-
8/17/2019 SIC Module -4
1/78
Email Security
• email is one of the most widely usedand regarded network
services
• currently message contents are notsecure – may be
inspected either in transit
– or by suitably privileged users on
destination system
-
8/17/2019 SIC Module -4
2/78
Email SecurityEnhancements
• condentiality – protection from disclosure
• authentication – of sender of message
• message integrity – protection from modication
• non-repudiation of origin – protection from denial by
sender
-
8/17/2019 SIC Module -4
3/78
Pretty Good Privacy (PGP)
• widely used de facto secure email
• developed by Phil immermann
• selected best available crypto algs touse
• integrated into a single program
• on !ni"# P$# %acintosh and other
systems• originally free# now also have
commercial versions available
-
8/17/2019 SIC Module -4
4/78
PGP &peration 'uthentication
* sender creates message+* use S,- to generate .-bit hash
of message
/* signed hash with 0S using sender1sprivate key# and is
attached tomessage
2* receiver uses 0S with sender1s
public key to decrypt and recoverhash code
3* receiver veries received messageusing hash of it and compares
withdecrypted hash code
-
8/17/2019 SIC Module -4
5/78
PGP &peration '$ondentiality
* sender generates message and +4-bit random number as session
keyfor it
+* encrypt message using $S5-+4 678E 6 /8ES in $9$ mode
withsession key
/* session key encrypted using 0Swith recipient1s public key#
:attached to msg
2* receiver uses 0S with private key
to decrypt and recover session key
-
8/17/2019 SIC Module -4
6/78
PGP &peration ' $ondentiality :uthentication
• can use both services on samemessage – create signature :
attach to message
– encrypt both message : signature
– attach 0S6ElGamal encrypted sessionkey
-
8/17/2019 SIC Module -4
7/78
PGP &peration '$ompression
• by default PGP compresses messageafter signing but before
encrypting – so can store uncompressed message :
signature for later verication
– : because compression is nondeterministic
• uses 7P compression algorithm
-
8/17/2019 SIC Module -4
8/78
PGP &peration ' Email$ompatibility
• when using PGP will have binary data tosend (encrypted message
etc)
• however email was designed only for te"t
• hence PGP must encode raw binary datainto printable S$77
characters
• uses radi"-2 algorithm –
maps / bytes to 2 printable chars – also appends a $0$
• PGP also segments messages if too big
-
8/17/2019 SIC Module -4
9/78
PGP &peration ' Summary
-
8/17/2019 SIC Module -4
10/78
PGP Session ;eys
• need a session key for each message – of varying siS7
?+*@ mode
• uses random inputs taken fromprevious uses and from
keystroke
timing of user
-
8/17/2019 SIC Module -4
11/78
PGP Public : Private ;eys
• since many public6private keys may be inuse# need to identify
which is actually usedto encrypt session key in a
message –
could send full public-key with every message – but this is
ineAcient
• rather use a key identier based on key – is least
signicant 2-bits of the key
–
will very likely be uniBue• also use key 78 in signatures
-
8/17/2019 SIC Module -4
12/78
PGP %essage Cormat
-
8/17/2019 SIC Module -4
13/78
S6%7%E (Secure6%ultipurpose7nternet %ail E"tensions)
• security enhancement to %7%E email – original 7nternet
0C$4++ email was te"t
only
– %7%E provided support for varyingcontent types and
multi-part messages
– with encoding of binary data to te"tual
form – S6%7%E added security enhancements
• have S6%7%E support in many mail
agents –
-
8/17/2019 SIC Module -4
14/78
S6%7%E Cunctions
• enveloped data – encrypted content and associated
keys
• signed data – encoded message D signed digest
• clear-signed data – clearte"t message D encoded
signed
digest
• signed : enveloped data – nesting of signed : encrypted
