Friday, August 15, 2014

Network File System (NFS)

Network File System (NFS)

Network File System ( NFS ) is a distributed file system ( DFS ) developed by Sun Microsystems. This allows directory structures to be spread over the net- worked computing systems.
A DFS is a file system whose clients, servers and storage devices are dis- persed among the machines of distributed system. A file system provides a set of file operations like read, write, open, close, delete etc. which forms the file services. The clients are provided with these file services. The basic features of DFS are multiplicity and autonomy of clients and servers.
NFS follows the directory structure almost same as that in non-NFS system but there are some differences between them with respect to:
  • Naming
  • Path Names
  • Semantics

Naming

Naming is a mapping between logical and physical objects. For example, users refers to a file by a textual name, but it is mapped to disk blocks. There are two notions regarding name mapping used in DFS.
  • Location Transparency: The name of a file does not give any hint of file's physical storage location.
  • Location Independence: The name of a file does not need to be changed when file's physical storage location changes.
A location independent naming scheme is basically a dynamic mapping. NFS does not support location independency.
There are three major naming schemes used in DFS. In the simplest approach, files are named by some combination of machine or host name and the path name. This naming scheme is neither location independent nor location transparent. This may be used in server side. Second approach is to attach or mount the remote directories to the local directories. This gives an appearance of a coherent directory. This scheme is used by NFS. Early NFS allowed only previously mounted remote directories. But with the advent of automount , remote directories are mounted on demand based on the table of mount points and file structure names. This has other advantages like the file-mount table size is much smaller and for each mount point, we can specify many servers. The third approach of naming is to use name space which is identical to all machines. In practice, there are many special files that make this approach difficult to implement.

Mounting

The mount protocol is used to establish the initial logical connection between a server and a client. A mount operation includes the name of the remote directory to be mounted and the name of the server machine storing it. The server maintains an export list which specifies local file system that it exports for mounting along with the permitted machine names. Unix uses /etc/exports for this purpose. Since, the list has a maximum length, NFS is limited in scalabilty. Any directory within an exported file system can be mounted remotely on a machine. When the server receives a mount request, it returns a file handle to the client. File handle is basically a data-structure of length 32 bytes. It serves as the key for further access to files within the mounted system. In Unix term, the file handle consists of a file system identifier that is stored in super block and an inode number to identify the exact mounted directory within the exported file system. In NFS, one new field is added in inode that is called the generic number.
Mount can be is of three types -
  1. Soft mount: A time bound is there.
  2. Hard mount: No time bound.
  3. Automount: Mount operation done on demand.

NFS Protocol and Remote Operations

The NFS protocol provides a set of RPCs for remote operations like lookup, create, rename, getattr, setattr, read, write, remove, mkdir etc. The procedures can be invoked only after a file handle for the remotely mounted directory has been esta- blished. NFS servers are stateless servers. A stateless file server avoids to keep state informations by making each request self-contained. That is, each request iden- tifies the file and the position of the file in full. So, the server needs not to store file pointer. Moreover, it needs not to establish or terminate a connection by opening a file or closing a file, repectively. For reading a directory, NFS does not use any file pointer, it uses a magic cookie.
Except the opening and closing a file, there is almost one-to-one mapping between Unix system calls for file operations and the NFS protocol RPCs. A remote file operation can be translated directly to the corresponding RPC. Though conceptu- ally, NFS adheres to the remote service paradigm, in practice, it uses buffering and caching. File blocks and attributes are fetched by RPCs and cached locally. Future remote operations use the cached data, subject to consistency constraints.
Since, NFS runs on RPC and RPC runs on UDP/IP which is unreliable, operations should be idempotent.

Cache Update Policy

The policy used to write modified data blocks to the server's master copy has critical effect on the system performance and reliability. The simplest policy is to write through the disk as soon as they are placed on any cache. It's advantageous because it ensures the reliability but it gives poor performance. In server site this policy is often followed. Another policy is delayed write. It does not ensure reliability. Client sites can use this policy. Another policy is write-on-close. It is a variation of delayed write. This is used by Andrews File System (AFS).
In NFS, clients use delayed write. But they don't free delayed written block until the server confirms that the data have been written on disk. So, here, Unix semantics are not preserved. NFS does not handle client crash recovery like Unix. Since, servers in NFS are stateless, there is no need to handle server crash recovery also.

Time Skew

Because of differences of time at server and client, this problem occures. This may lead to problems in performing some operations like " make ".

Performance Issues

To increase the reliability and system performance, the following things are generally done.
  1. Cache, file blocks and directory informations are maintained.
  2. All attributes of file / directory are cached. These stay 3 sec. for files and 30 sec. for directory.
  3. For large caches, bigger block size ( 8K ) is benificial.
This is a brief description of NFS version 2. NFS version 3 has already been come out and this new version is an enhancement of the previous version. It removes many of the difficulties and drawbacks of NFS 2.

Andrews File System (AFS)

AFS is a distributed file system, with scalability as a major goal. Its efficiency can be attributed to the following practical assumptions (as also seen in UNIX file system):
  • Files are small (i.e. entire file can be cached)
  • Frequency of reads much more than those of writes
  • Sequential access common
  • Files are not shared (i.e. read and written by only one user)
  • Shared files are usually not written
  • Disk space is plentiful
AFS distinguishes between client machines (workstations) and dedicated server machines. Caching files in the client side cache reduces computation at the server side, thus enhancing performance. However, the problem of sharing files arises. To solve this, all clients with copies of a file being modified by another client are not informed the moment the client makes changes. That client thus updates its copy, and the changes are reflected in the distributed file system only after the client closes the file. Various terms related to this concept in AFS are:
  • Whole File Serving: The entire file is transferred in one go, limited only by the maximum size UDP/IP supports
  • Whole File Caching: The entire file is cached in the local machine cache, reducing file-open latency, and frequent read/write requests to the server
  • Write On Close: Writes are propagated to the server side copy only when the client closes the local copy of the file
In AFS, the server keeps track of which files are opened by which clients (as was not in the case of NFS). In other words, AFS has stateful servers, whereas NFS has stateless servers. Another difference between the two file systems is that AFS provides location independence (the physical storage location of the file can be changed, without having to change the path of the file, etc.) as well as location transparency (the file name does not hint at its physical storage location). But as was seen in the last lecture, NFS provides only location transparency. Stateful servers in AFS allow the server to inform all clients with open files about any updates made to that file by another client, through what is known as a callback. Callbacks to all clients with a copy of that file is ensured as a callback promise is issued by the server to a client when it requests for a copy of a file.
The key software components in AFS are:
  • Vice: The server side process that resides on  top of the unix kernel, providing shared file services to each client
  • Venus: The client side cache manager which acts as an interface between the application program and the Vice

