1. securitybasics

8/8/2019 1. SecurityBasics

1/70

1

1

SecuritySecurity(Cryptography)(Cryptography)

BasicsBasics

In this session, we are going to talk about basic security and cryptographyconcepts. These are the basic concepts that you need, to understand andimplement security regardless of the platform or application architecture.For example, whether you are writing J2EE based application or not, youwould need to understand these concepts.

02/28/2006


2/70

2

2

Sang ShinSang [email protected]@sun.com

www.javapassion.com/j2eewww.javapassion.com/j2ee

Technology EvangelistTechnology Evangelis tSun Microsystems, Inc.Sun Microsystems, Inc.

02/28/2006


3/70

3

3

Disclaimer & Acknowledgments? Even though Sang Shin is a full-time employee

of Sun Microsystems, the contents here arecreated as his own personal endeavor and thusdoes not reflect any official stance of SunMicrosystems.

? Sun Microsystems is not responsible for anyinaccuracies in the contents.

? Acknowledgments

02/28/2006


4/70

4

4

Revision History? 05/26/1998: version 1, created (Sang)? 01/22/2003: version 2, contents reorganized (Sang)? 01/24/2003: version 3, speaker noted (Sang)? Things to do

Do add more slides on Certificates: what are certificates? why certificate-based authentication over password challenge scheme

02/28/2006


5/70

5

5

Agenda? What is and Why network security?

? What security services do we need?

? Cryptographic process? Public key vs. Secret key scheme

? Digital signing, Tamper-proofing & Encrypting? Security (Cryptographic) technologies

? Key distribution and management

Kerberos, Certificate? Security needs for E-commerce

So this is what we are going to talk about in this 60 minutes session. First, we will talkabout what is network security and why we need network security. Next, we will talkabout the security services which we will need to handle common security threats. Forexample, we will talk about authentication and authorization security services. Next, wewill briefly look at the cryptographic process, which is the basic underlying technology

for supporting all network security schemes.

Next, we will talk about public key and secret key schemes and how they are used in thecontext of cryptographic process.

Next, we will take a close look at three most important security schemes, digitalsigning, tamper-proofing (data integrity) and encrypting.

Next, we will spend some time looking into various network security technologies andget some sense as to how they work.

Next, we will look into key distribution and management issues. We will take a look atKerberos as the best key distribution technology for secret keys and Certificate basedkey distribution technology for public keys.

Finally I will talk about what unique challenges that e-commerce and b2b transactionswill have to overcome regarding network security.

02/28/2006


6/70

6

6

Securi ty/Cryptographic systems

? Focus of this talk? Network security? Distributed computing? Protection of network-based apps, data, resource

? Will not cover? Physical security? Stand-alone system security? Personnel issues?

Policy issues

The focus of this session is network security in a distributed computing environment.We are mainly concerned about how we protect network based applications, data andresources.

Even though non-network related security issues such as physical security and security

policies are important security issues on their own, those topics will not be addressed inthis talk.

02/28/2006


7/70

7

7

What is and WhyWhat is and WhyNetwork Secur ity?Network Secur ity?

So let's talk about what is network security? and why network securityis important?

02/28/2006


8/70

8

8

Why Network Security?

? for Distributed computing

Logical set of services distributed over the network

Physical security model (mainframe model) doesnot work anymore

? for Internet and Web

Increase of security threat in terms of both scaleand frequency

More stringent security for E-commerce and B2B

Why network security? When networks were not that pervasive, that is whencomputing devices were running in their own islands, it was rather easy to deal withsecurity. The only thing they needed to do was to lock the door.

Now, as more and more computing devices are getting connected and more and more

applications are being built as distributed applications, the physical security model haslost its significance.

The advent of the internet and the web has raised the scale and frequency of networksecurity threats.

02/28/2006


9/70

9

9

Common Security Threats? Identity interception? Masquerading? Replay attack? Data interception and manipulation? Repudiation? Denial of service

So what are the common security threats?

Identity interception means that someone might steal your identity and use it as theirown.

Masquerading. If you send your username and password in clear-text form, someonemight be able to grab it from the network and use it elsewhere with the intention ofperpetrating fraud.

Replay attack. They might capture your request of withdrawing 1000 dollars from yourbank account and then replay that request over the network.

Data interception and manipulation. If someone can read your credit card informationwhile it is on the wire, they could cause a lot of trouble for you.

