Wireless LAN configuration

• User Mudule (UM)
• Control Module (CM)
• Ad Hoc WLAN(without control Mudule)
  • Without communicate with their neighbors directly

IEEE 802 Architecture

• Physical Layer (PHY)
  • encoding/decoding of signals
• Media Access Control (MAC)
  • Controlling access to the transmission medium is needed to provide an orderly and efficient use of the network transmission capacity
• Logical Link Control (LLC)
  • Keep track of which frames

IEEE 802.11 Architecture

802.11 is the Wi-Fi(Wireless Fidelity) Alliance

• Basic Service Set (BSS)
• Extended Service Set (ESS)
  • SSID: Service Set Identifier, name of the wifi
• Independent BSS

802.11 Access Control

• Reliable Data Delivery
  • Wireless channels are useally unreliable
  • Mechanism is developed for error detection and contention
• Access Control
  • For deciding which station can send
• Security
  • Make sure the configentiality and data integrity
  • Disallowing unauthorized station to connect to the network

Threads in Wireless LANs

• Eavesdropping
  • Due to the broadcast nature of radio communications
  • Signals can be received by any receiver within some transmission range
• No Physical Protection
  • No physical cables

Protocol of Wireless Security

WEP Wired Equivalent Privacy

The purpose of WEP:

• Authentication
• Data confidentiality

Problem of WEP:
WEP is publiced at 1997 and design flawed at 2000
Authentication flaws:

• auth in WEP is not mutual. AP does not auth itself to clients
• Auth and encryption use the same secret key
• Auth only at the time tries to connect to the network. After Auth, everyone can spoofing its MAC address

WPA, WPA2, WPA3 - Wifi Protected Access

New security architecture 802.11i designed to replace WEP during 2003-2004
WPA2/3 should be used

• WPA
  • intermediate solution which can be implemented by updating the firmware of existing APs
• WPA2
  • Long term solution
• WPA3
  • Next generation, all WIFI6 certified routers are required to implement

1. Phase 1: Discovery
   Discovery phase allows an STA and AP recognize each other
2. Phase 2: Authentication

• Only authorized STAs can use the network
• STA is assured that the network is legitimate
  Extensible Authentication Protocol(EAP) is used

3. Phase 3: Key Management Phase

• Pairwise keys used for communication between an STA and an AP
• Group keys used for multicast communication

4. Phase 4: Protected Data Transfer Phase

• TKIP

  • for WPA: Temporal Key Integrity Protocol
  • allows old device update firmware
  • 64-bit message to replace the CRC code
  • Still use RC4 encryption algorithm

• AES-CCMP

  • for WPA2: Counter mode-CBC MAC protocol
  • Design for new hardware
  • Cipher-block-chaining message Authentication code to provide data integrity
  • AES algorithm for encryption

EAP

Three roles of EAP

1. Supplicant: STA
2. Authenticator: AP
3. Authentication server(AS): a separate device or the AP

Sub-phases:
Connect to AS -> EAP exchange -> Secure key delivery(AS generates a master session key and sends it to STA)

Information Security Notes 6 - System Security

Host Security

The Goals of computer security include confidentiality, data integrity, service availability.

Common attacks:

• Phishing
• Malicious code
• System vulnerability

Buffer Overflow Attacks

When a program is executed, both code and data will be copied to ram.

Heap (Kind of tree)

Heap is used to stored dynamic data.

Stack

Stack is used to stored local variables, static variables and return address

What is buffer overflow?

When copying data into a buffer, the length of the data exceeds the remaining space in the buffer. Normally, buffer overflow data will only corrupt program data and cause unexpected termination. But if someone carefully constructs the contents of the overflow data, then it is possible to gain control of the system

By Buffer Overflow Attacks, When using the unsafe strcpy/gets function, the system will blindly copy the entire data of data into the memory area pointed to by buffer. buffer has a finite length and once the data of data exceeds BUF_LEN, a buffer overflow will occur.

