Upload
smitanair143
View
221
Download
0
Embed Size (px)
Citation preview
8/13/2019 Slides Internet Security
http://slidepdf.com/reader/full/slides-internet-security 1/78
SecurityCharles Severance
8/13/2019 Slides Internet Security
http://slidepdf.com/reader/full/slides-internet-security 2/78
Unless otherwise noted, the content of these slides are licensed under a CreativeCommons Attribution 3.0 License.
http://creativecommons.org/licenses/by/3.0/.
Copyright 2009- Charles Severance.
You assume all responsibility for use and potential liability associated with any use of the material. Material contains copyrighted content, used in accordance with U.S. law. Copyright holders of content included
[email protected] with any questions, corrections, or clarifications regarding the use of content. The Regents of the University of Michigan do not license the use of third party content posted to this site
specifically granted in connection with particular content. Users of content are responsible for their compliance with applicable law. Mention of specific products in this material solely represents the opinion of the
an endorsement by the University of Michigan. For more information about how to cite these materials visit http://michigan.educommons.net/about/terms-of-use.
Any medical information in this material is intended to inform and educate and is not a tool for self-diagnosis or a replacement for medical evaluation, advice, diagnosis or treatment by a healthcare professional.
physician or make an appointment to be seen if you have questions or concerns about this information or your medical condition. Viewer discretion is advised: Material may contain medical images that may be d
8/13/2019 Slides Internet Security
http://slidepdf.com/reader/full/slides-internet-security 3/78
Lets Meet
some Nice
People
http://en.wikipedia.org/wiki/Alice_and_Bob
8/13/2019 Slides Internet Security
http://slidepdf.com/reader/full/slides-internet-security 4/78
People With Bad Intent• Carol, Carlos or Charlie, as a third
participant in communications.
• Chuck, as a third participant usually of
malicious intent
• Dan or Dave, a fourth participant,
• Eve, an eavesdropper, is usually a passive
attacker. While she can listen in on
messages between Alice and Bob, she
cannot modify them.
•.......
http://en.wikipedia.org/wiki/Alice_and_Bob
8/13/2019 Slides Internet Security
http://slidepdf.com/reader/full/slides-internet-security 5/78
Paranoia
• Who is out to get you?
• If you are interesting or influential people want to get in
personal info.
• If you are normal, folks want to use your resources or tinformation to make money…
• Usually no one cares… But it is safest to assume som
always trying…
8/13/2019 Slides Internet Security
http://slidepdf.com/reader/full/slides-internet-security 6/78
Alan Turing and Bletchley P
• Top secret code breaking effort
• 10,000 people at the peak (team
effort)
• BOMBE: Mechanical Computer
• Colossus: Electronic Computer
http://www.youtube.com/watch?v=5nK_ft0Lf1s
8/13/2019 Slides Internet Security
http://slidepdf.com/reader/full/slides-internet-security 7/78http://en.wikipedia.org/wiki/Bombe
8/13/2019 Slides Internet Security
http://slidepdf.com/reader/full/slides-internet-security 8/78
http://en.wikipedia.org/wiki/Colossus_computer
http://en.wikipedia.org/wi
8/13/2019 Slides Internet Security
http://slidepdf.com/reader/full/slides-internet-security 9/78
http://nmap.org/movies.html
8/13/2019 Slides Internet Security
http://slidepdf.com/reader/full/slides-internet-security 10/78
Security is always a Trade
• "Perfect security" is unachievable - Must find the right t
• Security .versus. Cost
• Security .versus. Convenience (See also, "profit")
• "More" is not always better – vendors of products will tr
convince you that you *cannot live* without their particu
gadget
8/13/2019 Slides Internet Security
http://slidepdf.com/reader/full/slides-internet-security 11/78
Terminology
• Confidentiality
• Prevent unauthorized viewing of private information
• Integrity
• Information is from who you think it is from and has no
modified since it was sent
8/13/2019 Slides Internet Security
http://slidepdf.com/reader/full/slides-internet-security 12/78
Ensuring ConfidentialityEncryption and Decryptio
8/13/2019 Slides Internet Security
http://slidepdf.com/reader/full/slides-internet-security 13/78
Terminology
• Plaintext is a message that will be put into secret form.
• Ciphertext is a transformed version of plaintext that isunintelligible to anyone without the means to decrypt
8/13/2019 Slides Internet Security
http://slidepdf.com/reader/full/slides-internet-security 14/78
Terminology
• The transformation of plaintext to ciphertext is referred
encryption.