Repudiation. When someone performs a transaction and then deny it later can be a bigproblem in e-commerce. For example, if you are manufacturer of something and youreceived a 1 million dollar purchase request from a customer, you will want to makesure that person does not deny it after the transaction has been completed.

We all know what denial of service means.

02/28/2006


10/70

10

10

What Securi ty ServicesDo we need?

We just looked at the most common network security threats. So whatkind of network security services do we need to address these threats?

02/28/2006


11/70

11

11

Security Needs of an Enterprise

? Single sign-on

Internet and intranet

? Controlled access to corporate information

? Secure business transaction over Internet

? Centralized, easy to use security admin tools? Transparency of security features

end users should not be exposed to the underlyingsecurity schemes

? Interoperable security systems Various PKI schemes, Kerberos

Before we get into generic network security services let's take a look at security needsfrom a typical enterprise customer. Not all of these needs are relevant to every situationand not all of these needs will be addressed by current technologies that we use. Forexample, single-sign-on is just beginning to be addressed. But this could be a good listto have when we think about how network security will evolve.

First, single sign on capability. The single-sign-on capability is needed not only withinthe intranet but also over the internet.

Next, controlled access to corporation information and secure business transaction overthe internet are still evolving. The need for centralized and easy to use securityadministration tools is becoming apparent. As more and more users, businessorganizations, applications and resources are getting connected over the network in avery dynamic environment, security management is becoming a daunting task. At thesame time there is the need for security transparency. What this means is that thesecurity should be hidden from end-users and seamlessly integrated into the underlyingframework.

Interoperability among various security systems are becoming an important issue againdue to the fact that more and more business organizations are interacting internallywithin their divisions and externally performing b2b transactions with their businesspartners.

02/28/2006


12/70

12

12

Network Security Needs

? Authentication (Identity verification)? Access control (Authorization)? Data confidentiality (Privacy)? Data integrity (Tamper-proofing)? Non-repudiation (Proof of transaction)? Auditing

What are the common network security needs? You have heard these terms many timesand you will hear them many more times today.

First, authentication provides a way of verifying a person's identity. Second, accesscontrol, sometimes referred to as authorization, basically ensures that only those with

proper access privilege, for a resource, can access that resource.

Data confidentiality, sometimes referred to as data privacy, will prevent anyone, otherthan the person for whom the data is intended, from reading the data.

Non-repudiation means making sure that there is a way to prove that a person, abusiness organization or even a program entity has performed a transaction.

Auditing refers to logging information about the transactions that have occurred.

02/28/2006


13/70

13

13

Authentication? Verification of identity

Making sure that a user (organization, softwareentity) is who he claims to be (or what it claimsto be)

Prevents Identity interception, Masquerading

? Schemes In a non-networking environment, your driver

license, with a picture, could be used to provethat you are who you claim to be

In a networking environment, digital signing isused to perform identity verification

Let us talk about authentication in a bit more detail.

Authentication is used to verify that the user (maybe an organization or a programentity) is who he claims to be. Authentication prevents identity interception andmasquerading.

How is the authentication scheme implemented? In a non-networking environment youcould show your driver license with your photo to prove your identity. In a networkingenvironment we use digital signing to accomplish that.

02/28/2006


14/70

14

14

Data Confidentiality (Privacy)? Protects the information on the wire from prying

eyes

? Schemes

Encrypting data by Cryptographic system? Clear text data + Key -> Encryption technology ->

Cyphertext

? Key could be either shared (secret, symmetric) key orpublic (asymmetric) key

Now we will talk about data confidentiality. Data confidentiality means to protect theinformation while it is on the wire.

In order to provide confidentiality of your data you can encrypt the data usingcryptographic technology.

How do you encrypt your data? Basically you apply an encryption algorithm to yourclear text data using an encryption key as a seed and the result is the encrypted data.

The key you use could be either a public key or a secret key. We will talk about prosand cons of each key scheme later on in this presentation.

02/28/2006


15/70

15

15

Access Control (Author ization)

? Specifies which who can access whatresources under what context

? Access control information can be maintainedby either directory service or the resourcesthemselves

File service, Database service (access controlinformation is maintained by resources themselves)

? Schemes ACLs- List of users and groups and their access

rights in LDAP server

XACML

Access control specifies who can access what resources under what context. The accesscontrol information can be maintained by the use of an external technology, likedirectory service, or by the resources themselves. A File system is an example of aresource maintaining its own the access control. For example, each file maintains itsown access permissions.

