Chapter 1 Public Key Infrastructure (PKI)

Vivek Kapoor

IntroductionPKI is closely related to the ideas of asymmetric key cryptography, mainly including message digests, digital signatures and encryption services.( as discussed previously)They are known as passports of web.Here we will discuss role of certification authorities (CA) , registration authorities (RA) , how one CA is related to another, root CA, self signed certificates & cross certification, validating digital certificates, special protocols such as CRL, OCSP, SCVP , Popular standard such as PKIX and PKCS for digital certificates and PKI.

Vivek Kapoor

IntroductionWe have discussed the problem of key exchange (Diffie Hellman key exchange) which can easily lead to man in the middle attack.Thus there is a problem for key exchange in public key cryptography also, because openly exchange of keys can lead to man in middle attack.This problem was solved with an idea of digital certificates.Digital certificate is a document such as our passport or driving license.Digital certificate is a computer file such as vivek.cer, but in actual practice the file extensions can be different.Such as my passport certifies between me and my character tics, hence digital certificate certifies between me and my public key. Since passport is certified by a trusted agency such as government, hence digital certificate is certified by a trusted agengy called certification Authority (CA).

Vivek Kapoor

Conceptual view of my digital certificateFig.Digital CertificateSubject Name: Vivek Kapoor Public Key: Serial No.: 103467Other Data: email-vkapoor13@yahoo.comValid from: 1 Jan 2001Valid to: 31 Dec 2004Issuer Name: VeriSign.

Vivek Kapoor

Certification Authority (CA)It is a trusted agency that issue a digital certificate.Who can be a CA? It is someone to whom everybody trusts i.e government, reputed organization such as post office, software company etc.Two of famous CAs are VeriSign and Entrust Safescrypt Limited, a subsidiary of Satyam Infoway Ltd. (first Indian CA in 2002).Thus Ca has an authority to issue digital certificates to individuals who want to use digital certificates in asymmetric key cryptographic applications.A standard called as X.509 defines the structure of a digital certificate. It was a part of another standard called as X.500 which was revised twice. The current version of standard is V3.

Vivek Kapoor

Contents of Digital Certificate.Fig. VersionCertificate Serial No.Issuer NameValidity ( Not Before/Not after)Subject public key info.Issuer Unique identifierSubject unique identifierExtensionsCertification Authority Digital Signature

All VersionsVersion 1Version 2Version 3

Vivek Kapoor

Description of the various fields in a X.509 digital certificate Version 1/2Version: Identifies a particular version 1,2 3.Certificate serial No.: Unique serial no. generated by CA.Signature Algorithm Identifier: Algorithm used by CA to sign the certificate.Issuer Name: Distinguished Name of CA that created and signed the certificate.Validity (Not Before/Not after): Two date time values.Subject Name: Person to whom certificate is issued.Subject public key Information: Subjects public key and algorithms related to that key.Issuer Unique identifier: Identify a CA uniquely if two or more CAs has used same issuer no.Subject Unique Identifier: Identify a subject uniquely if two or more subjects has used same issuer no.

Vivek Kapoor

Description of the various fields in a X.509 digital certificate Version 3Authority key identifier: Which pair of key is used to sign this certificate.Subject key identifier: Subject pair of key.Key usage: Scope of operation of public key.Extended Key usage: Protocols this certificate can interoperate.Private key usage period: Period limits for the private & public keys corresponding to this certificate.Certificate policies:Policy Mappings: Used only when subject of a given certificate is also a CA.Subject alternative name: Alternatives name for the subject.Issuer alternative name: Alternatives name for the issuer.Subject Directory Attributes: Additional information about the subject.Basic constraints: Indicates weather subject in the CA may act as CA.

Vivek Kapoor

Registration Authority (RA)CA can delegate some of its task to some third party called Registration Authority (RA).Registration authority is between end user and Certification authority (CA).RA provider following basic services: 1) Accepting & verifying registration info. About new users. 2) Generating keys on behalf of end users. 3) Accepting & authorizing requests keys backups and recovery. 4) Accepting & authorizing requests for certificate revocation.Due to RA CA becomes an isolated identity, which makes it less susceptible to security level attacks.So communication between RA & CA is highly protected.RA is mainly set up for facilitating the interaction between end user and the CA.Issuing, revocation, management of certificates is done by CA.

Vivek Kapoor

Certificate Creation StepsFig.Key GenerationRegistrationVerificationCertificate Creation

Vivek Kapoor

Certificate Creation Steps (Step 1)There are two approaches for this purpose:Subject can create private and public key pair using some software, usually this software is a part of web browser. Subject keep the private key secret and then sends public key along with other information & evidences to the RA. b) Alternatively RA can generate a key pair on the users or subject behalf. This happens when subject does not know the technicalities involved in key generation. Major disadvantages in this approach is that RA comes to know about user private key.

Vivek Kapoor

Certificate Creation Steps (Step 2)This step is required when user generates key in the first step.Here subject sends public key along with other information & evidences to the RA.For this software provides wizard in which all users enters the data and submits it. It is called certificate signing request.This is one of the public key cryptographic standards which we will study latter.

Vivek Kapoor

Certificate Creation Steps (Step 3)Verification is done in two respects as follows:RA verifies users credentials.The second check is to ensure that user should have private key corresponding to the public key i.e is send as a part of certificate request. This check is called proof of possession.Approaches for proof of possession are:RA can demand that user must send digitally signed certificate signing request (CSR) using his private key.RA can create a random no. challenge encrypt it with users public key and send it to user. If user successfully decrypt it then it is assumed that user contains private key.RA sends the digital certificate to the user encrypted by the user public key. User will decrypt it using its private key & thus obtains the certificate.

Vivek Kapoor

Certificate Creation Steps (Step 4)Assuming that all the previous steps are successful, RA passes on all details to the CA.CA then creates the certificate. There are programs to create the certificate in X.509 format.CA sends the certificate to the user and retains a copy of it. CAs copy is maintained in certificates directory. Contents of the directory is similar to those of telephone directory.The directory clients can request for and access information from central repository using Lightweight Directory Access Protocol (LDAP).Digital certificate is in unreadable format. An application program actually intercepts the certificateWe can invoke internet explorer browser to view the certificate.

Vivek Kapoor

Why we should trust digital certificate?Why we trust a passport? Because it is stamped & signed by an authority.We cannot trust digital certificate because it contains some information about user and its public key.After all digital certificate is a computer file.Therefore I can create a digital certificate file with whatever public key I want to use.

Vivek Kapoor

How does a CA sign a certificate?Suppose we want to verify the digital certificate.We will note that last field in a digital certificate is always the digital signature of the CA.So a digital certificate contains not only user information but also the digital signature, like a passport is always signed by the authority.

Vivek Kapoor

Creation of the CA signature on a certificate.Fig. VersionCertificate Serial No.Issuer NameValidity ( Not Before/Not after)Subject public key info.Issuer Unique identifierSubject unique identifierExtensionsCertification Authority Digital SignatureA message digest of all but the last fields of the digital certificate is created.Message Digest algorithmMessage DigestCertificates authority private keyEncryptDigital SignatureThis digital signature is stored as the last field of the digital certificate

Vivek Kapoor

How can we verify a digital certificate?VersionCertificate Serial No.Issuer NameValidity ( Not Before/Not after)Subject public key info.Issuer Unique identifierSubject unique identifierExtensionsCertification Authority Digital SignatureA message digest of all but the last fields of the digital certificate is created.

