encryption and security issues -- sheizaf rafaeli encryption and data security encryption and data...

Encryption and Security Issues -- Sheizaf Rafaeli

Encryption and Data SecurityEncryption and Data Security

Jungles, Towers,

Monkeys, Locks and Keys.


ם תקשורת מאובטחתם תקשורת מאובטחתוודרישות לקידרישות לקי 4 4 ::

?ClaimsNot

SentNot

Received

Confidentiality - סודיות Integrity - שלמות

Authentication - הזדהות Non-repudiation - מניעת התכחשות

Interception Modification

Fabrication

Is my communication private? Has my communication been altered?

Who am I dealing with? Who sent/received it and when?

AgendaAgenda

• What are EC Security Threats and Issues• Web server and Database Security• Crypto-Basics• Network Encryption• SSL/PCT

Agenda (2)Agenda (2)

•Main concepts :Physical vs. Logical protectionsSymmetric vs. Public Key encryptionPrivacy, Integrity, Repudiation, •Hash, Digital signature, Certification•Security vs. Privacy as public interest concernsDES, SSL


Security - The Business ChallengeSecurity - The Business Challenge

Who’s the bad guy? Competitors, foreign governments, network hackers, disgruntled ex-employees, news and media, unauthorized customers, employees, etc?

How do I protect my information from the bad guys, without making employees and authorized users less productive?

How can I administer security consistently, reliably, and cost effectively across all of my distributed information resources ?

Insiders80%

Outsiders20%

Studies show 80% of real security problems are caused by authorized users


Security Threats in Security Threats in Electronic Commerce Electronic Commerce

Client/server security Client/server security

ensuring that only the right people are accessing the ensuring that only the right people are accessing the network resources or content on Web servers. network resources or content on Web servers.

This includes: password protection, encrypted smart This includes: password protection, encrypted smart cards, biometrics, and firewalls.cards, biometrics, and firewalls.

Data and transaction security Data and transaction security

ensuring the privacy and confidentiality in electronic ensuring the privacy and confidentiality in electronic messages and data packets. messages and data packets.

This includes: data encryption using various This includes: data encryption using various cryptographic methods.cryptographic methods.


Today’s Client-Server Today’s Client-Server EnvironmentEnvironment

Clients

Server

EnterpriseNetwork

Host-basedSystem

Introduces new network security vulnerabilitiesIntroduces new network security vulnerabilities password/datastream snoopingpassword/datastream snooping datastream modificationdatastream modification

Potential user population becomes much biggerPotential user population becomes much bigger User and host identification more difficultUser and host identification more difficult Physical security no longer enoughPhysical security no longer enough


TEMPEST, “Echelon”, TEMPEST, “Echelon”, “Carnivore”“Carnivore”

TTransient ransient EElectromagnetic lectromagnetic PPulse ulse EEmanation manation StStandardandard

FBI’s “Carnivore”FBI’s “Carnivore”


Menwith Hill in the UK: Alleged to be part of Echelon


אמצעים פיזיים לשמירה על דרישות אמצעים פיזיים לשמירה על דרישות ::האבטחההאבטחה

: : סודיותסודיותמעטפה חתומהמעטפה חתומה

: : שלמותשלמות חותמת עדותחותמת עדות

: : הזדהותהזדהותתעודת זהות, תעודת זהות, דרכוןדרכון

מניעת התכחשות:מניעת התכחשות:חתימה + תאריךחתימה + תאריך

My Signature & Date


User Identification & User Identification & AuthenticationAuthentication

choices for user authentication choices for user authentication Using passwordsUsing passwords Using Biometric devices or tokensUsing Biometric devices or tokens Single Sign-On for host-based systemsSingle Sign-On for host-based systems Single Sign-On Integration for network-based Single Sign-On Integration for network-based

distributed security frameworksdistributed security frameworks


Access Controls Access Controls

Object privileges implements ‘need to know’ security Object privileges implements ‘need to know’ security Views extend object security to row, column level based on content or contextViews extend object security to row, column level based on content or context

Stored procedures, packages and functions support ‘execute only’ Stored procedures, packages and functions support ‘execute only’ privileges on well-formed transactionsprivileges on well-formed transactions

Roles provide privilege managementRoles provide privilege management


Auditing & Auditing & AccountabilityAccountability

Hold Users Responsible by...

Audit Flexibility and GranularityAudit Flexibility and Granularity- Audit objects, users, operations, Audit objects, users, operations, privileges...privileges...