A popular access control scheme is to maintain an ACL (access control list). ACLspecifies what operations, a set of users or groups can perform on various resources.

02/28/2006


16/70

16

16

Data Integrity (Tamper-proofing)

? Prevents data tampering while data is onthe wire

Making sure data received by the receiver isthe same data sent by the sender

? Schemes Digital hashing (Digital Checksum, Message

Digest)

Usually this digital hash is used as base data

for digital signing? message digest can be a small fixed size of data

regardless of the size of original data

Data integrity means to prevent data tampering while it is on the wire. That is, to ensurethat the data received by the receiver is the same as the one sent by the sender. It issometimes called tamper-proofing.

The scheme for data integrity is digital hashing. Digital hashing is like creating a

digital checksum and it is sometimes called message digest.

One thing to note is that the message digest is used for digital signing.

02/28/2006


17/70

17

17

Non-repudiation

? Being able to prove to a 3rd-party that atransaction actually happened

Protects senders as well as recipients

? Schemes

In a non-networking environment, when youpurchase merchandise using your credit card, theretailer can prove that you made a purchase

In a networking environment, digital signing isused

Non repudiation means being able to prove to a 3rd-party that a transaction actuallyhappened. The non-repudiation protects both senders and receivers of the transactionrequest. For example, in a non-networking environment, let's say that you perform astock transaction with your brokerage house and buy 1000 shares of Ford. Yourbrokerage house will want to make sure you cannot deny the fact, later on, that you

performed the transaction. At the same time you will want to have a guarantee that yourbrokerage house cannot deny the fact that it received your transaction request. In thiscase the proof could be in the form of a signed paper or voice recording. In anetworking environment we will use digital signing to prove this.

02/28/2006


18/70

18

18

CryptographicProcess

Now let's spend sometime talking about how cryptographic process works.

02/28/2006


19/70

19

19

Terminology? Encrypt, Encipher, Encode: the process of

converting plaintext to ciphertext? Encryption algorithm: a particular mathematical

procedure of encrypting/decrypting? Key: information that is used to encrypt or decrypt

information in a distinctive way Secret Key (Symmetric, Shared)

Public Key (Asymmetric)

? Cryptography: mechanisms to protect

information by applying encryption to it thatare hard to reverse without secret knowledge

First, let's talk about the terminology. The process of converting plaintext intociphertext is called encrypting, enciphering or encoding. In this context, the termencrypting refers to converting plaintext into ciphertext and is not referring to theprocess of providing data confidentiality. So the term encryption and encipheringare used interchangeably here.

In order to understand the encryption process you have to understand two things -encryption algorithm and encryption key. Encryption algorithm is a mathematicalprocedure to encrypt or decrypt data. Encryption key is information that is fed to theencryption algorithm. Depending on the key, the outcome of the encryption would bedifferent. The key could be either a public/private key or a secret key.

02/28/2006


20/70

20

20

Cryptographic Process

M is the original message

Kenc is encryption key

M' is the scrambled message

Kdec is decryption key

It is hard to get M just byknowing M'

E and D are related suchthat

E(Kenc, M) = M'D(Kdec, M') = M

D(Kdec, E(Kenc, M)) = M

PlaintextM

CiphertextM'

Original PlaintextM

Kdec

Kenc

Decryption functionD

Encryption functionE

So how does cryptographic process work? The idea is rather simple. Let'ssay you have plaintext M. By providing the encryption key and theencryption function you get ciphertext, M'. The ciphertext can bedecrypted using a decryption function and a decryption key and the resultis the original text.

In cryptographic process the mathematical property is such that it ispractically impossible to derive M from M' unless the key is known.

02/28/2006


21/70

21

21

Cryptographic technologies

(based on Security layers)? Link layer encryption? Network layer encryption

? IPSEC, VPN, SKIP

? Transport layer? SSL, PCT(Private Communication Technology)

? Application layer? PEM (Privacy Enhanced Mail)

? PGP (Pretty Good Privacy)? SHTTP

Cryptographic process can be implemented at various layers starting from the link layerall the way up to the application layer. The most popular encryption scheme is SSL andit is implemented at the transport layer. If the encryption is done at the transport layer,any application that is running on the top of the transport layer can be protected.

