EEET1246 Advanced Computer Network Engineering
Laboratory Assignment 3 Report
Professor: Andrew Jennins (
[email protected]) Tutor: Piya Techateerawat (
[email protected])
Student: Email:
Xiaolin Zhang
[email protected]
Student: Email:
Wilson Castillo
[email protected]
Subject Code: EEET1246 Advanced Computer Network Eng.
Melbourne, October 23rd, 2006
Network Security Laboratory 3 Report Laboratory Report
Student: Xiaolin Zhang (s3097029) Student: Wilson Castillo (s3143667)
Table of Contents 1 2 3 4
Introduction ......................................................................................................................................4 The Scenario .....................................................................................................................................4 The Analysis .......................................................................................................................................4 Security Threats.................................................................................................................................4 4.1 Passive Threats .......................................................................................................................5 4.1.1 Eavesdropping ..................................................................................................................5 4.1.2 Traffic Analysis....................................................................................................................5 4.2 Active Threats ........................................................................................................................5 4.2.1 Masquerade or Spoofing ................................................................................................5 4.2.2 Authorization Violation ....................................................................................................5 4.2.3 Denial of Services (DoS)...................................................................................................5 4.2.4 Modification or Forgery of information.........................................................................6 5 Network design goals .....................................................................................................................6 5.1 Confidentiality .......................................................................................................................6 5.2 Authentication.......................................................................................................................6 5.3 Access Control.......................................................................................................................6 5.4 Integrity ...................................................................................................................................6 5.5 Non-repudiation ....................................................................................................................6 5.6 Manageability .......................................................................................................................7 5.7 Scalability................................................................................................................................7 5.8 Implementability ...................................................................................................................7 5.9 Performance ..........................................................................................................................7 5.10 Availability ..............................................................................................................................7 6 Network Architecture......................................................................................................................7 7 Key Distribution .................................................................................................................................9 7.1 Requirements .........................................................................................................................9 7.1.1 Password Policies ..............................................................................................................9 7.2 Main Goals .............................................................................................................................9 7.3 Procedure .............................................................................................................................10 8 Mobile Network Solution through Mobile IPv6 .........................................................................11 8.1 Mobile IP ...............................................................................................................................11 8.2 IPv6.........................................................................................................................................11 8.3 Mobile IPv6 ...........................................................................................................................12 9 Conclusions .....................................................................................................................................13 9.1 Advantages of this procedure .........................................................................................13 9.2 Disadvantages.....................................................................................................................13 10 References...................................................................................................................................14
RMIT University © 2006 School of Electrical and Computer Engineering
2 of 14 Melbourne, 23rd October, 2006
Network Security Laboratory 3 Report Laboratory Report
Student: Xiaolin Zhang (s3097029) Student: Wilson Castillo (s3143667)
Table of Figures Figure 1: Network Architecture for FACOCO's solution ....................................................................8 Figure 2: Message interchange to establish secure connection between FACCOCO and courier......................................................................................................................................................10
RMIT University © 2006 School of Electrical and Computer Engineering
3 of 14 Melbourne, 23rd October, 2006
Network Security Laboratory 3 Report Laboratory Report
Student: Xiaolin Zhang (s3097029) Student: Wilson Castillo (s3143667)
Network Security 1
Introduction
Information and its protection are the key factor for every company to be successful in their business. Likewise it is important to get a efficient way to spread key information to all related company staff. Furthermore, companies around the world need to implement network architectures that allow them to share information with their employees in a secure way. For instance, it is the network administrator’s job to deal with both aspects in the network; security and availability of the information. This laboratory report will analyse an hypothetical scenario for a given problem related with the spread of information in a secure way.
2
The Scenario
According with laboratory guide 3 (Jennings, 2006)… “Fast Courier Company (FACOCO) has a fleet of 300 bicycle couriers in London. They carry high sensitivity documents, including confidential information that could be useful commercially. But at the same time they need to be able to interact effectively with their couriers. So each courier carries a palmtop computer that is connected continuously to an 802.11 local network.”