Securely Analyze Audit Information using Securely Analyze Audit Information using SQLSQL Database triggers enable context-sensitive Database triggers enable context-sensitive auditingauditing


Crypto BasicsCrypto Basics


The Internet And SecurityThe Internet And Security

Internet is openInternet is open Anyone can listen, modify,Anyone can listen, modify,

or repudiate transactionsor repudiate transactions

Security needs are verySecurity needs are verydifferent than traditional LANsdifferent than traditional LANs No No a prioria priori information about users information about users Large scale - millions versus thousandsLarge scale - millions versus thousands Completely decentralizedCompletely decentralized

security infrastructure security infrastructure Executable contentExecutable content


Users’ Security NeedsUsers’ Security Needs

Communicate privatelyCommunicate privately Transmit confidential, personal informationTransmit confidential, personal information

Verify identity of other partiesVerify identity of other parties Authenticate Web servers, clients Authenticate Web servers, clients

Control access to information, resourcesControl access to information, resources Distribute private, paid-for informationDistribute private, paid-for information Create virtual private networksCreate virtual private networks

Conduct secure transactionsConduct secure transactions Assure safety of order, payment informationAssure safety of order, payment information

Ensure software authenticityEnsure software authenticity Download trusted code from InternetDownload trusted code from Internet


Need for Secure CommunicationsNeed for Secure Communications

Secure Web Channels needs to Secure Web Channels needs to provide access to servers with:provide access to servers with:

Privacy:Privacy: packets can’t be snooped packets can’t be snooped Integrity:Integrity: packets can’t be altered packets can’t be altered Authentication:Authentication: no TCP/DNS spoofing no TCP/DNS spoofing CertificationCertification BlindingBlinding Key ExchangeKey Exchange STANDARDS?


Plain text Cipher text

Blah Blah BlahBlah Blah BlahBlah Blah BlahBlah Blah BlahBlah Blah BlahBlah Blah BlahBlah Blah BlahBlah Blah Blah

xdffhliouse345fjged09e5fjsksqwfnxpdifuw0awdbczoksryaaaksjhaswe4ufdnaweaa2wfsawrkjsfya38yfkpo80sdw304v

Key

Encryption

Decryption

The key uses a mathematical algorithm to transform plaintext into ciphertext and back again

The basis of cryptography


Symmetric Key EncryptionSymmetric Key Encryption

EncryptionEncryption

““The quick The quick brown fox brown fox jumps over jumps over the lazy the lazy dog”dog”

““AxCv;5bmEseTfid3)AxCv;5bmEseTfid3)fGsmWe#4^,sdgfMwifGsmWe#4^,sdgfMwir3:dkJeTsY8R\s@!r3:dkJeTsY8R\s@!q3%”q3%”


DecryptionDecryption

Plain-text inputPlain-text input Plain-text outputPlain-text outputCipher-textCipher-text

Same keySame key

(shared secret)(shared secret)


Symmetric encryptionSymmetric encryption ROT13 - no better than decoder ROT13 - no better than decoder

rings, Ceasar’s code, AT-BaShrings, Ceasar’s code, AT-BaSh Application embedded (see Application embedded (see

accessdata.com)accessdata.com) DES: US Govmnt. standard. 16 DES: US Govmnt. standard. 16

reshuffles of 64 bit data chunks. reshuffles of 64 bit data chunks. Relatively short (56 bit) key. Relatively short (56 bit) key. Efficient! Efficient! Can be broken, with long Can be broken, with long hours use of brute force. No hours use of brute force. No practical attack published yet. Key practical attack published yet. Key choice is a vulnerability. choice is a vulnerability.


Symmetric encryption (2)Symmetric encryption (2)

Triple DES (3DES) Applees DES Triple DES (3DES) Applees DES three times. Can get encryption with three times. Can get encryption with up to 168 or 112 bit key. up to 168 or 112 bit key. Not restricted by patents.Not restricted by patents.

IDEA (International Data Encryption IDEA (International Data Encryption Algorithm) shuffles 64 bits at a time, Algorithm) shuffles 64 bits at a time, like DES. 128 bit key, which is long like DES. 128 bit key, which is long enough to resist brute force enough to resist brute force keyspace search.keyspace search.