entities
-
8/17/2019 SIC Module -4
15/78
S6%7%E $ryptographiclgorithms
• digital signatures= 8SS : 0S
• hash functions= S,- : %83
•
session key encryption= ElGamal :0S
• message encryption= ES# 5riple-8ES#0$+62. and others
• %$= ,%$ with S,-
• have process to decide which algs touse
-
8/17/2019 SIC Module -4
16/78
S6%7%E %essages
• S6%7%E secures a %7%E entity with asignature# encryption# or
both
•
forming a %7%E wrapped P;$S obect• have a range of
content-types=
– enveloped data
– signed data
– clear-signed data
– registration reBuest
– certicate only message
-
8/17/2019 SIC Module -4
17/78
S6%7%E $erticateProcessing
• S6%7%E uses ?*3.F v/ certicates
• managed using a hybrid of a strict?*3.F $ hierarchy : PGPs web
oftrust
• each client has a list of trusted $scerts
• and own public6private key pairs :certs
• certicates must be signed bytrusted $s
-
8/17/2019 SIC Module -4
18/78
7P Security
• have a range of application specicsecurity mechanisms –
eg* S6%7%E# PGP# ;erberos# SSH6,55PS
• however there are security concernsthat cut across protocol
layers
• would like security implemented by
the network for all applications
-
8/17/2019 SIC Module -4
19/78
7PSec
• general 7P Security mechanisms
• provides – authentication
– condentiality
– key management
• applicable to use over H>s# acrosspublic : private I>s#
: for the7nternet
-
8/17/2019 SIC Module -4
20/78
7PSec !ses
-
8/17/2019 SIC Module -4
21/78
9enets of 7PSec
• in a rewall6router provides strongsecurity to all traAc
crossing theperimeter
• in a rewall6router is resistant tobypass
• is below transport layer# hence
transparent to applications• can be transparent to end users
• can provide security for individualusers
• secures routin architecture
-
8/17/2019 SIC Module -4
22/78
7P Security rchitecture
• specication is Buite comple"
• dened in numerous 0C$s – incl* 0C$ +2.6+2.+6+2.6+2.4
– many others# grouped by category
• mandatory in 7Pv# optional in 7Pv2
• have two security header e"tensions= – uthentication
,eader (,)
– Encapsulating Security Payload (ESP)
-
8/17/2019 SIC Module -4
23/78
7PSec Services
• ccess control
• $onnectionless integrity
• 8ata origin authentication
• 0eection of replayed packets – a form of partial seBuence
integrity
• $ondentiality (encryption)
• Himited traAc Jow condentiality
-
8/17/2019 SIC Module -4
24/78
Security ssociations
• a one-way relationship betweensender : receiver that
aKordssecurity for traAc Jow
• dened by / parameters= – Security Parameters 7nde"
(SP7)
– 7P 8estination ddress
–
Security Protocol 7dentier• has a number of other parameters
– seB no# , : E, info# lifetime etc
• have a database of Securityssociations
-
8/17/2019 SIC Module -4
25/78
uthentication ,eader (,)
• provides support for data integrity :authentication of 7P
packets – end system6router can authenticate
user6app – prevents address spoong attacks by
tracking seBuence numbers
•based on use of a %$ – ,%$-%83-F or ,%$-S,--F
• parties must share a secret key
-
8/17/2019 SIC Module -4
26/78
uthentication ,eader
-
8/17/2019 SIC Module -4
27/78
5ransport : 5unnel %odes
-
8/17/2019 SIC Module -4
28/78
Encapsulating Security Payload(ESP)
• provides message content condentiality: limited traAc Jow
condentiality
• can optionally provide the same
authentication services as ,• supports range of ciphers# modes#
padding
– incl* 8ES# 5riple-8ES# 0$3# 78E# $S5 etc
– $9$ : other modes
–
padding needed to ll blocksi
-
8/17/2019 SIC Module -4
29/78
Encapsulating SecurityPayload
-
8/17/2019 SIC Module -4
30/78
5ransport vs 5unnel %odeESP
• transport mode is used to encrypt :optionally authenticate 7P
data – data protected but header left in clear
– can do traAc analysis but is eAcient
