪ „Vandalism“

● Basic attack measureson communication− Sniffing

− Redirection, e.g.▪ ARP Spoofing

▪ DNS Poisoning

▪ Phishing

− Man-in-the-middle

26

“Nomenclature”

● The “good” ones:

− Alice

− Bob

● The “bad” ones:

− Eve (passive attacker)

− Mallory (active attacker)

27

Bob

Alice

Eve

Mallory

Sniffing

● Requires access to the communication medium

● Passive Attacks, e.g.:

− Eavesdropping

− Traffic analysis

Bob Alice

Eve

28

Redirection

● Can be used as preparation for man-in-the middle attacks

Bob Alice

Eve / Mallory

29

Man-in-the-middle

● Passive attacks (see „Sniffing“)

● Active attacks, e.g.− Packet drop

− Packet modification

− Packet injection

− Packet replay

AliceBob Eve / Mallory

30

Adversary Model

● Important question:

− What capabilities do I assume for the attacker?

− What kind of attacks can the attacker perform?

● → Adversary model

● Required for implementing countermeasures/testing security protocols

● Typical adversary model (Dolev and Yao, 1983):

− The attacker can perform any of the aforementioned action on transmitted packets

− The attacker can not break “secure” algorithms (e.g. AES)

● Security schemes (e.g. cryptographic protocols) must guarantee their security goals in the presence of this attacker

31

Attack Examples

32

ARP

● Address Resolution Protocol

● Maps inside local networks from IP address to MAC address

10.0.0.8Who has 10.0.0.8?

10.0.0.8 = FA … B3

FA … B3

33

ARP Spoofing (Redirection Attack)

10.0.0.8

Who has 10.0.0.8?

10.0.0.8 = DC … A710.0.0.24

FA … B3

DC … A7

34

Denial-of-Service (DoS)

● Attacker tries to overload the target service or network

● → „Service Denial“ for legitimate users

● Attack can target different service layers:

− Network (e.g. gateway, TCP/IP stacks)

− Representation (e.g. XML processing)

− Application

− Database

● Attacker looks for the bottleneck inside the service processing chain!

35

DoS Example: SYN Flooding

SYN

SYN ACK

ACK

SYN

SYN ACK

SYN

SYN ACK

SYN

SYN ACK

Client Server

Client Server

36

DDoS: Distributed DoS

● Often executed by multiple attackers: Distributed Denial of service (DDoS)

● Either controlled by botnet or „crowd“

37

DDoS: Mirai Botnet

● Millions of infected IoT devices (routers, IP cameras)

● Offers DDoS as a service: 50.000 devices for 2 weeks: 3000$ - 4000$

Imag

e So

urc

e: h

ttp

s://

foss

byt

es.c

om

/liv

e-m

ap-s

ho

ws-

reco

rd-b

reak

ing-

mir

ai-m

alw

are-

atta

ckin

g-co

un

try/

Imag

e So

urc

e: h

ttp

://w

ww

.ble

epin

gco

mp

ute

r.co

m/n

ews/

secu

rity

/yo

u-c

an-n

ow

-ren

t-a-

mir

ai-b

otn

et-o

f-4

00

-00

0-b

ots

/

38

DDoS: Mirai Botnet

● Illustrating the infection with Mirai

Sou

rce:

Tw

itte

r

39

DDoS: Mirai Botnet

● One victim

40

Sou

rce:

htt

p:/

/kre

bso

nse

curi

ty.c

om

/

Attack Examples

● ... many more to come throughout the class

41