Upload
ophelia-gilbert
View
216
Download
0
Tags:
Embed Size (px)
Citation preview
Security
Hackers break into organizations from the outside
However, most security breaches are internal, by employees and ex-employees
3Network Security Threats
Interception If interceptor cannot read, have
confidentiality (privacy) If cannot modify without detection, have
message integrity
4Network Security Threats
Impostors Claim to be someone else Need to authenticate the sender--prove
that they are who they claim to be
TruePerson
Impostor
5Network Security Threats
Denial of Service (DOS) Attacks Overload system with a flood of
messages Or, send a single message that crashes
the machine
6Network Security Threats
Remotely Log in as Root User Requires cracking the root login
password Then control the machine Read and/or steal information Damage data (erase hard disk) Create backdoor user account that will
let them in easily later
Root Login Command
7Security Threats
Content Threats
Application layer content may cause problems
VirusesIn many ways, most severe security
problem in corporations today
Must examine application messages
8Encryption
Encryption: Transforms Message so that Interceptor Cannot Read it
Plaintext (original message)Not necessarily text; Can be graphics, etc.
Plaintext Encryption Ciphertext Decryption Plaintext
MethodKey
MethodKey
TransmittedOriginalMessage
OriginalMessage
9Encryption
Encryption: Transforms Message so that Interceptor Cannot Read it Ciphertext (transformed) for
transmissionStream of ones and zeros for transmission
Plaintext Encryption Ciphertext Decryption Plaintext
MethodKey
MethodKey
TransmittedOriginalMessage
OriginalMessage
10Encryption
Encryption: Transforms Message so that Interceptor Cannot Read it
Receiver decrypts ciphertext back to plaintext
Plaintext Encryption Ciphertext Decryption Plaintext
MethodKey
MethodKey
TransmittedOriginalMessage
OriginalMessage
11Encryption
Encryption Requires a Method and a Key Encryption method is the specific
transformation process
Key is a string of bits used in the method
Get different ciphertext with different key
Plaintext Encryption Ciphertext Decryption Plaintext
MethodKey
MethodKey
TransmittedOriginalMessage
OriginalMessage
12Encryption
Encryption Requires a Method and a Key Method cannot be kept secret
Key must be kept secret
Plaintext Encryption Ciphertext Decryption Plaintext
MethodKey
MethodKey
TransmittedOriginalMessage
OriginalMessage
13Encryption: Key Length
Key can be “guessed” by exhaustive search Try all possible keys See which one decrypts the message
14Encryption: Key Length
Long keys make exhaustive search difficult
Key is a string of bits (11000100010101)
If length is n bits, 2n tries may be needed
On average, need half this many
If key length is 8 bits, only 256 tries maximum
15Encryption: Key Length
Long keys make exhaustive search difficult
Weak security: Today < 100 bits
Strong security: Today > 100 bits
Need for length will grow over time
Laws may limit export of strong security, sending strongly encrypted messages internationally
16Methods and Algorithms
Encryption Method Categories Two general ways of doing encryption Symmetric key versus public key
encryption
Encryption Method Algorithms Specific ways of doing encryption With symmetric key encryption: DES,
3DES, AES, IDEA, Blowfish, and RC5 algorithms
With public key encryption: RSA, elliptical curve cryptosystem (ECC), El Gamal
17Symmetric Key Encryption
Both sides use a single key to encrypt & decrypt When A send to B
A encrypts with the key, B decrypts with the key
When B sends to AB encrypts with the key, A decrypts with the
keyA
B
Symmetric Key
18Symmetric Key Encryption
Symmetric key encryption and decryption processes are simple enough for fast encryption/decryption Fast enough for long messages
AB
Symmetric Key
19Symmetric Key Encryption
Problem 1: Symmetric key must be distributed secretly between partners or interceptors can read subsequent messages
Key A
Key B
A
B
20Symmetric Key Encryption
Problem 2: Need a different symmetric key for each business partner Or other partners could read messages Complicates symmetric key distribution
Key A
Key B
A
B
21Symmetric Key Encryption
Problem: Need a different symmetric key for each business partner If there are N partners And if each needs to communicate with all
others Then N*(N-1)/2 keys must be distributed
Key A
Key B
A
B
22Symmetric Key Encryption
Data Encryption Standard (DES) Extremely popular symmetric key algorithm
DES breaks the plaintext into blocks of 64 bits
It then encrypts each block of plaintext using a 64-bit key
However, it is proper to say that DES uses a 56-bit key, because 8 of the key bits are redundant (can be computed from the other 56)
56-bit key is small, giving inadequate strength for important transactions (OK for small ones)
23Symmetric Key Encryption
Triple DES (3DES) Applies DES three times to encrypt