– good for ESP host to host traAc
• tunnel mode encrypts entire 7P
packet – add new header for ne"t hop
– good for LP>s# gateway to gateway
security
-
8/17/2019 SIC Module -4
31/78
Ieb Security
• Ieb now widely used by business#government# individuals
• but 7nternet : Ieb are vulnerable
• have a variety of threats – integrity
– condentiality
–
denial of service – authentication
• need added security mechanisms
-
8/17/2019 SIC Module -4
32/78
SSH (Secure Socket Hayer)
• transport layer security service
• originally developed by >etscape
• version / designed with public input
• subseBuently became 7nternetstandard known as 5HS
(5ransportHayer Security)
• uses 5$P to provide a reliable end-to-end service
• SSH has two layers of protocols
-
8/17/2019 SIC Module -4
33/78
SSH rchitecture
-
8/17/2019 SIC Module -4
34/78
SSH rchitecture
• SSL connection – a transient# peer-to-peer#
communications link
– associated with SSH session
• SSL session – an association between client : server
– created by the ,andshake Protocol – dene a set of
cryptographic
parameters
–
may be shared by multiple SSH
-
8/17/2019 SIC Module -4
35/78
SSH 0ecord ProtocolServices
• message integrity – using a %$ with shared secret key
– similar to ,%$ but with diKerent
padding• confdentiality
– using symmetric encryption with ashared secret key dened
by ,andshake
Protocol – ES# 78E# 0$+-2.# 8ES-2.# 8ES# /8ES#
Corte
-
8/17/2019 SIC Module -4
36/78
SSH 0ecord Protocol&peration
-
8/17/2019 SIC Module -4
37/78
SSH $hange $ipher SpecProtocol
• one of / SSH specic protocols whichuse the SSH 0ecord
protocol
• a single message
• causes pending state to becomecurrent
• hence updating the cipher suite inuse
-
8/17/2019 SIC Module -4
38/78
SSH lert Protocol
• conveys SSH-related alerts to peer entity• severity
• warning or fatal
•
specic alert• fatal= une"pected message# bad record mac#
decompression failure# handshake failure#illegal parameter
•
warning= close notify# no certicate# badcerticate# unsupported
certicate#certicate revoked# certicate e"pired#certicate
unknown
•
compressed : encrypted like all SSH data
-
8/17/2019 SIC Module -4
39/78
SSH ,andshake Protocol
• allows server : client to= – authenticate each other
– to negotiate encryption : %$
algorithms – to negotiate cryptographic keys to be
used
•
comprises a series of messages inphases
* Establish Security $apabilities
+* Server uthentication and ;ey E"change
/* $lient uthentication and ;e E"chan e
-
8/17/2019 SIC Module -4
40/78
SSH ,andshake Protocol
5HS (5 H
-
8/17/2019 SIC Module -4
41/78
5HS (5ransport HayerSecurity)
• 7E5C standard 0C$ ++2 similar toSSHv/
• with minor diKerences – in record format version
number – uses ,%$ for %$
– a pseudo-random function e"pandssecrets
– has additional alert codes
– some changes in supported ciphers
– changes in certicate types :
negotiations
-
8/17/2019 SIC Module -4
42/78
Secure Electronic 5ransactions(SE5)
• open encryption : securityspecication
• to protect 7nternet credit cardtransactions
• developed in FF by %astercard#Lisa etc
• not a payment system
• rather a set of security protocols :formats – secure
communications amongst parties
-
8/17/2019 SIC Module -4
43/78
SE5 $omponents
-
8/17/2019 SIC Module -4
44/78
SE5 5ransaction
* customer opens account+* customer receives a certicate/*
merchants have their own certicates
2* customer places an order3* merchant is veried* order and
payment are sent@* merchant reBuests payment authori
-
8/17/2019 SIC Module -4
45/78
8ual Signature
• customer creates dual messages – order information
(&7) for merchant
– payment information (P7) for bank
• neither party needs details of other
• but must know they are linked
• use a dual signature for this – signed concatenated
