Download - 1. SecurityBasics
-
8/8/2019 1. SecurityBasics
1/70
1
1
SecuritySecurity(Cryptography)(Cryptography)
BasicsBasics
In this session, we are going to talk about basic security and cryptographyconcepts. These are the basic concepts that you need, to understand andimplement security regardless of the platform or application architecture.For example, whether you are writing J2EE based application or not, youwould need to understand these concepts.
02/28/2006
-
8/8/2019 1. SecurityBasics
2/70
2
2
Sang ShinSang [email protected]@sun.com
www.javapassion.com/j2eewww.javapassion.com/j2ee
Technology EvangelistTechnology Evangelis tSun Microsystems, Inc.Sun Microsystems, Inc.
02/28/2006
-
8/8/2019 1. SecurityBasics
3/70
3
3
Disclaimer & Acknowledgments? Even though Sang Shin is a full-time employee
of Sun Microsystems, the contents here arecreated as his own personal endeavor and thusdoes not reflect any official stance of SunMicrosystems.
? Sun Microsystems is not responsible for anyinaccuracies in the contents.
? Acknowledgments
02/28/2006
-
8/8/2019 1. SecurityBasics
4/70
4
4
Revision History? 05/26/1998: version 1, created (Sang)? 01/22/2003: version 2, contents reorganized (Sang)? 01/24/2003: version 3, speaker noted (Sang)? Things to do
Do add more slides on Certificates: what are certificates? why certificate-based authentication over password challenge scheme
02/28/2006
-
8/8/2019 1. SecurityBasics
5/70
5
5
Agenda? What is and Why network security?
? What security services do we need?
? Cryptographic process? Public key vs. Secret key scheme
? Digital signing, Tamper-proofing & Encrypting? Security (Cryptographic) technologies
? Key distribution and management
Kerberos, Certificate? Security needs for E-commerce
So this is what we are going to talk about in this 60 minutes session. First, we will talkabout what is network security and why we need network security. Next, we will talkabout the security services which we will need to handle common security threats. Forexample, we will talk about authentication and authorization security services. Next, wewill briefly look at the cryptographic process, which is the basic underlying technology
for supporting all network security schemes.
Next, we will talk about public key and secret key schemes and how they are used in thecontext of cryptographic process.
Next, we will take a close look at three most important security schemes, digitalsigning, tamper-proofing (data integrity) and encrypting.
Next, we will spend some time looking into various network security technologies andget some sense as to how they work.
Next, we will look into key distribution and management issues. We will take a look atKerberos as the best key distribution technology for secret keys and Certificate basedkey distribution technology for public keys.
Finally I will talk about what unique challenges that e-commerce and b2b transactionswill have to overcome regarding network security.
02/28/2006
-
8/8/2019 1. SecurityBasics
6/70
6
6
Securi ty/Cryptographic systems
? Focus of this talk? Network security? Distributed computing? Protection of network-based apps, data, resource
? Will not cover? Physical security? Stand-alone system security? Personnel issues?
Policy issues
The focus of this session is network security in a distributed computing environment.We are mainly concerned about how we protect network based applications, data andresources.
Even though non-network related security issues such as physical security and security
policies are important security issues on their own, those topics will not be addressed inthis talk.
02/28/2006
-
8/8/2019 1. SecurityBasics
7/70
7
7
What is and WhyWhat is and WhyNetwork Secur ity?Network Secur ity?
So let's talk about what is network security? and why network securityis important?
02/28/2006
-
8/8/2019 1. SecurityBasics
8/70
8
8
Why Network Security?
? for Distributed computing
Logical set of services distributed over the network
Physical security model (mainframe model) doesnot work anymore
? for Internet and Web
Increase of security threat in terms of both scaleand frequency
More stringent security for E-commerce and B2B
Why network security? When networks were not that pervasive, that is whencomputing devices were running in their own islands, it was rather easy to deal withsecurity. The only thing they needed to do was to lock the door.
Now, as more and more computing devices are getting connected and more and more
applications are being built as distributed applications, the physical security model haslost its significance.
The advent of the internet and the web has raised the scale and frequency of networksecurity threats.