With 3 keys, get 168-bit effective key lengthEncrypt block with first keyDecrypt (yes, decrypt) result with second keyEncrypt result with third key; Send this ciphertext
DecryptionDecrypt ciphertext with third keyEncrypt (yes, encrypt) result with second keyDecrypt result with third key
24Symmetric Key Encryption
Note: Encryption and Decryption often are Reversible
Usually, encrypt to get ciphertext and then decrypt to restore the plaintext
Some algorithms also can decrypt to get ciphertext and encrypt to restore plaintext
Both approaches transform the plaintext into ciphertext to give confidentiality (privacy), then unscramble the ciphertext back to the original plaintext
25Symmetric Key Encryption
Triple DES (3DES) Can be done with 2 keys for 112-bit effective
key length
EncryptionEncrypt block with first keyDecrypt (yes, decrypt) result with second keyEncrypt result with first key again; Send this
ciphertext
DecryptionDecrypt received ciphertext with first keyEncrypt (yes, encrypt) result with second keyDecrypt result with first key again
26Symmetric Key Encryption
DES is an old algorithm Developed in 1970s
3DES is merely a way of extending its life
Advanced Encryption System (AES)
Being developed by the U.S. National Institutes for Standards and Technology
Will be much stronger with longer keys
27Public Key Encryption
There are Two General Encryption Method Categories
Symmetric key encryption (just seen)
Public key encryption (next)
28Public Key Encryption Methods
Different keys for encryption and decryption
Encryption with receiver’s public key
Decryption with receiver’s private key
Once encrypted, sender cannot decrypt the ciphertext; does not have receiver’s private key
Plaintext Encryption Ciphertext Decryption Plaintext
Public Key Private Key
29Public Key Encryption
Everyone has a public and private key
Keep the private key secret
Distribute the public key to everybody without security
PublicKey
PublicKey
PrivateKey
30Public Key Encryption
Then anyone can encrypt messages to you using your public key
But only you can decrypt the messages
PublicKey
PublicKey
PrivateKey
Encryption
31Public Key Encryption
Four Keys Needed for Two-Way Communication
Each side has a public and a private key
Each sends public key to other unsecurely
A BB’sPub Key
B’sPriv Key
A’sPriv Key
A’sPub Key
32Public Key Encryption
Four Keys Needed for Two-Way Communication
Encrypt with other party’s public key
Decrypt with own private key
A BB’sPub Key
B’sPriv Key
A’sPriv Key
A’sPub Key
33Public Key Encryption
Four Keys Needed for Two-Way Communication
Never refer to public and private keys without saying to whose public or private key you are referring
A BB’sPub Key
B’sPriv Key
A’sPriv Key
A’sPub Key
34Public Key Encryption
No need for separate secret key for each business partner
Greatly simplifies key management
35Public Key Encryption
Unfortunately, highly processing-intensive
100 times slower than symmetric key encryption
So can only encrypt small messages
Also, often can only encrypt messages about the size of the public key (typically a few thousand bits)
New
36Combining Public, Symmetric Key
Not competitors--Used Together in Practice
Public key is easy to distribute but can only be used for small messages
Symmetric key has key distribution problems but can be used for long messages
They have complementary strengths and weaknesses
37Combining Public, Symmetric Key
Symmetric Key Encryption and Public Key Encryption are Complementary, not Competitors
Often, partners first communicate with public key encryption Including initial authentication
Public Key AuthenticationA B
38Combining Public, Symmetric Key
Then one sides generates a symmetric key
Encrypts symmetric key with partner’s public key, sends to partner
Now, both sides have the symmetric key
SymmetricSessionKey
Public Key EncryptionA B
39Combining Public, Symmetric Key
Afterward, both sides communicate with the symmetric key
This symmetric “session key” is good only for this session--single flow of communications
Symmetric Session KeyA B
40Public Key Algorithms
Public Key Encryption is a Method Category Must Use a Specific Public Key Algorithm
RSA Most widely used public key algorithm Patented, but public domain in October
2000
Elliptical Curve Cryptosystem (ECC) Can use smaller keys than RSA with same
degree of protection
41Public Key Encryption
If know someone’s public key, there is no known way to compute their private key faster than exhaustive search
If there was, public key encryption would be useless
This is a general concern for public key encryption because there is no proof that there is no possible way to compute the private key rapidly if a public key is known
42Privacy versus Authentication
Confidentiality (Privacy) Interceptors cannot read messages
Authentication: proving the sender’s identity The Problem of Impostors Uses encryption So encryption is not only for privacy and
confidentiality!