3
The Analysis
As can be seen in the scenario described above each courier carries important information which is confidential and could be useful commercially. For instance, our solution gives a high weight to security despite the fact of performance decrease. However, it is a trade off between network security and performance that should be carefully analysed in the implementation stage. Additionally, the wireless environment give more constrains to the system because all of the nodes are exposed to hack attacks. For instance, the solution should be focused in this situation. The analysis will focus in the following main parts:
4
Firstly, it is necessary to know what are the threats to which the network should be designed against. Secondly, it is necessary to define the network architecture to reach the goal (sharing information between FACOCO and its couriers in a secure way). Thirdly, it is necessary to define how the keys are going to be distributed Finally, to define the mobile technology to use.
Security Threats
RMIT University © 2006 School of Electrical and Computer Engineering
4 of 14 Melbourne, 23rd October, 2006
Network Security Laboratory 3 Report Laboratory Report
Student: Xiaolin Zhang (s3097029) Student: Wilson Castillo (s3143667)
The design that we suppose to give should protect FACOCO of the following security threats (Prassad and Prassad, 2005):
4.1
Passive Threats
Passive threats are situations where the intruder collects information about the company (FACOCO) for personal benefit or future attacks, basically two types or passive threats are defined:
4.1.1
Eavesdropping
This is the case when the intruder listen to the network without interfering the communication, just in order to collect as much information as it is possible. Sometimes the intruder could be able to get important information from the communicating parties like session key which is used for encrypting data during the session.
4.1.2
Traffic Analysis
This is an subtle advanced kind of threat where the intruder get information about the communicating parties. For instance, the intruder could be able to get information about who is sending information to whom.
4.2
Active Threats
This is the case where the intruder try to actively get information from the network using different techniques:
4.2.1
Masquerade or Spoofing
This is the cases when the intruder pretends to be a trusted used. Consequently, the intruder could get information about authentication data.
4.2.2
Authorization Violation
This is the cases when the user get access to resources they are not supposed to use. In fact, sometimes this threat can be generated from a real trusted user trying to get access to unauthorized resources.
4.2.3
Denial of Services (DoS)
This active attack pretends to inhibit normal use of communication facilities. For example, in our cases generating interference to the wireless environment.
RMIT University © 2006 School of Electrical and Computer Engineering
5 of 14 Melbourne, 23rd October, 2006
Network Security Laboratory 3 Report Laboratory Report
4.2.4
Student: Xiaolin Zhang (s3097029) Student: Wilson Castillo (s3143667)
Modification or Forgery of information
The intruder create new information in order to pretend to be a trusted user. For example, they could pretend modify original messages sent by the trusted user to the server.
5
Network design goals
The are some security goals that should be reached in order to FACOCO provide a secure service to their customers. (Imai, 2006), (Prasad and Prasad, 2005) and (Rodriguez, Gatrell, Karas and Peschke, 2001):
5.1
Confidentiality
The information sent between the couriers and FACOCO should not be disclosed to unauthorized people. Encryption is the main one used to fulfil this goal.
5.2
Authentication
The purpose of authentication is to assure that the courier is really communicating with FACOCO headquarters and to assure that FACOCO is really communication with one of its couriers. Furthermore is to create a trusted relationship in the network, even if the communication medium is untrusted. This will avoid the possibility for an intruder to attack the network using the masquerade threat.
5.3
Access Control
Because the FACOCO’s couriers could get access to certain services provided by FACOCO network it is important that the system be able to discriminate who is who and to give right access to the right users (couriers).
5.4
Integrity
The information that is sent through the network should not be modified for anyone. Furthermore, the information should remain unaltered between two communication parties, eg. FACOCO and its couriers.
5.5
Non-repudiation
RMIT University © 2006 School of Electrical and Computer Engineering
6 of 14 Melbourne, 23rd October, 2006
Network Security Laboratory 3 Report Laboratory Report
Student: Xiaolin Zhang (s3097029) Student: Wilson Castillo (s3143667)
Neither the originator (FACOCO or its couriers) nor the receiver (the couriers or FACOCO) should be able to deny the authorship of a message. Additional to the security requirements described above, there are some other issues that should be taking into account in order to get a good design (Prasad and Prasad, 2005):
5.6
Manageability
Security improvement increase the load of traffic between the communicating parties. For instance, it is a trade off between security and network load.
5.7
Scalability
It is important that if FACOCO increase the number of couriers, the basic design should be the same. For instance, the network could be easily expanded.