02/28/2006
-
8/8/2019 1. SecurityBasics
9/70
9
9
Common Security Threats? Identity interception? Masquerading? Replay attack? Data interception and manipulation? Repudiation? Denial of service
So what are the common security threats?
Identity interception means that someone might steal your identity and use it as theirown.
Masquerading. If you send your username and password in clear-text form, someonemight be able to grab it from the network and use it elsewhere with the intention ofperpetrating fraud.
Replay attack. They might capture your request of withdrawing 1000 dollars from yourbank account and then replay that request over the network.
Data interception and manipulation. If someone can read your credit card informationwhile it is on the wire, they could cause a lot of trouble for you.
Repudiation. When someone performs a transaction and then deny it later can be a bigproblem in e-commerce. For example, if you are manufacturer of something and youreceived a 1 million dollar purchase request from a customer, you will want to makesure that person does not deny it after the transaction has been completed.
We all know what denial of service means.
02/28/2006
-
8/8/2019 1. SecurityBasics
10/70
10
10
What Securi ty ServicesDo we need?
We just looked at the most common network security threats. So whatkind of network security services do we need to address these threats?
02/28/2006
-
8/8/2019 1. SecurityBasics
11/70
11
11
Security Needs of an Enterprise
? Single sign-on
Internet and intranet
? Controlled access to corporate information
? Secure business transaction over Internet
? Centralized, easy to use security admin tools? Transparency of security features
end users should not be exposed to the underlyingsecurity schemes
? Interoperable security systems Various PKI schemes, Kerberos
Before we get into generic network security services let's take a look at security needsfrom a typical enterprise customer. Not all of these needs are relevant to every situationand not all of these needs will be addressed by current technologies that we use. Forexample, single-sign-on is just beginning to be addressed. But this could be a good listto have when we think about how network security will evolve.
First, single sign on capability. The single-sign-on capability is needed not only withinthe intranet but also over the internet.
Next, controlled access to corporation information and secure business transaction overthe internet are still evolving. The need for centralized and easy to use securityadministration tools is becoming apparent. As more and more users, businessorganizations, applications and resources are getting connected over the network in avery dynamic environment, security management is becoming a daunting task. At thesame time there is the need for security transparency. What this means is that thesecurity should be hidden from end-users and seamlessly integrated into the underlyingframework.
Interoperability among various security systems are becoming an important issue againdue to the fact that more and more business organizations are interacting internallywithin their divisions and externally performing b2b transactions with their businesspartners.
02/28/2006
-
8/8/2019 1. SecurityBasics
12/70
12
12
Network Security Needs
? Authentication (Identity verification)? Access control (Authorization)? Data confidentiality (Privacy)? Data integrity (Tamper-proofing)? Non-repudiation (Proof of transaction)? Auditing
What are the common network security needs? You have heard these terms many timesand you will hear them many more times today.
First, authentication provides a way of verifying a person's identity. Second, accesscontrol, sometimes referred to as authorization, basically ensures that only those with
proper access privilege, for a resource, can access that resource.
Data confidentiality, sometimes referred to as data privacy, will prevent anyone, otherthan the person for whom the data is intended, from reading the data.
Non-repudiation means making sure that there is a way to prove that a person, abusiness organization or even a program entity has performed a transaction.
Auditing refers to logging information about the transactions that have occurred.
02/28/2006
-
8/8/2019 1. SecurityBasics
13/70
13
13
Authentication? Verification of identity
Making sure that a user (organization, softwareentity) is who he claims to be (or what it claimsto be)
Prevents Identity interception, Masquerading
? Schemes In a non-networking environment, your driver
license, with a picture, could be used to provethat you are who you claim to be
In a networking environment, digital signing isused to perform identity verification
Let us talk about authentication in a bit more detail.
Authentication is used to verify that the user (maybe an organization or a programentity) is who he claims to be. Authentication prevents identity interception andmasquerading.
How is the authentication scheme implemented? In a non-networking environment youcould show your driver license with your photo to prove your identity. In a networkingenvironment we use digital signing to accomplish that.
02/28/2006
-
8/8/2019 1. SecurityBasics
14/70
14
14
Data Confidentiality (Privacy)? Protects the information on the wire from prying
eyes
? Schemes
Encrypting data by Cryptographic system? Clear text data + Key -> Encryption technology ->
Cyphertext
? Key could be either shared (secret, symmetric) key orpublic (asymmetric) key
Now we will talk about data confidentiality. Data confidentiality means to protect theinformation while it is on the wire.