Message digest algorithmMessage Digest (MD1)Is MD1 =MD2?Digital SignatureCAs public keyMessage Digest (MD2)YesNoValid Accept itInvalid Reject it

Vivek Kapoor

Certificate Hierarchies & Self-Signed CertificatesSuppose Alice received Bobs certificate & she wants to verify it. For Alice wants to design the bobs certificate using Bobs CA public key.How will Alice know Bobs CA public key?If their CAs are same then there is no problem ? But if they are different then the problem arises.To resolve this type of problem Certification Authority Hierarchy is created. This is also called Chain of Trust. In other terms CAs are grouped into multiple level of CA hierarchy.CA hierarchy begins with the root CA.The root CA has one or more 2nd level CA, which in turn have one or more third level CAs and so on.This type of hierarchy relieves the root CA from having to mange all the possible digital certificates.

Vivek Kapoor

Certificate Hierarchies & Self-Signed CertificatesFor example one second level CA could be responsible for the western region, other for the eastern region and so onEach of the 2nd level CA can appoint 3rd level CA and so onRoot CA2nd Level CA2nd Level CA2nd Level CA3rd Level CA3rd Level CA3rd Level CA3rd Level CA.

Vivek Kapoor

Certificate Hierarchies & Self-Signed CertificatesFor example one second level CA could be responsible for the western region, other for the eastern region and so onEach of the 2nd level CA can appoint 3rd level CA and so onRoot CA2nd Level CA A12nd Level CA A22nd Level CA A33rd Level CA B13rd Level CA B23rd Level CA B103rd Level CA B11.AliceBob

Vivek Kapoor

Certificate Hierarchies & Self-Signed CertificatesIf Alice has obtained her certificate from a third level CA & Bob has obtained his certificate from other third level CA, How can Alice verify Bobs certificate?Clearly Bob in addition to his own certificate Bob will send certificate of his CA (i.e B11) to Alice. This would tell Alice the public key of B11.Using the public key of B11, Alice can design and verify Bobs certificate.Now question arises how will Alice will trust B11 certificate.For this Alice will required A3 certificate since B11 certificate has obtained certificate from A3 and this will go so on until it reaches the root certificate.The root CAs are considered to be trusted CAs, for this Alice web browser contains pre programmed, hard coded certificate of the root certificateRoot certificate is self signed certificate i.e root signs its owns certificate

Vivek Kapoor

Certificate Hierarchies & Self-Signed CertificatesBut in actual sequence of operations Bob will send all certificates up to the root CA in the first message to Alice. This is called Push Model.Alice will verify all the certificates. This is called Pull Model.

Vivek Kapoor

Vivek Kapoor

Cross CertificationIt is possible that Alice & Bob live in different countries i.e their root CAs will be different.In fact, in one country can have multiple root CAs.Root CAs in US are VeriSign, Thawte & US postal service.This could lead us to the same old story of a never ending chain of certification authority hierarchy and their validations.Alternative to this problem is cross-certification.Because single monolithic CA certifying every possible user in the world is quiet unlikely. This is a concept of decentralization. Of CAs for different countries.It helps CAs not only to work with smaller population but also work independently.

Vivek Kapoor

Cross CertificationFig.Root CA of INDIARoot CA of USA2nd level CA (A1)2nd level CA (P1)3rd level CA (B1)3rd level CA (B2)3rd level CA (Q1)3rd level CA (Q2)AliceBob..

Vivek Kapoor

Certificate RevocationSome of the common reason for the revocation of the certificates:The holder of certificate reports that his private key is compromised.The CA realizes that it had made some mistake while issuing the certificate.The certificate holder leaves the job, and the certificate was issued specifically while the person was in job.For this CA must came to know about certification revocation request.CA must authenticate the certificate revocation requester before accepting the revocation request, other someone will misuse it. There are two mechanisms for Certificate revocation status mechanisms offline and online.

Vivek Kapoor

Certificate RevocationFig.Digital Certification revocation ChecksOffline revocation status checksOnline revocation status checksCertification revocation List (CRL)Online certification validation protocol (OCSP)Online certification validation protocol (OCSP)

Vivek Kapoor

Offline certificate revocation status checksThe Certification revocation List (CRL) is the primary means of checking the status of digital certificate offline.CRL is a list of certificates published regularly by each CA.It list only those certificates whose validity is not over, but they are revoked due to some reason.A CRL grows over a period of time.Thus if X wants to verify Ys certificate, he has to do the following in sequence:# Certificate expiry check# Signature check# Certificate revocation check.

Vivek Kapoor

Offline certificate revocation status checksFig.CA: XYZCertification revocation List (CRL)This CRL: 1 Jan 2002, 10.00AMNext CRL: 12 Jan 2002, 10.00AMSerial No. Date Reason1234567 30-Dec-01 Pvt. Key Compromised2356115 30-Dec-01 Changed job. . .

Vivek Kapoor

Offline certificate revocation status checksInitially CA can send a one-time full up-to-date CRL to the users. This is called base CRL.However next time he will not send the full CRL but the changes (called delta) to the CRL since last update.This mechanism makes transportation of CRL file easier & reduces network transmission overheads.Delta CRL file contains an indicator called as delta CRL indicator which informs user that this file is not complete.It also contains a sequence no., which allows user to check all delta CRLs.CRL is a offline certification revocation status check because they are issued periodically.This latency is a major drawback of CRL approach.

Vivek Kapoor

Format of a CRLFig.VersionSignature Algorithm identifierThis update (Date and Time)Next update (Date and Time)User Certification Sr. No. Revocation Date CRL Entry Ext. . ..CRL Ext.SignatureHeader FieldsRepeating entriesTrailer fields

Vivek Kapoor

Offline certificate status Protocol (OCSP)It is used to check the validity of a digital certificate at a particular moment.It has following steps:CA provides a server called as an OCSP responder. Client sends OSCP request to find the validity of a certificate. The OSCP responder consults X.5000 directory to see particular certificate is valid or not.Based on results from X.500 directory, OSCP responder sends back digitally signed response to the client.OSCP does not check validity of chain of certificates associated with current certificate.

Vivek Kapoor

Offline certificate status Protocol (OCSP)It was designed to deal with the drawbacks of OSCP.Difference between OSCP & SCVP: OSCP SCVPClient request: Sends certificate Sr. No. Sends entire certificateChain of request: Given certificate is checked Intermediate certificate is checkedChecks: Certification revocation Additional checks( full chain of trust etc) Returned Info. Status of certificate Additional Info. ( Proof of revocation status, chain of certification validation) Additional features None Certificate can be checked for a backdated event

Vivek Kapoor

Certificate TypesNot all digital certificates have same status and cost. Depending on requirements they differ.Certificate types can be classified as follows:# Email certificates: It includes the users email id. It is used to verify that signer of an email message has an email id i.e is same as it appears in users certificate.# Server-side SSL certificates: These are for merchants who allow buyers to purchase goods from their online website. They are issued after careful scrutiny of merchant credentials.# Client-side SSL certificates: It allow merchant to verify client.# Code-signing certificates: These are used to sign java applets code or Microsoft active X codes which are embedded over the web page.