• Returning the ciphertext back to plaintext is referred to
decryption.
• The strength of a cryptosystem is determined by the en
and decryption techniques and the length of the key.
8/13/2019 Slides Internet Security
http://slidepdf.com/reader/full/slides-internet-security 15/78
Two Kinds of Systems
• Two basic types of cryptosystems exist, secret-key and
key.
• In a secret-key scheme, the key used for encryption mu
same key used for decryption. Also called symmetric-k
cryptosystem.
• Secret-key cryptosystems have the problem of secure
distribution to all parties using the cryptosystem.
8/13/2019 Slides Internet Security
http://slidepdf.com/reader/full/slides-internet-security 16/78
Plaintext:
"candy"
Message Mightbe Intercepted
CipherText:"dboez"
Encrypt
Ci
P
"
Decry
c = d
a = b
n = o
d = e
y = z
Alice Eve
8/13/2019 Slides Internet Security
http://slidepdf.com/reader/full/slides-internet-security 17/78
Caeser Cipher
http://en.wikipedia.org/wiki/Caesar_cipher
Caesar cipher is one of the simplest and most
known encryption techniques. It is a type of sub
cipher in which each letter in the plaintext is re
by a letter some fixed number of positions dowalphabet.
8/13/2019 Slides Internet Security
http://slidepdf.com/reader/full/slides-internet-security 18/78
http://www.youtube.com/watch?v=zdA__2tKoIU
Se
Decod
8/13/2019 Slides Internet Security
http://slidepdf.com/reader/full/slides-internet-security 19/78
PP: A B C D E F G H I J K L M N O P Q R S T U
01: B C D E F G H I J K L M N O P Q R S T U V
02: C D E F G H I J K L M N O P Q R S T U V W
08: I J K L M N O P Q R S T U V W X Y Z A B C
09: J K L M N O P Q R S T U V W X Y Z A B C D
10: K L M N O P Q R S T U V W X Y Z A B C D E
11: L M N O P Q R S T U V W X Y Z A B C D E F
12: M N O P Q R S T U V W X Y Z A B C D E F G
13: N O P Q R S T U V W X Y Z A B C D E F G H
14: O P Q R S T U V W X Y Z A B C D E F G H I
Secret Decoder Ring - Shift Number
http://www.dr-chuck.com/Secret-Decoder.pdf
8/13/2019 Slides Internet Security
http://slidepdf.com/reader/full/slides-internet-security 20/78
Break the Code I
CipherText:
"upbtu"
For each numbe
see if when you de
message using tha
makes sens
8/13/2019 Slides Internet Security
http://slidepdf.com/reader/full/slides-internet-security 21/78
Break the Code I
CipherText:
"upbtu"
Plaintext:
"toast"
M N O P Q R S T U V W X Y Z 01: B C D E F G H
8/13/2019 Slides Internet Security
http://slidepdf.com/reader/full/slides-internet-security 22/78
Break the Code II
Uryyb, zl anzr vf Puhpx naq V arrq zbarl naq n wrg
8/13/2019 Slides Internet Security
http://slidepdf.com/reader/full/slides-internet-security 23/78
Break the Code II
Uryyb, zl anzr vf Puhpx naq V arrq zbarl naq n wrg
Hello, my name is Chuck and I need money and a j
www.rot13.com
8/13/2019 Slides Internet Security
http://slidepdf.com/reader/full/slides-internet-security 24/78
Cryptographic Hashes
Integrity
8/13/2019 Slides Internet Security
http://slidepdf.com/reader/full/slides-internet-security 25/78
Terminology
• Confidentiality
• Prevent unauthorized viewing of private information
• Integrity
• Information is from who you think it is from and has no
modified since it was sent
8/13/2019 Slides Internet Security
http://slidepdf.com/reader/full/slides-internet-security 26/78
Cryptographic Hash
http://en.wikipedia.org/wiki/Cryptographic_hash_func
A cryptographic hash function is a function that take
arbitrary block of data and returns a fixed-size bit s
the (cryptographic) hash value, such that an acciden
intentional change to the data will change the hash v
The data to be encoded is often called the "messaand the hash value is sometimes called the mess
digest or simply digest.
