Case Study (Mid-term question)

@Yuan Xue ([email protected])

Case Study (Mid-term question)

Bob sells BatLab Software License

Alice buys BatLab Credit card information Number of licenses

Alice

Bob


Security Requirements

Alice wants Authentication of Bob Confidentiality and integrity of

the order information Prevention of order replay

Bob wants Non-repudiation of the order Confidentiality and integrity of

the licenses Integrity of the software

Other Issues DoS (message lost) Attacks to the host

Alice

Bob


Security MechanismsWhat do we need/how we get them?

Authentication (of Bob)/Key distribution Certificate Public key Public key Secret session key

Confidentiality (order/license) Symmetric cipher encryption based on secret key E.g. AES

Message Integrity Protection (software) Message authentication code based on secret key E.g. HMAC-SHA1

Non-repudiation (order) Digital signature

Defense against replay attack Usage of Timestamp


Questions

Where these security functions should be implemented?Who should implement them? Application developer? (BatLab.com) Application service developer? (Apache/Mazilla) System developer? (Microsoft) Network service provider? (Sprint) Etc..

If it is not a single person’s job, what security protocols/services are available? How they are designed?


Network Design

Network Stack/Layer

Link

Network(IP)

Network(IP)

Transport(TCP)

Application(HTTP)

Link

Network(IP)

Transport(TCP)

Application(HTTP)

Link

Network(IP)

Link

…

Internet

network

End host


Placement of Security Function

What to encrypt/protect Message format

Where the security function should be located? Network stack Link vs. End-to-end Where each layer is located and how it may get attacked

Aspects to consider Message security (which fields in the packet are protected) Number of keys required Number of encryption/decryptions Transparency to users/end hosts


Link vs. End-to-End Encryption


Message format


Big Picture

Application-specific solutions Web security

End-host-based solutions Secure network-based applications

PGP, application layer solution SSL, transportation layer solution

Network-based solutions Secure network + support for application

IPsec Internet Security

BGP security Wireless Security

IEEE 802.11 security

Link

Network

Transport

Application

SSL

Connection-oriented vs. connectionlessIPSec

WPA

PGP

BGP

Web security


Our Goal

Learn these important security protocols so that we can use them

Learn how they are designed and use similar design in our system Many pitfalls exist in secure networking system

design Home-brew security solutions usually have many

weaknesses The correct usage of cryptography is crucial Following conventions is very important


CS 285 Network SecurityPGP

Fall 2011Yuan Xue


Pretty Good PrivacyOverview

Phil Zimmermann in 1991 Open PGP

Open Standard followed by PGP, GnuPG PGP vs. GnuPG

PGP goes commercial in 1996 GnuPG is a free replacement for PGP

Basics Build a general-purpose security application that is

independent of OS Select the existing cryptographic algorithms as building

blocksOperations

Encryption Signature Key management

More info: http://en.wikipedia.org/wiki/Pretty_Good_Privacy


Overview

Key Generation public and privacy key pair/session keys

Key StorageKey Distribution Import/export Fingerprint Web of Trust

Security Operations Encryption Message Authentication Signature and Verification

Start with


Operation -- Authentication

ZIPSHA-1 DSS/RSA


Operation -- Encryption

CAST-128/IDEA/3DES in CFB mode

one-time session key

ElGamal/RSA


Operation – Put two together


DetailsCompression Signature before compression

Convenience of future verification Flexibility in compression algorithm/implementation choice

Message encryption after compression Less redundancy in plaintext strengthen cryptographic

security

Email Capability Usage of ASCII in Email Converting 8-bit binary code to ASCII characters Radix-64 conversion

3 octets of binary code (3*8 = 24 bits) 4 ASCII characters (4*8 = 32 bits) why?

33% expansion compression offset


Keys

Types Public and private key pair One-time session symmetric key

Issues Key generation Key storage Key management (distribution)


Key Identifier

A user may have multiple keysNeed an ID Unique to user ID with very high probability Key ID of KUa = KUa mod 264


Key Generation

Session Key Generation Generating unpredictable session keys E.g., 128-bit CAST key Two 64-bit blocks encrypted by a 128-bit key in

CFB mode two 64-bit ciphertext as the 128-bit session key

Two 64-bit blocks from a 128-bit random stream based on keystroke input from the user

Previous session key and the random stream forms the 128-bit key input 64-bit block

CAST-128 in CFB mode

64-bit block

User input

Previous Session key+ Key input

New session key


PGP Message Format

Plaintext copy of the first two octets.-Enable the recipient to determine if the correct public key was used to decrypt the message digest-Error detection for the message

Time the signature is made

Time the message is made

keys are needed for the recipient to identify the keys to -decrypt the key (KUb)-Verify the signature(KUa)


Key StoragePubic and Private Key RingSecure the private key with passphrase

Passphrase hash code via SHA-1 Encrypt the private key via CAST-128/IDEA/3DES with the hash

code as the key Store the encrypted private key


Put Things Together


Key management

Direct Verification Physical delivery Fingerprint

Trusted Third Party Signed certificate of a key

Web of Trust A self-organized trust management mechanism

Revoke Public Key Key revocation certificate


Web of Trust

1. Directly signed by you A,B,…,F (first tier)

2. By the ones you trust to sign (D, E, F, L)L,M,N, O (2nd tier), P, Q (3rd tier)

3. By getting enough signatures from partially trusted parties (A,B)H

Documents

Case Study (Mid-term question)