Vivek Kapoor

Roaming CertificatesThere is a problem of portability.Smart cards is one technology for making it possible. But it needs smart card readers everywhere.A better solution is Roaming certificates. It works as follows:The user digital certificates & private keys along with user ids & passwords are stored in central secure server called credential server.User can log into any computer & authenticates himself using id & password to the credential server.The credential server verifies the user id & password, using credential database. If the user is successfully authenticated, the credential server sends the digital certificate and private key file to the user.

Vivek Kapoor

Attribute CertificatesThey are used to established relation between an entity and a set of attributes related to the entity.Attribute certificates can be used in authorization services that control access to networks, databases etc as well as physical access to buildings.

Vivek Kapoor

Protecting private keysPrivate key of user should be kept secret. Mechanisms for protecting private keys are:Password protection: Pvt. Key is stored in the hard disk of the users computer as a disk file. The file can only be accessed with the help of password. Any one can guess the password.PCMCIA cards: They are chip cards. Pvt. key is stored in it. It reduces the chances of being stolen. But for encryption pvt. Must travel from chip to computer hard disk memory from where it can be stolen.Tokens: Token stores pvt. Key in encrypted form. To decrypt it the user needs one time password.Biometrics: The pvt. Key is associated with unique charactertics of the individual( Finger print, retina scan etc)Smart cards: Smart card contains a computer chip, which can perform signing & encryption. Benefit of this scheme is that pvt. Key never leaves the card. Disadvantages are tht user has to carry smart card with itself & there should be compatible smart card readers available

Vivek Kapoor

Multiple Key Pairs & Key UpdateIt is recommended that user must possess multiple key pairs.One key pair should be for certificate signing, other should be for encryption.Following guidelines are helpful:Pvt. Key used for signing (Non repudiation) must not be backed up after it has archived, because there is a chance that other can misuse it.Pvt. key used for encryption must be backed up because encrypted information can be recovered even at the later date.Good security practices demand that key pairs should be updated regularly because over a period of time they become susceptible to cryptanalysis attacks.

Vivek Kapoor

Key ArchivalCa must plan & maintain history of the certificates & the keys of its users.This helps us to inquire a document which is signed way back.It help to avert legal problems.

Vivek Kapoor

The PKIX ModelInternet Engineering Task Force (IETF) formed the Public Key Infrastructure X.509 (PKIX) working group.It extends the basic philosophy of the X.509 standard & specify how digital certificates can be deployed in world of internet.

Vivek Kapoor

PKIX ServicesIt offers following broad level services:Registration: Where an end-entity (subject) makes itself known to CA.Initialization: How the end-entity is sure that it is talking to right CA?Certification: Ca creates digital certificate for the end-entity & returns it to the end-entity, maintains a copy for its own records.Key pair recovery: Key used for encryption are used at the later date for decrypting old documents. Basically key archival is done.Key generation: PKIX specifies that end-entity should be able to generate Pvt.-Public key pairs, or CA must be able to for end-entity.Key update: Smooth transition from one expiring key pair to a fresh one by automatic renewal of digital certificates.Cross-certification: End-entities certified by different CAs can cross verify each other.Revocation: Checking of certification status in two modes : online & offline.

Vivek Kapoor

PKIX Architectural ModelThe five areas of architectural model are as follows:X.509 V3 certificate & V2 certificate revocation list profiles: X.509 standard allows the use of various options while describing the extensions of a digital certificate. PKIX has grouped all the options that are deemed fit for internet users.Operational protocols: It defines underlying protocols that provide the transport mechanism for delivering certificates.Management protocols: These protocols enable exchange of information between various PKI entities (Subject, RA, CA).Policy outlines: Outlines certificate policies & certificate practice statements.Time stamp & Data certification services: These are provided by third party. Time stamp service helps that a message signed existed at a particular date & time. Data certification services verifies correctness of data it has received.

Vivek Kapoor

Public Key Cryptographic Standards (PKCS)PKCS is developed by RSA laboratories with the help of representatives of government, industry & academicians.Main purpose of PKCS is to standardize Public Key Infrastructure (PKI).This would organizations to develop inter operable PKI solutions.We will discuss important PKCS standards.

Vivek Kapoor

Public Key Cryptographic Standards (PKCS)PKCS Standards Summary Name CommentsPKCS #1 RSA Cryptography Defines the mathematical properties Standard and format of RSA public and private keys (ASN.1-encoded in clear-text), and the basic algorithms and encoding/padding schemes for performing RSA encryption, decryption, and producing and verifying signatures.

PKCS #2 Withdrawn No longer active. Covered RSA encryption of message digests, but was merged into PKCS #1.

PKCS #3 Diffie-Hellman Key A cryptographic protocol that allows two Agreement Std.parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel.

Vivek Kapoor

Public Key Cryptographic Standards (PKCS)PKCS #4 Withdrawn No longer active. Covered RSA key syntax but was merged into PKCS #1.PKCS #5 Password-based Encryption Std. See RFC 2898 and PBKDF2.

PKCS #6 Extended-Certificate Defines extensions to the old v1 Syntax Standard X.509 certificate specification. Obsolete by v3 of the same.PKCS #7 Cryptographic Msg. Used to sign and/or encrypt messages Syntax Standard under a PKI. Used also for certificate dissemination. Formed the basis for S/MIME.PKCS #8 Private-Key Info. Used to carry private certificate key pairs Syntax Standard. (encrypted or unencrypted).

Vivek Kapoor

Public Key Cryptographic Standards (PKCS)PKCS #9 Selected Attribute Type Defines selected attribute types for use in PKCS #6 extended certificates, PKCS #7 digitally signed messages, PKCS #8 private-key information, and PKCS #10 certificate-signing requests.PKCS #10 Certification Request Format of messages sent to a certification Std. authority to request certification of a public key. PKCS #11 Cryptographic Token An API defining a generic interface Interface (Cryptoki) to cryptographic tokens (see also Hardware Security Module). Often used for single sign-on and Smartcard

Vivek Kapoor

Public Key Cryptographic Standards (PKCS)PKCS #12 Personal Information Defines a file format Exchange Syntax Std. commonly used to store private keys with accompanying public key certificates, protected with a password-based symmetric key. PFX is a predecessor to PKCS#12.

PKCS #13 Elliptic Curve Cryptography Standard(Under development.)PKCS #14 Pseudo-random Number Generation (Under development.)

Vivek Kapoor

Public Key Cryptographic Standards (PKCS)PKCS #15 Cryptographic Token Info. Defines a standard allowing Format Standard users of cryptographic tokens to identify themselves to applications, independent of the application's Cryptoki implementation (PKCS #11).

Vivek Kapoor

PKCS#5-Password based encryption (PBE) StandardThey are used to keep symmetric session key safe & protect it from unauthorized access.We first encrypt plain text message with the symmetric key, & then encrypt the symmetric key with key encryption key (KEK). It protect symmetric key from unauthorized access.Next question is that where do we store KEK & how to protect it.To protect KEK is to never store it anywhere. The approach is to generate it on demand, use it for encryption/decryption & discard it.For this purpose, a password is used.Password is input for key generation process (usually a message digest algorithm) output is KEK.