Overflow the buffer with malicous (shell code), overwrite the return address to the shellcode. The function will return to the shellcode instead of the function caller

Countermeasure

1. Avoid using high risk API
2. Measure the length of the string firest
3. Compiler Assistant

SQL injection

username: "or""="
password: "or""="

Then the SQL will be
SELECT * FROM Users WHERE Name = "" or ""="" AND Pass ="" or ""=""
This will always return true

Counter measure

1. Write Better Program
2. Data validation in front-end
3. Use prepare statement in query instead

Network Security

Ping-of-death

Attackers ping a machine with a very fast rate, the server will be too busy.
It is Theoretically possible, but not realistic because the basic version of ping-of-death is not an efficient attacks.

Ping-of-death, buffer overflow

A typical ICMP packet is 64 bytes only, and do not expect packet larger than 65535(max size of ipv4). The server might encounter a buffer-overflow.

SYN Flooding

In TCP three-ways handshaking requires server to respond. The server will response a SYN-ACK to the client. We might issue a lot of SYN request to the server.

Counter measure

Both ping and SYN can be blacklisted

IP spoofing

The IP packet header stores the routing information of a packet. IP Spoofing refer to generate a fake random source IP address. That makes server cannot block SYN packet directly.
IPSec can be used to assert the correctness of IP header, but it cannot be used to prevent SYN Flooding.

Amplification Attacks with IP Spoofing

Some protocols use UDP instead of TCP connect. For example, Network Time protocol and Domain name service.
Attackers can make requests for large vlumes of replies from these service while putting the victims’s IP addresses as the source addresses.

Real life example: Prank call to a restaurant to order 10 people takeaway and ask them to deliver to a victim’s home.

DDoS - Distributed Denial of Service

Upgrade version of a DoS attack. Attackers controls a lot of devices to DoS attack the victim. Since packets are sent frm different direction, it is not easy block the packets.

Counter Measures

1. Building Firewall/Intrusion Detection System(IDS)
2. Challenges like Captcha
3. Demilitarized zone(DMZ)
4. Use(Purchase) third party sevice

DNS Poisoning

Return a fake/false entry on a DNS server.

Information Security Notes 5 - IPSec, TLS, VPN, HTTPS

Security Goal

1. End-to-end Encryption: Only accessible by the sender and receiver
2. Tunneling: Traffic pattern is hidden. Except the very last end point
3. Authentication: Packets are authentic
4. Fast
5. Free

OSI model in Security

VPN is Network Layer(IP); Proxy is Transport Layer(TCP/UDP)

• Application Layer
• Physical/Data Link: hop-to-hop security
• IP Layer: IPSec
• Transport Layer: TLS/SSL
• Upper Layer: HTTPS

IPSec

IPSec aka IP Security. Its purpose is to provide high security features for IP, and VPNs are solutions that arise from the way this security is achieved. ipsec is a framework architecture, consisting of two specific types of protocols.

AH - Authentication Header

• To authenticate
• By Hash(MD5, SHA1)
• Less used than ESP

ESP - Encapsulated Security Payload

• To encapsulate / encrypt

Why is AH less used? Because AH cannot provide encrypt. Also, AH cannot pass NAT network(because the authenticate function)
Of course, IPSec can use both AH and ESP to achieve the most complete security features in extreme cases, but such solutions are extremely rare.

Transport Mode

• The IP header remains unchanged and is mainly used for End-to-End application scenarios
• Provide protection primarily for upper-layer protocols (TCP/UDP)

Tunnal Mode

• Tunnel mode encapsulates an external IP header after AH and ESP processing, which is mainly used in Site-to-Site application scenarios
• Provide protection to the entire IP packet
• Although tunnal mode can be applied to any scenario, tunnal mode requires an additional header overhead
• For PC-to-PC scenarios, it is recommended to use transport mode

IPSec Traffic Processing

• IPSec is executed on a packet-by-packet basis
• IPSec searches the security policy database for a match
• Discard if no match
• Policy say bypass: send right away
• Policy say PROTECT: look for a key to encrypt
  • Run IKE if no key is found

Security Association (SA)

• Can be understood of the “Choose of parameter”
• SPI: I local identifier enables receiving system to select the SA.
• IP Destination: Unicast receiver address
• Security Protocol: indicates it is an AH or ESP association

SSL

• Protocols which provide secure communication on the internet
• Encrypts network connection at the Transport Layer
  • On top of TCP; Under HTTP/FTP
  • TLS successor of SSL,TLS for transport Layer Security
• Designed to prevent eavesdropping, tampering, and message forgery
• End-to-End service through TCP

• Encrypted communications over Internet
• Ensures that the information is sent unchanged, and only to the server you intended
• Asymmetric encryption for authentication and key exchange
• Symmetric encryption to encrpyt data

SSL connection and SSL session

Different types of Handshaking

• One way Authentication
• Two way Authentication
• Abbreviated Handshake
  • important and tedious.

