Security of IP networks Flashcards
Which are, in general, the components that take care of network access? Which are their goals (in short)?
NASs (Network Access Server) and Authentication Servers
NAS goal: it has to authenticate the user, perform access control and, if access is given, provide access to the IP network.
AS goal: it perform 3 functions that are authentication, authorization and accounting
Which are the protocols that work in between end points and NAS? (general name and example)
Network Access Protocols (PAP, CHAP, EAP)
Which are the protocols that work in between NAS and AS? (general name and example)
Network Authentication Protocols (Radius, Diameter, Tacacs)
Modern network access schema
there is the last mile (that goes till the end point via WIFI, Ethernet, 3-4-5G, …) that communicates with the border element (base station (antenna), border gateway, access point) that in the end is connected with the core network where the authentication server is and that communicates with it via an authentication protocol.
PPP
Point-to-Point Protocol
It is able to encapsulate network packets (L3 -> IP) and transport them over a point-to-point link. This link can be both physical and virtual (virtual both on L2 and L3).
The PPP activation is made of 3 steps:
1. Link Control Protocl - LCP: it establishes, configures and tests the L2 connection. It can also negotiate the authentication protocol and the algorithm
2. authentication (optional) via a network access protocol (PAP, CHAP, EAP -> these protocols are not only used for PPP).
3. encapsulation of the L3 packet via a Network Control Protocol - NCP
The protocol configuration of point 2 is made using the Configuration Option that specifies:
- type (8 bit): option type
- length (8 bit): length of the option type
- authN protocol: protocol identifier
- [algorithm]: optional, algo identifier
example:
PAP: 3, 4, 0xC023
CHAP: 3, 5, 0xC223, 5
On which principles are the network authentication protocols based?
Triple A features:
* Authentication
* Authorization
* Accounting
PAP
Password Authentication Protocol
* the authentication process is made just once when the channel is created: it is made sending user-id and psw in clear -> really dangerous for both these reasons
* that means that it is subject to sniffing attack
* messages have an identifier to match Request and Response because messages could be lost
* for the same reason (packets can be lost) multiple requests have to be permitted
* the ID blocks replay attacks
* 2-way handshake
2-way handshake:
* Authenticate-Request: code + ID + length + peer-ID + peer-ID length + psw + psw length
* Authenticate-Response: code + ID + length + msg + msg length -> code = 2 is NAK, code = 3 is ACK
CHAP
Challenge Response Authentication Protocol
- the challenge is a nonce
- Symmetric CRA: password based, MD5
- the authN process is compulsory at the channel creation and the NAS can decide to repeate it during the transmission with a different challenge
- packets can be lost so the Authenticator must resend the challenge if there is no response
- there is the msgID field to match request and response-> no replay attacks
- the authenticator that offers both PAP and CHAP MUST offer CHAP first
- 3-way handshake protocol
3-way handshake protocol:
1. challenge: code + ID + length + challenge-size + challenge-value
2. response: code + ID + length + response-size + response-value -> response-value = md5(ID || psw || challenge-value)
3. result: code + ID + length
Microsoft implemented its own CHAP version: MS-CHAP
EAP
Extensible Authentication Protocol
It is a flexible L2 authentication framework.
EAP architecture:
* method Layer: TLS, SIM, …
* EAP layer
* media Layer: PPP, 802.x, …
- it uses an external authentication method that can be predefined (MD5-challenge, OTP, token card, …) or not (EAP-TLS, EAP-MD5, … )
- it has its own encapsulation protocol because at this level L3 packets are not yet available
- EAP does not assume that the link is physically secure (L2 link has no reliability) -> EAP methods must provide security on their own
EAP encapsulation protocol:
* independent of IP
* it supports any link layer (PPP, 802…)
* it uses NAK and ACK but there is not a transmission window
* it assumes that the packets arrived are in the right order. If they are not it doesn’t work
* there is retransmission but just for a limited number of times (3-5)
* no fragmentation: external EAP methods take care of matching the EAP MTU
MS-CHAP
Which are the AS duties and where do they come from?
NAS manufacturers claim that security is based on three functions:
1. authentication: an entity requires to be authenticated and this is permitted or not checking its credentials
2. authorization: determining if the authenticated entity can perform a given activity or gain access to resources/services
3. accounting: tracking network resource usege for audit support, billing purposes and capacity analysis
Authentication Servers have to perform these function by working together with multiple NASs
Which are the network authentication protocols?
- RADIUS
- Diameter
- Tacacs
Diameter
It is a RADIUS evolution that focuses on roaming between different ISPs and security by using IPsec and TLS.
Tacacs
It is theoretically better that RADIUS but it belong to CISCO so it has not gained a lot of acceptance
RADIUS
Remote Authentication Dial-IN User Service
- It is obv based on the triple AAA and for that reason supports authentication ,authorization and accounting.
- It supports access both via physical and virtual ports.
- There is a client-server schema between AS and NAS so there are secondary servers and the possibility for retransmission. Also the RADIUS server might act ass a proxy server towards other authentication servers AS
- Accounting and administration are centralized.
