security chapter 10 copyright 2001 prentice hall revision 2: may 2001

Security

Chapter 10

Copyright 2001 Prentice HallRevision 2: May 2001

Security

Hackers break into organizations from the outside

However, most security breaches are internal, by employees and ex-employees

3Network Security Threats

Interception If interceptor cannot read, have

confidentiality (privacy) If cannot modify without detection, have

message integrity


Impersonation An impostor claims to be someone else Need to authenticate the sender--prove

that they are who they claim to be

TruePerson

Impostor


Denial of Service (DOS) Attacks Overload system with a flood of

messages Or, send a single message that crashes

the machine


Remotely Log in as Root User Requires cracking the root login

password Then control the machine Read and/or steal information Damage data (erase hard disk) Create backdoor user account that will

let them in easily later

Root Login Command

7Super Accounts

Have Access to Everything on the Machine UNIX/LINUX: root Microsoft: Administrator NetWare: Supervisor Other accounts can be given equivalent

rights

Dangerous If intruder gets the password to this

accountProtect with a super-strong password

If the server administrator is dishonest

New

8Security Threats

Content Threats

Application layer content may cause problems

VirusesIn many ways, most severe security problem

in corporations today

Must examine the contents of application messages

• At least extensions of files or MIME data type being transferred

Encryption for Confidentiality

10Encryption

Encryption: Transforms Message so that Interceptor Cannot Read it For confidentiality, do not want an

interceptor to read the message Plaintext (original message)

Not necessarily text; Can be graphics, etc.

Plaintext Encryption Ciphertext Decryption Plaintext

MethodKey

MethodKey

TransmittedOriginalMessage

OriginalMessage

“47”

11Encryption

Encryption: Transforms Message so that Interceptor Cannot Read it Ciphertext (transformed) for

transmissionStream of ones and zeros for transmissionInterceptor cannot make sense of it


MethodKey

MethodKey


OriginalMessage

101101

12Encryption

Encryption: Transforms Message so that Interceptor Cannot Read it

Receiver decrypts ciphertext back to plaintext


MethodKey

MethodKey


OriginalMessage

“47”

13Encryption

Encryption Requires a Method and a Key Encryption method is the specific

mathematical transformation process

Key is a string of bits used in the method

Get different ciphertexts with different keys


MethodKey

MethodKey


OriginalMessage

14Encryption

Encryption Requires a Method and a Key Method cannot be kept secret

Key must be kept secret


MethodKey

MethodKey


OriginalMessage

15Encryption: Key Length

Key can be “guessed” by exhaustive search Try all possible keys See which one decrypts the message

Long keys make exhaustive search difficult

If length is n bits, 2n tries maximum needed

Today: <100 bits are weak

Today: >100 bit keys are strong

Tomorrow will need even longer keys

16Methods and Algorithms

Encryption Method Categories Two general ways of doing encryption Symmetric key versus public key

encryption

Encryption Method Algorithms Specific ways of doing encryption With symmetric key encryption: DES,

3DES, AES, IDEA, Blowfish, and RC5 algorithms

With public key encryption: RSA, elliptical curve cryptosystem (ECC) algorithms

17Symmetric Key Encryption

Both sides use a single key to encrypt & decrypt When A send to B

A encrypts with the key, B decrypts with the key

When B sends to AB encrypts with the key, A decrypts with the

keyA

B

Symmetric Key


Symmetric key encryption and decryption processes are simple enough for fast encryption/decryption Fast enough for long messages

AB

Symmetric Key


Problem 1: Symmetric key must be distributed secretly between partners or interceptors can read subsequent messages

Key A

Key B

A

B


Problem 2: Need a different symmetric key for each business partner Or other partners could read messages Complicates symmetric key distribution

Key A

Key B

A

B


Data Encryption Standard (DES) Extremely popular symmetric key

algorithm

Uses 56-bit key, which is inadequate for consumer transactions

3DES (Triple DES)

Uses three 56-bit keys for 3 stages of encryption

168-bit effective key length

Sufficient for financial networks


DES is an old algorithm Developed in 1970s 3DES is merely a way of extending its life