43Authentication
Authentication methods: Passwords
Most users pick short passwords that are easy to guess with exhaustive search
Users often pick passwords that are common words or repetitive letter combinations; Even easier to guess
Automated password cracking is very effective
44Authentication
Authentication methods: Passwords
Often, weak passwords protect more important systems
Users must be forced to pick long passwords containing case changes and numerals, such as Tri6Vial
45Authentication
Authentication methods Biometrics
Fingerprint analysis, iris analysis, etc.New and not standardized
Authentication CardPush into slot of a machineAlso must give password usually
Public Key AuthenticationProve that sender holds their private key,
which only they should know
46Authentication
Verifier is the party who wishes the other party to authenticate themselves
Applicant is the other party, which wishes to prove its identity
ApplicantApplicant VerifierVerifier
Prove Your
Identity
47Challenge-Response Authentication
Verifier sends the applicant a challenge message This challenge message is a string of
bits
ApplicantApplicant VerifierVerifier
ChallengeMessage
48Challenge-Response Authentication
Applicant sends back a response message This is the challenge message
encrypted with the applicant’s private key
ApplicantApplicant VerifierVerifier
ResponseMessage
49Challenge-Response Authentication
Verifier decrypts the response message with the true party’s public key If matches the challenge message, was
encrypted with the true party’s private key, which only the true party should know
Applicant is authenticated
ApplicantApplicant VerifierVerifier
ResponseMessage
ChallengeMessage
50Frequency of Authentication
Challenge-Response Authentication Only done initially Or done at most a few times during a
session
Digital Signature Authentication (next) Provides authentication for every message Called message-by-message authentication Also provides message integrity—proof that
the message has not been changed en route
51Public Key Authentication
Ultimate goal is to send an original plaintext message from the applicant to the verifier If security was not an issue, the
applicant simply would send it
ApplicantApplicant VerifierVerifier
OriginalPlaintext
52Public Key Authentication
Ultimate goal is to send an original plaintext message from the applicant to the verifier If only confidentiality was an issue,
would merely encrypt the original plaintext with a symmetric session key
ApplicantApplicant VerifierVerifier
CiphertextUsing
Symmetric Key
53Public Key Authentication
For authentication, also send a digital signature with each packet
First create a message digest (MD) A small binary string calculated on the
basis of all of the bits in the message
MessageMessageDigest
Calculation
54Public Key Authentication
First create a message digest (MD) Normally, use a process called hashing For a message of arbitrary size, hashing
produces a small number of predictable size
MD5: 128 bits SHA-1: 160 bits
MessageMessageDigest
Hash
55Public Key Authentication
First create a message digest (MD) Hashing is not reversible Cannot get back original message if you
know its hash Just done to produce something small
enough (message digest) to encrypt with public key encryption
MessageMessageDigest
Hash
56Public Key Authentication
Next create a digital signature Encrypt the message digest with
sender’s private key, which only the sender should be able to do
Also called signing the message digest with the sender’s private key
DigitalSignature
Encrypt withSender’s
Private Key
MessageDigest
57Public Key Authentication
Next create a digital signature
Encrypt message digest with sender’s private key, which only the sender should be able to do; creates the digital signature
Message digest is short, so public key encryption is not too burdensome
DigitalSignature
Encrypt withSender’s
Private Key
MessageDigest
58Public Key Authentication
Note Message digest is a hash of the original
message MD is not encrypted Digital signature is what you get when
you encrypt the MD with public key encryption
Do not confuse the two
DigitalSignature
Encrypt withSender’s
Private Key
MessageDigest
59Public Key Authentication
Encrypt combined message and digital signature with the symmetric session key and send to the receiver This gives confidentiality (privacy)
during transmission Easy to forget the encryption with the
symmetric session key
DigitalSignature
Message
Encrypt with symmetric session key
60Public Key Authentication
Receiver decrypts ciphertext with symmetric session key
Then decrypts digital signature with sender’s public key to get the original message digest
This is the transmitted message digest
DigitalSignature
Decrypt withSender’s
Public Key
TransmittedMessageDigest
61Public Key Authentication
Receiver then hashes the original plaintext, just as the sender did
This is the computed message digest