PasswordKey generation processKEK

Vivek Kapoor

PKCS#5-Password based encryption (PBE) StandardThe drawback is that attacker can launch dictionary attack against this scheme. Since many times password is simple English letters.To prevent such attack apart from password two additional pieces of information are used for key generation process. They are Salt & iteration count.Salt is simply a bit string which is combined with the password to produce KEK.Iteration count specifies no. of operations must be performed on the combination of the password & salt to generate KEK.Interestingly salt & iteration count are not kept secret.So the biggest difference between this attack & previous attack is that an attacker will not be able launch dictionary attack.Now he has to combined each word with salt & perform Key generation process for iteration count no. of times.This makes task quiet difficult.

Vivek Kapoor

PKCS#8/10-Private key information standardIt describes syntax for storing pvt. key securely so that they cannot be attacked.PKCS#10 describes syntax for certification requests.Certification requests are sent to a certification authority which transform request to an X.509 public key certificate.

Vivek Kapoor

PKCS#11-Cryptographic token interface standardThis standard specifies the operations performed using hardware token, such as smart card.Smart card is smart because it contains cryptographic processor & memory in it.Key generation encryption or digital signature is performed directly in the card itself.User pvt. Cannot be copied from the card to the computer hard disc.Small size of card makes it portable.Just like ATM smart card need smart card readers.

Vivek Kapoor

PKCS#12-Personel information exchange syntaxPKCS#12 standard was developed to solve the problem of certificate & private key storage & transfer.All web browser including internet explorer are internally PKCS#12.

Vivek Kapoor

PKCS#14-Psuedo-Random number generation standardRandom no. generation are extremely crucial in cryptography.This standard defines the requirements for generating random no.In fact many programming languages are provided with the facility of generating random no..But they are not truly random- over a period of time we can predict them.Because computers are rule based machines with finite range of generating random no.Thus random no. are generated by external means. This process is called psuedo-random no. generation.

Vivek Kapoor

PKCS#14-Psuedo-Random number generation standardThere are three ways to generate Psuedo-random no. using computer which are as follows:Monitor hardware that generates random data: It is best but most costliest approach of generating random no. using computers. The generator is an electronic circuit, which is sensitive to some random physical event, such as diode noise etc. This unpredictable sequence is transformed into random no.Collect random data from user interactions: Such as mouse.Collect data from inside the computer: Data from inside the computer which is hard to predict. This data can be system clock or files in the disk etc

Vivek Kapoor

PKCS#15-CryptographicToken information syntax standardThis standard provides interoperability of smart cards.The Extensible Markup Language (XML) is center stage of the modern world of technology.XML is the back bone of all technologies such as web services etc.Almost every aspect of internet programming is related with XML.

Vivek Kapoor

Thank You-----------------------------------------------------------

Vivek Kapoor

Chapter 2Internet Security Protocols

Vivek Kapoor

Static Web PagesMain players in internet-based communications are web browser (client) & web server (server).Hyper text transfer protocol (HTTP) is used for communication between them.The type of web pages are used is called static web pages.A web is created by using Hyper Text Mark Up language & stored on to the server.When ever user request for a page, web server sends the page without performing any additional processing. All he has to do that it has to locate the page on its hard disc.They are used where contents do not change often such as country's home page, history etc

Vivek Kapoor

Dynamic Web PagesSites where information changes quite often such as stock market sites, weather sites dynamic web pages are required.Contents of dynamic web page can change all the day. Creating dynamic web pages requires server side programming.

Web browserWeb server1. HTTP request4. HTTP response2. Invokes an application program in response to HTTP request

3. Program executes & produce HTML output.

Vivek Kapoor

Active Web PagesFig.1. HTTP request2. HTTP response3. Browser interprets HTML page & also executes the program.

Small prog. (Applet or Microsoft Active X controlsHTML Page------------------------------------------------contains

Vivek Kapoor

Protocols & TCP/IPProtocol software act as a universal translator between different computers & networks. It defines an abstract model of communication hierarchy, which is independent of all physical character tics of computer & networks.Intermediate nodesCommunication link

Vivek Kapoor

Protocols & TCP/IPFig.ApplicationTransportNetworkData LinkPhysicalTransportNetworkPhysicalApplication

Data linkNetworkData LinkPhysicalNetworkData LinkPhysical

Vivek Kapoor

Protocols & TCP/IPFig.L5 DataL5 Data H4L4 Data H3L3 Data H2011101010101010100101010 L5 DataL5 Data H4L4 Data H3L3 Data H2011100000110101010110110ApplicationTransportInternetData linkPhysical

Vivek Kapoor

Secure Socket Layer (SSL)It is an internet protocol used for exchange of information between browser & server.Developed by Netscape corporation & has three versions 2, 3, 3.1.It is considered as an additional layer & is kept between application & transport layer.Here application layer data is not passed directly to transport layer, instead it is passed to the SSL layer.Here it performs its encryption on the data received from application layer & add its own header called SH to the encrypted data.Thus data from application layer is encrypted, lower level headers are not encrypted.If SSL encrypt lower level headers then even IP & physical addresses of computers would be encrypted & become unreadable.

Vivek Kapoor

Secure Socket Layer (SSL)Fig.L5 DataL5 Data H4L4 Data H3L3 Data H2011101010101010100101010 L5 DataL5 Data H4L4 Data H3L3 Data H2011100000110101010110110ApplicationTransportInternetData linkPhysicalL5 data SHL5 data SH SSLSSL has three sub-protocols, namely the handshake Protocol, Record Protocol & alert Protocol.

Vivek Kapoor

Secure Socket Layer (SSL)Handshake Protocol. (a) Establish Security Capabilities. Client Hello Server Hello (b) Server authentication & Key Exchange, Certificate Server Key Exchange Certificate Request Server Hello Done (c) Client authentication & Key Exchange Certificate Client key Exchange Certificate Verify (d) Finish Change Cipher Specs Finished

Vivek Kapoor

Secure Socket Layer (SSL)Record Protocol FragmentationCompression Addition of MAC Encryption Append HeaderAlert Protocol Fatal Alerts Non-Fatal Alerts

Vivek Kapoor

Working of SSL (Handshake Protocol)Handshake protocol consists of series of messages between client & server.It is made up of four phases: Establish security capabilities.Server authentication & key exchange.Client authentication & key exchange.Finish.

Type1 byteLength3 bytesContent1 or more bytesFormat of the handshake protocol message types

Vivek Kapoor

Working of SSL (Handshake Protocol Phase:1)The first phase of SSL handshake is to initiate a logical connection & establish security capabilities associated with them.This consist of two messages client hello & server hello.They contains following parameters: Version (SSL), Random ( 32 bit date-time field, 48 bit random no. generated by software inside the computer), Session id (zero for no session, non zero for a session), Cipher suite (Cryptographic algo. Supported such as RSA, Deffie Hellman etc.), Compression method.

Vivek Kapoor

Working of SSL (Handshake Protocol Phase:2)Process includes server authentication & key exchange.Here client is the sole recipient of messages.It consist of four steps: Certificate, server key exchange, certificate request, server hello done. Certificate : Server sends its digital certificate & entire chain leading to root CA to the client. Server Key Exchange: It is optional. It is used if server does not sends its digital certificate instead it sends its public key. Certificate Request: Server can request for clients digital certificate. Client certification is optional. Server Hello Done: This indicates to client can now optionally verify the certificates sent by server & ensure all parameters are acceptable.