Public Key EncryptionPublic Key Encryption


““Py75c%bn&*)9|Py75c%bn&*)9|fDe^bDFaq#xzjFr@gfDe^bDFaq#xzjFr@g5=&nmdFg$5knvMd’r5=&nmdFg$5knvMd’rkvegMs”kvegMs”


Clear-text inputClear-text input Clear-text outputClear-text outputCipher-textCipher-text

DifferentDifferent keys keys

Recipient’s Recipient’s public keypublic key

Recipient’s Recipient’s private keyprivate key

privatepublic

EncryptionEncryption DecryptionDecryption


Public Key PairsPublic Key Pairs

priv

ate

priv

ate

publicpublic

Public and private keys are always Public and private keys are always generated as agenerated as a matchedmatched pairpair

Keys are mathematically related but it is Keys are mathematically related but it is computationally infeasiblecomputationally infeasible to deduce a to deduce a private key from its public keyprivate key from its public key

Private keys are kept secret - preferably by Private keys are kept secret - preferably by being stored in a tamper-resistant chipbeing stored in a tamper-resistant chip

pri

vate

pri

vate

Public keys are just that - Public keys are just that - public!public!

MM

SMART SMART CARDCARD123 89 3486123 89 3486


Key ManagementKey Management

Key Management is THE Key Management is THE problem/opportunityproblem/opportunity

Public and private keys are always Public and private keys are always generated as a pair generated as a pair at the user’s machineat the user’s machine

Public key can be openly sharedPublic key can be openly shared Private key is Private key is alwaysalways kept private kept private

(it (it nevernever leaves the machine where leaves the machine where it was generated)it was generated)


Key Pair UseKey Pair Use

Recipient’sRecipient’s public key is used to send public key is used to send a randomly chosen communication keya randomly chosen communication key

Sender’s private signing key is used Sender’s private signing key is used in digital signature operationsin digital signature operations

Recipient verifies signature using Recipient verifies signature using sender’s public signing keysender’s public signing key


Why Use PublicWhy Use PublicKey AuthenticationKey Authentication

Better Better securitysecurity than passwords than passwords Better Better scalabilityscalability than passwords than passwords

No need to distributeNo need to distributepassword databasespassword databases

Builds to emerging technologiesBuilds to emerging technologies SmartCardsSmartCards Crypto acceleratorsCrypto accelerators



Key distributionKey distribution: how keys are : how keys are created and moved to where they created and moved to where they will be used.will be used.

Key revocationKey revocation: how compromised : how compromised keys are recovered or at least keys are recovered or at least invalidated.invalidated.

CONTAINMENT: dealing with the outcome of a breach in security.



The cost of key distribution plus the The cost of key distribution plus the cost of key revocation is a constant.cost of key revocation is a constant.

As a result, secret (symmetric) key As a result, secret (symmetric) key systems have high distribution systems have high distribution costs but low revocation costs. costs but low revocation costs. Public key systems have low Public key systems have low distribution costs and high distribution costs and high revocation costs.revocation costs.


Secure CommunicationSecure Communication

Symmetric encryption for dataSymmetric encryption for data Public key too slow for bulk Public key too slow for bulk

data encryptiondata encryption Export restrictions don’t allow Export restrictions don’t allow

bulk encryption using public keybulk encryption using public key

Uses key-exchange key pairUses key-exchange key pair Public key exchange key of Public key exchange key of

recipient is used to privately recipient is used to privately share the symmetric keyshare the symmetric key


A03DB982402C23FA03DB982402C23F

Secure CommunicationSecure Communication

(1)(1) Sender generates Sender generates a random a random symmetricsymmetric “session” key“session” key

EncryptionEncryption

pri

vate

pri

vate

pu

bli

cp

ub

lic

(2)(2) Sender encrypts Sender encrypts session key using session key using recipient’s recipient’s public keypublic key

(3)(3) Recipient Recipient uses its private uses its private key to decrypt key to decrypt session keysession key

DecryptionDecryption


Digital SignatureDigital Signature

Used like a handwritten signatureUsed like a handwritten signature Verifies the identity of the signerVerifies the identity of the signer Guarantees the document has not Guarantees the document has not

been modified since signedbeen modified since signed Basis for Basis for non-repudiationnon-repudiation

Uses a separate signature key pairUses a separate signature key pair Document hashDocument hash encrypted with encrypted with

signer’s private signature keysigner’s private signature key


? ? HASHHASHמה זה מה זה דוגמא של חישוב ספרת ביקורת במספר ת.זדוגמא של חישוב ספרת ביקורת במספר ת.ז