All the files in AFS are distributed among the servers. The set of files in one server is referred to as a volume. In case a request can not be satisfied from this set of files, the vice server informs the client where it can find the required file.
The basic file operations can be described more completely as:
  • Open a file: Venus traps application generated file open system calls, and checks whether it can be serviced locally (i.e. a copy of the file already exists in the cache) before requesting ×Vice for it. It then returns a file descriptor to the calling application. Vice, along with a copy of the file, transfers a callback promise, when ×Venus requests for a file.
  • Read and Write: Reads/Writes are done from/to the cached copy.
  • Close a file: Venus traps file close system calls and closes the cached copy of the file. If the file had been updated, it informs the ×Vice server which then replaces its copy with the updated one, as well as issues callbacks to all clients holding callback promises on this file. On receiving a callback, the client discards its copy, and works on this fresh copy.
The server wishes to maintain its states at all times, so that no information is lost due to crashes. This is ensured by the Vice which writes the states to the disk. When the server comes up again, it also informs all the servers about its crash, so that information about updates may be passed to it.
A client may issue an open immediately after it issued a close (this may happen if it has recovered from a crash very quickly). It will wish to work on the same copy. For this reason, ×Venus waits a while (depending on the cache capacity) before discarding copies of closed files. In case the application had not updated the copy before it closed it, it may continue to work on the same copy. However, if the copy had been updated, and the client issued a file open after a certain time interval (say 30 seconds),  it will have to ask the server the last modification time, and accordingly, request for a new copy. For this, the clocks will have to be synchronized.
Posted by at No comments:

Kerberos

Kerberos

Kerberos was created by Massachusetts Institute of Technology as a solution to many network security problems. It is being used in the MIT campus for reliability. The basic features of Kerberos may be put as:
  • It uses symmetric keys.
  • Every user has a password ( key from it to the Authentication Server )
  • Every application server has a password.
  • The passwords are kept only in the Kerberos Database.
  • The Servers are all physically secure.(No unauthorized user has access to them.)
  • The user gives the password only once.
  • The password is not sent over the network in plain text or encrypted form.
  • The user requires a ticket for each access.
A diagrammatic representation of the interfaces involved in Kerberos may be put as:

The exchanges of information between the want of transaction by a User with the application server and the time that they actually start exchanging data may be put as:
  1. Client to the Authentication Server(AS): The following data in plain text form are sent:
    • Username.
    • Ticket Granting Server(TGS) name.
    • A nonce id 'n'.
  2. Response from the Authentication Server(AS) to the Client: The following data in encrypted form with the key shared between the AS and the Client is sent:
    • The TGS session key.
    • The Ticket Granting Ticket. This contains the following data encrypted with the TGS password and can be decrypted by the TGS only.
      • Username.
      • The TGS name.
      • The Work Station address.
      • The TGS session key.
    • The nonce id 'n'.
  3. Client to the Ticket Granting Server: This contains the following data
    • The Ticket Granting ticket.
    • Authenticator.
    • The Application Server.
    • The nonce id 'n'
  4. Ticket Granting Server to the Client: The following data encrypted by the TGS session key is sent:
    • The new session key.
    • Nonce id 'n'
    • Ticket for the application server-    The ticket contains the following data encrypted by the application servers' key:
      • Username
      • Server name
      • The Workstation address
      • The new session key.
After these exchanges the identity of the user is confirmed and the normal exchange of data in encrypted form using the new session key can take place. The current version of ×Kerberos being developed is Kerberos V5.

Types of Tickets

  1. Renewable Tickets: Each ticket has a timer bound , beyond that no authentication exchange can take place . Applications may desire to hold tickets which can be valid for long periods of time. However, this can expose their secret session key to potential theft for equally long periods, and those stolen keys would be valid until the expiration time of the ticket(s). Simply using short-lived tickets and obtaining new ones periodically would require the client to have long-term access to its secret key, an even greater risk. Renewable tickets can be used to mitigate the consequences of theft.
  2. Post Dated Tickets: Applications may occasionally need to obtain tickets for use much later, e.g., a batch submission system would need tickets to be valid at the time the batch job is serviced. However, it is dangerous to hold valid tickets in a batch queue, since they will be on-line longer and more prone to theft. Postdated tickets provide a way to obtain these tickets from the AS at job submission time, but to leave them "dormant" until they are activated and validated by a further request of the AS. Again this is for additional security.
  3. Proxiable Tickets: At times it may be necessary for a principal to allow a service to perform an operation on its behalf. The service must be able to take on the identity of the client, but only for a particular purpose. A principal can allow a service to take on the principal's identity for a particular purpose by granting it a proxy. This ticket allows a client to pass a proxy to a server to perform a remote request on its behalf, e.g., a print service client can give the print server a proxy to access the client's files on a particular file server in order to satisfy a print request.
  4. Forwardable Tickets: Authentication forwarding is an instance of the proxy case where the service is granted complete use of the client's identity. An example where it might be used is when a user logs in to a remote system and wants authentication to work rom that system as if the login were local.

Time Stamps:

  • Authentication: This is the time when i first authenticated myself .
  • Start: This is the time when valid period starts.
  • End: This is the time when valid period ends.
  • Renewal time: This is the time when ticket is renewed.
  • Current time: This time is for additional security. This stops using old packets. Here we need to synchronize all clocks.