02/28/2006


22/70

22

22

Public KeyPublic Keyversusversus

Secret keySecret key

Now let's talk about the public key and the secret key. The understanding,of how public and secret keys work and how they can work together, isvery important.

02/28/2006


23/70

23

23

Cryptographic Technologies -

Secret key vs. Public key? Key Management and distribution

Public key is easier to distribute than the secret key

? Encryption algorithms? Key length? Performance

Secret key scheme is much much faster

? Security services possible

Digital signing is only possible with public key? Suitability to intranet or internet

Public key

We have seen in the previous slide that cryptographic technologies can be categorizedbased on which network layer it is designed for. The other very important criteria is thekey scheme they employ in their cryptographic process. There are two prominent keyschemes - public/private key scheme, and secret key scheme.

The two key schemes are different in many respects. These are the reasons why youwould choose one key scheme over the other. First, they are different in terms of howkeys are managed and distributed. In fact this is a very important issue to think about.

Second, encryption algorithms are different. Key lengths are also different.

Encryption performance is different between the two schemes. Secret key basedencryption is much much faster than public/private key scheme. They provide differentsecurity services. For example, with secret key, you cannot provide authentication nornon-repudiation. Only public/private key scheme provide it. However, forconfidentiality, you can use either public/private key or secret key scheme.

Suitability of the schemes when used with the internet is also an issue. As we will talkabout later, secret key alone cannot be used over the internet, where there will bemillions of people, business organizations, even programs who want to communicatewithout having to make elaborate prior arrangements. In this case, you cannot use thesecret key scheme alone because it is almost impossible to have a mechanism that cangenerate and distribute a commonly agreed secret key.

02/28/2006


24/70

24

24

Secret Key Encryption? Sender and receiver share a secret key

Same secret key is used for both encryption anddecryption

? Pros

Fast and efficient

? Cons Secure distribution of keys is a problem: Not

suitable for Internet

02/28/2006


25/70

25

25

Public Key Encryption? Uses a pair of keys: one public, the other

private

Only private key needs to be kept secret

? The pair of keys is produced by amathematical algorithm

Its impossible to determine the value of theprivate key by knowing the public key

? One key is used for encryption and the other

is used for decryption

02/28/2006


26/70

26

26

Public Key Encryption (Cont.)

? Pros Easier key management and distribution

? No need to distribute secret key: More suitable forinternet

Digital signing is possible

Broader ISV, products support

? Cons Slower than secret key encryption

It is much more demanding on computing resources

Validation of public keys still needs to be done Certificate Authority (CA)

Revocation of a public key is difficult

02/28/2006


27/70

27

27

Public key and Secret key

schemes are used together? In real life the Public key and Secret key

schemes are used in tandem

SSL is a good example

? Public key

Exchange of session specific secret keys (SessionKey)

Easy key distribution, digital signing

?

Secret key Encryption of the user data

Performance

02/28/2006


28/70

28

28

Comparison of Key Schemes

? CryptographicArchitecture

? Basiccryptography

? Export controlfree

? Signatures,

Digests, etc.

? Key negotiationand encryptionare separate

? Best of bothapproaches

? Examples: SSL

Session Key

? Encryption anddecryption keysare the same

? Key distributionis an issue

? Private keycryptography is

faster? Examples:

DES, AES

Secret Key


? Basiccryptography


? Signatures,Digests, etc.

? Encryption anddecryption keysare same

? Key distributionis an issue

? Private keycryptography isslow

? Examples:DES, AES

Private KeyCryptography


? Basiccryptography


? Signatures,Digests, etc.

? Encryption anddecryption keysare different

? Key distributionis easier

? Public keycryptography isvery slow

? Examples:RSA

Public Key

02/28/2006


29/70

29

29

Digi tal Signing,Digi tal Signing,Tamper-proofing &Tamper-proofing &EncryptingEncrypting

02/28/2006


30/70

30

30

Digital Signing? Used for authentication (verifying an identity)

and non-repudiation

? Uses public/private key pair

? Steps for digital signing

Sender creates message digest from the data

Sender enciphers the message digest with hisprivate key

If receiver can decipher received message digest

with the senders public key, the data must be fromthe sender

02/28/2006


31/70

31

31

Encrypting? Used for data confidentiality

? Can use either public/private key pair orsecret (symmetric) key

? Steps for encrypting using public/private keypair

Sender encrypts data with receiver's public key.

