Security Chapter 10 Copyright 2001 Prentice Hall.

Security

Chapter 10

Copyright 2001 Prentice Hall

Security

Hackers break into organizations from the outside

However, most security breaches are internal, by employees and ex-employees

3Network Security Threats

Interception If interceptor cannot read, have

confidentiality (privacy) If cannot modify without detection, have

message integrity


Impostors Claim to be someone else Need to authenticate the sender--prove

that they are who they claim to be

TruePerson

Impostor


Denial of Service (DOS) Attacks Overload system with a flood of

messages Or, send a single message that crashes

the machine


Remotely Log in as Root User Requires cracking the root login

password Then control the machine Read and/or steal information Damage data (erase hard disk) Create backdoor user account that will

let them in easily later

Root Login Command

7Security Threats

Content Threats

Application layer content may cause problems

VirusesIn many ways, most severe security

problem in corporations today

Must examine application messages

8Encryption

Encryption: Transforms Message so that Interceptor Cannot Read it

Plaintext (original message)Not necessarily text; Can be graphics, etc.

Plaintext Encryption Ciphertext Decryption Plaintext

MethodKey

MethodKey

TransmittedOriginalMessage

OriginalMessage

9Encryption

Encryption: Transforms Message so that Interceptor Cannot Read it Ciphertext (transformed) for

transmissionStream of ones and zeros for transmission


MethodKey

MethodKey


OriginalMessage

10Encryption

Encryption: Transforms Message so that Interceptor Cannot Read it

Receiver decrypts ciphertext back to plaintext


MethodKey

MethodKey


OriginalMessage

11Encryption

Encryption Requires a Method and a Key Encryption method is the specific

transformation process

Key is a string of bits used in the method

Get different ciphertext with different key


MethodKey

MethodKey


OriginalMessage

12Encryption

Encryption Requires a Method and a Key Method cannot be kept secret

Key must be kept secret


MethodKey

MethodKey


OriginalMessage

13Encryption: Key Length

Key can be “guessed” by exhaustive search Try all possible keys See which one decrypts the message


Long keys make exhaustive search difficult

Key is a string of bits (11000100010101)

If length is n bits, 2n tries may be needed

On average, need half this many

If key length is 8 bits, only 256 tries maximum


Long keys make exhaustive search difficult

Weak security: Today < 100 bits

Strong security: Today > 100 bits

Need for length will grow over time

Laws may limit export of strong security, sending strongly encrypted messages internationally

16Methods and Algorithms

Encryption Method Categories Two general ways of doing encryption Symmetric key versus public key

encryption

Encryption Method Algorithms Specific ways of doing encryption With symmetric key encryption: DES,

3DES, AES, IDEA, Blowfish, and RC5 algorithms

With public key encryption: RSA, elliptical curve cryptosystem (ECC), El Gamal

17Symmetric Key Encryption

Both sides use a single key to encrypt & decrypt When A send to B

A encrypts with the key, B decrypts with the key

When B sends to AB encrypts with the key, A decrypts with the

keyA

B

Symmetric Key


Symmetric key encryption and decryption processes are simple enough for fast encryption/decryption Fast enough for long messages

AB

Symmetric Key


Problem 1: Symmetric key must be distributed secretly between partners or interceptors can read subsequent messages

Key A

Key B

A

B


Problem 2: Need a different symmetric key for each business partner Or other partners could read messages Complicates symmetric key distribution

Key A

Key B

A

B


Problem: Need a different symmetric key for each business partner If there are N partners And if each needs to communicate with all

others Then N*(N-1)/2 keys must be distributed

Key A

Key B

A

B


Data Encryption Standard (DES) Extremely popular symmetric key algorithm

DES breaks the plaintext into blocks of 64 bits

It then encrypts each block of plaintext using a 64-bit key

However, it is proper to say that DES uses a 56-bit key, because 8 of the key bits are redundant (can be computed from the other 56)

56-bit key is small, giving inadequate strength for important transactions (OK for small ones)