5.8
Implementability
The main idea is to create a secure network but it should be feasible in a certain way. Furthermore, the design should take into account the affordability of the component to use in the implementation
5.9
Performance
The performance of the network should not be decrease because of the security features. As it was described above it is a trade off between security and performance.
5.10 Availability One of the most important issues in network communication is the availability of the services to the users. This is related with the attack DoS which pretends to disrupt the availability of the services to the users (couriers).
6
Network Architecture
The basic component of the network architecture selected for this design is the use of internet as a communication media. It means that the communication path is a totally no a trusted medium. For instance, it is important to create the secure path to transfer information between FACOCO headquarters and every courier. It is assumed that FACOCO has an agreement with Verisign (www.verisign.com) to allow every courier and FACOCO itself to establish trusted relations with T-mobile.
RMIT University © 2006 School of Electrical and Computer Engineering
7 of 14 Melbourne, 23rd October, 2006
Network Security Laboratory 3 Report Laboratory Report
Student: Xiaolin Zhang (s3097029) Student: Wilson Castillo (s3143667)
It is assumed that FACOCO has an agreement with T-mobile which is one of the best wireless network providers in London (www.t-mobile.co.uk). As it will be described later, the protocol used between couriers and FACOCO will be IPsec. For instance, FACOCO will have servers with databases working in hot standby mode to avoid information loss. Every server will have a database where it is stored the information related a public keys of every courier. Additionally, information related to security associations (defined in IPsec) will be stored in this database. As a measure of prevention of terrorist attacks or bigger events. It is necessary that FACOCO establish a backup office with a dedicated communication channel with the main headquarters in order to get backup of all the information.
Figure 1: Network Architecture for FACOCO's solution
RMIT University © 2006 School of Electrical and Computer Engineering
8 of 14 Melbourne, 23rd October, 2006
Network Security Laboratory 3 Report Laboratory Report
Student: Xiaolin Zhang (s3097029) Student: Wilson Castillo (s3143667)
It is assumed that every Palm/PDA device has an IEEE 802.11 network interface. This will allow every courier to exchange information with FACOCO headquarters. Additionally, every device will have a special application with an user interface that allow every courier to exchange data with FACOCO. This application has embedded especial software algorithms to calculate keys according to encryption algorithms defined in the following sections.
7
Key Distribution
7.1
Requirements
At the same time the courier receive their palm/pda, every user will receive an user ID an a default password (it could be courier national ID or similar). This password will be used to start the first session with FACOCO servers. After the first session is established, it is a compulsory requirement to change the password.
7.1.1
Password Policies
Password policies should intruders or attackers
be applied in order to avoid easy guessing of password for
Passwords should be minimum six characters length. Passwords should contain, at least, one numeric character. Passwords should contain, at least, one capital letter. Passwords should contain, at least , one non-alphanumeric character. Passwords should be changed every month. The last six passwords could not be used by the user again. After three wrong password tries the system will lock the user. The user will be able to use the system again after communicating, in person, with FACOCO headquarters.
The next paragraphs will describe the mechanism used, for every courier, to start a session with FACOCO’s servers.
7.2
Main Goals
The main goals of this mechanism could be described as following: 1. Courier’s authentication is based on the pre-established password that is a shared password between every courier and FACOCO. 2. The mechanism is based on the creation a new public/private key pair used to authenticate every courier. The courier’s private key must reside in the palm/pda. For instance, this key will be used with FACOCO’s authentication certificate to create the new public key.
RMIT University © 2006 School of Electrical and Computer Engineering
9 of 14 Melbourne, 23rd October, 2006
Network Security Laboratory 3 Report Laboratory Report
Student: Xiaolin Zhang (s3097029) Student: Wilson Castillo (s3143667)
3. It is necessary to create a trust relationship between FACOCO’s and the wireless provider (T-mobile in our design). This relationship will be created using reciprocal authentication.