Receiver then decrypts data with his private key.(Only he can decrypt it since only he knows his

private key.)

02/28/2006


32/70

32

32

Tamper-Proofing (Integrity)? Performed as part of digital signing

Sender creates message digest from the data to besent before signing

Receiver deciphers the signed message digest thathe received from the sender (as part ofauthentication)

Receiver also creates his own message digest fromthe data it received

Receiver then compares the one that he received

with the one that he created and sees if they match.If they match, then the data must not have been

changed.

02/28/2006


33/70

33

33

SecuritySecurity(Cryptographic)(Cryptographic)TechnologiesTechnologies

02/28/2006


34/70

34

34

Encryption Technology Issues for

both Secret and Public keys? Encryption Strength

? Algorithm? Key length? Implementation

? Key distribution/management

02/28/2006


35/70

35

35

Secret-key encryption algorithms

(Symmetric algorithms)? DES (Data Encryption Standard) - 56bit? Triple DES-112bit? IDEA (International Data Encryption Algorithm)

? 128bit key? More complex (complete) than DES but the speed is

comparable? Used in PGP

?

RC2 and RC4? Skipjack (Clipper)

? Two-master keys

02/28/2006


36/70

36

36

Public-key encryption algorithms

(Asymmetric algorithms)? Based on mathematical computations that are

easy to compute in one direction but arepractically impossible in the reverse direction? Diffie-Hellman(DH): Exponentiation is easy but

computing discrete logarithms from the resultingvalue is practically impossible

? RSA: Multiplication of two large prime numbers iseasy but factoring the resulting product is practically

impossible

02/28/2006


37/70

37

37

Diffie-Hellman (DH) algorithm? Private key and Public key generation

? Example between Alice and Bob

Each generates random number (private key),X & Y? X is private key of Alice

? Y is private key of Bob

Each exponentiates the shared public data A withtheir private key, generates a public key

? (A power of X) is the public key for Alice

? (A power of Y) is the public key for Bob

From public key, (A power of X) for Alice and (Apower of Y), it is impossible to guess private keys Xand Y

02/28/2006


38/70

38

38

Diffie-Hellman (DH) algorithm? Generation of common secret key is possible

Alice has? Private key of herself, X

? Public key of Bob, (A power of Y)

Bob has? Private key of himself, Y

? Public key of Alice, (A power of X)

The common secret key can be computed if eachexponentiate each other's public key with their

private key and they are the same? Alice - (A power of Y) power of X

? Bob - (A power of X) power of Y

02/28/2006


39/70

39

39

RSA algorithm? Used for authentication, data integrity, data

privacy and non-repudiation? Most widely used public key encryption

algorithm? SSL, PGP, PEM, RSA digital signatures

? P * Q = N, Private key is computed from P andQ. The Public key is N

? Foundation of PKCS (Public Key Cryptography

Standards)? Use of RSA and DES for strong authentication? Sun, Microsoft, Lotus endorsement

02/28/2006


40/70

40

40

Encryption Algorithm strength

? Public key encryption has not, for all practicalpurposes, been broken yet

? RSAs strength is based on the fact that it is notfeasible, for all practical purposes, to factornumbers containing 150 or more digits

02/28/2006


41/70

41

41

Key length? Directly related encryption strength

? If encryption algorithm cant be broken, the nextbest attack is to find the key by brute force

Algorithms are well-published

By being broken, I was referring to finding flaws inthe algorithm

? Keys protection rises exponentially with itslength

02/28/2006


42/70

42

42

Key length (Cont.)? Keys in public key encryption are longer than

ones in secret key encryption? Secret key encryptions

? DES (56 bits)? Triple DES (112 bits)? Skipjack (80 bits)? IDEA (128 bits)

? Public key encryptions?

Minimum 512 bits (150 decimal digits) up to 2048bits? Requires serious computing power

02/28/2006


43/70

43

43

Performance? Using public key to encrypt entire messages or

files is not practical from performanceperspective? Public key encryption isnt used to sign an entire

message but rather only the message digest

? DES is 100 times faster than public keyscheme using software and 1000 to 10,000times faster using hardware

? This is the reason why public key is used toexchange the secret key, which is then used toencrypt actual data

02/28/2006


44/70

44

44

Key Management &Key Management &DistributionDistribution(Kerberos, Cert if icate)(Kerberos, Cert ificate)

We learned that an encryption key plays a very important role incryptographic technology. Now the question is how do we distribute andmanage these keys?