Advanced Encryption System (AES)

Being developed by the U.S. National Institutes for Standards and Technology

Will be much stronger with longer keys

Will be efficient enough to implement on hand-held devices

23Public Key Encryption

Recap: There are Two General Encryption Method Categories

Symmetric key encryption (just seen)

Public key encryption (next)

24Public Key Encryption Methods

Different keys for encryption and decryption

Encryption with receiver’s public key

Decryption with receiver’s private key

Once encrypted, sender cannot decrypt the ciphertext; does not have receiver’s private key


Receiver’s Public Key Receiver’s Private Key


Everyone has a public and private key

Keep the private key secret

Distribute the public key to everybody without security

PublicKey

PublicKey

PrivateKey


Then anyone can encrypt messages to you using your public key

But only you can decrypt the messages

PublicKey

PublicKey

PrivateKey

Encryption


Four Keys Needed for Two-Way Communication

Encrypt with receiver’s public key

Decrypt with sender’s private key

A BB’sPub Key

B’sPriv Key

A’sPriv Key

A’sPub Key


Four Keys Needed for Two-Way Communication

Never refer to public and private keys without saying to whose public or private key you are referring

A BB’sPub Key

B’sPriv Key

A’sPriv Key

A’sPub Key


Unfortunately, highly processing-intensive

100 times slower than symmetric key encryption

So can only encrypt small messages

Also, often can only encrypt messages about the size of the public key (typically a few thousand bits because of limitations in the algorithms)

New

30Combining Public, Symmetric Key

Symmetric Key Encryption and Public Key Encryption are Complementary, not Competitors

Often, partners first communicate with public key encryption Including initial authentication

Public Key AuthenticationA B


Then one sides generates a symmetric key

Encrypts symmetric key with partner’s public key, sends to partner

Now, both sides have the symmetric key

SymmetricSessionKey

Public Key EncryptionA B


Afterward, both sides communicate with the symmetric key

This symmetric “session key” is good only for this session--single flow of communications

Symmetric Session KeyA B

33Public Key Algorithms

Public Key Encryption is a Method Category Must Use a Specific Public Key Algorithm

RSA Most widely used public key algorithm Patented, but public domain in October

2000

Elliptical Curve Cryptosystem (ECC) Can use smaller keys than RSA with same

degree of protection Faster than RSA

Authentication

35Confidentiality versus Authentication

Confidentiality (Privacy) Interceptors cannot read messages

Authentication: proving the sender’s identity The Problem of Impostors Uses encryption So encryption is not only for

confidentiality!

36Authentication

Authentication methods: Passwords

Short passwords are easy to guess with exhaustive search

Passwords that are common words or repetitive letter combinations are even easier to guess

Automated password cracking is very effective for weak passwords

Users must be forced to pick long passwords containing case changes and numerals, such as Tri6Vial

37Authentication

Authentication methods Biometrics

Fingerprint analysis, iris analysis, etc.New and not standardized

Authentication CardPush into slot of a machineAlso must give password usually

Public Key AuthenticationProve that sender holds their private key,

which only they should know

38Authentication

Verifier is the party who wishes the other party to authenticate themselves

Applicant is the other party, which wishes to prove its identity

ApplicantApplicant VerifierVerifier

Prove Your

Identity

Can WeTalk?

39Challenge-Response Authentication

Verifier sends the applicant a challenge message This challenge message is a string of

bits

Applicant sends back a response message This is the challenge message

encrypted with the applicant’s private key

ApplicantApplicant VerifierVerifierChallengeMessage

ResponseMessagePrivate Key

40Challenge-Response Authentication

Verifier decrypts the response message with the true party’s public key If matches the challenge message, was

encrypted with the true party’s private key, which only the true party should know