Figure 2: Message interchange to establish secure connection between FACCOCO and courier
7.3
Procedure
The network infrastructure should support a authentication infrastructure. For instance, a protocol to exchange keys should be defined to get this goal (Hu W, Lee C and Kou W 2004): 1. Every courier is travelling around London with their own palm/pda. The device is supposed to be locked for instance the courier needs to unlocked it using a password (it could be the same password used to exchange information with FACOCO). 2. Once the device is turned on and it is unlocked, it start receiving a broadcast message sent by T-mobile providing information about T-mobile (IP address and its public key). 3. Then the courier’s device sends an authentication requirement to T-mobile encrypted with a randomly session key and with T-mobile’s public key. The content of the authentication requirement is the FACOCO’s address with the courier identification, this message is encrypted with the courier’s public key and FACOCO’s public key that the courier got from the certification authority (verisign in this design). Additionally, courier
RMIT University © 2006 School of Electrical and Computer Engineering
10 of 14 Melbourne, 23rd October, 2006
Network Security Laboratory 3 Report Laboratory Report
Student: Xiaolin Zhang (s3097029) Student: Wilson Castillo (s3143667)
generates a hash value, HV1, with a certificate signing request, a random number (N1), its IDc and its password. This hash value can only be verified by FACOCO because this hash value is encrypted with courier password and FACOCO’s public key. 4. T-mobile receives the courier’s message and decrypt it with its public key, get information about FACOCO and forward the message to FACOCO with the secure connection created between T-mobile and FACOCO. 5. FACOCO receives the message coming from T-mobile and calculates the hash value (HV1) to verify that it is a courier who is trying to sign into the network. Once FACOCO compares the hash value and verifies that it matches, it will generate and ACK and a Certificate of user (courier) X (defined in X.509). Additionally, FACOCO generates two numbers (N2 and N3) that will be used to create session keys KS2 and KS3; KS2 will be used between T-Mobile and Courier and KS3 will be used between FACOCO and Courier, this last one is the session key. 6. T-mobile receives FACOCO’s message and calculate KS2. Then with KS2 T-mobile encrypts courier ID, hash values HV1 and HV2, N3 and the certificate of user(courier) and transmits it to courier. Once courier gets the message, they will calculate KS2 and decrypt the message coming from T-mobile. Additional, courier calculate KS3 that is, as described above, the session key between FACOCO and courier. After these steps are finished a secure connection is established between courier and FACOCO allowing them to exchange information securely.
8 8.1
Mobile Network Solution through Mobile IPv6 Mobile IP
Mobile IP (RFC 2002), a standard proposed by a working group with the Internet Engineering Task Force (IETF), allows the use of a single fixed IP address regardless of IP subnet changes, and hence enables the continuous reachability for mobile nodes. The fixed IP address is called a Home Address, and the IP address acquired at each visited network is called a Care-Of Address. The mapping between the home address and the care-of address of a mobile node is maintained at a special redirection server called a home agent. Home agent intercepts packets on behalf of the mobile node and sends them to its care-of address when the mobile node is away from its home network. Moreover for a globally routable care-of address, a special mobility agent, called a foreign agent is deployed in this network as well.
8.2
IPv6
IPv6's flexibility and extensibility are made possible by extension headers and options in its design. IPv6 includes many features for streamlining mobility support that are missing in IP version 4 (current version), including Stateless Address Autoconfiguration1 and Neighbour
RMIT University © 2006 School of Electrical and Computer Engineering
11 of 14 Melbourne, 23rd October, 2006
Network Security Laboratory 3 Report Laboratory Report
Student: Xiaolin Zhang (s3097029) Student: Wilson Castillo (s3143667)
Discovery. IPv6 also attempts to drastically simplify the process of renumbering, which could be critical to the future routability of the Internet. Because the number of mobile computers accessing the Internet will likely increase, efficient support for mobility will make a decisive difference in the Internet’s future performance. This, along with the growing importance of the Internet and the Web, indicates the need to pay attention to supporting mobility Although IPv6 supports mobility to a greater degree, it will still need Mobile IP to make mobility transparent to applications and higher level protocols such as TCP.