In order to provide confidentiality of your data you can encrypt the data usingcryptographic technology.
How do you encrypt your data? Basically you apply an encryption algorithm to yourclear text data using an encryption key as a seed and the result is the encrypted data.
The key you use could be either a public key or a secret key. We will talk about prosand cons of each key scheme later on in this presentation.
02/28/2006
-
8/8/2019 1. SecurityBasics
15/70
15
15
Access Control (Author ization)
? Specifies which who can access whatresources under what context
? Access control information can be maintainedby either directory service or the resourcesthemselves
File service, Database service (access controlinformation is maintained by resources themselves)
? Schemes ACLs- List of users and groups and their access
rights in LDAP server
XACML
Access control specifies who can access what resources under what context. The accesscontrol information can be maintained by the use of an external technology, likedirectory service, or by the resources themselves. A File system is an example of aresource maintaining its own the access control. For example, each file maintains itsown access permissions.
A popular access control scheme is to maintain an ACL (access control list). ACLspecifies what operations, a set of users or groups can perform on various resources.
02/28/2006
-
8/8/2019 1. SecurityBasics
16/70
16
16
Data Integrity (Tamper-proofing)
? Prevents data tampering while data is onthe wire
Making sure data received by the receiver isthe same data sent by the sender
? Schemes Digital hashing (Digital Checksum, Message
Digest)
Usually this digital hash is used as base data
for digital signing? message digest can be a small fixed size of data
regardless of the size of original data
Data integrity means to prevent data tampering while it is on the wire. That is, to ensurethat the data received by the receiver is the same as the one sent by the sender. It issometimes called tamper-proofing.
The scheme for data integrity is digital hashing. Digital hashing is like creating a
digital checksum and it is sometimes called message digest.
One thing to note is that the message digest is used for digital signing.
02/28/2006
-
8/8/2019 1. SecurityBasics
17/70
17
17
Non-repudiation
? Being able to prove to a 3rd-party that atransaction actually happened
Protects senders as well as recipients
? Schemes
In a non-networking environment, when youpurchase merchandise using your credit card, theretailer can prove that you made a purchase
In a networking environment, digital signing isused
Non repudiation means being able to prove to a 3rd-party that a transaction actuallyhappened. The non-repudiation protects both senders and receivers of the transactionrequest. For example, in a non-networking environment, let's say that you perform astock transaction with your brokerage house and buy 1000 shares of Ford. Yourbrokerage house will want to make sure you cannot deny the fact, later on, that you
performed the transaction. At the same time you will want to have a guarantee that yourbrokerage house cannot deny the fact that it received your transaction request. In thiscase the proof could be in the form of a signed paper or voice recording. In anetworking environment we will use digital signing to prove this.
02/28/2006
-
8/8/2019 1. SecurityBasics
18/70
18
18
CryptographicProcess
Now let's spend sometime talking about how cryptographic process works.
02/28/2006
-
8/8/2019 1. SecurityBasics
19/70
19
19
Terminology? Encrypt, Encipher, Encode: the process of
converting plaintext to ciphertext? Encryption algorithm: a particular mathematical
procedure of encrypting/decrypting? Key: information that is used to encrypt or decrypt
information in a distinctive way Secret Key (Symmetric, Shared)
Public Key (Asymmetric)
? Cryptography: mechanisms to protect
information by applying encryption to it thatare hard to reverse without secret knowledge
First, let's talk about the terminology. The process of converting plaintext intociphertext is called encrypting, enciphering or encoding. In this context, the termencrypting refers to converting plaintext into ciphertext and is not referring to theprocess of providing data confidentiality. So the term encryption and encipheringare used interchangeably here.
In order to understand the encryption process you have to understand two things -encryption algorithm and encryption key. Encryption algorithm is a mathematicalprocedure to encrypt or decrypt data. Encryption key is information that is fed to theencryption algorithm. Depending on the key, the outcome of the encryption would bedifferent. The key could be either a public/private key or a secret key.