8/13/2019 Slides Internet Security
http://slidepdf.com/reader/full/slides-internet-security 27/78
http://en.wikipedia.org/wiki/Cryptographic_hash_function
htt // d h k
8/13/2019 Slides Internet Security
http://slidepdf.com/reader/full/slides-internet-security 28/78
http://en.wikipedia.org/wiki/SHA-1
http://www.dr-chuck.co
8/13/2019 Slides Internet Security
http://slidepdf.com/reader/full/slides-internet-security 29/78
Hashes for Passwords• As a general rule, systems do not store your password
text their databases in case they 'lose' their data
• When you set the password, they compute a hash and
hash
• When you try to log in they compute the hash of what yas a password and if it matches what they have stored
you in.
• This is why a respectable system will never send your
- they can only reset it!
Store the 'hashed password' in tSetting a new password
8/13/2019 Slides Internet Security
http://slidepdf.com/reader/full/slides-internet-security 30/78
SHA-1fluffy d9d71ab718931a89de1e986bc6
Store the hashed password in tSetting a new password
SHA-1pony 2629fb6d2384da89796a4811ef6d
SHA-1fluffy d9d71ab718931a89de1e986bc62
Log in attempt
Match
http://www.dr-chuck.com/sha1.php
8/13/2019 Slides Internet Security
http://slidepdf.com/reader/full/slides-internet-security 31/78
Digital SignaturesMessage Integrity
8/13/2019 Slides Internet Security
http://slidepdf.com/reader/full/slides-internet-security 32/78
Message Integrity
• When you get a message from someone, did that mess
really come from who you think it came from?
• Was the message altered while in transit or is the copyreceived the same as the copy that was sent?
8/13/2019 Slides Internet Security
http://slidepdf.com/reader/full/slides-internet-security 33/78
Insecure
Medium
"Eat More
Ovaltine
-- Annie"
You
How might we be very sure this message really
came from Annie and it was not altered enroute?
8/13/2019 Slides Internet Security
http://slidepdf.com/reader/full/slides-internet-security 34/78
Simple Message Signing
• Shared secret transported securely 'out of band'
• Before sending the message, concatenate the secret to
message
• Compute the SHA digest of the message+secret
• Send message + digest across insecure transport
8/13/2019 Slides Internet Security
http://slidepdf.com/reader/full/slides-internet-security 35/78
Receiving a Signed Messa
• Receive message + digest from insecure transport
• Remove digest and add secret
• Compute SHA digest for message + secret
• Compare the computed digest to the received digest
8/13/2019 Slides Internet Security
http://slidepdf.com/reader/full/slides-internet-security 36/78
Eat More Ovaltine
Eat More OvaltineSanta SHA-1 a7954
Eat More Ovaltinea79540
Eat More Ovaltinea79540
Eat More OvaltineSanta SHA-1 a7954
Eat More Ovaltine a7954
http://www.dr-chuck.com/sha1.php
8/13/2019 Slides Internet Security
http://slidepdf.com/reader/full/slides-internet-security 37/78
Eat More Ovaltine
Eat More OvaltineSanta SHA-1 a7954
Eat More Ovaltinea79540
Eat Less Ovaltinea79540
Eat Less OvaltineSanta SHA-1 109a1
Eat Less Ovaltine a7954
http://www.dr-chuck.com/sha1.php
8/13/2019 Slides Internet Security
http://slidepdf.com/reader/full/slides-internet-security 38/78
Eat More Ovaltine
Eat More OvaltineSanta SHA-1 a7954
Eat More Ovaltinea79540
Free Cookies84d211
Free Candy26497c
http://www.dr-chuck.com/sha1.php
8/13/2019 Slides Internet Security
http://slidepdf.com/reader/full/slides-internet-security 39/78
Eat More Ovaltine
Eat More OvaltineSanta SHA-1 a7954
Eat More Ovaltinea79540
Free Cookies84d211
Free Candy26497c
Free CookiesSanta
Free CandySanta
c14d5d
26497c
http://www.dr-chuck.com/sha1.php
8/13/2019 Slides Internet Security
http://slidepdf.com/reader/full/slides-internet-security 40/78
Secret Key Shortcoming
• Every pair of people/systems needs a secret key
• In the Internet, key distribution cannot be via the Intern
because communications are insecure until you get the
• For the Internet to work we need an approach where ke
cross the insecure Internet and be intercepted without
compromising security
8/13/2019 Slides Internet Security
http://slidepdf.com/reader/full/slides-internet-security 41/78
Public Key Encryption
Confidentiality
8/13/2019 Slides Internet Security
http://slidepdf.com/reader/full/slides-internet-security 42/78
Grezvabybtl
• Pbasvqragvnyvgl
• Cerirag hanhgubevmrq ivrjvat bs cevingr vasbezngvb
•Vagrtevgl
• Vasbezngvba vf sebz jub lbh guvax vg vf sebz naq un
orra zbqvsvrq fvapr vg jnf frag
www.rot13.com
8/13/2019 Slides Internet Security
http://slidepdf.com/reader/full/slides-internet-security 43/78
Terminology
• Confidentiality
• Prevent unauthorized viewing of private information
•Integrity
• Information is from who you think it is from and has no
modified since it was sent
8/13/2019 Slides Internet Security
http://slidepdf.com/reader/full/slides-internet-security 44/78
Public Key Encryption
•Proposed by Whitfield Diffie and Martin Hellman in 197
• Public-key cryptosystems rely on two keys which are
mathematically related to one another. Also called asy
key cryptosystem.