Vivek Kapoor

Working of SSL (Handshake Protocol Phase:3)Process includes client authentication & key exchange.Here server is the sole recipient.This phase consist of three steps: Certificate, client key exchange, certificate verify. Certificate: It is optional. It is only performed only if server has asked for client info.Server key exchange: Client sends info. Related to symmetric key that both parties will use in the session. Client creates a 48 byte pre-master secret, & encrypts it with servers public key & sends it to server. Certificate verify: It is necessary only if sever has demanded client authentication. Here client combines pre-master secret with random no.s generated by client & server hashing them together to produce master secret which is used to produce symmetric key.

Vivek Kapoor

Working of SSL (Handshake Protocol Phase:4)Here client initiates the 4th phase which server ends.This phase consists of four steps.The first two messages are from client: Change cipher Specs, Finished.The server responds back with two identical messages: Change cipher Specs, Finished.

Vivek Kapoor

Master Secret Generation ConceptFig.Pre-master SecretClient RandomServer RandomMessage Digest AlgorithmsMaster Secret

Vivek Kapoor

Symmetric Key Generation ConceptFig. Master SecretClient RandomServer RandomMessage Digest AlgorithmsSymmetric Key

Vivek Kapoor

Fig

Vivek Kapoor

Working of SSL (Record Protocol)Record protocol comes into picture after successful handshake is completed between client & server.This protocol provides two services to an SSL connection: Confidentiality: achieved by secret key generated during handshake protocol. Integrity: Handshake protocol also defines shared secret key (MAC) which is used for message integrity.The operation of record protocol consists of following steps:Fragmentation: Original message is broken into blocks more than or equal to 16Kb.Compression: Fragmented blocks are optionally compressed. It must be loss-less compression mechanism.Addition of MAC: MAC for each block is calculated.

Vivek Kapoor

Working of SSL (Record Protocol)Encryption: Output of previous step is now encrypted using symmetric key established previously in handshake protocol.Append header: Finally a header is generated to the encrypted block. The header consists of following fields: Contend Type(8 bits): Protocols. Major Version(8 bits): Major version of SSL protocol used. Minor Version(8 bits): Minor version of SSL protocol used. Compressed length(16 bits): Specifies length of bytes of original plain text block.

Vivek Kapoor

Working of SSL (Alert Protocol)Whenever client or server detects an error, the detecting party sends an alert message to the other party.If error is fatal then both parties will immediately close the connections.Other errors which are not fatal then parties will handle the error and correct it.Alert message consist of two bytes. If first byte consists 1 then error is fatal otherwise it will consists of 2.Fatal alerts are: Unexpected message, bad record MAC, decomposition failure, handshake failure, illegal parameters.Non-fatal alerts are: No certificate, bad certificate, unsupported certificate, certificate revoked, certificate expired, certificate unknown, close notify.

Vivek Kapoor

Closing & Resuming SSL ConnectionsBefore ending the communication each part should notify the other close notify alert & end the connection from its side.The handshake protocol is quite complex & time consuming as it use asymmetric key cryptography.Thus it is desired that client-server should reuse earlier connection, rather than going for new connection.A SSL connection should not be used after 24 hrs in any case.

Vivek Kapoor

Secure Hyper Text Transfer Protocol (SHTTP)It is a set of security mechanisms defined for protecting the internet traffic.This includes data entry forms & internet transactions.SHTTP support both authentication & encryption of HTTP traffic between client & server.It encrypt individual messages while SSL aims in making the connection between client & server secure regardless the messages they are exchanging.

Vivek Kapoor

Time Stamping Protocol (TSP)TSP provides proof that a certain piece of data existed at a particular time.It is provided by Time Stamping Authority (TSA).The TSP is request &response protocol similar to HTTP.

Vivek Kapoor

Secure Electronic Transaction (SET)SET is an open encryption & security specification that is designed for protecting credit card transactions on he internet.Work in this area is done jointly by Master card & Visa jointly.They are joined by IBM, Microsoft, Netscape, RSA, Tersia & Verisign. Need for this came from the fact that for e-commerce payment processing software vendors are coming up with new & conflicting standards.To avoid these incompatibilities SET was designed.SET is not a payment system instead it is a set of security protocols & formats that enable users credit card payment infrastructure on the internet in a secure manner.

Vivek Kapoor

Secure Electronic Transaction (SET)SET services can be summarized as follows:Provides secure communication channel among all parties in e-commerce transaction.Authentication by use of digital certificates.Confidentiality, i.e information is only available to the parties involved in a transaction, & that too when & where necessary.SET is very complex specification.When released it took 971 pages to describe SET.SSL version 3 requires 63 pages to describe it.

Vivek Kapoor

Secure Electronic Transaction (SET)ParticipantsCardholder: Person itself.

Merchant: Businessman selling goods.

Issuer: Financial institution (Bank) that provides card to person.

Acquirer: It is FI that has relationship with merchant for processing of credit card.

Payment Gateway: This task can be taken by acquirer or by an organization as a dedicated function. It process the payment messages on behalf of merchant.

Certification Authority (CA): Explained earlier.

Vivek Kapoor

SET ProcessCustomer opens a account.Customer receives a certificate.Merchant receives a certificate.Customer places an order.Merchant is verified.Order & payment details are sent.Merchant requests payment authorization.Payment gateway authorizes the payment.Merchant confirms the order.Merchant provides goods or services.Merchant requests payment.

Vivek Kapoor

How SET achieves its objectivesOnline payment requires that customer sends its credit card info. To the merchant.There are two issue related to it i.e an intruder can get the no. and use it for malicious intentions.Second is that credit card no. is made available to the merchant who can misuse it in future.First issue is generally dealt by SSL, since SSL sends all the info. In encrypted form hence an intruder cannot make any sense out of it.Second issue is dealt bi SET since it hides credit card information from the merchant.For this SET relies on the concept of digital envelope.The following steps illustrates the idea:SET software prepares the payment info. (PI) on cardholders computer.

Vivek Kapoor

How SET achieves its objectivesSpecific to SET card holders computer creates a one time session key.Using this one time session key card holders computer now encrypts this Payment Information.Cardholder now wraps this one time session key with the public key of payment gateway to form digital envelope.It sends this encrypted info. & digital envelope to the merchant, who passes it to the payment gateway.The merchant has access only to the encrypted info.In order to decrypt the encrypted credit card info. He needs one time session key which is encrypted by payment gateway public key.To decrypt it he needs payment gate way private key. Thus security is provided & he cannot decrypt original credit card info.

Vivek Kapoor

SET InternalsMajor transaction supported by SET: 1. Purchase request Initiate request. Initiate response. Purchase request. Purchase response. 2. Payment authorization. Authorization request. Authorization response. 3. Payment capture. Capture request. Capture response.

Vivek Kapoor

Purchase Request (Initiate request)Fig.CardholderMerchantPlease send digital certificates of you & payment gateway. Here is a unique id to identify our interaction & here is my credit card issuers name.

Vivek Kapoor

Purchase Request (Initiate response)Fig. CardholderMerchantHere is my transaction id & here are the digital certificates of payment gateway & myself.