02/28/2006
-
8/8/2019 1. SecurityBasics
20/70
20
20
Cryptographic Process
M is the original message
Kenc is encryption key
M' is the scrambled message
Kdec is decryption key
It is hard to get M just byknowing M'
E and D are related suchthat
E(Kenc, M) = M'D(Kdec, M') = M
D(Kdec, E(Kenc, M)) = M
PlaintextM
CiphertextM'
Original PlaintextM
Kdec
Kenc
Decryption functionD
Encryption functionE
So how does cryptographic process work? The idea is rather simple. Let'ssay you have plaintext M. By providing the encryption key and theencryption function you get ciphertext, M'. The ciphertext can bedecrypted using a decryption function and a decryption key and the resultis the original text.
In cryptographic process the mathematical property is such that it ispractically impossible to derive M from M' unless the key is known.
02/28/2006
-
8/8/2019 1. SecurityBasics
21/70
21
21
Cryptographic technologies
(based on Security layers)? Link layer encryption? Network layer encryption
? IPSEC, VPN, SKIP
? Transport layer? SSL, PCT(Private Communication Technology)
? Application layer? PEM (Privacy Enhanced Mail)
? PGP (Pretty Good Privacy)? SHTTP
Cryptographic process can be implemented at various layers starting from the link layerall the way up to the application layer. The most popular encryption scheme is SSL andit is implemented at the transport layer. If the encryption is done at the transport layer,any application that is running on the top of the transport layer can be protected.
02/28/2006
-
8/8/2019 1. SecurityBasics
22/70
22
22
Public KeyPublic Keyversusversus
Secret keySecret key
Now let's talk about the public key and the secret key. The understanding,of how public and secret keys work and how they can work together, isvery important.
02/28/2006
-
8/8/2019 1. SecurityBasics
23/70
23
23
Cryptographic Technologies -
Secret key vs. Public key? Key Management and distribution
Public key is easier to distribute than the secret key
? Encryption algorithms? Key length? Performance
Secret key scheme is much much faster
? Security services possible
Digital signing is only possible with public key? Suitability to intranet or internet
Public key
We have seen in the previous slide that cryptographic technologies can be categorizedbased on which network layer it is designed for. The other very important criteria is thekey scheme they employ in their cryptographic process. There are two prominent keyschemes - public/private key scheme, and secret key scheme.
The two key schemes are different in many respects. These are the reasons why youwould choose one key scheme over the other. First, they are different in terms of howkeys are managed and distributed. In fact this is a very important issue to think about.
Second, encryption algorithms are different. Key lengths are also different.
Encryption performance is different between the two schemes. Secret key basedencryption is much much faster than public/private key scheme. They provide differentsecurity services. For example, with secret key, you cannot provide authentication nornon-repudiation. Only public/private key scheme provide it. However, forconfidentiality, you can use either public/private key or secret key scheme.
Suitability of the schemes when used with the internet is also an issue. As we will talkabout later, secret key alone cannot be used over the internet, where there will bemillions of people, business organizations, even programs who want to communicatewithout having to make elaborate prior arrangements. In this case, you cannot use thesecret key scheme alone because it is almost impossible to have a mechanism that cangenerate and distribute a commonly agreed secret key.
02/28/2006
-
8/8/2019 1. SecurityBasics
24/70
24
24
Secret Key Encryption? Sender and receiver share a secret key
Same secret key is used for both encryption anddecryption
? Pros
Fast and efficient
? Cons Secure distribution of keys is a problem: Not
suitable for Internet
02/28/2006
-
8/8/2019 1. SecurityBasics
25/70
25
25
Public Key Encryption? Uses a pair of keys: one public, the other
private
Only private key needs to be kept secret
? The pair of keys is produced by amathematical algorithm
Its impossible to determine the value of theprivate key by knowing the public key
? One key is used for encryption and the other
is used for decryption
02/28/2006
-
8/8/2019 1. SecurityBasics
26/70
26
26
Public Key Encryption (Cont.)