02/28/2006


45/70

45

45

Key Management &Distribution? How keys are generated, stored, managed

and revoked

? How keys are distributed

? This is an issue to both secret and public keyencryption systems

Secret key: via Key Distribution Center (KDC),Kerberos

Public key: via Certificate (PKI)

Here is the list of issues that are relevant to key management and distribution.

First, how do we generate, store and manage these keys? How do we revoke thesekeys? These are all important issues in order to have viable security infrastructure.

Second, how do we distribute these keys? In fact, this is the key difference betweensecret key and public key schemes.

The following technologies have been identified and successfully used to provide keydistributions. For secret key distributions people have been using Kerberos which uses acentralized key distribution server. For public key distributions the concept of acertificate is very imprint to understand how key distribution and management tasks areperformed.

02/28/2006


46/70

46

46

Secret Key Management &

Distribution Techniques? Use public key encryption to exchange newly

generated secret key Diffie-Hellman (DH) key exchange or

Use RSA to send Secret key to the receiver

? Start out by using a previously agreed uponsecret key Immediately generate a new secret key, which is used

for data encryption for a specific period of time and then

generate a new secret key? Key Distribution Center (KDC) - ANSI X9.17,

Kerberos

02/28/2006


47/70

47

47

Key Distr ibution Center (KDC)? No need for a pair-wise key for every pair of

hosts? Each principal has a master key for

communicating with KDC? Scenario - Alice talking to Bob securely

? Alice asks for Session key from KDC? KDC uses random number generator to generate a fresh

Session key? KDC encrypts it with Alices and Bobs master keys?

KDC sends the encrypted Session keys to Alice? Alice sends the encrypted Session key with Bobs

master key to Bob? Now they have a common Session key

02/28/2006


48/70

48

48

Kerberos? Authenticates the identity of network principals

? Strong authentication Username/Current-time/encryption initial contact

Shared secret key between principals and KDC

Passwords never on the wire

Mutual authentication

? Single sign-on solution? Cross-realm operation? Delegation

02/28/2006


49/70

49

49

Kerberos (Cont.)? Holds a database of all principals and their

master keys? This database needs to be carefully protected

? Server needs to be physically secured? The master keys in the database are all encrypted

with the servers own private master key

? Never maintains the session key internally? Session key is kept in the encrypted ticket-granting-

ticket (TGT)? Immune to server crash

02/28/2006


50/70

50

50

Kerberos drawbacks? Each application needs to be kerberosized? Single point(s) of Security risk/failure

? KDC system (OS, file system) itself must be secure? Requires physically secure kerberos sever(s)? KDC master key needs to be highly protected? Potential performance bottleneck

? Kerberos v5 is not exportable (v4 is)

02/28/2006


51/70

51

51

Public key, Certificatemanagement/distribution? There is no secret key distribution problem? We still need a trusted 3 rd-party (CA) to validate

public keys? CA creates a Certificate for a certain user (Binding)? Certificate contains the users public key and ids? Public key is encrypted by CAs private key (CAs

signature)? Users then validate the Certificate by CAs public key

? Certificates can be transmitted over insecurenetwork and stored in insecure storage

02/28/2006


52/70

52

52

CertificatesCertificates

02/28/2006


53/70

53

53

Certificate Management issues

(PKI Operations)? Certificate generation? Certificate lifetime management? Certificate revocation (thorny issue)? Certificate publishing? Certificate storage

? Directory server, DNS, NIS, NIS+, even plain files

? Certificate distribution? Hierarchy of CAs

02/28/2006


54/70

54

54

Certificate formats? X.509

? Principal name

? Public key

? PGP (Pretty Good Privacy)

02/28/2006


55/70

55

55

Certificate distribution? Transparent distribution

? Directory service X.500, X.509

LDAP

? Key exchange IPSEC key management protocols: SKIP, ISAKMP

SSL, PCT

? Interactive distribution? Email requests

? Web sites? Finger requests

02/28/2006


56/70

56

56

Certificate Authority (CA)? Generates certificates? Signs certificates with its own private key? CA structures