Vivek Kapoor

Purchase Request (Purchase request)Card holder after verifying the Digital Certificates creates Order Information (OI) & Payment Information (PI).Transaction id created by merchant is added to both OI & PI.OI consists of references to the shopping phase between customer & merchant.PI consists of details such as credit card info. , purchase amount & order description.Card holder now prepare purchase request by generating one time symmetric key K.Purchase request message consist of following:Purchase related info.: a) It consists of PI, PI & OI, OIMD. b) All these encrypted with K. c) Digital envelope created by encrypting K with payment gateways public key.

Vivek Kapoor

Purchase Request (Purchase request)Order related information: The merchant needs this info. . It consists of OI, the signature calculated over PI & OI & PIMD.Cardholder certificate: It contains cardholders public key.

CardholderMerchantHere is my OI & PI details. I am also sending my digital certificate that contains my public key, so that you & payment gateway can decrypt the order/payment details.

Vivek Kapoor

Purchase Request (Purchase request)Dual signature:

PIOIMD5PIMDMD5OIMD+MD5

POMDEDual Signature (DS)E = Card holder encrypts with its own private key

Vivek Kapoor

Purchase Request (Purchase request)Cardholder sends the merchant the OI, DS & PIMD.PIMD+OIMD5OIMDMD5POMD1Dual Signature (DS)

DPOMD2POMD1POMD2=If Yes then accept else reject

Vivek Kapoor

Purchase Request (Purchase request)The payment gateway gets PI, DS & OIMD.

OIMD+PIMD5PIMDMD5POMD1Dual Signature (DS)DPOMD2POMD1POMD2=If Yes then accept else reject

Vivek Kapoor

Purchase Request (Purchase response)When merchant receives the purchase he does the following:Verifies cardholder certificates.Verify signatures created over PI & OI using cardholder public key.Process the order & forward the PI to payment gateway for authorization.Sends purchase response to the cardholder.

Vivek Kapoor

Payment AuthorizationHere merchant sends the payment details to the payment gateway.Payment gateway verifies the details & authorizes the payment.It consists of two messages: Authorization request & Authorization response.Here are:Purchase InformationAuthorization InformationCardholder & my certificatesMerchantPayment GatewayAuthorization request

Vivek Kapoor

Payment AuthorizationFig.Validations are ok. Here are authorization info., token info., & my digital certificateMerchantPayment GatewayAuthorization Response

Vivek Kapoor

Payment Capture (Capture Request)

It is used for obtaining payment.It consist of two messages: Capture Request & Capture Response

I need to have payment for this purchase. Here are transaction id, amount, & my digital certificate.MerchantPayment GatewayCapture Request

Vivek Kapoor

Payment Capture (Capture Response)Fig. Payment to you is authorized. Here are the details. Also enclosed is my digital certificate.MerchantPayment GatewayCapture Response

Vivek Kapoor

SET ModelFig.Certificate Authority (CA)CardholderMerchantCA 1CA 2Payment GatewayMerchant CertificateCardholders CertificateAuthorization ResponseAuthorization RequestPurchase RequestPurchase ResponseRequest for CertificateRequest for CertificatePlease verify cardholders certificatePlease verify merchants certificate

Vivek Kapoor

SSL versus SETF

IssueSSLSETMain AimExchange of data in encrypted formE-commerce related payment mechanismCertificationTwo parties exchange certificatesAll involved parties must be certified by third authorityAuthenticationMechanisms not very strongStrong mechanismsRisk of merchant fraudPossibleNot possibleRisk of customer fraudPossibleNot possiblePractical UsageHighLow, expected to grow

Vivek Kapoor

3-D Secure ProtocolSET has one limitation, it does not prevent user from providing someone else credit card no.New protocol called 3-D Secure protocol helps to achieve this.Here card holder who wish to participate in a payment transaction has to enroll on the issuer banks Enrollment server.At the time of 3-D secure transaction when merchant receives a payment instruction from cardholder, he forward this request to issuer bank.Issuer bank ask cardholder for user id & password which was created at the time of enrollment process.Cardholder provides the detail which is verified by the bank.If authenticated then it accept the card payment.

Vivek Kapoor

Electronic MoneyIt is also called electronic cash or digital cash for making payments over internet.It is money represented in form of computer files i.e physical form of money is converted into binary form computer data.Here customer opens a account with the bank.When he needs $100 electronic money, he sends the e-mail to the bank requesting for the same.Bank authenticates the message & when sure debits customer account for the same.Bank sends the money as a computer file ( which contains a extremely large random no.) to the customer.When customer purchases some thing he sends the file to the merchant.Merchant in turn sends the file to the bank which verifies it, & credit merchant account with that much of money.

Vivek Kapoor

Electronic Money (Security Mechanism)Fig.Bank$ 100Encrypt with banks private keyEncrypt with customers private keyTwice encrypted dataCustomer%^^A

Vivek Kapoor

Electronic Money (Security Mechanism)Fig. Customer%^^ADecrypt with customers private keyDecrypt with banks private keyOriginal message$ 100

Vivek Kapoor

Types of electronic moneyClassification based on the tracking of money. Identified electronic money. Anonymous electronic money.Classification based on the involvement of the bank in the transaction. Online electronic money. offline electronic money.

Vivek Kapoor

Identified electronic moneyFig.Bank$ 100SR 100CustomerCustomer

$ 100SR 100MerchantMerchant$ 100SR 100Bank1.Bank generates the serial no. & sends it along with the e-money to the customer.2. Customer spends the money, so the merchant has it now.3. Merchant en cash the e-money from the bank. The money still has the same sreial no.

Vivek Kapoor

Anonymous electronic moneyIt is also called blind money.Here customer creates the serial no. instead of bank.Customer generates random no. & then multiplies it by another huge no. ( called blinding factor).Customer sends the resulting no., called as blinding no. to the bank.Bank does not knows the original serial no. created by the customer.Bank signs the blinded no. & sends it back to the customer.Customer then uses original serial no. while doing transaction.Here same money can be spent more than once.

Vivek Kapoor

Online/Offline moneyOnline money: Here money offered by the customer is acceptable or not can be confirmed in real time.Offline money: Here bank does not participate in transaction between the customer & merchant. Merchant accepts the money, but does not validate it online. It process it at a fixed time every day.We have four possibilities of money:Identified online money.Identified offline money.Anonymous online money.Anonymous offline money.

Vivek Kapoor

Double Sending ProblemHere customer could arrange for anonymous e-money by using blinded money concept.Later it could spend it in quick succession with two different merchants.Here bank cannot determine which customer spent it more than once, because of the blinding factor.Thus anonymous money is of little use.This problem can also occur in offline money also.

Vivek Kapoor

Email SecurityEmail is widely most widely used application on the internet.RFC 822 defines a format for text email messages.Email message consists of two portions: contents & headers.

From: John Smith (john@yahoo.com)To: Cherry (cherry@hotmail.com)Subject: Accepting the offerDate: 4 March 2002Dear CherryI had accepted the offer.Regards.JohnHeadersBody

Vivek Kapoor

Email SecuritySimple Mail Transfer Protocol (SMTP) is used for email communications.SenderSenders SMTP serverReceiver SMTP serverReceiveremailemailemailInternetPull

Vivek Kapoor

Email SecurityHere there are two SMTP server's i.e Sender & receiver.Based on clients request for an email transfer message, server sends back READY FOR MAIL reply, indicating that it can accept an email message from the client.Client sends HELO to the server & identifies itself.Client can now send one or more email messages to the server. Email transfer begins with MAIL command that identifies the sender.Recipient allocates the buffers to store the in coming message & sends back OK response to the client. Server also sends back response code 250.Client now sends the list of intended recipients by one or more RCPT commands ( one per recipient). The server must send back a 250 OK or 550.Client sends DATA command, informing server that client is ready to start transmission of the email message.