Triple DES (3DES) Applies DES three times to encrypt

With 3 keys, get 168-bit effective key lengthEncrypt block with first keyDecrypt (yes, decrypt) result with second keyEncrypt result with third key; Send this ciphertext

DecryptionDecrypt ciphertext with third keyEncrypt (yes, encrypt) result with second keyDecrypt result with third key


Note: Encryption and Decryption often are Reversible

Usually, encrypt to get ciphertext and then decrypt to restore the plaintext

Some algorithms also can decrypt to get ciphertext and encrypt to restore plaintext

Both approaches transform the plaintext into ciphertext to give confidentiality (privacy), then unscramble the ciphertext back to the original plaintext


Triple DES (3DES) Can be done with 2 keys for 112-bit effective

key length

EncryptionEncrypt block with first keyDecrypt (yes, decrypt) result with second keyEncrypt result with first key again; Send this

ciphertext

DecryptionDecrypt received ciphertext with first keyEncrypt (yes, encrypt) result with second keyDecrypt result with first key again


DES is an old algorithm Developed in 1970s

3DES is merely a way of extending its life

Advanced Encryption System (AES)

Being developed by the U.S. National Institutes for Standards and Technology

Will be much stronger with longer keys

27Public Key Encryption

There are Two General Encryption Method Categories

Symmetric key encryption (just seen)

Public key encryption (next)

28Public Key Encryption Methods

Different keys for encryption and decryption

Encryption with receiver’s public key

Decryption with receiver’s private key

Once encrypted, sender cannot decrypt the ciphertext; does not have receiver’s private key


Public Key Private Key


Everyone has a public and private key

Keep the private key secret

Distribute the public key to everybody without security

PublicKey

PublicKey

PrivateKey


Then anyone can encrypt messages to you using your public key

But only you can decrypt the messages

PublicKey

PublicKey

PrivateKey

Encryption


Four Keys Needed for Two-Way Communication

Each side has a public and a private key

Each sends public key to other unsecurely

A BB’sPub Key

B’sPriv Key

A’sPriv Key

A’sPub Key



Encrypt with other party’s public key

Decrypt with own private key

A BB’sPub Key

B’sPriv Key

A’sPriv Key

A’sPub Key



Never refer to public and private keys without saying to whose public or private key you are referring

A BB’sPub Key

B’sPriv Key

A’sPriv Key

A’sPub Key


No need for separate secret key for each business partner

Greatly simplifies key management


Unfortunately, highly processing-intensive

100 times slower than symmetric key encryption

So can only encrypt small messages

Also, often can only encrypt messages about the size of the public key (typically a few thousand bits)

New

36Combining Public, Symmetric Key

Not competitors--Used Together in Practice

Public key is easy to distribute but can only be used for small messages

Symmetric key has key distribution problems but can be used for long messages

They have complementary strengths and weaknesses


Symmetric Key Encryption and Public Key Encryption are Complementary, not Competitors

Often, partners first communicate with public key encryption Including initial authentication

Public Key AuthenticationA B


Then one sides generates a symmetric key

Encrypts symmetric key with partner’s public key, sends to partner

Now, both sides have the symmetric key

SymmetricSessionKey

Public Key EncryptionA B


Afterward, both sides communicate with the symmetric key

This symmetric “session key” is good only for this session--single flow of communications

Symmetric Session KeyA B

40Public Key Algorithms

Public Key Encryption is a Method Category Must Use a Specific Public Key Algorithm

RSA Most widely used public key algorithm Patented, but public domain in October

2000

Elliptical Curve Cryptosystem (ECC) Can use smaller keys than RSA with same

degree of protection


If know someone’s public key, there is no known way to compute their private key faster than exhaustive search

If there was, public key encryption would be useless

This is a general concern for public key encryption because there is no proof that there is no possible way to compute the private key rapidly if a public key is known

42Privacy versus Authentication

Confidentiality (Privacy) Interceptors cannot read messages

Authentication: proving the sender’s identity The Problem of Impostors Uses encryption So encryption is not only for privacy and

confidentiality!