Cross Realm Authentication

The Kerberos protocol is designed to operate across organizational boundaries. A client in one organization can be authenticated to a server in another. Each organization wishing to run a Kerberos server establishes its own "realm". The name of the realm in which a client is registered is part of the client's name, and can be used by the end-service to decide whether to honor a request.
By establishing "inter-realm" keys, the administrators of two realms can allow a client authenticated in the local realm to use its authentication remotely (Of course, with appropriate permission the client could arrange registration of a separately-named principal in a remote realm, and engage in normal exchanges with that realm's services. However, for even small numbers of clients this becomes cumbersome, and more automatic methods as described here are necessary). The exchange of inter-realm keys (a separate key may be used for each direction) registers the ticket-granting service of each realm as a principal in the other realm. A client is then able to obtain a ticket-granting ticket for the remote realm's ticket- granting service from its local realm. When that ticket-granting ticket is used, the remote ticket-granting service uses the inter- realm key (which usually differs from its own normal TGS key) to decrypt the ticket-granting ticket, and is thus certain that it was issued by the client's own TGS. Tickets issued by the remote ticket- granting service will indicate to the end-service that the client was authenticated from another realm.

Limitations of Kerberos

  • Password Guessing: Anyone can get all privileges by cracking password.
  • Denial-of-Service Attack: This may arise due to keep sending request to invalid ticket.
  • Synchronization of Clock: This is the most significant limitation to the kerberos.

Public Key Authentication Protocol

Mutual authentication can be done using public key authentication. To start with let us assume A and B want to establish a session and then use secret key cryptography on that session. The purpose of this initial exchange is authenticate each other and agree on a secret shared session key.

Setup

A sends a request to AS for getting B's public key. Similarly B is trying to get the A's public key. AS sends public key of B and name of B in encrypted form using AS's private key.

Handshake

Whether it came from A or from someone else., but he plays along and sends A back a message containing A's n1, his own random number n2 and a proposed session key, Ks. When A gets this message, he decrypts it using his private key. He sees n1 in it, and hence gets sure that B actually got the message. The message must have come from B, since none else can determine n1. A agrees to the session by sending back message. When B sees n2 encrypted with the session key he just generated, he knows A got message and verified n1.

Digital Signatures

The authenticity of many legal, financial and other documents is determined by the presence or absence of an authorized handwritten signature. The problem of devising a replacement for handwritten signatures is a difficult one. Basically, what is needed is a system bu which one party can send a assigned message to other party in such a way that:
  1. The receiver can verify the claimed identity of sender
  2. The sender cannot later repudiate the contents of the message.
  3. The receiver cannot possibly have concocted the message himself

Message Digest

One criticism of signature methods is that they often couple two distinct functions : authentication and secrecy. Often, authentication is needed but secrecy is not. Since cryptography is slow, it is frequently desirable to be able to send signed plaintext documents.One scheme, known as MESSAGE DIGEST, is based on the idea of a one-way hash function that takes an arbitrarily long piece of plaintext and from it computes a fixed length bit string. This hash function has three important properties:
  1. Given p, it is easy to compute MD(P).
  2. Given MD(P), it is effectively impossible to find P.
  3. No one can generate two messages that have the same message digest.

Main Steps in Authentication

  • Sender computes checksum of message and sends it to AS.
  • AS returns signature block. Signature block consists of name and checksum of message in encrypted form using AS's symmetric key.
  • Recipient sends signature block to AS.
  • AS decrypt signature.
    • verifies sender's name.
    • sends checksum back to recipient.
  • Recipient verifies checksum.
Posted by at No comments:

Network Security(Contd...)

Network Security(Contd...)

Key Distribution Centre(Recap.)

There is a central trusted node called the Key Distribution Center ( KDC ). Every node has a key which is shared between it and the KDC. Since no one else knows node A's secret key KA, KDC is sure that the message it received has come from A. When A wants to communicate with B it could do two things:
  1. A sends a message encrypted in it's key KA to the KDC. The KDC then sends a common key KS to both A and B encrypted in their respective keys Kand KB. A and B can communicate safely using this key.
  2. Otherwise  A sends a key KS to KDC saying that it wants to talk to B encrypted in the key KA. KDC send a message to B saying that A wants to communicate with you using KS.
There is a problem with this implementation. It is prone to replay attack. The messages are in encrypted form and hence would not make sense to an intruder but they may be replayed to the listener again and again with the listener believing that the messages are from the correct source. When A send a message KA(M), C can send the same message to B by using the IP address of A. A solution to be used is to use the key only once. If B sends the first message KA(A,KS) also along with K(s,M), then again we may have trouble. In case this happens, B should accept packets only with higher sequence numbers.
To prevent this, we can use:
  • Timestamps which however don't generally work because of the offset in time between machines. Synchronization over the network becomes a problem.
  • Nonce numbers which are like ticket numbers. B accepts a message only if it has not seen this nonce number before.
In general, 2-way handshakes are always prone to attacks. So we now look at an another protocol.

Needham-Schroeder Authentication Protocol

This is like a bug-fix to the KDC scheme to eliminate replay attacks. A 3-way handshake (using nonce numbers) very similar to the ubiquitous TCP 3-way handshake is used between communicating parties. A sends a random number RA to KDC. KDC send back a ticket to A which has the common key to be used.
 
RA, RB and RA2 are nonce numbers. RA is used by A to communicate with the KDC. On getting the appropriate reply from the KDC, A starts communicating with B, whence another nonce number RA2 is used. The first three messages tell B that the message has come from KDC and it has authenticated A.  The second last message authenticates B. The reply from B contains RB, which is a nonce number generated by B. The last message authenticates A. The last two messages also remove the possibility of replay attack.
However, the problem with this scheme is that if somehow an intruder gets to know the key  K( maybe a year later ), then he can replay the entire thing ( provided he had stored the packets ). One possible solution can be that the ticket contains a time stamp. We could also put a condition that A and B should change the key every month or so. To improve upon the protocol, B should also involve KDC for authentication. We look at one possible improvement here. which is a different protocol.

Otway-Rees Key Exchange Protocol

Here a connection is initiated first. This is followed by key generation. This ensures greater security. B sends the message sent by A to the KDC and the KDC verifies that A, B, R in the two messages are same and RA and RB have not been used for some time now. It then sends a common key to both A and B.

In real life all protocols will have time-stamps. This is because we cannot remember all random numbers generated in the past. We ignore packets with higher time stamps than some limit. So we only need to remember nonces for this limit. Looking at these protocols, we can say that designing of protocols is more of an art than science. If there is so much problem in agreeing on a key then should we not use the same key for a long time. The key can be manually typed using a telephone or sent through some other media.