Vivek Kapoor

Email SecurityServer responds back with a 354 start mail input message, indicating that it is ready to accept the email massage.Client sends the email message & when it is over, sends the identifier provided by the server to indicate that its transmission is over.Server sends back a 250 OK response.Client sends a QUIT command to the server.Server sends back a 221 service closing transmission channel message, indicating that it is also closing its portion of the connection.

Vivek Kapoor

Privacy Enhanced Mail (PEM)It is an email security standard adopted by the internet architecture board (IAB) to provide secure electronic mail communication over the internet.

Privacy Enhanced Mail (PEM)EncryptionNon RepudiationMessage integrity

Vivek Kapoor

Privacy Enhanced Mail (PEM)PEM starts with a canonical conversation, which is followed by digital signature, then by encryption & finally by Base-64 encoding.There are three security options for sending the mail message: Signature only (steps 1 & 2), Signature & base -64 encoding (Steps 1,2 &4), Signature & encryption & Base-64 encoding (steps 1 to 4) 1. Canonical Conversion2. Digital Signature3. Encryption4. Base 64 Encoding

Vivek Kapoor

Privacy Enhanced Mail (PEM) Canonical Conversion/Digital SignatureThere is a possibility that sender & receiver of email message use computers that have different architectures & operating systems.In canonical representations regardless of the architecture & the operating system of the sending & receiving computers, email message travels in a uniform, independent format.Step: 2 (Digital Signature)Email message100010101001010EncryptSenders private keyDigital SignatureMD5

Vivek Kapoor

Privacy Enhanced Mail (PEM) EncryptionHere original email & digital signature are encrypted together with a symmetric key.For this DES or IDEA is used.

Vivek Kapoor

Privacy Enhanced Mail (PEM) Base-64 encodingIt is also called Radix-64 encoding or ASCII amour i.e it transforms binary input into printable character output.01010101110101010010101010010101001010001010101110101 1001010101001 10100101001101010 0111010 01001010 01001010100101010 11010101 010101010 0101010010Input bit streamDivided into 24-bit blocksEach 24 bit is divided into 6-bit blocks6-bit block mapped to 8-bit block

Vivek Kapoor

Privacy Enhanced Mail (PEM) Base-64 encodingFig.011101010101110101001110000101001110101 010111010 1001110 0001010

6 34 45 77I H U K01110101 010111010 1001110 0001010

24 bit inputDivide into four 6-bit blocksWrite their decimal equivalentsMap to Base64 table Write ASCII equivalent binary

Vivek Kapoor

Pretty Good Privacy (PGP)Phil Zimmerman is the father of the Pretty Good Privacy (PGP) protocol.PGP is simple to use, completely free, supports basic requirements of cryptography, includes its source code & documentation.PGP allows four security options when sending an email message: Signature only, Signature & Base-64 only, Signature, encryption, enveloping, Base-64 encoding.

1. Digital Signature2. Compression3. Encryption4. Enveloping5. Base 64 Encoding

Vivek Kapoor

Secure Multipurpose Internet Mail Extensions (S/MIME)Traditional email systems are text based.If we want to send multimedia files over email then MIME system provides the functionality.An MIME email contains normal text message along with some special headers & formatted sections of text.Each section consist of ASCII-encoded portion of data.It starts with an explanation that how the data should be interpreted/decoded at the recipient end.Suppose sender attach a graphics file to the email message.Figure shows that figure actually travels with the email.Content type MIME header shows that sender has attached a .GIF file to the message.When open in an text format it will appear as gibberish.Recipient email system shall recognized it as .GIF file.

Vivek Kapoor

Secure Multipurpose Internet Mail Extensions (S/MIME)MIME Headers:MIME Version: Version which is used.Content Type: Describes the data contained in the body of message.Content-Transfer-Encoding: Type o transformation.Content-ID:Content-Description:MIME Content Types: It specifies 7 content types & 15 content sub types.S/MIMIE functionality: Enveloping the data: Contains encrypted data & encryption key encrypted with receiver's public key.Signed data: Content & digital signature are both base 64 encoded.Clear-signed data: Here digital signature is base 64 encoded.Signed & Enveloped data:

Vivek Kapoor

Chapter 3User Authentic Mechanisms

Vivek Kapoor

IntroductionOne of the key aspects of cryptography or network security is authentication.Traditionally user ids & passwords are being used. But there are security concerns i.e passwords travel in clear text & can be stored in the server in clear text which can be hacked.Modern password based authentication techniques use alternatives such as encrypting passwords, or using something derived from the passwords in order to protect them.Authentication tokens add randomness to the passwords making them more secure.Certificate based authentication use PKI infrastructure or technology. It is quiet strong if used correctly. Smart cards are also used here.Biometrics, Kerberos & single sign (SSO) mechanism is also used .

Vivek Kapoor

Authentication BasicsIt is determining user before performing actual business transactions using the system.It is determining the identity of a person to a required level of assurance.Authentication is the first step in any cryptographic solution.Unless person on the other side is authenticated there is no point in encrypting the information flowing between them.Whole idea of authentication is based on secrets.For example ATM card & PIN no. is one form of authentication.Here entity being authenticated & authenticator both share same secret.

Vivek Kapoor

PasswordsA password is a string of alphabets, numbers & special characters which is supposed to be known only to the entity that is being authenticated.It is believed that it is the most simple, least expensive mechanism & it does not require any special hardware or software support.Here every user in the system is assigned a user id & an initial password.Password is stored in the users data base against the user id on the server.

Vivek Kapoor

Passwords (How it works?)Step 1: Prompt for user id & password : Here application program sends a screen to the user, prompting for the user id & password.Step 2 : User enters user id & password: here user enters its user id & password & press OK button. It causes user id & password to travel in clear text to the server.Step 3 : User id & password validation : Server uses its user authentication program to see if this particular user id & password combination exist there.Step 4 : authentication result : Depending upon the success or failure of the validation of the user id & password, the user authentication program returns appropriate result back to the server.Step 5 : Inform user accordingly : Depending upon the outcome server sends back the appropriate page to the user. If successful it then sends the application menu to the user.

Vivek Kapoor

Passwords ( Problem with this scheme)Problem 1 database contains passwords in clear text : If an attacker succeeds in obtaining an access to the data base, the whole list of user ids and passwords is available to the attacker. So passwords in the database must be stored in encrypted form.Whenever user attempts to log on, on the server side, the users password should first be encrypted the compared with the encrypted password in the database.Problem 2 Password travels in clear text from users computer to the server : If an attacker breaks into the communication link between users computer & server, the attacker can easily obtain the clear text password.

Vivek Kapoor

Passwords (Something derived from passwords)Here the variation is that not to use password itself but to use something that is derived from the password.Here we run some algorithm on the password & store the output of this algorithm as the (derived) password in the database.When user wants to get authenticated, the user enters the password & user computer performs same algorithm locally, & sends the derived password to the server, where it is verified.There are several requirements of this scheme:Each time the algo. Is executed for same password, it must produce the same output.Output of algo. Must not provide any clue about the password.It should be infeasible for any person to provide an incorrect password, & yet obtain the correct derived password.These requirements closely match MD5 or SHA-1.