Applicant is authenticated


ResponseMessage

ChallengeMessage

41Frequency of Authentication

Challenge-Response Authentication Only done initially Or done at most a few times during a

session

Digital Signature Authentication (next) Provides authentication for every message Called message-by-message authentication Also provides message integrity—proof that

the message has not been changed en route

42Public Key Authentication

Ultimate goal is to send an original plaintext message from the applicant to the verifier If security was not an issue, the

applicant simply would send it For confidentiality only, would simply

encrypt with symmetric key


Ciphertext UsingSymmetric Key


For authentication, also send a digital signature with each packet

First create a message digest (MD) A small binary string calculated on the

basis of all of the bits in the message

MessageMessageDigest

Calculation


How to create a message digest (MD) Normally, use a process called hashing For a message of arbitrary size, hashing

produces a small bit string of predictable size

MD5: 128 bits SHA-1: 160 bits


Hash


Hashing Hashing is not reversible Cannot get back original message if you

know its hash Just done to produce something small

enough (message digest) to encrypt with public key encryption



Next create a digital signature

Encrypt the message digest with sender’s private key, which only the sender should be able to do

Also called signing the message digest with the sender’s private key

DigitalSignature

Encrypt withSender’s

Private Key

MessageDigest


Encrypt combined message and digital signature with the symmetric session key and send to the receiver This gives confidentiality (privacy)

during transmission Easy to forget the encryption with the

symmetric session key

DigitalSignature

Message

Encrypt with symmetric session key


Receiver decrypts arriving ciphertext with symmetric session key

Then decrypts digital signature with true party’s public key to get the original message digest

This is the transmitted message digest

DigitalSignature

Decrypt withSender’s

Public Key

TransmittedMessageDigest


Then decrypts digital signature with true party’s public key to get the original message digest (transmitted message digest)

Receiver then hashes the original plaintext, just as the sender did (computed message digest)

Message Digestfrom Digital Signature

Message DigestComputed from

Original Plaintext


Digital Signature also Provides a Second Benefit: Message Integrity

Proof that the message has not been altered en route

If message has been changed by error or by an attacker, message digests will not match

Message Digestfrom Digital Signature

Message DigestComputed from

Original Plaintext

Digital Certificates

Public Key Deception

Digital Certificates

Certificate Authorities

Public Key Infrastructures (PKIs)

52Public Key Deception

Impostor Claims to be a True Party True party has a public and private key Impostor also has a public and private key

Impostor sends impostor’s own public key to the verifier Says, “This is the true party’s public key” This is the critical step in the deception Impostor would be “authenticated” using

any public key authentication method

53Digital Certificates

Created by a Certificate Authority

Certificate authority is the trusted third party

However, not regulated today

CertificateAuthority

CertificateAuthority

AuthenticatedParty

AuthenticatedParty

DigitalCertificate

DigitalCertificate


Assert that a true party (named) has the public key contained in the digital certificate Provides a name-public key pair

To prevent public key deception

Fields and content are standardized by the ITU-T X.509 Standard

Does not vouch forintegrity of the namedparty—only their publicKey


Certificate authorities may revoke digital certificates Revoked certificate ID numbers are placed in a

certificate revocation list (CRL)

Verifier must check with the certificate authority to determine if a digital certificate is on the CRL

Without the CRL check, digital certificates do not support authentication

56Public Key Infrastructures (PKIs)

To use public key methods, an organization must establish a comprehensive Public Key Infrastructure (PKI) A PKI automates most aspects of using

public key encryption and authentication

Uses a PKI Server PKIServer

57PKIs

PKI Server Creates Public Key-Private Key Pairs Distributes private keys to applicants

securely Often, private keys are embedded in

delivered software

PKIServer

Private Key

58PKIs

PKI Server Provides CRL Checks Distributes digital certificates to

verifiers Checks certificate revocation list before

sending digital certificates

PKIServer

Digital Certificate

59PKIs

CRL Checks If applicant gives verifier a digital

certificate, The verifier must check the certificate

revocation list

PKIServer

OK?