Challenge - Response Protocol

Suppose nodes A and B have a shared key KAB which was somehow pre-decided between them. Can we have a secure communication between A and B ? We must have some kind of a three way handshake to avoid replay attack So, we need to have some interaction before we start sending the data. A challenges B by sending it a random number Rand expects an encrypted reply using the pre-decided key KAB. B then  challenges A by sending it a random number Rand expects an encrypted reply using the pre-decided key KAB.
 A                                 B
1.A, RA-------------> 
2. <--------KAB(RA), RB
3.KAB(RB)----------> 
Unfortunately this scheme is so simple that this will not work.  This protocol works on the assumption that there is a unique connection between A and B. If multiple connections are possible, then this protocol fails. In replay attack, we could repeat the message KAB(M) if we can somehow convince B that I am A. Here, a node C need not know the shared key to communicate with B. To identify itself as A, C just needs to send KAB(RB1) as the response to the challenge-value RB1 given by B in the first connection. C can remarkably get this value through the second connection by asking B itself to provide the response to its own challenge. Thus, C can verify itself and start communicating freely with B.
Thus, replay of messages becomes possible using the second connection. Any encryption desired, can be obtained by sending the value as RB2 in the second connection, and obtaining its encrypted value from B itself.
  AB
1st Connection: A, RA-------------> 
   <----------KAB(RA), RB1
2nd Connection: A, RB1------------> 
   <--------- KAB(RB1), RB2
1st Connection: KAB(RB1)---------> 
Can we have a simple solution apart from time-stamp ? We could send KAB(RA,RB) in the second message instead of KAB(RA) and RA. It may help if we keep two different keys for different directions. So we share two keys one from A to B and the other from B to A. If we use only one key, then we could use different number spaces ( like even and odd) for the two directions. Then A would not be able to send RB. So basically we are trying to look at the traffic in two directions as two different traffics. This particular type of attack is called reflection attack.

5 - way handshake

We should tell the sender that the person who initiates the connection should authenticate himself first. So we look at another protocol. Here we are using a 5-way handshake but it is secure. When we combine the messages, then we are changing the order of authentication which is leading to problems. Basically KAB(RB) should be sent before KAB(RA). If we have a node C in the middle, then C can pose as B and talk to A. So C can do replay attack by sending messages which it had started some time ago.

 A      B
1.A------------------> 
2. <-----------------RB
3.KAB(RB)----------> 
4.RA----------------> 
5. <----------KAB(RA)
Fig: 5-way handshake in Challenge-Response Protocol
On initiating a connection B challenges A by sending it a random number RB and expects an encrypted reply using the pre-decided key KAB. When A sends back KAB(RB), B becomes sure that it is talking to the correct A, since only A knows the shared key. Now A challenges B by sending it a random number RA, and expects an encrypted reply using the pre-decided key KAB. When B sends back KAB(RA), A becomes sure that it is talking to the  correct B, since only B knows the shared key.
However in this case also, if we have a node C in the middle, then C can pose as B and talk to A. So C can do replay attack by sending messages which it had stored some time ago !!
Posted by at No comments:

Network Security(Contd...)

Network Security(Contd...)

Key Exchange in Symmetric Key Schemes (contd.)

In this lecture we will look at key exchange in symmetric key schemes where public key encryption cannot be used. So the encryption using public and private keys is not possible. We will see that in this scenario how do we exchange the symmetric key. The two people who are communicating do not want others to understand what they are talking about. So they would use a language which others possibly do not understand. But they have to decide upon a common language. For this the language has to be encrypted in some key which will be somehow known to the other person.Key exchange in symmetric key schemes is a tricky business because anyone snooping on the exchange can get hold of the key if we are not careful and since there is no public-private key arrangement here, he can obtain full control over the communication. There are various approaches to the foolproof exchange of keys in these schemes. We look at one approach which is as follows:-

Diffie - Hellman Key Exchange

A and B are two persons wishing to communicate. Both of them generate a random number each, say x and y respectively. There is a function f which has no inverse. Now A sends f(x) to B and B sends f(y) to A. So now A knows x and f(y) and B knows y and f(x). There is another function g such that g(x,  f(y)) = g(y, f(x)). The key used by A is g(x, f(y)) and that used by B is g(y, f(x)). Both are actually same. The implementation of this approach is described below :
  1. A has two large prime numbers and g. There are other conditions also that these numbers must satisfy.
  2. A sends n, g and gx mod n to B in a message. B evaluates (gx mod n)y to be used as the key.
  3. B sends gy mod n to A. A evaluates (gy mod n)x to be used as the key. So now both parties have the common number gxy mod n. This is the symmetric (secret communication) key used by both A and B now. 
This works because though the other people know n, g, gx mod n, gy mod n but still they cannot evaluate the key because they do not know either x or y.

Man in the Middle Attack

However there is a security problem even then. Though this system cannot be broken but it can be bypassed. The situation which we are referring to is called the man-in-the-middle attack. We assume that there is a guy C in between A and B. C has the ability to capture packets and create new packets. When A sends n, g and gx mod n,  C captures them and sends n, g and gz mod n to B. On receiving this B sends n, g and gy mod nbut again C captures these and sends n, g and gz mod n to A. So A will use the key (gz mod n) and B will use the key (gz mod n)y  . Both these keys are known to C and so when a packet comes from A, C decrypts it using A's key and encrypts it in it's own key and then sends it to B. Again when a packet comes from B, it does a similar thing before sending the packet to A. So effectively there are two keys - one operating between A and C and the other between C and B.
There must be some solution to this problem. The solution can be such so that we may not be able to communicate further ( because our keys are different ) but atleast we can prevent C from looking at the data. We have to do something so that C cannot encrypt or decrypt the data. We use a policy that A only sends half a packet at a time. C cannot decrypt half a packet and so it is stuck. A sends the other half only when it receives a half-packet from B. C has two options when it receives half a packet :
  1. It does not send the packet to B at all and dumps it. In this case B will anyway come to know that there is some problem and so it will not send it's half-packet.
  2. It forwards the half-packet as it is to B. Now when B sends it's half-packet, A sends the remaining half. When B decrypts this entire packet it sees that the data is junk and so it comes to know that there is some problem in communication.
Here we have assumed that there is some application level understanding between  A and B like the port number. If A sends a packet at port number 25 and receives a packet at port number 35, then it will come to know that there is some problem. At the very least we have ensured that C cannot read the packets though it can block the communication.There is another much simpler method of exchanging keys which we now discuss :