43Authentication

Authentication methods: Passwords

Most users pick short passwords that are easy to guess with exhaustive search

Users often pick passwords that are common words or repetitive letter combinations; Even easier to guess

Automated password cracking is very effective

44Authentication

Authentication methods: Passwords

Often, weak passwords protect more important systems

Users must be forced to pick long passwords containing case changes and numerals, such as Tri6Vial

45Authentication

Authentication methods Biometrics

Fingerprint analysis, iris analysis, etc.New and not standardized

Authentication CardPush into slot of a machineAlso must give password usually

Public Key AuthenticationProve that sender holds their private key,

which only they should know

46Authentication

Verifier is the party who wishes the other party to authenticate themselves

Applicant is the other party, which wishes to prove its identity

ApplicantApplicant VerifierVerifier

Prove Your

Identity

47Challenge-Response Authentication

Verifier sends the applicant a challenge message This challenge message is a string of

bits


ChallengeMessage


Applicant sends back a response message This is the challenge message

encrypted with the applicant’s private key


ResponseMessage


Verifier decrypts the response message with the true party’s public key If matches the challenge message, was

encrypted with the true party’s private key, which only the true party should know

Applicant is authenticated


ResponseMessage

ChallengeMessage

50Frequency of Authentication

Challenge-Response Authentication Only done initially Or done at most a few times during a

session

Digital Signature Authentication (next) Provides authentication for every message Called message-by-message authentication Also provides message integrity—proof that

the message has not been changed en route

51Public Key Authentication

Ultimate goal is to send an original plaintext message from the applicant to the verifier If security was not an issue, the

applicant simply would send it


OriginalPlaintext


Ultimate goal is to send an original plaintext message from the applicant to the verifier If only confidentiality was an issue,

would merely encrypt the original plaintext with a symmetric session key


CiphertextUsing

Symmetric Key


For authentication, also send a digital signature with each packet

First create a message digest (MD) A small binary string calculated on the

basis of all of the bits in the message

MessageMessageDigest

Calculation


First create a message digest (MD) Normally, use a process called hashing For a message of arbitrary size, hashing

produces a small number of predictable size

MD5: 128 bits SHA-1: 160 bits


Hash


First create a message digest (MD) Hashing is not reversible Cannot get back original message if you

know its hash Just done to produce something small

enough (message digest) to encrypt with public key encryption


Hash


Next create a digital signature Encrypt the message digest with

sender’s private key, which only the sender should be able to do

Also called signing the message digest with the sender’s private key

DigitalSignature

Encrypt withSender’s

Private Key

MessageDigest


Next create a digital signature

Encrypt message digest with sender’s private key, which only the sender should be able to do; creates the digital signature

Message digest is short, so public key encryption is not too burdensome

DigitalSignature


Private Key

MessageDigest


Note Message digest is a hash of the original

message MD is not encrypted Digital signature is what you get when

you encrypt the MD with public key encryption

Do not confuse the two

DigitalSignature


Private Key

MessageDigest


Encrypt combined message and digital signature with the symmetric session key and send to the receiver This gives confidentiality (privacy)

during transmission Easy to forget the encryption with the

symmetric session key

DigitalSignature

Message

Encrypt with symmetric session key


Receiver decrypts ciphertext with symmetric session key

Then decrypts digital signature with sender’s public key to get the original message digest

This is the transmitted message digest

DigitalSignature

Decrypt withSender’s

Public Key

TransmittedMessageDigest


Receiver then hashes the original plaintext, just as the sender did

This is the computed message digest

OriginalPlaintext

ComputedMessageDigest

Hashed


If the transmitted and computed message digests match, the sender is authenticated as being the true party

Because the digital signature was signed with the true party’ private key, as shown by decryption with the true party’s public key

Message Digestfrom Digital Signature

Message DigestComputed from

Original Plaintext


Digital Signature also Provides Message Integrity

Proof that the message has not been altered en route

If message has been changed by error or by an attacker, message digests will not match

Message Digestfrom Digital Signature

Message DigestComputed from

Original Plaintext

Digital Certificates

Public Key Deception

Digital Certificates

Certificate Authorities

Public Key Infrastructures (PKIs)