Lower Layer stack of SSL

• SSL Record Protocol
  • To provide supports to upper layer protocols
    • Message integrity
    • Confidentiality
  • Fragmentation: Cut the data into 2^14 bytes
  • Compression: Optionally, but must be lossless
  • Add MAC: compute a message authentication code

Upper Layer stack of SSL

• SSL Handshake Protocol
• SSL Change Cipher Spec. Protocol
• SSL Alert Protocol
• Application Protocol

HSTP

• HTTP Strict Transport Security
• A web security policy mechanism
• Header:
  Strict-Transport-Sceurity: max-age=31536000
• Turn any http to https
• abort connection if cannot be ensured

Information Security Notes Summary 1-5

Here is some concept summary of my mid-term. Those maths and case is excluded.

Type of Attack

I should understand how the following attack happen:

• Brute-force Attack
• Differential Attack
• Length extension attacks
  • Hash using Merkle-Damgard construction
• Second pre-image attack(2^(n-1))(fixed message)
• Birthday attack(2^n/2)(any two message)
• Meeting in the middle attack
• Man in the middle attack
• Replay attack
• Offline dictionary attack

Symetric

Symetric has no hard problem, all depands on the key size. When we talk about symetric, We usually use AES. DES and 3DES should not be use anymore. Symetric is much faster than Asymmetric(10-100times).

Avalanclve effect: Small change in bit will lead to big change of the output.

• Stream -> one bi
• Block -> one block (normally 64bit)
  • More secure

Asymmetric

Asymmetric is a Trapdoor function, everyone can lock but only private key can unlock.

RSA

• We need at least 2048bit
• Starting from TLS1.3, RSA is no more included

ECC

• aP and bP is impossible to compute abP
• Diffle hellman algorithm
• 256 ECC is as strong as 3072RSA
• Legacy software does not support

Hash

Famous Hash:

• MD5
• SHA1
• SHA256

Aim:

• impossible hard to modify a message without changing the hash
• impossible hard to Generate a messate that a given hash
• impossible hard to Find two different message with the same hash

MD construction (collision)

大集合映射到小集合, collision必然會發生

H(P||s) for salt

• Hash chain: one time password
• Hash list: hash big file
• Hash tree: only verify root hash

MAC message Authentication code

Goal:

• Computable(very fast)
• Unforgeable
• one-wayness

MAC requies a key to verify

Digital Signature

Make Message can be publity verfiable

• MAC? key is shared
• Public Key? everyone can send an encrypted message

Example of Digital Signatures:

• RSA-PSS
• DSA
• ECDSA - fastest and more secure

Mac is faster than DS, MAC only need a hash function.

Secure Public Key Distibution

Ways to distibution a key:

1. Manual
2. Certuficate
3. Public KEY infarstructure
4. PGP
5. ID-base

Certificate:

• Issued by CA (Certificate Authority)
• Certificate Revocation List(CRL)

Symmetric key distribution

• Use dellit-hellman Algorithms

• Key agreement: both parties contribute some information

• Perfect forward secrecy

• Session Key: session key per each commanication session

• Authenticated: is able to confirm the identity of the partner

• Absent of Secure channel: do not need pre-share secure channel

Requirement of an AKE protocol

1. Soundness
2. Completeness
3. Key establishment
4. Mutual authentical
5. Secure against replay attack
6. Secure against offline dictionary attack
7. Perfect forward secrecy
8. Secure against Denning-Sacco attacks

Information Security Notes 4 - Authentication and Standards

Adversatry Model in Networks

• Read only
• Write only
• Drop message
• Replace message

Encryption is to ensure confidentiality
Digital signature/MAC is to ensure message integrity

Man-in-the-middle attacks

The attacker establishes separate contacts with each end of the communication and exchanges the data it receives so that the two ends of the communication think they are talking directly to each other through a private connection, when in fact the entire conversation is under the full control of the attacker.
Public Key Stolen.