OK or Revoked

CRL

Integrated Security Systems

61Integrated Security System

When two parties communicate …

Their software usually handles the details

First, negotiate security methods

Then, authenticate one another

Then, exchange symmetric session key

Then can communicate securely using symmetric session key and message-by-message authentication

62SSL Integrated Security System

SSL Secure Sockets Layer Developed by Netscape Protects at the transport layer; protects

any SSL-enabled application program Supported by almost all browsers Almost universal in Web financial

transactions Netscape gave IETF control over SSL IETF renamed it Transport Layer Security

63SSL Operation

SSL ISS Process

Two sides negotiate security parameters

Webserver authenticates itself

Browser may authenticate itself but rarely does

Browser generates a random symmetric session key, sends to webserver

Adds a digital signature and encrypts all messages with the symmetric key

64Other ISSs

SSL is merely an example integrated security system

Many other ISSs exist IPsec (Chapter 9 and Module F) PPTP and L2TP (Module F) Etc.

Other Security Issues

Multi-Layer Security

Firewalls

Total Security

Intrusion Detection

Trust

66Multi-Layer Security

Security Can be Applied at Multiple Layers Simultaneously

Application layer security for database, e-mail, etc.

Transport layer: SSL

Internet layer: IPsec (Chapter 9, Module F)

Data link layer: PPTP, L2TP (Module F)

Physical layer: locks

67Multi-Layer Security

Applying security at 2 or more layers is good

If security is broken at one layer, the communication will still be secure

However, Security slows down processing Multi-Layer security slows down

processing at each layer

68Firewalls

Firewall sits between the corporate network and the Internet Prevents unauthorized access from the

Internet Facilitates internal users’ access to the

Internet

OKNo

Firewall

Access only ifAuthenticated

69Firewalls

Packet Filter Firewalls

Examine each incoming IP packet

Examine IP and TCP header fields

If bad behavior is detected, reject the packet

Usually no sense of previous communication: analyzes each packet in isolation

IPFirewall

IP Packet

70Firewalls

Application (Proxy) Firewalls Filter based on application behavior

Viruses, extensions of files transferred, etc. Do not examine packets in isolation: use

historyIn HTTP, do not accept a response unless an

HTTP request has just gone out to that site

Application

71Firewalls

Application (Proxy) Firewall Hides internal internet addresses

through Network Address Translation Accepts packet from internal host;

packet has internal host’s IP address

PacketWith

InternalIP Address

72Firewalls

Application (Proxy) Firewalls Proxy program replaces internal IP

address with another IP address, sends to external host

PacketWith

AnotherIP Address

73Firewalls

Application (Proxy) Firewalls Proxy server receives returning IP

packet to the other IP address Passes it on to the internal host

74Firewalls

Application (Proxy) Firewalls Intruder with sniffer program will only

see other IP address; will not learn internal IP addresses to identify potential victims Packet

WithAnother

IP Address

Intruder

75Firewalls

Application Firewalls

Need a separate program (proxy) for each application

Not all applications have rules that allow filtering

76Total Security

Network Security is Only Part

Server Security

Occasionally, weakness are discovered in server operating systems

Hackers use these known security weaknesses to hack into or crash servers

Companies must install patches to fix these weaknesses; often fail to do so

77Total Security

Client PC Security

Known security weaknesses exist but patches are rarely downloaded

Users often have no passwords or weak passwords on their computer

Adversaries take over client PCs and can therefore take over control over SSL, other secure communication protocols

78Total Security

Managing Users

Often violate security procedures, making technical security worthless

Social engineering: attacker tricks user into violating security procedures

79Intrusion Detection

Intrusion detection software to detect and report intrusions as they are occurring

Needed

Lets organization stop intruders so that intruders do not have unlimited time to probe for weaknesses

Helps organization assess security threats

Audit logs list where intruder has been: vital in legal prosecution

80Trust

System A may trust System B Not check closely for security problems This reduces security processing costs If trusted system is taken over, disaster

Hacker can exploit systems that trust it

AB

C

Trust Trust

Trust

security chapter 10 copyright 2001 prentice hall revision 2: may 2001

Documents

security breaches

single message

severe security problem

keyencryption method

n bits

root login passwordthen

string of bits

root userrequires