-ספרות וספרת ביקורת. ספרות וספרת ביקורת.88מספר תעודת הזהות מורכב מ- מספר תעודת הזהות מורכב מ אופן חישוב ספרת הביקורת היא פעולת אופן חישוב ספרת הביקורת היא פעולתHASHHASH.על מספר ת.ז. על מספר ת.ז :אופן חישוב ספרת הביקורת:אופן חישוב ספרת הביקורת

- המספר ללא ספרת ביקורת - המספר ללא ספרת ביקורת00 33 77 55 44 77 55 22

* | | | | | | | | * | | | | | | | |

HashHash- פונקציית ה- - פונקציית ה- 11 22 11 22 11 22 11 22

44 55 55 44 11 77 66 00 >= 3232מחשבים את סכום הספרות =< מחשבים את סכום הספרות -התוצאה הסופית של פונקצית ה- התוצאה הסופית של פונקצית הHASHHASH היא ספרת ההשלמה היא ספרת ההשלמה

(, מהווה את ספרת (, מהווה את ספרת 4040למספר עשרות שלם )בדוגמא הנ”ל ל- למספר עשרות שלם )בדוגמא הנ”ל ל- ..88הביקורת - כלומר הביקורת - כלומר

– 03754752-03754752לפיכך, מס’ תעודת הזהות השלם, במקרה הנוכחי – לפיכך, מס’ תעודת הזהות השלם, במקרה הנוכחי-88

, מחשבים את סכום 9* אם מתקבלת מכפלה גדולה מ- , ולכן הספרה שנרשמת היא 7*2=14הספרות, למשל

5=1+4


Signing(Encrypt)Function

Private of A

חתימה דיגיטלית של מידעחתימה דיגיטלית של מידע

Only Private Key holder can sign

Electronic Data

HashResult

Signed Data

DigitalSignature

Electronic Data

HashFunction


Anyone can verify

Valid compareYes / No ?

אימות של חתימה דיגיטליתאימות של חתימה דיגיטלית

המקבל, יכול לבצע השוואה בין תוצאות

ע”מ HASHה- לוודא כי המידע שנשלח אליו לא

שונה בדרך

Signed Data

DigitalSignature

Electronic Data

HashResult

HashResult

HashFunction

Verify(Decrypt)Function

Publicof A


Digital SignatureDigital Signature

OriginalOriginaldocdoc

Signed documentSigned document

PrivPrivkeykey

OriginalOriginaldocdoc

One-way hashOne-way hash

SHA


CertificatesCertificates

Digitally signed documentDigitally signed document Associates identity with public key(s)Associates identity with public key(s) Signed by a “trusted” certifying authoritySigned by a “trusted” certifying authority Identity proved by ability to encryptIdentity proved by ability to encrypt

using associated private keyusing associated private key



private

Certificate binds a name to public key(s)

The authenticity of the certificate is guaranteed by the digital signature generated using the CA’s private key

Credential expiration

publ

ic

Name: “Jane Doe”

Expires: 6/18/98

Key-Exchange Key:

Signed: CA’s Signature

Serial #: 29483756

Signature Key: publ

ic

Other Data: 10236283025273



Certifying authorityCertifying authority Binds name to certificateBinds name to certificate Can be multiple CAs in a hierarchyCan be multiple CAs in a hierarchy Certification can be delegated...Certification can be delegated...

Trust can form a “Web”Trust can form a “Web” More than one party can certify an entityMore than one party can certify an entity


Establishing TrustEstablishing Trust

publ

ic


Expires: 6/18/96

Key-Exchange Key:


Serial #: 29483756

Signature Key: publ

ic

Card Authenticator:

10236283

Pub

MD5

Signed Document

OriginalDocume

nt Hash 1

Hash 2

COMPARE?

This This document is document is signed by signed by BarbaraBarbara

This is This is Barbara’s Barbara’s affidavit, affidavit, which is which is signed by signed by SteveSteve

publ

ic


Expires: 6/18/96

Key-Exchange Key:


Serial #: 29483756

Signature Key: publ

ic

Card Authenticator:

10236283This is Steve’s This is Steve’s affidavit, which affidavit, which is signed byis signed bythe trusted rootthe trusted root

The trusted root’s public key is The trusted root’s public key is hardcoded in the software or a hardcoded in the software or a self-signed certificate is in self-signed certificate is in the registrythe registry

(1) Verify digital signatureon document

(2) Verify the digital signatureon Barbara’s affidavit by checking it against Steve’s public key(found in Steve’s affidavit)