Key Distribution Center

There is a central trusted node called the Key Distribution Center ( KDC ). Every node has a key which is shared between it and the KDC. Since no one else knows A's secret key (KA) KDC is sure that the message it received has come from A. We show the implementation through this diagram :
When A wants to communicate with B, it sends a message encrypted in it's key to the KDC. The KDC then sends a common key to both A and B encrypted in their respective keys. A and B can communicate safely using this key. There is a problem with this implementation also. It is prone to replay attack. The messages are in encrypted form and hence would not make sense to an intruder but they may be replayed to the listener again and again with the listener believing that the messages are from the correct source. To prevent this, we can use:
  • Timestamps: which however don't generally work because of the offset in time between machines. Synchronization over the network becomes a problem.
  • Nonce numbers: which are like ticket numbers. B accepts a message only if it has not seen this nonce number before.
Posted by at No comments:

Network Security

Network Security

Data on the network is analogous to possessions of a person. It has to be kept secure from others with malicious intent. This intent ranges from bringing down servers on the network to using people's private information like credit card numbers to sabotage of major organizations with a presence on a network. To secure data, one has to ensure that it makes sense only to those for whom it is meant. This is the case for data transactions where we want to prevent eavesdroppers from listening to and stealing data. Other aspects of security involve protecting user data on a computer by providing password restricted access to the data and maybe some resources so that only authorized people get to use these,  and identifying miscreants and thwarting their attempts to cause damage to the network among other things.
The various issues in ×Network security are as follows :
  1. Authentication: We have to check that the person who has requested for something or has sent an e-mail is indeed allowed to do so. In this process we will also look at how the person authenticates his identity to a remote machine.
  2. Integrity: We have to check that the message which we have received is indeed the message which was sent. Here CRC will not be enough because somebody may deliberately change the data. Nobody along the route should be able to change the data.
  3. Confidentiality: Nobody should be able to read the data on the way so we need Encryption
  4. Non-repudiation: Once we sent a message, there should be no way that we can deny sending it and we have to accept that we had sent it.
  5. Authorization: This refers to the kind of service which is allowed for a particular client. Even though a user is authenticated we may decide not to authorize him to use a particular service.
For authentication, if two persons know a secret then we just need to prove that no third person could have generated the message. But for Non-repudiation we need to prove that even the sender could not have generated the message. So authentication is easier than Non-repudiation. To ensure all this, we take the help of cryptography. We can have two kinds of encryption :
  1. Symmetric Key Encryption: There is a single key which is shared between the two users and the same key is used for encrypting and decrypting the message.
  2. Public Key Encryption: There are two keys with each user : a public key and a private key. The public key of a user is known to all but the private key is not known to anyone except the owner of the key. If a user encrypts a message in his private key then it can be decrypted by anyone by using the sender's public key. To send a message securely, we encrypt the message in the public key of the receiver which can only be decrypted by the user with his private key.
Symmetric key encryption is much faster and efficient in terms of performance. But it does not give us Non-repudiation. And there is a problem of how do the two sides agree on the key to be used assuming that the channel is insecure ( others may snoop on our packet ). In symmetric key exchange, we need some amount of public key encryption for authentication. However, in public key encryption, we can send the public key in plain text and so key exchange is trivial. But this does not authenticate anybody. So along with the public key, there needs to be a certificate. Hence we would need a public key infrastructure to distribute such certificates in the world.

Key Exchange in Symmetric Key Schemes

We will first look at the case where we can use public key encryption for this key exchange. . The sender first encrypts the message using the symmetric key. Then the sender encrypts the symmetric key first using it's private key and then using the receiver's public key. So we are doing the encryption twice. If we send the certificate also along with this then we have authentication also. So what we finally send looks like this :
Z :    Certificatesender + Publicreciever ( Privatesender ( Ek ) ) + Ek ( M )

Here Estands for the symmetric key and E( M ) for the message which has been encrypted in this symmetric key.However this still does not ensure integrity. The reason is that if there is some change in the middle element, then we will not get the correct key and hence the message which we decrypt will be junk. So we need something similar to CRC but slightly more complicated. This is because somebody might change the CRC and the message consistently. This function is called Digital Signature.

Digital Signatures

Suppose A has to send a message to B. A computes a hash function of the message and then sends this after encrypting it using its own private key. This constitutes the signature produced by A. B can now decrypt it, recompute the hash function of the message it has received and compare the two. Obviously, we would need the hash functions to be such that the probability of two messages hashing to the same value is extremely low. Also, it should be difficult to compute a message with the same hash function as another given message. Otherwise any intruder could replace the message with another that has the same hash value and leave the signatures intact leading to loss of integrity. So the message along with the digital signature looks like this :
Z + Privatesender ( Hash ( M ) )

Digital Certificates

In addition to using the public key we would like to have a guarantee of talking to a known person. We assume that there is an entity who is entrusted by everyone and whose public key is known to everybody. This entity gives a certificate to the sender having the sender's name, some other information and the sender's public key. This whole information is encrypted in the private key of this trusted entity. A person can decrypt this message using the public key of the trusted authority. But how can we be sure that the public key of the authority is correct ?   In this respect Digital signatures are like I-Cards. Let us ask ourselves the question : How safe are we with I-Cards? Consider a situation where you go to the bank and need to prove your identity. I-Card is used as a proof of your identity. It contains your signature. How does the bank know you did not make the I-Card yourselves? It needs some proof of that and in the case of I-Cards they contain a counter signature by the director for the purpose. Now how does the bank know the signature I claim to be of the director indeed belongs to him? Probably the director will also have an I-Card with a counter signature of a higher authority. Thus we will get a chain of signing authorities. Thus in addition to signing we need to prove that the signatures are genuine and for that purpose we would probably use multiple I-Cards each carrying a higher level of signature-counter signature pair.
So in order to distribute the public key of this authority we use certificates of higher authority and so on. Thus we get a tree structure where the each node needs the certificates of all nodes above it on the path to the root in order to be trusted. But at some level in the tree the public key needs to be known to everybody and should be trusted by everybody too.
Posted by at No comments:

Wireless Networks

Wireless Networks

Introduction

As the need of communication became more and more demanding, new technologies in the field of networks developed. One of them is the use of wireless networks. It is the transmission of data from source to destination without the use of wires as the physical media.