OriginalPlaintext
ComputedMessageDigest
Hashed
62Public Key Authentication
If the transmitted and computed message digests match, the sender is authenticated as being the true party
Because the digital signature was signed with the true party’ private key, as shown by decryption with the true party’s public key
Message Digestfrom Digital Signature
Message DigestComputed from
Original Plaintext
63Public Key Authentication
Digital Signature also Provides Message Integrity
Proof that the message has not been altered en route
If message has been changed by error or by an attacker, message digests will not match
Message Digestfrom Digital Signature
Message DigestComputed from
Original Plaintext
Digital Certificates
Public Key Deception
Digital Certificates
Certificate Authorities
Public Key Infrastructures (PKIs)
65Public Key Deception
Impostor Claims to be a True Party True party has a public and private key Impostor also has a public and private
key
Impostor sends impostor’s own public key to the verifier Says, “This is the true party’s public
key” This is the critical step in the deception
66Public Key Deception
If verifier accepts the impostor’s public key as the true party’s public key,
Impostor will be authenticated through any public key authentication method, because their private key will work
Impostor can also decrypt messages sent by the verifier if these messages are encrypted with the impostor’s public key
67Public Key Deception
Moral:
Public key encryption for privacy, confidentiality, authentication, and message integrity only works if
The verifier gets the true party’s public key independently of the applicant,
From a trusted third party
68Digital Certificates
Created by a Certificate Authority
Certificate authority is the trusted third party
CertificateAuthority
CertificateAuthority
AuthenticatedParty
AuthenticatedParty
DigitalCertificate
DigitalCertificate
69Certificate Authorities
Unfortunately, certificate authorities are not regulated
You must only use certificate authorities you trust
Company can be its own certificate authority for internal authentication among its hardware and software systems
70Digital Certificates
Assert that a true party (named) has the public key contained in the digital certificate Provides a name-public key pair Therefore prevents public key deception Fields and content are standardized by
the ITU-T X.509 Standard
71Digital Certificates
Each digital certificate has its own digital signature, signed (encrypted) by the private key of the certificate authority Provides message integrity so that an
impostor cannot change the name field in the digital certificate to its own
72Digital Certificates
Certificate authorities may revoke digital certificates before the expiration date listed in the digital certificate Revoked certificate ID numbers are placed in a
certificate revocation list (CRL)
Verifier must check with the certificate authority to determine if a digital certificate is on the CRL
Without the CRL check, digital certificates do not support authentication
73Digital Certificates
Recap
A digital signature gives the public key of a named party
This is needed for public key authentication, to prevent public key deception
However, a digital certificate alone does NOT provide authentication
Public Key Infrastructures (PKIs)
Private key creation and distribution
Digital certificate creation and distribution
Certificate Revocation List checking
75PKIs
To use public key methods, an organization must establish a comprehensive Public Key Infrastructure (PKI) A PKI automates most aspects of using
public key encryption and authentication
Uses a PKI Server PKIServer
76PKIs
PKI Server Creates Public Key-Private Key Pairs Distributes private keys to applicants
securely Often, private keys are embedded in
delivered software
PKIServer
Private Key
77PKIs
PKI Server Provides CRL Checks Distributes digital certificates to
verifiers Checks certificate revocation list before
sending digital certificates
PKIServer
Digital Certificate
78PKIs
CRL Checks If applicant gives verifier a digital
certificate, The verifier must check the certificate
revocation list
PKIServer
OK?
OK or Revoked
CRL
79Integrated Security System
When two parties communicate …
Their software usually handles the details
First, negotiate security methods
Then, authenticate one another
Then, exchange symmetric session key
Then can communicate securely using symmetric session key and message-by-message authentication
80SSL Integrated Security System
SSL Secure Sockets Layer Developed by Netscape
TLS (Since the book went to press) Netscape gave IETF control over SSL IETF renamed it TLS (Transport Layer
Security) Usually still called SSL
81Location of SSL
Below the Application Layer IETF views it at the transport layer Protects all application exchanges Not limited to any single application
WWW transactions, e-mail, etc.