A<=KEY=>M<=Key=>B

Protection of Man-in-the-middle attacks - SSL

Verify that the certificate used by one or both parties involved in the communication is issued by an authoritative and trusted digital certificate authority and is capable of performing two-way identity authentication.

Secure Public Key Distribution

• Manual
• Certificate
• Public Key infrastructure
• PGP
• ID-base

Manual

Download a public key from a webpage/an email

• Anyone can forge such a webpage or email

• Hash the public key and release the hash instead

• Hash is much more easier to compare by haman than public key

Visual Hash - RandomArt

Use image hash instead of using hex, most non-IT ppls are allergic to hex
Directly use Vitual hash is insecure because attackers can “easily” generate the same public key with the same visual hash

What should we do:

1. Broadcast the hash of their public keys
2. announce their public key.
3. Compute the visual hashes

Certificate

• Certificate Authority(CA): It is an authoritative body responsible for issuing and managing digital certificates and acts as a trusted third party, assuming the responsibility of checking the legitimacy of public keys.

It is impossible to do the Man-in-the-middle attacks unless:

• CA also issues a certificate for attackers
• attackers applies a certificate with user’s identity from another trusted CA
• Attackers steals CA’s private key
• Steals Users’ private key

Information included in a digital certificate:

• Basic info of the subject: name, email, web address
• Public key of the subject
• Basic info of the issuer
• Issuer’s digital signature on the certificate
• Validity of the certificate: the period of time that the certificate is valid

X.509

Defines a framework for the provision of authentication services by the X.500 directory to its users
Extensions:

• .pem
• .cer
• .crt
• .der
• .p7b

Used in many areas such as S/MIME, IPSec, SSL/TLS

Digital Certificate Creation

1. Subject generates public key pair
2. Subject keeps the private key to himself
3. Subject sends his identity and public key to issuer
4. Issuer verifies subject’s identity
5. Issuer signs the certificate and returns it to subject

Digital Certificate Verification

1. Subject presents the certificate to others
2. Other checks the issuer’s digital signature on the certificate
3. Check if the certificate has been revoked

Certificate Revocation List CRL

A list that contains revoked certificates.

Reasons for revocation:

• CA improperly issued a certificate
• The private key has been hacked
• Owner no longer own the domains

Pretty Good Privacy - PGP

Self-signed certificate
User trusts this certifcate because there is a link between issuer and users

ID Based

• Require a trusted authority
  • Called a Public Key Generator(PKG)
• PKG generates a private key to the user
• Anyone can use the users’s ID to send an encrypted message
• The ID is the public key

Pros

• Do not need a real public KEY, just use ID
• Encryption cipher is usually short

Cons

• Authority has the ability to deduce everyone’s private key
• ID is not legally bind with a person identity

Symmetric key Distribution

1. Key agreement: Both parties contribute some information in key establishment.
2. Perfect forward secrecy: When you lose this long term key, the security of your future actions cannot be guaranteed, but your previous actions are guaranteed to be secure.
3. Session Key: uses a session key per each communication session
4. Authenticated: is able to confirm the identity of the partner
5. Absent of Secure Channel: does not require both party to pre-share a secure channel

Encrypted Key Exchange

• A and B share a password
• Diffie-Hellman

1. Secure against replay attack
2. Secure against offline dictionary attack
3. Perfect forward secracy
4. Secure against Denning-Sacco attacks

More of password-base authentication

1. Do not choose weak passwords
2. Do not write down password
3. Change password regularly
4. Avoid using personal information as password

Information Security Notes 3 - Hash function

Hash function, known as message digest, used for verification in general.

Famous hash: MD5, SHA1, SHA-256

Hash is discuss in Data Structure

---

MD construction || Length extension attacks

Two conditions for Length extension attacks:

• When thee encrypted data is less than 64 bytes, it will be filled automatically.(padding)
• Encrypt the plaintext in blocks according to this fixed length and use the encryption result of the previous block as the next encrypted block (Initial Vector).

MD5, SHA-1 SHA-2 are all with MD construction
SHA-3 is not.
The most effective way to prevent hash collisions is to expand the bits where the hash values are taken.