? Single centralized CA Bottleneck

No flexibility to accommodate certificate policy

? Multiple Cas? Hierarchy of CAs

Delegation of certification generation authority

Root CA signs certificates of next level CAs

02/28/2006


57/70

57

57

PEM and PGP CA model? PEM (RFC 1422)

? One single global hierarchical structure? The root CA is the Internet Policy Registration

Authority(IPRA)? The next level CA is the Policy Creation

Authority(PRA)? The next level has the organizational Cas? Not much industry support

? PGP? Designed for individual users to authenticate each

other? Each individual is his own CA

02/28/2006


58/70

58

58

Server AuthenticationServer Authenticationby Browserby Browser

02/28/2006


59/70

59

59

Server authentication by Browser

? Server certificates are issued and signed by acommercial CA. For example, Verisign, Inc.

? The certificates of well-known CAs are pre-installed in every copy of browser

? You can add certificates of other CAs later on? When the browser connects to a secure SSL

server, the server will send its certificate to thebrowser client.

? The browser then validates it using the public key

of the well known CA of which it has priorknowledge? Transparent operation to end users

02/28/2006


60/70

60

60

CryptographicCryptographicTechnologies at theTechnologies at theIP LayerIP Layer

02/28/2006


61/70


62/70

62

62

Requirements for IP layersecurity? Cryptographic system designed specifically for

TCP/IP? Security services are between sites (or hosts) and

not between individuals or apps? Basis for VPN support? Designed to work over public and insecure Internet? Should accommodate existing TCP/IP apps?

Should accommodate existing Internetinfrastructure there should be no change inrouters or ISPs

02/28/2006


63/70

63

63

IPSEC (IP Security Protocol)? Originally was part of IPv6, but adapted to IPv4? Provides data integrity, data privacy services

? Authentication Header (AH): Digital checksum(MD5)

? Encapsulating Security Payload (ESP): Encryption(DES)

? Sender of IP packet specifies SecurityAssociation for each IP packet? Specification of the crypto method to be used? Keys to be used by the crypto methods? IP addresses of the sender and the receiver

02/28/2006


64/70

64

64

IPSEC key management? Manual keying? Simple Key Interchange Protocol (SKIP)

? Developed by Sun for VPN (SunScreen)? Designed for key exchange by special header? Special header (20 to 30 bytes) for every IP packet? Supports DH key exchange

? ISAKMP? Management of Security Associations as well as key

exchange? Supports Oakley

02/28/2006


65/70

65

65

Message DigestMessage Digest

02/28/2006


66/70

66

66

MD (Message Digest)? Calculating a checksum using mathematical

algorithms

? Properties

It is impossible to guess the original data from themessage digest

Regardless of the size of the original data theresulting message digest can be a fixed size

? This is the reason why it is used for digital signing

A change of a single bit in the original data will

result in a different message digest? Possibility of generating same message digest is

practically non-existent

What is a Message digest? Message digest is a checksum of a particular data and iscreated using some proven mathematical algorithm. The properties of the messagedigest are as mentioned above in the slide.

02/28/2006


67/70

67

67

MD (Message Digest) Standards

? MD4, MD5 (RFC 1320, 1321)? 128-bit digest from messages of any length? Developed by Ron Rivest

? SHA (Secure Hash Algorithm)? 160-bit digest? Developed by NIST? More secure but slower than MD4 and MD5

The most popular message digest standards are MD4 and MD5 and SHA (Secure hashalgorithm).

02/28/2006


68/70

68

68

Security Needs forSecurity Needs forE-commerceE-commerce

Now let's talk a little bit on security needs for e-commerce or b2btransaction over the internet.

02/28/2006


69/70

69

69

Secure Internet Communication

? Customer requirements? E-commerce? Business to business transaction? Secure access to corporate data

? Characteristics of Internet vs. Intranet? Millions of users with no prior contact? Data over insecure communication channel? No centralized controlling organization

? Functional requirement? Has to be fast and reliable

Security requirements for internet-scale e-commerce and b2b transactions are morestringent than the ones for intranet because of some differences. First, over the internet,the number of users, business organizations and even programs are communicating withtheir communicating partners typically without any previously established relationshipand also there is no centralized organization controlling the use of the internet.

02/28/2006


70/70

70

Passion!Passion!

02/28/2006

1. securitybasics

Documents