SSL SSL
E-Mail WWW E-Mail WWW
83SSL Operation
SSL ISS Process
Two sides negotiate security parameters
Webserver authenticates itself
Browser may authenticate itself but rarely does
Browser selects a symmetric session key, sends to webserver
Adds a digital signature and encrypts all messages with the symmetric key
84Importance of SSL
Supported by Almost All Browsers De facto standard for Internet application
security
Problems
Relatively weak security
Does not involve security on merchant server
Does not validate credit card numbers
Viewed as an available but temporary approach to consumer security
85Other ISSs
SSL is merely an example integrated security system
Many other ISSs exist IPsec (Chapter 9 and Module F) PPP and PPTP (Module F) Etc.
86Other ISSs
All ISSs have the same general steps
Negotiate security parameters
Authenticate the partners
Exchange a session key
Communicate with message-by-message privacy, authentication, and message integrity
88Multi-Layer Security
Security Can be Applied at Multiple Layers Simultaneously
Application layer security for database, e-mail, etc.
Transport layer: SSL
Internet layer: IPsec (Chapter 9, Module F)
Data link layer: PPTP, L2TP (Module F)
Physical layer: locks
89Multi-Layer Security
Applying security at 2 or more layers is good
If security is broken at one layer, the communication will still be secure
However, Security slows down processing Multi-Layer security slows down
processing at each layer
90Firewalls
Firewall sits between the corporate network and the Internet Prevents unauthorized access from the
Internet Facilitates internal users’ access to the
Internet
OKNo
Firewall
Access only ifAuthenticated
91Firewalls
Packet Filter Firewalls
Examine each incoming IP packet
Examine IP and TCP header fields
If bad behavior is detected, reject the packet
No sense of previous communication: analyzes each packet in isolation
IPFirewall
IP Packet
92Firewalls
Application (Proxy) Firewalls Filter based on application behavior Do not examine packets in isolation: use
historyIn HTTP, for example, do not accept a
response unless an HTTP request has just gone out to that site
Application
93Firewalls
Application (Proxy) Firewalls Hide internal internet addresses Internal user sends an HTTP request HTTP proxy program replaces user
internet address with proxy server’s IP address, sends to the webserver
HTTPRequest
Request with Proxy
Server’s IP Address
94Firewalls
Application (Proxy) Firewalls Webserver sends response to proxy
server, to proxy server IP address HTTP proxy server sends the IP packet
to the originating host Overall, proxy program acts on behalf of
the internal user
Response toProxy Server’s
IP Address
HTTPResponse
95Firewalls
Why Hide Internal IP Addresses? The first step in an attack usually is to
find potential victim hosts Sniffer programs read IP packet streams
for IP addresses of potential target hosts With proxy server, sniffers will not learn
IP addresses of internal hosts
False IP Address
HostIP Address
Sniffer
96Firewalls
Application Firewalls
Need a separate program (proxy) for each application
Not all applications have rules that allow filtering
97Total Security
Network Security is Only Part
Server Security
Hackers can take down servers with denial-of-service attack
Hacker can log in as root user and take over the server
Steal data, lock out legitimate users, etc.
98Total Security
Server Security
Occasionally, weakness are discovered in server operating systems
This knowledge is quickly disseminated
Known security weaknesses
99Total Security
Server Security
Server operating system (SOS) vendors create patches
Many firms do not download patches
This makes them vulnerable to hackers, who quickly develop tools to probe for and then exploit known weaknesses
100Total Security
Client PC Security
Known security weaknesses exist but patches are rarely downloaded
Users often have no passwords or weak passwords on their computer
Adversaries take over client PCs and can therefore take over control over SSL, other secure communication protocols
101Total Security
Application Software
May contain viruses
Must filter incoming messages
Database and other applications can add their own security with passwords and other protections
102Total Security
Managing Users
Often violate security procedures, making technical security worthless
Social engineering: attacker tricks user into violating security procedures
103Intrusion Detection
Intrusion detection software to detect and report intrusions as they are occurring
Needed
Lets organization stop intruders so that intruders do not have unlimited time to probe for weaknesses
Helps organization assess security threats
Audit logs list where intruder has been: vital in legal prosecution
104Trust
System A may trust System B Not check closely for security problems This reduces security processing costs If trusted system is taken over, disaster
Can exploit systems that trust it
System A System BNo
CloseCheck
Trust