hashes of &7 : P7
DS=E(PRc, [H(H(PI)||H(OI))])
-
8/17/2019 SIC Module -4
46/78
SE5 Purchase 0eBuest
• SE5 purchase reBuest e"changeconsists of four messages
* 7nitiate 0eBuest - get certicates
+* 7nitiate 0esponse - signed response
/* Purchase 0eBuest - of &7 : P7
2* Purchase 0esponse - ack order
P h 0 t
-
8/17/2019 SIC Module -4
47/78
Purchase 0eBuest '$ustomer
P h 0 t
-
8/17/2019 SIC Module -4
48/78
Purchase 0eBuest '%erchant
* veries cardholder certicates using $sigs
+* veries dual signature using customer1spublic signature key to
ensure order hasnot been tampered with in transit : thatit was
signed using cardholder1s privatesignature key
/* processes order and forwards thepayment information to the
paymentgateway for authori
-
8/17/2019 SIC Module -4
49/78
Purchase 0eBuest '%erchant
P t G t
-
8/17/2019 SIC Module -4
50/78
Payment Gatewayuthori
-
8/17/2019 SIC Module -4
51/78
Payment $apture
• merchant sends payment gateway apayment capture reBuest
• gateway checks reBuest
• then causes funds to be transferredto merchants account
• noties merchant using captureresponse
-
8/17/2019 SIC Module -4
52/78
$hapter +. ' Cirewalls
The function of a strong position is tomake the forces holding
it practically
unassailable
—On War, Carl Von Clausewitz
-
8/17/2019 SIC Module -4
53/78
7ntroduction
• seen evolution of information systems
• now everyone want to be on the 7nternet
• and to interconnect networks
•
has persistent security concerns – cant easily secure every
system in org
• typically use a Firewall• to provide perimeter deence• as part
of comprehensive security strategy
-
8/17/2019 SIC Module -4
54/78
Ihat is a CirewallM
• a choke point of control andmonitoring
• interconnects networks with diKering
trust• imposes restrictions on network
services –
only authori5 : usa e monitorin
-
8/17/2019 SIC Module -4
55/78
Cirewall Himitations
• cannot protect from attacksbypassing it – eg sneaker net#
utility modems# trusted
organisations# trusted services (egSSH6SS,)
• cannot protect against internal
threats – eg disgruntled or colluding employees
• cannot protect against transfer of all
virus infected programs or les
-
8/17/2019 SIC Module -4
56/78
Cirewalls ' Packet Cilters
• simplest# fastest rewall component
• foundation of any rewall system
• e"amine each 7P packet (no conte"t)and permit or deny
according to rules
• hence restrict access to services(ports)
• possible default policies – that not e"pressly permitted
is
prohibited
– that not e"pressly prohibited is
-
8/17/2019 SIC Module -4
57/78
Cirewalls ' Packet Cilters
-
8/17/2019 SIC Module -4
58/78
ttacks on Packet Cilters
• 7P address spoong – fake source address to be trusted
– add lters on router to block
• source routing attacks – attacker sets a route other than
default
– block source routed packets
•
tiny fragment attacks – split header info over several
tiny
packets
– either discard or reassemble before
check
Cirewalls Stateful Packet
-
8/17/2019 SIC Module -4
59/78
Cirewalls ' Stateful PacketCilters
• traditional packet lters do note"amine higher layer
conte"t – ie matching return packets with
outgoing Jow• stateful packet lters address this
need
• they e"amine each 7P packet inconte"t – keep track of
client-server sessions
– check each packet validly belongs to
one
Ci ll li ti H l
-
8/17/2019 SIC Module -4
60/78
Cirewalls - pplication HevelGateway (or Pro"y)
• have application specic gateway 6pro"y
• has full access to protocol – user reBuests service from
pro"y
– pro"y validates reBuest as legal
– then actions reBuest and returns result
to user – can log 6 audit traAc at application level
• need separate pro"ies for each
service
Ci ll li ti H l
-
8/17/2019 SIC Module -4
61/78
Cirewalls - pplication HevelGateway (or Pro"y)