? Pros Easier key management and distribution
? No need to distribute secret key: More suitable forinternet
Digital signing is possible
Broader ISV, products support
? Cons Slower than secret key encryption
It is much more demanding on computing resources
Validation of public keys still needs to be done Certificate Authority (CA)
Revocation of a public key is difficult
02/28/2006
-
8/8/2019 1. SecurityBasics
27/70
27
27
Public key and Secret key
schemes are used together? In real life the Public key and Secret key
schemes are used in tandem
SSL is a good example
? Public key
Exchange of session specific secret keys (SessionKey)
Easy key distribution, digital signing
?
Secret key Encryption of the user data
Performance
02/28/2006
-
8/8/2019 1. SecurityBasics
28/70
28
28
Comparison of Key Schemes
? CryptographicArchitecture
? Basiccryptography
? Export controlfree
? Signatures,
Digests, etc.
? Key negotiationand encryptionare separate
? Best of bothapproaches
? Examples: SSL
Session Key
? Encryption anddecryption keysare the same
? Key distributionis an issue
? Private keycryptography is
faster? Examples:
DES, AES
Secret Key
? CryptographicArchitecture
? Basiccryptography
? Export controlfree
? Signatures,Digests, etc.
? Encryption anddecryption keysare same
? Key distributionis an issue
? Private keycryptography isslow
? Examples:DES, AES
Private KeyCryptography
? CryptographicArchitecture
? Basiccryptography
? Export controlfree
? Signatures,Digests, etc.
? Encryption anddecryption keysare different
? Key distributionis easier
? Public keycryptography isvery slow
? Examples:RSA
Public Key
02/28/2006
-
8/8/2019 1. SecurityBasics
29/70
29
29
Digi tal Signing,Digi tal Signing,Tamper-proofing &Tamper-proofing &EncryptingEncrypting
02/28/2006
-
8/8/2019 1. SecurityBasics
30/70
30
30
Digital Signing? Used for authentication (verifying an identity)
and non-repudiation
? Uses public/private key pair
? Steps for digital signing
Sender creates message digest from the data
Sender enciphers the message digest with hisprivate key
If receiver can decipher received message digest
with the senders public key, the data must be fromthe sender
02/28/2006
-
8/8/2019 1. SecurityBasics
31/70
31
31
Encrypting? Used for data confidentiality
? Can use either public/private key pair orsecret (symmetric) key
? Steps for encrypting using public/private keypair
Sender encrypts data with receiver's public key.
Receiver then decrypts data with his private key.(Only he can decrypt it since only he knows his
private key.)
02/28/2006
-
8/8/2019 1. SecurityBasics
32/70
32
32
Tamper-Proofing (Integrity)? Performed as part of digital signing
Sender creates message digest from the data to besent before signing
Receiver deciphers the signed message digest thathe received from the sender (as part ofauthentication)
Receiver also creates his own message digest fromthe data it received
Receiver then compares the one that he received
with the one that he created and sees if they match.If they match, then the data must not have been
changed.
02/28/2006
-
8/8/2019 1. SecurityBasics
33/70
33
33
SecuritySecurity(Cryptographic)(Cryptographic)TechnologiesTechnologies
02/28/2006
-
8/8/2019 1. SecurityBasics
34/70
34
34
Encryption Technology Issues for
both Secret and Public keys? Encryption Strength
? Algorithm? Key length? Implementation
? Key distribution/management
02/28/2006
-
8/8/2019 1. SecurityBasics
35/70
35
35
Secret-key encryption algorithms
(Symmetric algorithms)? DES (Data Encryption Standard) - 56bit? Triple DES-112bit? IDEA (International Data Encryption Algorithm)
? 128bit key? More complex (complete) than DES but the speed is
comparable? Used in PGP
?