8.3
Mobile IPv6
Mobile IPv6 is the deployment of both IPv6 and mobile networking. It is a adoption for the increased user convenience and the reduced need for application awareness of mobility. Mobile IPv6 design and deployment combines both the availability of addresses supported by Mobile IP and the extensibility provided by IPv6 protocol. Therefore, a mobile IPv6 node can use mobility protocol wherever it can get simple IPv6 service. For example, whenever the mobile node moves, it registers its new care-of address with its home agent. And then when a home agent accepts the request, it begins to associate the home address of the mobile node with the care-of address, and maintains this association until the registration lifetime expires. Mobile IPv6 protocol does not require or even define foreign agents. This leads to scalable Internet-wide mobility management. Internet-wide IPv6 mobility management can be provided by running a home agent anywhere on the Internet. Moreover, in Mobile IPv6, IPv6 Internet access and mobility management can be provided by separate entities. Hence, building and maintaining costly access networks is not a requirement for providing IPv6 mobility service. In Mobile IPv6, all IPv6 nodes are expected to implement strong authentication and encryption to improve Internet security. This affords a major simplification for IPv6 mobility support, since all authentication procedures can be assumed to exist when needed and do not have to be specified in the Mobile IPv6 protocol. Other features supported by IPv6 mobility include: Coexistence with Internet ingress filtering. Smooth handoffs. Renumbering of home networks. Automatic home agent discovery.
RMIT University © 2006 School of Electrical and Computer Engineering
12 of 14 Melbourne, 23rd October, 2006
Network Security Laboratory 3 Report Laboratory Report
9 9.1
Student: Xiaolin Zhang (s3097029) Student: Wilson Castillo (s3143667)
Conclusions Advantages of this procedure
Integrity of the information are reached creating hash values HV1 and HV2. Only FACOCO an its couriers can decrypt the information inside the hash values. Every courier trusts in FACOCO. For instance, is FACOCO which authenticates every Tmobile hot spot. This procedure takes minimum usage of public keys because algorithms that use public keys are much less efficient than shared key algorithms. Additionally, public key algorithms take more resources (power battery and CPU processing). This key factor is important in reduction of overhead. In fact, because of lower use of public key algorithms the overhead in the network is kept minimum. The use of a certification authority allow every individual to get public keys from a trusted site (Verisign in this design). Attack of servers is avoided since FACOCO and T-mobile use digital certificates provided by Verisign. Reply attacks are avoided because every message contains KS2 that is calculated with knowledge of KS1 (created by courier). Using Mobile IPv6 the system deals with handover. According to RFC3775, there are two types of handovers L2 and L3 handovers. This procedure allows the use of several encryption algorithms. However this design use tripe-DES and RSA. Another advantage is that Mobile IPv6 could be implemented easily over pre-existing IPv6 networks. The use of IPsec as security protocol allow the interchange of information in a secure way.
9.2
Disadvantages
There is one disadvantage in this solution and it is DoS (Denial of Service). If an attacker generates lot of Authentication Requirements it would cause a lot of processing resources in FACOCO and T-mobile. It is a weakness in this design. It could be some problems related with implementation of Mobile IPv6
RMIT University © 2006 School of Electrical and Computer Engineering
13 of 14 Melbourne, 23rd October, 2006
Network Security Laboratory 3 Report Laboratory Report
Student: Xiaolin Zhang (s3097029) Student: Wilson Castillo (s3143667)
10 References Hu W, Lee C and Kou W, 2005, Advances in Security and Payment Methods for Mobile Commerce, Idea Group Publishing, Hershey. Imai H, Rahman M, Kobara K., 2005, Wireless Communication Security, Artech House universal personal communication series, Norwood. Jennins A, 2006, EEET1246 - Advanced Computer Network Engineering – Lecture Notes, RMIT University, School of Electrical and Computer Engineering, Melbourne. Miller S, 2003, WiFi Security, McGraw-Hill Networking Professional, New York. Mitchell C, 2004, Security for mobility, IEE Telecommunications Series 51, Bodmin. Prasad A and Prasad Neely, 2005, 802.11 WLANs and IP Networking Security, QoS and Mobility, Artech House mobile communications library, Boston. Rodriguez A, Gatrell J, Kara J and Peschke Roland, 2001, TCP/IP Tutorial and Technical Overview, ibm.com/redbooks. Stevens, W. Richard. 2001,
TCP/IP Illustrated, Volume 1, Addison-Wesley Professional
Computing Series, Indianapolis.
RMIT University © 2006 School of Electrical and Computer Engineering
14 of 14 Melbourne, 23rd October, 2006