Why to use Wireless?

Three reasons may be stated for the over-growing use of wireless networks across the world:
  1. They are ubiquitous networks. As the do not require messy wires as a medium of communication, they can be used to connect far-off places.
  2. They are cheaper than wired networks specially in the case of long-distance communication.
  3. They are pretty effective and fast, especially with the modern advancements in this field.

Some Terms and Technologies:

ATM-Asynchronous Transfer Mode:
ATM is a connection-oriented switching technology. It was built to support ISDN (Integrated Services Digital Network). ISDN required high speed cables for both its narrow band (64 Kbps) and broad band (155 Mbps) transmission. There were two technologies available for transmitting data-
  1. Circuit Switching: In this technology, when a user makes a call, the resources are reserved for him.  The advantage of this technology is that it prevents collisions among various users. But the disadvantage is that it leads to inefficient utilization of bandwidth-- if the user fails to send data or if the transmission speed is faster than the speed of sending data. then most of the bandwidth is wasted.
  2. Packet Switching: In this technology, resources are never reserved for any particular user. The advantage of this technology is that it leads to efficient utilization of bandwidth i.e. the channel is never free until & unless there are no users, But the disadvantage is that it causes many collision.
ATM was built as a combination of the best features of these two. Also ATM provides QoS (Quality of Service) based on the following priority pattern:
  1. CBR-Constant Bit Rate: Jobs that can tolerate no delay are assigned the CBR priority.  These jobs are provided same number of bits every frame..   For example, viewing a video reel definitely requires some blocks in every frame.
  2. VBR-Variable Bit Rate: Jobs that may produce different sized packets at different times are assigned VBR priority. They are provided with a variable number of bits varying between  a maximum and a minimum in different frames. e.g.. a document may be compressed differently by different machines. Transmitting it will be a variable transmission.
  3. ABR-Available Bit Rate: This is the same as VBR except that it has only the minimum fixed. If there are no CBR or VBR jobs left, it can use the entire frame,
  4. UBR-Unavailable Bit Rate: These jobs are the least priority jobs. The network does not promise anything but simply tries its best  to transmit it.
WLAN-Wireless LAN
This is currently being used as dictated by the standards of IEEE 802.11. It can be installed at the medium access layer and the data transmission can occur using a converter to reach the wired LAN network.( IEEE 802.x)
 
WATM-Wireless ATM 
It is the wireless version of ATM.  It provides QoS. It is not yet available in market. because installing it will require the simultaneous installation of ATM infrastructure. It is currently being tested thoroughly.
Coupling of Networks:
The alternatives are:
  1. WLAN              LAN
  2. WATM             LAN
  3. WLAN             ATM
  4. WATM            ATM

  1. WLAN-LAN is the simplest of the above. According to the IEEE standards, the IEEE 802.11 (WLAN)  can be used with IEEE 802.x (LAN) as follows:
  2. WLAN-ATM- NOT FEASIBLE.
  3. WATM-LAN- NOT FEASIBLE because WATM requires an infrastructure of the type ATM
  4. WATM-ATM-this is also a simple scheme because WATM can run on ATM.

Issues involved in Wireless Networks

  • Cost and Speed: As it is being considered as an alternative to wired networks, it should be faster and cheaper.
  • Quality of Transmission: It gives a higher BER (Bit Error Rate). The BER is greater than 10  -6. This is caused because transmission quality depends highly on the physical media including landscape, weather etc.
  • RayLeigh Fading: The data has to travel the distance through a medium like air. Several rays of the same stream cause Rayleigh fading due to interference. This causes poor transmission.
  • Multipath Propagation: Similarly, due to multipath propagation, the signal received at the destination may be garbled.
  • Hand-Offs: If hand-offs are used i.e., hexagonal cells each having a base station and many mobile terminals, two Mobile terminals that are far enough can use the same bandwidth. This reuse of bandwidth is helpful.
  • Dynamic Physical Characteristics: The terminal may be mobile and constantly moving. Thus the distance between the base station and any active terminal may be constantly changing. This has to be taken into account while designing.
  • Practical Implementation: The practical implementation of any wireless network requires CSMA/CD for proper transmission. The range of any terminal is fixed. So, there may be two terminals that are out of range of each other. These are called HIDDEN TERMINALS. Collisions may be caused due to simultaneous sending of data from any two hidden terminals.  The HIDDEN TERMINAL PROBLEM should be overcome with the help of Base Station.
  • .Mobility and Network Topologies: Wireless networks should be effective enough to overcome the problems caused by the topology of the area and the mobility of the terminals
  • Frequency Allocation: Licensed & Unlicensed: For licensed networks, permission has to be taken from the authorities that grant you a fixed bandwidth which is not used by anybody else while unlicensed networking does not require any such permissions. It just provides with some unlicensed bands which can be used by anybody. Unlicensed bands may thus, cause collisions.
  • Capture Effect: If there are more than one terminals requiring the attention of the Base Station, the one nearer to the base station may capture it. This unfair access to the base station should be prevented.
  • Power Requirements and Battery: This problem arises for the Mobile Terminals that run battery or cells. Much dissipation of power  is caused when switching from receiving mode to sending mode and vice versa.
  • Human Safety: Not all bandwidths can be used . Also, the intensity should not be very high as it may lead to several complications in human body e.g.. cataract.

Wireless Physical Media

In the wireless physical media, three technologies are used:
  1. Transmission at ×Infrared frequency: This is easier to build and set-up. It is mainly used for indoor purposes because the beam has to be focussed and can't cross opaque media like walls etc.
  2. Transmission through Microwave: This is preferred as it requires low power consumption. (the bandwidth is fixed)  But the basic problem is that it requires Line-of-Sight. Also, it requires license.
  3. Transmission at Radio Frequency:  This is the one that is most familiar to us. The bandwidth is pretty large.