RC2 and RC4? Skipjack (Clipper)
? Two-master keys
02/28/2006
-
8/8/2019 1. SecurityBasics
36/70
36
36
Public-key encryption algorithms
(Asymmetric algorithms)? Based on mathematical computations that are
easy to compute in one direction but arepractically impossible in the reverse direction? Diffie-Hellman(DH): Exponentiation is easy but
computing discrete logarithms from the resultingvalue is practically impossible
? RSA: Multiplication of two large prime numbers iseasy but factoring the resulting product is practically
impossible
02/28/2006
-
8/8/2019 1. SecurityBasics
37/70
37
37
Diffie-Hellman (DH) algorithm? Private key and Public key generation
? Example between Alice and Bob
Each generates random number (private key),X & Y? X is private key of Alice
? Y is private key of Bob
Each exponentiates the shared public data A withtheir private key, generates a public key
? (A power of X) is the public key for Alice
? (A power of Y) is the public key for Bob
From public key, (A power of X) for Alice and (Apower of Y), it is impossible to guess private keys Xand Y
02/28/2006
-
8/8/2019 1. SecurityBasics
38/70
38
38
Diffie-Hellman (DH) algorithm? Generation of common secret key is possible
Alice has? Private key of herself, X
? Public key of Bob, (A power of Y)
Bob has? Private key of himself, Y
? Public key of Alice, (A power of X)
The common secret key can be computed if eachexponentiate each other's public key with their
private key and they are the same? Alice - (A power of Y) power of X
? Bob - (A power of X) power of Y
02/28/2006
-
8/8/2019 1. SecurityBasics
39/70
39
39
RSA algorithm? Used for authentication, data integrity, data
privacy and non-repudiation? Most widely used public key encryption
algorithm? SSL, PGP, PEM, RSA digital signatures
? P * Q = N, Private key is computed from P andQ. The Public key is N
? Foundation of PKCS (Public Key Cryptography
Standards)? Use of RSA and DES for strong authentication? Sun, Microsoft, Lotus endorsement
02/28/2006
-
8/8/2019 1. SecurityBasics
40/70
40
40
Encryption Algorithm strength
? Public key encryption has not, for all practicalpurposes, been broken yet
? RSAs strength is based on the fact that it is notfeasible, for all practical purposes, to factornumbers containing 150 or more digits
02/28/2006
-
8/8/2019 1. SecurityBasics
41/70
41
41
Key length? Directly related encryption strength
? If encryption algorithm cant be broken, the nextbest attack is to find the key by brute force
Algorithms are well-published
By being broken, I was referring to finding flaws inthe algorithm
? Keys protection rises exponentially with itslength
02/28/2006
-
8/8/2019 1. SecurityBasics
42/70
42
42
Key length (Cont.)? Keys in public key encryption are longer than
ones in secret key encryption? Secret key encryptions
? DES (56 bits)? Triple DES (112 bits)? Skipjack (80 bits)? IDEA (128 bits)
? Public key encryptions?
Minimum 512 bits (150 decimal digits) up to 2048bits? Requires serious computing power
02/28/2006
-
8/8/2019 1. SecurityBasics
43/70
43
43
Performance? Using public key to encrypt entire messages or
files is not practical from performanceperspective? Public key encryption isnt used to sign an entire
message but rather only the message digest
? DES is 100 times faster than public keyscheme using software and 1000 to 10,000times faster using hardware
? This is the reason why public key is used toexchange the secret key, which is then used toencrypt actual data
02/28/2006
-
8/8/2019 1. SecurityBasics
44/70
44
44
Key Management &Key Management &DistributionDistribution(Kerberos, Cert if icate)(Kerberos, Cert ificate)
We learned that an encryption key plays a very important role incryptographic technology. Now the question is how do we distribute andmanage these keys?
02/28/2006
-
8/8/2019 1. SecurityBasics
45/70
45
45
Key Management &Distribution? How keys are generated, stored, managed
and revoked
? How keys are distributed
? This is an issue to both secret and public keyencryption systems
Secret key: via Key Distribution Center (KDC),Kerberos
Public key: via Certificate (PKI)
Here is the list of issues that are relevant to key management and distribution.
First, how do we generate, store and manage these keys? How do we revoke thesekeys? These are all important issues in order to have viable security infrastructure.
Second, how do we distribute these keys? In fact, this is the key difference betweensecret key and public key schemes.
The following technologies have been identified and successfully used to provide keydistributions. For secret key distributions people have been using Kerberos which uses acentralized key distribution server. For public key distributions the concept of acertificate is very imprint to understand how key distribution and management tasks areperformed.