- port 1812/UDP for authentication and port 1813/UDP for accounting
- the user authentication is made via PAP, CHAP, EAP, token card
- RADIUS requests and responses are characterized by code + ID + length + authenticator + attributes in the TLV format
- the attributes are the ones for the authentication
Authenticator:
* useful to match request and response + to mask the password
* in Access-Request it is named the Request Authenticator and it is made of 16 Bytes randomly generated by the NAS
* in Access-reject/accept/challenge: it is named Response Authenticator and it is computed via a keyed digest: md5(code || id || length || request authenticator || attributes || secret)
RADIUS packet types:
* access-request: contain user’s access credentials
* access-challenge: to request additional nfo from the user
* access-reject
* access-accept: if authentication success the user needs network parameters
Possible attacks and security functionalities needed
* sniffing attacks beacuse the NAS request contains the psw
* psw enumeration (from fake NAS)
* AS subject to a DoS attack due to fake NAS requests
* fake AS response or change of its response
Needed properites:
* authN and confidentiality for NAS request
* authN + integrity for AS response
* ID to connect request and response
* server scalability (anti DoS)
How they are obtained:
- packet integrity and authN via a keyed-MD5 where the key is a shared secret -> clients without a key are ignored
psw XOR MD5(psw || authenticator) where the psw is NUL padded to a multiple of 128 bit
NAI
Network Access Identifier
* NAI = username[@realm]
* all devices must support NAI up to 72 bytes
* only ASCII characters < 128
Example: CHAP + RADIUS
image
IEEE 802.1x
- L2 architecture to manage network access control. It provides an authentication system, key management system and optional services such as authentication + encryption
- key management: IEEE 802.1x may derive key session to use in authentication, integrity and confidentiality. It uses standard algorithms for key derivation such as TLS
- used for devices that want to access a LAN or a WAN
- it is compulsory for a WLAN and optional for a LAN
It is made of three principal components:
1. Supplicant: the device that seeks to connect to the network. It directly communicated with the authentication server
2. Authenticator/etherNAS: typically a switch or an access point that acts as an intermediary (pass-through device), receiving credentials from the supplicant and forwarding them to an authentication server.
3. Authentication Server: verifies the supplicant’s credentials. Often, this role is served by a RADIUS server. There is a direct dialogue between the supplicant and th authentication server
For example, given RADIUS and EAP:
- supplicant - authenticator: EAPOL (the authenticator is a switch) or EAPOW (the authenticator is an access point) is used
- authenticator - auhtentication server: EAPOR
IEEE 802.1x: example of messages using EAPOL and EAPOR
- EAPOL start form the supplicant
- EAP-Request/Identity from the switch (auhtenticator)
- EAP-Response/Identity
- Radius-Access-Request
- Radius-Access-Challenge
- EAP-Request
- EAP-Response (credentials)
- Radius-Access-Request
- Radius-Access-Accept
- EAP-Success
Eduroam
It is an hierarchycal system that allows users to connect to the internet through the Wi-Fi network of any participating institution using the same login credentials (username and password) they would use at their home institution.
Eduroam uses IEEE 802.1X for network authentication combined with a RADIUS backend infrastructure to manage the exchange of user credentials between the home and visited institutions.
Which is the best OSI level to implement security?
- the upper we go in the stack, the more specific are the security functions (e.g. it’s possible to identify the user, commands, data) and independent from the underlying network … but we leave more room for DoS attacks
- the lower we go in the stack, the more quickly we can “expel” the intruders … but the fewer the data for the decision (e.g. only the MAC or IP addresses, no user identification, no commands)
DHCP in short
The Dynamic Host Configuration Protocol (DHCP) is a network management protocol used on IP networks whereby a DHCP server dynamically assigns an IP address and other network configuration parameters (such as netmask, default gateway, local nameserver, local DNS suffix…) to each device on a network.
It is non-authenticated an broadcast.
DHCP problems and related attacks
- non-authenticated (!!)
- broadcast (!)
- activation of a fake DHCP server is trivial because the DHCP request is L2 broadcast
Possible attacks from the fake DHCP server:
* denial-of-service by providing a wrong network configuration
* MITM that provides configuration with 2-bit subnet + gw equal attacker or that, if NAT is active, can intercept the replies too
* malicious name-address translation (e.g. for phishing, pharming)
DHCP protection (possible solutions)
Solution 1: some switches (e.g. Cisco) offer the following solutions:
* DHCPsnooping = only transmit replies from “trusted ports”
* IP guard = switching only IPs got from a DHCP server (but there is a limit to the number of recognized addresses)
Solution 2: RFC-3118 “Authentication for DHCP messages”
* use of HMAC-MD5 to authenticate the messages
* problem = key distribution and management (shared key!) -> rarely adopted
Which possibilities do we have to have security at a L3 level? Which are their principal features?
- end-to-end protection fro L3 homogeneus networks
- VPN
End-to-end protection
* data are secure as soon as they exit the end device (server/client)
* secure even if they pass through an unsecure net
* the only possible attacks are those inside the client or the server + DoS
* this is IPsec in transport mode
VPN
* it is an HW or SW technique to have a private secure net even using shared and untrusted channels and devices
* it can be implemented with 3 techniques: via private addressing, via protected routing (IP tunnel), via cryptographic protection of the packets (secure IP tunnel (IPsec in tunnel mode))
VPN via private addresses
The networks to be part of the VPN use non-public addresses so that they are unreachable from other networks (e.g. private IANA networks as per RFC-1918)
This protection can be easily defeated if somebody:
* guesses or discovers the addresses
* can sniff the packets during transmission
* has access to the communication devices
No protection for either of client, server, packets
VPN via tunnel
= VPN via protected routing
The routers encapsulate whole L3 packets as a payload inside another packet
* IP in IP
* IP over MPLS
* other (e.g. IP over TLS)
The routers perform access control to the VPN by ACL (Access Control List).
This protection can be defeated by anybody that manages a router or can sniff the packets during transmission. Packets can be read, manipulated and injected during transmission
Protection just for the server
No protection for client, packets