Cirewalls $ircuit Hevel
-
8/17/2019 SIC Module -4
62/78
Cirewalls - $ircuit HevelGateway
• relays two 5$P connections
• imposes security by limiting whichsuch connections are
allowed
• once created usually relays traAcwithout e"amining
contents
• typically used when trust internal
users by allowing general outboundconnections
• S&$;S is commonly used
Cirewalls $ircuit Hevel
-
8/17/2019 SIC Module -4
63/78
Cirewalls - $ircuit HevelGateway
-
8/17/2019 SIC Module -4
64/78
9astion ,ost
• highly secure host system
• runs circuit 6 application level gateways
• or provides e"ternally accessible services
• potentially e"posed to NhostileN elements• hence is secured to
withstand this
– hardened &6S# essential services# e"tra auth
– pro"ies small# secure# independent# non-
privileged• may support + or more net connections
• may be trusted to enforce policy of trustedseparation between
these net connections
-
8/17/2019 SIC Module -4
65/78
Cirewall $ongurations
-
8/17/2019 SIC Module -4
66/78
Cirewall $ongurations
-
8/17/2019 SIC Module -4
67/78
Cirewall $ongurations
-
8/17/2019 SIC Module -4
68/78
ccess $ontrol
•given system has identied a user
• determine what resources they canaccess
•general model is that of accessmatri" with –
subject - active entity (user# process)
–
object - passive entity (le or resource) – access
right ' way obect can be
accessed
• can decompose by–
-
8/17/2019 SIC Module -4
69/78
ccess $ontrol %atri"
-
8/17/2019 SIC Module -4
70/78
5rusted $omputer Systems
• information security is increasinglyimportant
• have varying degrees of sensitivity of
information – cf military info classications=
condential#
secret etc
• subects (people or programs) have
varying rights of access to obects(information)
• known as multilevel security –
subects have maimum : current security
-
8/17/2019 SIC Module -4
71/78
9ell HaPadula (9HP) %odel
• one of the most famous security models• implemented as
mandatory policies on
system
•
has two key policies=• no read up (simple security
property)
– a subect can only read6write an obect if thecurrent
security level of the subect dominates(O) the classication of the
obect
• no write down (Q-property) – a subect can only
append6write to an obect if
the current security level of the subect isdominated by (R) the
classication of the
obect
-
8/17/2019 SIC Module -4
72/78
0eference %onitor
Evaluated $omputer
-
8/17/2019 SIC Module -4
73/78
Evaluated $omputerSystems
• governments can evaluate 75systems
• against a range of standards= – 5$SE$# 7PSE$ and now
$ommon $riteria
• dene a number of levelsT ofevaluation with increasingly
stringent
checking• have published lists of evaluated
products
– though aimed at government6defense
-
8/17/2019 SIC Module -4
74/78
$ommon $riteria
• international initiative specifying securityreBuirements :
dening evaluation criteria
• incorporates earlier standards –
eg $SE$# 75SE$# $5$PE$ ($anadian)# Cederal(!S)
• species standards for – evaluation criteria
– methodology for application of criteria
– administrative procedures for evaluation#certication and
accreditation schemes
-
8/17/2019 SIC Module -4
75/78
$ommon $riteria
• denes set of security reBuirements • have
a 5arget &f Evaluation (5&E)
• reBuirements fall in two categories – functional
– assurance
• both organised in classes of families :
components
$ommon $riteria
-
8/17/2019 SIC Module -4
76/78
$ommon $riteria0eBuirements
• Cunctional 0eBuirements – security audit# crypto
support#
communications# user data protection#
identication : authentication# securitymanagement# privacy#
protection oftrusted security functions# resourceutili
-
8/17/2019 SIC Module -4
77/78
$ommon $riteria
i i
-
8/17/2019 SIC Module -4
78/78
$ommon $riteria