02/28/2006
-
8/8/2019 1. SecurityBasics
46/70
46
46
Secret Key Management &
Distribution Techniques? Use public key encryption to exchange newly
generated secret key Diffie-Hellman (DH) key exchange or
Use RSA to send Secret key to the receiver
? Start out by using a previously agreed uponsecret key Immediately generate a new secret key, which is used
for data encryption for a specific period of time and then
generate a new secret key? Key Distribution Center (KDC) - ANSI X9.17,
Kerberos
02/28/2006
-
8/8/2019 1. SecurityBasics
47/70
47
47
Key Distr ibution Center (KDC)? No need for a pair-wise key for every pair of
hosts? Each principal has a master key for
communicating with KDC? Scenario - Alice talking to Bob securely
? Alice asks for Session key from KDC? KDC uses random number generator to generate a fresh
Session key? KDC encrypts it with Alices and Bobs master keys?
KDC sends the encrypted Session keys to Alice? Alice sends the encrypted Session key with Bobs
master key to Bob? Now they have a common Session key
02/28/2006
-
8/8/2019 1. SecurityBasics
48/70
48
48
Kerberos? Authenticates the identity of network principals
? Strong authentication Username/Current-time/encryption initial contact
Shared secret key between principals and KDC
Passwords never on the wire
Mutual authentication
? Single sign-on solution? Cross-realm operation? Delegation
02/28/2006
-
8/8/2019 1. SecurityBasics
49/70
49
49
Kerberos (Cont.)? Holds a database of all principals and their
master keys? This database needs to be carefully protected
? Server needs to be physically secured? The master keys in the database are all encrypted
with the servers own private master key
? Never maintains the session key internally? Session key is kept in the encrypted ticket-granting-
ticket (TGT)? Immune to server crash
02/28/2006
-
8/8/2019 1. SecurityBasics
50/70
50
50
Kerberos drawbacks? Each application needs to be kerberosized? Single point(s) of Security risk/failure
? KDC system (OS, file system) itself must be secure? Requires physically secure kerberos sever(s)? KDC master key needs to be highly protected? Potential performance bottleneck
? Kerberos v5 is not exportable (v4 is)
02/28/2006
-
8/8/2019 1. SecurityBasics
51/70
51
51
Public key, Certificatemanagement/distribution? There is no secret key distribution problem? We still need a trusted 3 rd-party (CA) to validate
public keys? CA creates a Certificate for a certain user (Binding)? Certificate contains the users public key and ids? Public key is encrypted by CAs private key (CAs
signature)? Users then validate the Certificate by CAs public key
? Certificates can be transmitted over insecurenetwork and stored in insecure storage
02/28/2006
-
8/8/2019 1. SecurityBasics
52/70
52
52
CertificatesCertificates
02/28/2006
-
8/8/2019 1. SecurityBasics
53/70
53
53
Certificate Management issues
(PKI Operations)? Certificate generation? Certificate lifetime management? Certificate revocation (thorny issue)? Certificate publishing? Certificate storage
? Directory server, DNS, NIS, NIS+, even plain files
? Certificate distribution? Hierarchy of CAs
02/28/2006
-
8/8/2019 1. SecurityBasics
54/70
54
54
Certificate formats? X.509
? Principal name
? Public key
? PGP (Pretty Good Privacy)
02/28/2006
-
8/8/2019 1. SecurityBasics
55/70
55
55
Certificate distribution? Transparent distribution
? Directory service X.500, X.509
LDAP
? Key exchange IPSEC key management protocols: SKIP, ISAKMP
SSL, PCT
? Interactive distribution? Email requests
? Web sites? Finger requests
02/28/2006
-
8/8/2019 1. SecurityBasics
56/70
56
56
Certificate Authority (CA)? Generates certificates? Signs certificates with its own private key? CA structures
? Single centralized CA Bottleneck
No flexibility to accommodate certificate policy
? Multiple Cas? Hierarchy of CAs
Delegation of certification generation authority
Root CA signs certificates of next level CAs
02/28/2006
-
8/8/2019 1. SecurityBasics
57/70
57
57
PEM and PGP CA model? PEM (RFC 1422)
? One single global hierarchical structure? The root CA is the Internet Policy Registration
Authority(IPRA)? The next level CA is the Policy Creation
Authority(PRA)? The next level has the organizational Cas? Not much industry support
? PGP? Designed for individual users to authenticate each
other? Each individual is his own CA
02/28/2006
-
8/8/2019 1. SecurityBasics
58/70
58
58
Server AuthenticationServer Authenticationby Browserby Browser
02/28/2006
-
8/8/2019 1. SecurityBasics
59/70
59
59
Server authentication by Browser
? Server certificates are issued and signed by acommercial CA. For example, Verisign, Inc.