65Public Key Deception

Impostor Claims to be a True Party True party has a public and private key Impostor also has a public and private

key

Impostor sends impostor’s own public key to the verifier Says, “This is the true party’s public

key” This is the critical step in the deception


If verifier accepts the impostor’s public key as the true party’s public key,

Impostor will be authenticated through any public key authentication method, because their private key will work

Impostor can also decrypt messages sent by the verifier if these messages are encrypted with the impostor’s public key


Moral:

Public key encryption for privacy, confidentiality, authentication, and message integrity only works if

The verifier gets the true party’s public key independently of the applicant,

From a trusted third party

68Digital Certificates

Created by a Certificate Authority

Certificate authority is the trusted third party

CertificateAuthority

CertificateAuthority

AuthenticatedParty

AuthenticatedParty

DigitalCertificate

DigitalCertificate

69Certificate Authorities

Unfortunately, certificate authorities are not regulated

You must only use certificate authorities you trust

Company can be its own certificate authority for internal authentication among its hardware and software systems


Assert that a true party (named) has the public key contained in the digital certificate Provides a name-public key pair Therefore prevents public key deception Fields and content are standardized by

the ITU-T X.509 Standard


Each digital certificate has its own digital signature, signed (encrypted) by the private key of the certificate authority Provides message integrity so that an

impostor cannot change the name field in the digital certificate to its own


Certificate authorities may revoke digital certificates before the expiration date listed in the digital certificate Revoked certificate ID numbers are placed in a

certificate revocation list (CRL)

Verifier must check with the certificate authority to determine if a digital certificate is on the CRL

Without the CRL check, digital certificates do not support authentication


Recap

A digital signature gives the public key of a named party

This is needed for public key authentication, to prevent public key deception

However, a digital certificate alone does NOT provide authentication

Public Key Infrastructures (PKIs)

Private key creation and distribution

Digital certificate creation and distribution

Certificate Revocation List checking

75PKIs

To use public key methods, an organization must establish a comprehensive Public Key Infrastructure (PKI) A PKI automates most aspects of using

public key encryption and authentication

Uses a PKI Server PKIServer

76PKIs

PKI Server Creates Public Key-Private Key Pairs Distributes private keys to applicants

securely Often, private keys are embedded in

delivered software

PKIServer

Private Key

77PKIs

PKI Server Provides CRL Checks Distributes digital certificates to

verifiers Checks certificate revocation list before

sending digital certificates

PKIServer

Digital Certificate

78PKIs

CRL Checks If applicant gives verifier a digital

certificate, The verifier must check the certificate

revocation list

PKIServer

OK?

OK or Revoked

CRL

79Integrated Security System

When two parties communicate …

Their software usually handles the details

First, negotiate security methods

Then, authenticate one another

Then, exchange symmetric session key

Then can communicate securely using symmetric session key and message-by-message authentication

80SSL Integrated Security System

SSL Secure Sockets Layer Developed by Netscape

TLS (Since the book went to press) Netscape gave IETF control over SSL IETF renamed it TLS (Transport Layer

Security) Usually still called SSL

81Location of SSL

Below the Application Layer IETF views it at the transport layer Protects all application exchanges Not limited to any single application

WWW transactions, e-mail, etc.

SSL SSL

E-Mail WWW E-Mail WWW

82SSL Operation

Browser & Webserver Software Implement SSL User can be unaware

83SSL Operation

SSL ISS Process

Two sides negotiate security parameters

Webserver authenticates itself

Browser may authenticate itself but rarely does

Browser selects a symmetric session key, sends to webserver

Adds a digital signature and encrypts all messages with the symmetric key

84Importance of SSL

Supported by Almost All Browsers De facto standard for Internet application

security

Problems

Relatively weak security

Does not involve security on merchant server

Does not validate credit card numbers

Viewed as an available but temporary approach to consumer security

85Other ISSs

SSL is merely an example integrated security system

Many other ISSs exist IPsec (Chapter 9 and Module F) PPP and PPTP (Module F) Etc.