Integrity and Security of the signal

Spread Spectrum: To reduce the effect of noise signals, the bandwidth of the signal is increased tremendously. This is costly but assures better transmission. This is called SPREAD-SPECTRUM. This is used in two ways:
  • FHSS (Frequency hopping spread spectrum): The entire packet is not sent at the same bandwidth. Say, it is sent at frequency range A for  time T1, frequency range B for time T2, A for T1, B for T2 and so on. The receiver also knows this sequence and so, looks at A for time T1, then at B for time T2 and so on. Thus this sort of understanding between the sender   and receiver prevents the signal from being completely garbled .
  • DSSS (Direct Sequence Spread Spectrum): This involves sending of coded data  instead of the actual data. This code is known to the destination only which can decipher the data now.
The problem still left undealt is that of bursty errors. If there  is lot of traffic, interference may hinder  the Base Station from  receiving data for a burst of time. This is called "Bursty Errors".
Such problem are looked at by MAC-Medium Access Control.

MEDIUM ACCESS CONTROL

To control the traffic, various techniques are used. MAC  fulfills the following requirements:
  1. QoS Requirements:  It provides Quality of Service according to the priority of jobs.
  2. Error Control: Error handling is done using some codes.
  3. Frame Size: To transmit maximum data, we want the frame-size to be maximum but at the same time, large frame-size highly increases the probability of errors. So, MAC provides a tradeoff between the above two factors determining the size of the frame.
  4. Secure Transmission:  The data meant for a particular receiver is secured from others.
  5. Reasonable Transmission:  If the number of users increases, each should get reasonable service. MAC prevents unfair access to channel.
  6. Efficient utilization of Power:  If a transmitter is always on, it is continuously using power even if there is no data on the channel for it. This is reduced by sending the transmitter to "sleep mode" whenever the battery is going down. In this mode, the transmitter is unable to receive any data.

Architecture for Wireless Network

There are two types of architecture possible:
  1. AD-HOC NETWORK
  2. INFRASTRUCTURE NETWORK
The Ad-Hoc network can be set up anytime. It does not require a Base Station.  It is generally used for indoor purposes.
The Infrastructure network involves Base Station and Mobile Terminals. It provides uplink facility    ( link from MT to BS) and downlink facility (link from BS to MT).

THE MAC PROTOCOL

This protocol decides how to assign data slots to different users. The various policies it uses are:
  1. Fixed Assignment Policy
  2. Random Assignment Policy
  3. Centrally Controlled Policy
  4. Distributed Controlled Policy
  5. Hybrid Controlled Policy
Fixed Assignment Policy:
 In this policy, each terminal is assigned some sort of data slot to speak. It causes a fixed delay. It is done in 3 ways:
  1. TDMA (TIME DIVISION MULTIPLE ACCESS) :  Each user is given a fixed time to speak., after which the chance goes to another user. This cycle continues indefinitely.
  2. FDMA (FREQUENCY DIVISION MULTIPLE ACCESS): Each user is given a fixed bandwidth in which he can speak at all times.        
  3. CDMA (CODIVISION MULTIPLE ACCESS): Each user is given different frequencies at different times. This ensures that each user gets a fair amount of channel each time.
Also, sometimes, statistical multiple access is used in which a slot is assigned to a user only if it has data to send.

Random Assignment Policy
In this  policy, contention slots are provided to all the users. Problem may arise if the number of users increase drastically. The number of contention slots should be variable. This may cause some limiting of data slots but is necessary to prevent the derailment of the service .

Centrally Controlled Policy:
This is used in an infrastructure architecture.  It involves the participation of a Base Station which may assign slots and priorities(CNBR,VBR etc.) to all the users.

Distributed Controlled Policy:
This is used in Ad-Hoc architecture. The control is among the terminals which decide among themselves about who is going to speak first.

Hybrid Controlled Policy:
This combines the best features of centrally controlled and distributed controlled policies.

KINDS OF MAC PROTOCOLS:

There are two kinds of Mac protocols:
  1. FDD (Frequency Division Duplex) This provides two separate bandwidths for uplink and downlink transmission. This leads to inefficient utilization of bandwidth as there is  more  traffic on downlink than uplink
  2. TDD (Time Division Duplex) This provides an adoptive boundary between the uplink and downlink frequency which depends on the what is being used at that particular time. It works as follows:
Any mobile terminal can be in 3 states : empty state, request state and ready-to-transmit state.
  1. uplink-MT1 sends a random-access request to BS to communicate with MT2
  2. downlink: BS sends a b-bit access id to MT2
  3. uplink:  MT1 sends the packet
  4. downlink: BS sends the packet to MT2
The TDD is more in use now-a-days.
Posted by at No comments:

Firewalls

Firewalls

Introduction

This lecture discusses about security mechanisms in the Internet namely Firewall . In brief, It's a configuration of routers and networks placed between an organization's internal internet and a connection to an external internet to provide security. In other words, Firewall is a mechanism to provide limited access to machines either from the outside world to internal internet or from internal world to outside world. By, providing these security mechanisms, we are increasing the processing time before one can access a machine. So, there is a trade-off between security and ease of use. A firewall partitions an internet into two regions, referred to informally as the inside and outside.

                                                                                   __
                                                                                   |   | _________  Firewall
                  ______________________                     |   |             ____________________
                 |                                           |                     |   |             |                                      |
                 |                                           |                     |   |             |                                      |
                 |      Rest of Internet          |________     |   |_____   |      Intranet                   |
                 |                                           |                    |   |             |                                       |
                 |_____________________ |                    |   |             |___________________| 
                                                                                  |_|
                            Outside                                                                        Inside

Security Lapses
  • Vulnerable Services    - NFS :  A user should not be allowed to export certain files to the outside world and from the outside world also, someone should not be allowed to export our files.
  • Routing based attacks :  Some kind of ICMP message should not be allowed to enter my network. e.g.. Source routing and change route ICMP's.
  • Controlled access to our systems :  e.g.. Mail server and web pages should be accessible from outside but our individual PC's should not be accessible from the outside world.
  • Authentication : Encryption can be used between hosts on different networks.
  • Enhanced Privacy : Some applications should be blocked. e.g..  finger  ...
  • PING & SYN attack : Since these messages are send very frequently, therefore you won't be able to do anything except reply to these messages. So, I should not allow these messages to enter my network.
    So. whatever I provide for my security is called Firewall. It is a mechanism and not just a hardware or software.

Firewall Mechanisms

1. Network Policy : Here, we take into consideration, what services are allowed for outside and inside users and the services which are allowed can have additional restrictions. e.g.. I might be allowed to download things from the net but not upload i.e.. some outside users cannot download the things from our net. Some exceptional cases might be there which have to be handled separately. And if some new application comes up then , we choose an appropriate network policy.