(3) Verify the digital signatureon Steve’s affidavit by checking it against the trusted root public key

EncryptionEncryptionon the Networkon the Network


Network Encryption Network Encryption (VPN)(VPN)

Network Encryption provides Network Encryption provides privacy & confidentiality for all data, commands, privacy & confidentiality for all data, commands,

passwords, etc. passing over the networkpasswords, etc. passing over the network integrity sealing / tamper proofing for all dataintegrity sealing / tamper proofing for all data

Encryption keys are generated and managed Encryption keys are generated and managed automatically - on a per-session basisautomatically - on a per-session basis

NETWORK


Network Encryption Network Encryption ProtocolsProtocols

Confidentiality Algorithms

128-bit, 56-bit, and 40-bit RC4DES and DES40Fortezza SHA

Integrity Algorithms

MD5 SECURE MESSAGE DIGEST

seed=ABCD

Secure Automatic Key Management using Diffie-Hellman

seed=5678

KeyGenerator

KeyGenerator

Fortezza SHA

Algorithm choice negotiated at connection timeAlgorithm choice negotiated at connection time


Secure Connection onSecure Connection onthe World Wide Webthe World Wide Web

SSL/PCT protocol informationSSL/PCT protocol information


SSL 3.0 HandshakeSSL 3.0 Handshake

ClientClient ServerServerClientHelloClientHello

ServerHelloServerHello CertificateCertificate** CertificateRequestCertificateRequest** ServerKeyExchangeServerKeyExchange

ClientKeyExchangeClientKeyExchange CertificateCertificate** CertificateVerifyCertificateVerify** ChangecipherspecChangecipherspec FinishedFinished

ChangecipherspecChangecipherspec FinishedFinished

Application dataApplication data Application dataApplication data

** Indicates optional or situational-dependentIndicates optional or situational-dependentmessages that are not always sentmessages that are not always sent


Secure Connection FeaturesSecure Connection Features

Secures socket connectionSecures socket connection Quick reconnectQuick reconnect Provides encryption andProvides encryption and

message authenticationmessage authentication Public-key-based key exchangePublic-key-based key exchange Authenticates serverAuthenticates server

and (optionally) clientand (optionally) client


Privacy vs. AccountabilityPrivacy vs. Accountability

Small towns are wonderful places, Small towns are wonderful places, because you know everybody.because you know everybody.

Small towns are awful places, Small towns are awful places, because everyone knows you.because everyone knows you.



Liberty vs. Civil orderLiberty vs. Civil order

Benjamin Franklin: Those who would trade Liberty for Security deserve neither.

Thomas Paine: The price of Freedom is eternal Vigilance.




Esther Dyson: Encryption is a powerful defensive weapon for free people. It offers a technical guarantee of pivacy regardless of who is running the government. It’s hard to think of a more powerful, less dangerous tool for liberty.




Simson Garfinkel: Privacy could be the crowbar that finally splits the classes apart for good. We already have the financially rich and financially poor, and the information-rich and information-poor. But we may soon add the privacy-rich and privacy-poor. And that could be the biggest threat to democracy yet.


PGP, created by Phil Zimmermann, is a good example of public key cryptography

It gives you privacy by allowing you to encrypt your files and email so that nobody can read them except the people you choose

PGP allows you to create a digital signature on your files and email


PGP is basically used for 3 things

1. Encrypting a message or file so that only the recipient can decrypt and read it

The sender, by signing, guarantees to the recipient, that the message or file must have come from the sender and not an impostor

2. Clear signing a plain text message guarantees that it can only have come from the sender and not an impostor

In a plain text message, text is readable by anyone, but a PGP signature is attached


3. Encrypting computer files so that they can't be decrypted by anyone other than the person who encrypted them

PGP uses public and private keys

Public keys are kept in individual key certificates

These include the owner’s user ID (the person’s name), a timestamp of when the key pair was generated, and the actual key “certificate”

Agenda (summary)Agenda (summary)

•Main concepts :Physical vs. Logical protectionsSymmetric vs. Public Key encryptionPrivacy, Integrity, Repudiation, CertificationSecurity vs. Privacy as public interest concernsDES, SSL

encryption and security issues -- sheizaf rafaeli encryption and data security encryption and data...

Documents

security issues

data security encryption

object security

certification security

security views

transaction security

sheizaf rafaeli encryption

data security jungles