• One key is called the public key and is to be openly revall interested parties.
• The second key is called the private key and must be k
secret.http://en.wikipedia.org/wiki/Public-key_cryptograph
8/13/2019 Slides Internet Security
http://slidepdf.com/reader/full/slides-internet-security 45/78
https://www.youtube.com/watch?v=ROCray7RTqM
http://en.wikipedia.org/wiki/Whitfield_Diffie
http://en.wikipedia.org/wiki/Martin_Hellman
http://en.wikipedia.org/wiki/Ralph_Merkle
8/13/2019 Slides Internet Security
http://slidepdf.com/reader/full/slides-internet-security 46/78
Public Key
• A message encrypted with one of the keys can only be
decrypted with the other key.
• It is computationally infeasible to recover one key from
• Public-key cryptosystems solve the problem of secure distribution because the public key can be openly revea
anyone without weakening the cryptosystem.
8/13/2019 Slides Internet Security
http://slidepdf.com/reader/full/slides-internet-security 47/78
Generating Public/Private P
• Choose two large* random prime
numbers
• Multiply them
• Compute public and private keys from
that very large number
* The definition of "large" keeps getting bigger as compute
faster
P bli K M h (li h )
8/13/2019 Slides Internet Security
http://slidepdf.com/reader/full/slides-internet-security 48/78
Public Key Math (light)
• Some functions are easy in ―one direction‖, but in the o
so much!
• Example: What are the factors of 55,124,159?
P bli K M th (li ht)
8/13/2019 Slides Internet Security
http://slidepdf.com/reader/full/slides-internet-security 49/78
Public Key Math (light)
• What are the factors of 55,124,159 (a nearly prime num
• What do you multiply 7919 by to get 55,124,159?
• If you know that one of the factors is 7919, it’s also eas
6961!
You Am
8/13/2019 Slides Internet Security
http://slidepdf.com/reader/full/slides-internet-security 50/78
Plaintext:
"Visa928"
Encrypt
Message Might
be Intercepted
CipherText:
"ablghyuip"
Ci
"a
P
"V
Decry
Message Might
be Intercepted
Public Key
Private Key
8/13/2019 Slides Internet Security
http://slidepdf.com/reader/full/slides-internet-security 51/78
Secure Sockets Layer (SS
Security for TCP
http://en.wikipedia.org/wiki/Secure_Sockets_Lay
8/13/2019 Slides Internet Security
http://slidepdf.com/reader/full/slides-internet-security 56/78
http://en.wikipedia.org/wiki/Secur
Generally, t
of the Inter
secure to
from gener
Your local connection
(particularly when
wireless) is your
greatest exposure.
TCP/IPSystem to System Secure TCP/IP
Clipart:
http://www.clker.com/search/networksym/1
Photo CC BY: karindalziel (flickr)
http://creativecommons org/licenses/by/2 0/
8/13/2019 Slides Internet Security
http://slidepdf.com/reader/full/slides-internet-security 58/78
Digital Certificates
8/13/2019 Slides Internet Security
http://slidepdf.com/reader/full/slides-internet-security 59/78
Digital Certificates
http://en.wikipedia.org/wiki/Public_key_certificate
In cryptography, a public key certificate (alsoknown as a digital certificate or identity certificat
is an electronic document which uses a digital
signature to bind a public key with an identity —
information such as the name of a person or an
organization, their address, and so forth. Thecertificate can be used to verify that a public ke
belongs to an individual.
