Embed Size (px)
Citation preview
2
Security
• The big three of security are– Secrecy: only the intended parties can read it– Integrity: it can’t be changed without the
knowledge of the participants– Availability: Prevent denial of service
• And sometimes – Non-repudiation: a party can’t deny having sent
a message (sometimes considered part of integrity)
3
Comms
• Sockets are fine, but when you’re slinging bits back and forth, remember that it’s being sent in plaintext.
• This means anyone can fire up Wireshark, capture packets flying by, and examine the messages being sent
• This is a holdover from the early days of TCP/IP, when everything was run by grad students, who are inherently trustworthy
• Pretty much a fail on all of the big three
4
Comms
• Wireshark and others capture packets, and there are automated tools to reconstruct TCP streams
• Packet capture can be used in interesting ways—these packets captured in wireshark are going to the printer. Subverting printers is a classic way to get information
5
Crypto and Network Data
• OK, we’ll encrypt the data. How do we do that? Classically we encrypt data with a key, transmit the data, then decrypt it.
Plaintext sdk4Vs Plaintext
Encrypted on the network
6
Crypto
• The key is used with a fancy mathematical algorithm to make sure the encrypted text is very, very difficult to descramble without the key. The details of the algorithms are unimportant right now
• Note that the key must be kept secret. The assumption is that the algorithm is known to attackers, and the encrypted data is, but not the key
• The data is encrypted while in transit, decrypted on the receiving side.
• This is called symmetric crypto—the same key is used to both encode and decode data
7
Key Distribution
• OK, sounds reasonable. But how do we get the key to both sides?– Send it plaintext over the socket? Um, no.– Guy with suitcase handcuffed to his wrist carries the
keys to the site that needs encryption• What happens if the key gets compromised? Buy a plane ticket
to distribute new key? How long does it take to travel and rekey?
• Somewhat plausible for big organizations (ie, governments)
• But for a regular guy trying to go to the Amazon site? It’s implausible for him to mail a special key just to go to a web site. (And is the mail secure?)
8
Asymmetric (Public Key) Crypto
• The key distribution problem is a big drawback for symmetric encryption. This led to asymmetric crypto, aka public key crypto
• This uses two keys: one to encrypt data, and another, mathematically linked key to decrypt the data encrypted with the first key
9
Asymmetric Crypto
• The two keys are generated (red and black). The data is encrypted with the red key, then must be decrypted with the black key. If you don’t have the black key, you can’t decrypt it
Plaintext sdk4Vs Plaintext
10
Asymmetric Crypto
• The red and black keys have to be generated together with a fancy mathematical algorithm. One key is used to encrypt. The only way to decrypt is to use the other key. You can’t use the first key to decrypt.
• Why is this useful? The interesting thing is you can keep one key secret, and make the other public.
11
Public Key Encryption
• Public key encryption: make one key in asymmetric encryption public, and keep the other private
• I want to send a secret message to you. You have a public/private key pair, and have published the public key, maybe on your web site
• I encrypt the message with your public key and send it to you. You decrypt with the private key and read the message
12
Public Key
Amazon
Public Key
Message
User gets the public key from Amazon. Uses it to encrypt his message to AmazonThe private key, which has never left Amazon,is used to decrypt the message Private Key
13
Public Key
• The reality of this is a little more complex. The ugly fact is that symmetric crypto is many times faster than asymmetric crypto. Using asymmetric crypto to encrypt & decode all messages would be too slow
• What often happens is that asymmetric crypto is used to transmit a symmetric crypto key.
• In effect, public key crypto is used to solve the symmetric crypto key distribution problem
14
Old Way
• Courier carries a crypto key to amazon, and afterwards we can do secure comms
15
Public Key Way
• One side generates a random symmetric key. • Retrieve the public key of the person you want to
communicate with. It’s a public key, so it’s not secret, and an attacker reading the key in transit doesn’t gain anything
• Encrypt the symmetric key with the target’s public key
• Send the encrypted symmetric key to the target• Target decrypts the symmetric key with the private
key, and that key is used to encrypt communications after that
16
Problem Solved, Right?
• What could go wrong?• Attackers are devious.
17
Man in the Middle
• What if someone is sitting between you and the public key during retrieval? – You ask for Amazon’s public key– The MitM intercepts the request, and substitutes
his own key– From then on he acts as an intermediary and
decrypts all the traffic passing between
18
MitM & Certificates
• Do we need couriers to distribute the public key to ensure its integrity? Sigh.
• There’s a way around this called certificates• How do you identify yourself to strangers?
– You present ID: Driver’s license, CAC card, Social security card, library card, etc.
19
Cyber ID
• What we want is something like an ID card for a web site. This ID card will have the web site name (www.amazon.com) and the public key, along with some other info
• If we trust the ID card, we trust that the site is who it says it is
• These are called “certificates”
20
Certificate
21
Certificate
• The certificate contains the name of the site and the public key to be used when communicating with it. You retrieve the site certificate and use that to start the communications process
• OK, so why do we trust the certificate more than just the public key?
22
Signing
• Why do we trust this:
• More than this:
23
Trust
• It was issued by an organization we trust• We have some confidence the organization
verified the identity of the person before they issued the card
• It’s hard to counterfeit• So the person is probably who they claim to
be• How much trust for the Ralph’s card ID?