86Other ISSs

All ISSs have the same general steps

Negotiate security parameters

Authenticate the partners

Exchange a session key

Communicate with message-by-message privacy, authentication, and message integrity

Other Security Issues

Multi-Layer Security

Firewalls

Total Security

Intrusion Detection

Trust

88Multi-Layer Security

Security Can be Applied at Multiple Layers Simultaneously

Application layer security for database, e-mail, etc.

Transport layer: SSL

Internet layer: IPsec (Chapter 9, Module F)

Data link layer: PPTP, L2TP (Module F)

Physical layer: locks

89Multi-Layer Security

Applying security at 2 or more layers is good

If security is broken at one layer, the communication will still be secure

However, Security slows down processing Multi-Layer security slows down

processing at each layer

90Firewalls

Firewall sits between the corporate network and the Internet Prevents unauthorized access from the

Internet Facilitates internal users’ access to the

Internet

OKNo

Firewall

Access only ifAuthenticated

91Firewalls

Packet Filter Firewalls

Examine each incoming IP packet

Examine IP and TCP header fields

If bad behavior is detected, reject the packet

No sense of previous communication: analyzes each packet in isolation

IPFirewall

IP Packet

92Firewalls

Application (Proxy) Firewalls Filter based on application behavior Do not examine packets in isolation: use

historyIn HTTP, for example, do not accept a

response unless an HTTP request has just gone out to that site

Application

93Firewalls

Application (Proxy) Firewalls Hide internal internet addresses Internal user sends an HTTP request HTTP proxy program replaces user

internet address with proxy server’s IP address, sends to the webserver

HTTPRequest

Request with Proxy

Server’s IP Address

94Firewalls

Application (Proxy) Firewalls Webserver sends response to proxy

server, to proxy server IP address HTTP proxy server sends the IP packet

to the originating host Overall, proxy program acts on behalf of

the internal user

Response toProxy Server’s

IP Address

HTTPResponse

95Firewalls

Why Hide Internal IP Addresses? The first step in an attack usually is to

find potential victim hosts Sniffer programs read IP packet streams

for IP addresses of potential target hosts With proxy server, sniffers will not learn

IP addresses of internal hosts

False IP Address

HostIP Address

Sniffer

96Firewalls

Application Firewalls

Need a separate program (proxy) for each application

Not all applications have rules that allow filtering

97Total Security

Network Security is Only Part

Server Security

Hackers can take down servers with denial-of-service attack

Hacker can log in as root user and take over the server

Steal data, lock out legitimate users, etc.

98Total Security

Server Security

Occasionally, weakness are discovered in server operating systems

This knowledge is quickly disseminated

Known security weaknesses

99Total Security

Server Security

Server operating system (SOS) vendors create patches

Many firms do not download patches

This makes them vulnerable to hackers, who quickly develop tools to probe for and then exploit known weaknesses

100Total Security

Client PC Security

Known security weaknesses exist but patches are rarely downloaded

Users often have no passwords or weak passwords on their computer

Adversaries take over client PCs and can therefore take over control over SSL, other secure communication protocols

101Total Security

Application Software

May contain viruses

Must filter incoming messages

Database and other applications can add their own security with passwords and other protections

102Total Security

Managing Users

Often violate security procedures, making technical security worthless

Social engineering: attacker tricks user into violating security procedures

103Intrusion Detection

Intrusion detection software to detect and report intrusions as they are occurring

Needed

Lets organization stop intruders so that intruders do not have unlimited time to probe for weaknesses

Helps organization assess security threats

Audit logs list where intruder has been: vital in legal prosecution

104Trust

System A may trust System B Not check closely for security problems This reduces security processing costs If trusted system is taken over, disaster

Can exploit systems that trust it

System A System BNo

CloseCheck

Trust

105Trust

If System A trusts System B and System B trusts System C, System A often trusts system C Extreme disaster if highly trusted system is

taken overCan exploit many trusting systems

AB

C

Trust Trust

Trust

Security Chapter 10 Copyright 2001 Prentice Hall.

Documents

Transcript of Security Chapter 10 Copyright 2001 Prentice Hall.