2. Authentication mechanism  : An application can be designed which ask for a password for authentication.

3. Packet Filtering : Router have information about some particular packets which should not be allowed.
4. Application gateways : or proxy servers.

Certain Problems with Firewall

1. Complacency : There are lots of attacks on the firewall from internal users and therefore, it's limitations should be understood.
2. Encapsulated packets : An encapsulated packet is an IP packet within another IP packet. If we ask the router to drop encapsulated packets then, it will drop the multicast packets also.
3. Throughput :So, in order to check which packets are allowed and which are not, we are doing some processing which can be an overhead and thus affects throughput.

Authentication:

We can use the following mechanisms:
  • One time passwords:  passwords are used only once and then it changes. But only the user and the machine knows the changing passwords.
  • password aging : User are forced to change passwords after some time on regular intervals.
  • smart cards :  swipe through the PC.
  • biometrics : eyes or finger prints are used.

Packet Filtering :

Terms associated:
  • Source IP address
  • Destination IP address
  • Source port #
  • Destination port #
  • protocol
  • interface
      Many commercial routers offer a mechanism that augments normal routing and permits a manager to further control packet processing. Informally called a packet filter, the mechanism requires the manager to specify how the router should dispose of each datagram. For example, the manager might choose to filter (i.e.. block) all datagrams that come from a particular source or those used by a particular application, while choosing to route other datagrams to their destination.
     The term packet filter arises because the filtering mechanism does not keep a record of interaction or a history of previous datagrams. Instead, the filter considers each datagrams separately. When a datagram first arrives, the router passes the datagram through its packet filter before performing any other processing. If the filter rejects the datagram, the router drops it immediately.
    For example, normally I won't allow TFTP, openwin, RPC, rlogin, rsh packets to pass through the router whether from inside or outside and router just discard these packets. But I might put some restrictions on telnet, ftp, http, and smtp packets in order to pass through the router and therefore some processing is to be done before discarding or allowing these packets.
    Because TCP/IP does not dictate a standard for packet filters, each router vendor is free to choose the capabilities of their packet filter as well as the interface the manager uses to configure the filter. Some routers permit a manager  to configure separate filter actions for each interface, while others have a single configuration for all interfaces. Usually, when specifying datagrams that the filter should block, a manager can list any combination of source IP address, destination IP address, protocol, source protocol port number, and destination protocol port number.
    So, these filtering rules may become more tricky with complex network policies.
 
    Since, Filtering rules are based on port numbers, there is a problem with RPC applications. First, the number of well-known ports is large and growing. Thus, a manager would need to update such a list continually because a simple error of  omission could leave the firewall vulnerable. Second, much of the traffic on an internet does not travel to or from a well-known port. In addition to programmers who can choose port numbers for their private client-server applications, services like Remote Procedure Call (RPC) assigns port dynamically. Third, listing ports of well-known services leaves the firewall vulnerable to tunneling, a technique in which one datagram is temporarily encapsulated in another for transfer across part of an internet.
 

Relay Software (proxies) :

I can run multiple proxy on same machine. They may detect misuse by keeping loops. For example, some machine give login to Ph.D.. students. So, in this case it's better to keep proxy servers than to give login on those machines. But the disadvantage with this is that there are two connections for each process.
                _________                                __________
                |                 |                               |                  |
                |    User     |_______________|  Proxy       |___________    Outside
                | ________|              1.             |_________ |            2.
 

Various Firewall Considerations

1. Packet Filtering Firewall
This is the simplest design and it is considered when the network is small and user don't run many Intranet applications.
                                                    __________
                                                    |                    |
                Intranet  __________|   Router      |__________   Internet
                                                    |________ _ |
                                                               |
                                                               |
                                                            Filter
2. Dual home gateway
This gives least amount of flexibility. Instead of router, we have application gateways.
                                                     ______________
                                                     | Application      |
                   Inside   ________ _ |       level            |___________   Outside
                                                     |      gateway      |
                                                     |____________  |
                                                            proxy
 
3. Sreened host Firewall
It's the combination of the above two schemes. Some applications are allowed uninterrupted while some have to be screened. For any reasonable size network, Screened host firewall can get loaded.
                                      _________                                                ___________
                                     |                  |                                               |                    |
       Inside  _________| Router 1  |_______________________ | Router 2     |______  Outside
                                     |_________|                    |                         |__________ |
                                                                    ____|______
                                                                    |                    |
                                                                    |    Proxy      |
                                                                    |__________|
The problem with this is that there is only one proxy and thus, it may get overloaded. Therefore, to reduce load, we can use multiple screened host firewalls. And this is what normally used.
                             _________                                                                __________
                            |                  |                                                              |                    |
     Inside  _____ | Router 1  |______________________________  | Router 2     |_____Outside
                            |_________|             |                                               |__________ |
                                                     ____|____
                                                    |                 |
                                                    | Proxy 1   |      Proxy2   .......
                                                    |________ |
 

Modem pool

User can dial and open only a terminal server but he has to give a password. But TELNET and FTP client does not understand proxy. Therefore, people come out with Transparent proxy which means that I have some memory which keeps track of whether this packet was allowed earlier or not and therefore, I need not check this time. Client does not know that there is somebody who is checking my authentication.
So, transparent proxy is used only for checking the IP packets whereas proxy is used when many IP addresses are not available.

Private IP (PIP address)
It is an extension of transparent proxy. Here we also change the IP address (source address) to one of the allocated IP address and send it. So, the client does not know that the IP address has been changed, only the proxy server knows it. The machine that changes the IP address is Network address translator (NAT) . NAT also changes other things like CRC, TCP header checksum  ( this is calculated using pseudo IP header). NAT can also change the port number.
    e.g..   Port address translation
                                                                     ____________ 
                                               X  -------|                       |
                                                                    |      NAT         |
                                               Y  -------|___________ |
                    X1 , P1   ---->     G1 , Pa   (IP address, port #)
                    X1 , P2   ---->     G1 , Pb
                     Y  , P3    ---->     G1, Pc
I may not like to have global IP address because then, anybody can contact me inspite of these security measures. So, I work with Private IP. In that case, there has to be a one-to-one mapping between private IP and global IP.
Posted by at No comments:
Subscribe to: Posts (Atom)