24
Certificate Authorities
• A certificate authority issues digital certificates– They take some measures that ensure you are who you
say they are (verification)– This may include calling a phone number, your placing
something on the web site to be verified, a public notary, etc
– After this they issue a certificate
• The certificate states “This is the web site, this is the public key, and I, the Certificate Authority, vouch for this, to the extent of our verification procedures.”
25
Background: Signing
• A signing operation is a way to ensure that data has not been modified– Take some text: “The quick red fox”– Run it through an algorithm that produces a
“hash”, or short “fingerprint” of the text– Encrypt the hash with your private key and
include your public key
26
Hash OperationChanging the text changes the digest. Encrypt the digest with a private key.
27
Background: Signing
• To verify nothing has been changed, the recipient – Uses the same hash algorithm on the text– Decrypts the encrypted hash generated by the
signer with the public key– Compares the two hashes
• If they’re the same, the text has not been modified in transit
28
Certificates
• This is what’s done with certificates. The user gets back a digital certificate with the web server name, the public key, and a signature by the certificate authority
• The “signature” is a hash/digest of the whole certificate that has been encrypted by the CA public key
• Then we know we can trust the public key, to the extent we trust the CA
29
Certificate Authorities
• Should we trust the CA? Maybe, maybe not! See the Lebowski example
• CAs have been broken into and had their private keys stolen
• https://www.eff.org/deeplinks/2011/08/iranian-man-middle-attack-against-google
• Should you trust a certificate signed by a CA from the People’s Republic of China?
30
Certificate Authorities
• How do we get the public key of the CA, so we can check their signature of the site certificates? Groan, this is where we came in…
• CAs have their own certificates!
31
Certificate Authorities
• Ultimately the certificate chain is terminated with what is called a “self signed certificate”, which is basically “because I said so”.
• The CA certificates are typically distributed with the web browser. When you download Firefox or Chrome the distribution includes a collection of CAs. You can add or subtract from this list depending on what CAs you trust
• That’s what’s happening when you “add DOD root certificates”
• This reduces the key distribution problem to being able to safely distribute the certificates for a few dozen certificate authorities, typically pre-loaded in a web browser
32
Firefox
33
CAs
Client, preloaded CAs for:GeoTrustJapan Certification Hong Kong PostThawte….
Web server, cert signedBy Thawte
Web server, cert signedBy GeoTrust
Web server, cert signedBy Bad Guys LLC
34
Alternatives
• To test your web server configuration you can use a self-signed certificate—create a certificate signed by yourself, rather than any CA. This leaves you open to MitM attacks, exactly as using no certificate at all does. This is what usually causes the certificate warning errors
• You can create your own CA and sign your own certificates. As long as you have your CA’s certificate loaded in the client web browser, you’re good.
35
Fun Tools
• Ettercap does automated man in the middle attacks on a LAN
• Works with HTTPS as well, if you can get the user to click through the warning message. Users always click through, because that’s what they’ve been conditioned to do
36
How Secure Is HTTPS?
• Not as much as you may think• Odds are many CAs are compromised by governments• There have been a number of attacks on the crypto
algorithms used. Google shows lots of marked documents from Snowden
• There have been weaknesses found in the protocols—the way in which messages are exchanged to negotiate the setup of an encrypted session
• Verification of identity is sketchy• For credit cards, it’s mostly OK. For state secrets, not so
much.
37
CAC Cards
• CAC cards have a photo ID and a small CPU with some storage embedded (~500 KB of storage, usually)
• The card stores one or more certificates and the corresponding private keys
• You have to supply a pw/PIN to access storage and get the certificate, which means you need two things: the physical card and knowledge of the PIN. Sometimes called two-factor authentication
• The private key never leaves the card; all signing operations are done by the CPU onboard
38
CAC Card
Setup: tell CPU to generate a public/private keypair, write certificate(s) signed by a DoD certificateauthority to the card
Certificate use: supply a PIN to the CAC card reader, get the certificate, proving that you have the physicalcard and know the PIN
Signing: generate hash, send the digest to the card,the CPU encrypts the digest with the private keyand returns the encrypted digest
39
How Secure?
• There’s also the issue of traffic analysis—even if they can’t decode the contents, an attacker can still tell what site you went to
• What happens if you revoke a certificate? – Certificate revocation lists– OCSP (Online Certificate Status Protocol)
• Basically, it beats the alternative. For state secrets you probably need something better from the NSA
40
TOR Network
• TOR (The Onion Router) is an attempt to address the traffic analysis problem
• Normally your web browser directly establishes a TCP connection to the server. The client IP is logged on the server
• TOR uses intermediaries to anonymize the client source
• https://www.torproject.org/about/overview
41
TOR Network
• Not as secure as you might think• https://panopticlick.eff.org/• The collection of fonts and browser version
and OS versions together are often unique.– Go to site on TOR, your browser fingerprinted– Later go to a site without TOR, your fingerprint
is matched and real IP revealed
• TOR offers “standard” VM and browser combo that can be spun up
42
TOR Security
• TOR was often used for darknet/Silk Road commerce. – Silk Road used for drug sales, other nefarious purposes
• http://arstechnica.com/tech-policy/2013/10/how-the-feds-took-down-the-dread-pirate-roberts/
• Basically, they subverted the people engaged in commerce, used that to track him down
• Lots of old-fashioned police flipping of suspects, combined with lax crypto discipline by the perps
• https://nakedsecurity.sophos.com/2015/06/25/can-you-trust-tors-exit-nodes/– Exit nodes are often subverted by governments