Attacks on (Ideal) Hash functions

• Brute-force: To break the n-bits hash, we need to perform 2^(n-1) operations.
• Second Pre-image: given a fixed message, output another message such that their hash values are the same, requires 2^(n-1) operations.
• Birthday attack: To obtain any two message that has the same hash values, requires only 2^(n/2) operations! Birthday Attacker is Maths

Hash Chain

Can be used in applications that requires only one-way authentication e.g. security token
How it works: Hash another Hash

Hash list

Verifying the top hash can assery the correctness of data
When data is transferred, we cut the file into small pieces. Each data packet have a hash value. We put all hash value together as a top hash. Hash check the top hash.

Hash Tree(Merkle Tree)

Hashing like a tree. By verifying the root hash.
Usage: git, p2p system, Bitcoin

Message Authentication Code (MAC)

MAC is a small bit of information that can be used to check the authenticity and the integrity of a message.

• Authenticity: from the designated person
• Integrity: unmodified

Requirment of MAC

• Computable: very fast
• Unforgeable: cannot be forged by attacker
• One-wayness: Message cannot be recovered from MAC

Limitation of MAC

MAC requires a key to verify (symmetric).

Digital Signature

• Asymmetric key version of MAC
• SSL?
• Anyone has the public key can verify the document is signed by a signer

Example of Digial Signatures

• RSA-PSS
• DSA
• ECDSA => shortest, fastest and more secure

Comparing MAC and Digital Signature

• MAC is not publicly verifiable
• MAC is faster, because requires a hash operation only

Information Security Notes 2 - Symmetric and Asymmetric Encryption

Symmetric and Asymmetric key

Symmetric

• Share Same Key
• Most classoc crypto are Symmetric
• Encrypts and Decrypts using the same key
• Also called “Secret Key Encryption”

Symmetric Overview

• More secure if the algorithm is opened and publicly review
• Two type of Symmetric
  1. Stream Cipher: the smallest unit to encrypt is one bit
  2. Block Cipher: the smallest unit to encrypt is a block
• Block Ciphers are more secure than most stream ciphers
• Most encryptions scramble the message by substitution and rearrangement for multiple-times
• Security is bounded by the key size.
  • 64bits key => broken with at most 2^64 operations

History - Data Encryption Standard

DES and 3DES should not be adopted today.

• Known more by reading “Meeting in the middle attack”

Asymmetric

• Public Key
• Private Key
• Encrypt with public key; Decrypt with private key
• Also called “Public Key Encryption”
• Everyone can lock but only the one with private key can unlock
• Trapdoor Function: As a function, its function value is very easy to calculate, but the calculation of the inverse solution is very difficult unless some special information is known.

Note that there are many Maths about ECC, AES etc. I will note them if I have time later.

Information Security Notes 1 - Classical Crypto System

What is Encryption

Encryption is composed of a key and an Encryption algorithm.

1. Type of operations used for transforming plaintext to ciphertext
2. The number of keys used
3. The way in which the plaintext is processed

Encryption and Decryption

• Unencrypted message = plaintext/message
• Encrypted message = cipher/ciphertext

Cryptanalysis

Means attack

• Brute-force
  • Tries every possible
• Breaking the algorithm
  • Tries to exploit the weakness of the encryption algorithm

How to measured by the following dimensions

• Attacker models
  • How strong is the attacker
  1. Ciphertext only attacks
  2. Known plaintext attacks
  3. Chosen plaintext attacks(Attacker can choose plaintext on his own)
  4. Chosen ciphertext attacks(Attacker can choose the cipher and obtain the plaintext)
• Security Goal
  • What Goals does your attacker wants to achieve
  1. Computationally secure: The cost of breaking the cipher exceeds the value of the encryptited information
  2. Unconditionally secure: No matter how much time as opponent has, it is impossible for people decrypt. (secure against brute-force)
• Assumptions:
  • What is the computational limitation
  • Always better to over-estimate the ability of your attackers
  1. Computation: attacker might have many computing resource(super-computers)
  2. Network: attacker might have control over the network/communication channel, they can send/drop/inject/view your packet
  3. Some problems are hard(NP=/=P), no polynomial time solutions
  4. We generally assume computation requiring 2^80 is unsolvable

Brute-force attack

• Attackers try all possible sets of keys
• By probability, it has to try at least half of them
• We generally assume computation requiring 2^80 is unsolvable