? The certificates of well-known CAs are pre-installed in every copy of browser
? You can add certificates of other CAs later on? When the browser connects to a secure SSL
server, the server will send its certificate to thebrowser client.
? The browser then validates it using the public key
of the well known CA of which it has priorknowledge? Transparent operation to end users
02/28/2006
-
8/8/2019 1. SecurityBasics
60/70
60
60
CryptographicCryptographicTechnologies at theTechnologies at theIP LayerIP Layer
02/28/2006
-
8/8/2019 1. SecurityBasics
61/70
-
8/8/2019 1. SecurityBasics
62/70
62
62
Requirements for IP layersecurity? Cryptographic system designed specifically for
TCP/IP? Security services are between sites (or hosts) and
not between individuals or apps? Basis for VPN support? Designed to work over public and insecure Internet? Should accommodate existing TCP/IP apps?
Should accommodate existing Internetinfrastructure there should be no change inrouters or ISPs
02/28/2006
-
8/8/2019 1. SecurityBasics
63/70
63
63
IPSEC (IP Security Protocol)? Originally was part of IPv6, but adapted to IPv4? Provides data integrity, data privacy services
? Authentication Header (AH): Digital checksum(MD5)
? Encapsulating Security Payload (ESP): Encryption(DES)
? Sender of IP packet specifies SecurityAssociation for each IP packet? Specification of the crypto method to be used? Keys to be used by the crypto methods? IP addresses of the sender and the receiver
02/28/2006
-
8/8/2019 1. SecurityBasics
64/70
64
64
IPSEC key management? Manual keying? Simple Key Interchange Protocol (SKIP)
? Developed by Sun for VPN (SunScreen)? Designed for key exchange by special header? Special header (20 to 30 bytes) for every IP packet? Supports DH key exchange
? ISAKMP? Management of Security Associations as well as key
exchange? Supports Oakley
02/28/2006
-
8/8/2019 1. SecurityBasics
65/70
65
65
Message DigestMessage Digest
02/28/2006
-
8/8/2019 1. SecurityBasics
66/70
66
66
MD (Message Digest)? Calculating a checksum using mathematical
algorithms
? Properties
It is impossible to guess the original data from themessage digest
Regardless of the size of the original data theresulting message digest can be a fixed size
? This is the reason why it is used for digital signing
A change of a single bit in the original data will
result in a different message digest? Possibility of generating same message digest is
practically non-existent
What is a Message digest? Message digest is a checksum of a particular data and iscreated using some proven mathematical algorithm. The properties of the messagedigest are as mentioned above in the slide.
02/28/2006
-
8/8/2019 1. SecurityBasics
67/70
67
67
MD (Message Digest) Standards
? MD4, MD5 (RFC 1320, 1321)? 128-bit digest from messages of any length? Developed by Ron Rivest
? SHA (Secure Hash Algorithm)? 160-bit digest? Developed by NIST? More secure but slower than MD4 and MD5
The most popular message digest standards are MD4 and MD5 and SHA (Secure hashalgorithm).
02/28/2006
-
8/8/2019 1. SecurityBasics
68/70
68
68
Security Needs forSecurity Needs forE-commerceE-commerce
Now let's talk a little bit on security needs for e-commerce or b2btransaction over the internet.
02/28/2006
-
8/8/2019 1. SecurityBasics
69/70
69
69
Secure Internet Communication
? Customer requirements? E-commerce? Business to business transaction? Secure access to corporate data
? Characteristics of Internet vs. Intranet? Millions of users with no prior contact? Data over insecure communication channel? No centralized controlling organization
? Functional requirement? Has to be fast and reliable
Security requirements for internet-scale e-commerce and b2b transactions are morestringent than the ones for intranet because of some differences. First, over the internet,the number of users, business organizations and even programs are communicating withtheir communicating partners typically without any previously established relationshipand also there is no centralized organization controlling the use of the internet.
02/28/2006
-
8/8/2019 1. SecurityBasics
70/70
70
Passion!Passion!
02/28/2006