Certificate Authority (CA
8/13/2019 Slides Internet Security
http://slidepdf.com/reader/full/slides-internet-security 60/78
Certificate Authority (CA
http://en.wikipedia.org/wiki/Certificate_authority
A certificate authority is an entity that issues digitcertificates. The digital certificate certifies the
ownership of a public key by the named subject
the certificate. A CA is a trusted third party that
trusted by both the owner of the certificate and th
party relying upon the certificate.
8/13/2019 Slides Internet Security
http://slidepdf.com/reader/full/slides-internet-security 61/78
Your browser c
8/13/2019 Slides Internet Security
http://slidepdf.com/reader/full/slides-internet-security 62/78
certificates/pu
from some ce
authorities buil
Verisig
Public Key Issues
8/13/2019 Slides Internet Security
http://slidepdf.com/reader/full/slides-internet-security 63/78
Public-Key Issues
• Public-key cryptosystems have the problem of securelyassociating a public key with an individual
• I am about to type in my credit card and send it - am I b
Phished?
• The remote server sent me a public key.
• Should I use it? Is this really Amazon's public key?
http://en.wikipedia.org/wiki/Phishing
Public/Private Keys for Sign
8/13/2019 Slides Internet Security
http://slidepdf.com/reader/full/slides-internet-security 64/78
Public/Private Keys for Sign
http://en.wikipedia.org/wiki/Public-key_cryptograph
Digital Certificates
8/13/2019 Slides Internet Security
http://slidepdf.com/reader/full/slides-internet-security 65/78
Digital Certificates
http://en.wikipedia.org/wiki/Public_key_certificate
In cryptography, a public key certificate (alsoknown as a digital certificate or identity certificat
is an electronic document which uses a digital
signature to bind a public key with an identity —
information such as the name of a person or an
organization, their address, and so forth. Thecertificate can be used to verify that a public ke
belongs to an individual.
8/13/2019 Slides Internet Security
http://slidepdf.com/reader/full/slides-internet-security 67/78
Your browser c
certificates/pu
8/13/2019 Slides Internet Security
http://slidepdf.com/reader/full/slides-internet-security 68/78
certificates/pu
from some ce
authorities buil
Verisig
VerisignVerisign Private KeHow Amazon
gets a public
8/13/2019 Slides Internet Security
http://slidepdf.com/reader/full/slides-internet-security 69/78
Amazon
L
Verisig
key signed by
Verisign
VerisignVerisign Private Ke
8/13/2019 Slides Internet Security
http://slidepdf.com/reader/full/slides-internet-security 70/78
AmazonL
Verisig
Amazon Private Key
Cert: Amazon
-- Verisign Amazon Public Key Amazon Public Key
VerisignVerisign Private Ke
8/13/2019 Slides Internet Security
http://slidepdf.com/reader/full/slides-internet-security 71/78
AmazonL
Verisig
Amazon Private Key
Amazon Public Key
Cert: Amazon
-- Verisign Amazon Public Key
8/13/2019 Slides Internet Security
http://slidepdf.com/reader/full/slides-internet-security 72/78
VerisignVerisign Private Ke
8/13/2019 Slides Internet Security
http://slidepdf.com/reader/full/slides-internet-security 73/78
AmazonL
Verisig
Amazon Private Key
Amazon Public Key
Cert: Amazon
-- Verisign
Amazon Public Key
Cert: Amazon
-- Verisign
Amazon Public Key
VerisignVerisign Private Ke
8/13/2019 Slides Internet Security
http://slidepdf.com/reader/full/slides-internet-security 74/78
AmazonL
Verisig
Amazon Private Key
Amazon Public Key
Cert: Amazon
-- Verisign
Amazon
Cert: Am
-- Veri
8/13/2019 Slides Internet Security
http://slidepdf.com/reader/full/slides-internet-security 76/78
Summary
8/13/2019 Slides Internet Security
http://slidepdf.com/reader/full/slides-internet-security 77/78
Summary
• Message Confidentiality / Message Integrity
• Encrypting / Decrypting
• Message digests and message signing
• Shared Secret Key / Public Private Key
Reuse of these materials
8/13/2019 Slides Internet Security
http://slidepdf.com/reader/full/slides-internet-security 78/78
• I intend for these materials to be reusable as open educat
resources for those who would do so in a responsible man
• Please contact me if you are interested in reusing or remix
materials in your own teaching or educational context