Vivek Kapoor

Message digests of passwordsStep 1- Storing Digests as derived passwords in the user database.Step 2- User authentication: When a user needs to be authenticated, the user computes the message digests of the password, & sends the user id & message digest of password to the server for authentication.Step 3- Server-side validation: User id & message digest of password travel to the server over the communication link.Server passes this values to the user application program, which validates the user id & the message digest of the password against the database.Server uses the result of this operation to return appropriate message.

Vivek Kapoor

Message digests of passwordsHere attacker may not be able to use the message digest to work backwards to retrieve the original password.The attacker can simply listen to the communication between user & the server involving login request-response pair.In this he would get the user id & message digest of password.Attacker will copy that information & submit them after some time to the server as a new login request.This is called replay attack because attacker simply replay the sequence of events of a normal user.

Vivek Kapoor

Adding randomnessTo improve security, we need to add a bit of unpredictability or randomness to the earlier scheme.Here message digest of the password is always same but exchange of information between client & server computer is not always same.This will ensure that replay attack is foiled.Technique for it is:Step 1- Storing message digests as derived passwords in the user database. Step 2- User sends a login request: Here user sends login request only with her user id.Step 3- Server creates a random challenge: Server first checks if user id send is valid or not, if valid then server now creates a random challenge (a random no. generated using pseudo-random number generation technique) & sends back to the user as a plain text.

Vivek Kapoor

Adding randomnessStep 4- User signs the random challenge with the message digest of the password: Here message digest of the password is now used to encrypt the random challenge received from the server.Step 5- Server verifies the encrypted random challenge received from the user: Server receives encrypted random challenge. In order to verify server must perform following steps:Server can decrypt the random challenge with the message digest of the user password stored in the user data base . If decryption matches the original random challenge available on the server, then server can be assured.Step 6- Server returns appropriate message back to the user.Random challenges are generally 16-bit random numbers.

Vivek Kapoor

Password encryptionFor security purpose we want that password should travel in encrypted form.For this we should provide some sort of cryptographic functionality on the user side.In case of internet applications, client is web browser, which does not have special programming capabilities.So we must resort to technologies such as Secure Socket Layer (SSL).Here encryption of passwords on client side & server side are different. So server side application logic would perform the necessary conversions between the two for verification.

Vivek Kapoor

The problems with passwordsFrom the system administrator point of view password based encryption is quiet problematic.Organizations has a number of applications, networks, shared resources & intranets.These applications have varying needs of security measures, & they grow over a period of time.Thus each resource demands its own user id & password.Thus end user have to remember many user ids & passwords.Password maintenance is quiet a problem.A study shows that administrators spends about 40% of their time creating, resetting or changing user passwords.

Vivek Kapoor

Password PoliciesThe password length must be at least 8 characters.It must not contain any blanks.There must be at least one lower case alphabet, one upper case alphabet, one digit & one special character in the password.The password must begin with an alphabet.

Vivek Kapoor

Authentication TokensA authentication token is a small device that generates random number every time it is used.It is of size of credit cards 7 it has following features: Processor, LCD, Battery, Real time clock, Key pad for entering the information.Each authentication token is pre-programmed with a unique no. called seed or random seed.

Vivek Kapoor

Authentication TokensStep 1: Creation of a token: When ever authentication token is generated, a random seed is generated by authentication server. This seed is stored in the users record in the user data base. User does not know the value of seed.Step 2: Use of token : Authentication token automatically generates pseudorandom numbers called one time passwords based on the seed value. User send its user id & this pseudorandom number to the server.Server calls the seed retrieval program which in turns establish relationship between pseudorandom no. & seed.Authentication token is generally protected with 4-digit pin.Step 3 :Server sends the appropriate message back to the user.

Vivek Kapoor

Authentication Tokens TypesThey are of two main types: Challenge/Response Tokens & Time based Tokens.Challenge/Response Tokens:Step 1 : User sends login requestStep 2 : Server sends random challenge depending upon the validity of user id.Step 3 : User signs the random challenge with the message digest of the password: Here token accepts the random challenge send by the server & encrypt with its seed value & result is displayed on the screen & send to the server as login request.Step 4 : Server after receiving the encrypted random challenge from the user decrypts it with the seed value compare it with random challenge it has sent. If value matches then user is authenticated otherwise not.

Vivek Kapoor

Authentication Tokens TypesStep 5 : Server sends an appropriate message to the user.The problem with this scheme is that if we use 128 bit seed then encrypted seed will also be of 128 bit or 16 characters.For user to read 16 characters from the LCD screen it quiet difficult.Alternate to it is that instead of encryption message digest of predetermine length is calculated.Here there is one more problem that user has to make three entries, hence he can make an error.

Vivek Kapoor

Time based tokensHere previous disadvantages are addressed.Step 1: Password generation & login request: Here password is generate on the user side using two parameters i.e seed & current system time & sends to the server.Token automatically generates password using these two values in every 60 seconds.Step 2: Server side verification: Server performs independent cryptographic function on users seed value & current system time to generate its version of password, if two values match, it is consider as valid one.Step 3: Sever sends an appropriate message to the userDue to its automated nature it is most commonly used.But What happens if window of 60 seconds is crossed.Then here every time the window is crossed users computer sends new login request by advancing its time by 1 minute.

Vivek Kapoor

Certificate Based AuthenticationIt is stronger than all other authentication techniques. Here user know something (Certificate) & not know something (Password).Step 1: Creation, storage & distribution of digital certificates: Here user id, private key, copy of digital certificate is stored in the user database.Step 2: Login request: Here user only sends user id to the server.Step 3: Server creates a random challenge: Here the random challenge travels as a plain text from server to users computer.Step 4: User signs the random challenge: It signs it with his private key & sends it to the server. Server obtains public key of the user from its database. It then decrypts signed random challenge send from user & compare it with the original random challenge. Step 5: Server sends Appropriate message to the user: Depending upon matching server sends he appropriate message to the user.

Vivek Kapoor

Smart CardsIn certificate based authentication smart cards are used.Card stores digital certificates, public-private key pairs with in the card in a tamper free fashion.Public key & digital certificate can be exported outside.Smart card capable of performing cryptographic functions within the card.If we wish to sign a 1MB document using a smart card then to copy & perform all cryptographic functions with in the card will require 15 mins at the rate of 9600 bits per second.So to avoid this first generate a message digest of 1MB document outside the card then feed it to smart card for cryptographic function.Drawback of smart cards are non availability of smart card readers, smart card aware cryptographic services software on every computers.Cost of smart card & smart card readers are high.

Vivek Kapoor

Biometric AuthenticationIt works on human character tics, such as finger print, voice, & pattern of lines in your iris.The user database consists of sample of users biometric character tics.During authentication user is required to provide another sample of users biometric character tics.These two values are matched & depending upon it validation is decided.For example sample taken every time may not be same, such as in case of finger print recognition finger may be dirty, or have cuts or other marks.To over come this problem authentication system defines two configurable parameters: False accept ratio & False reject ratio.Best security solution is two combine password/pin, smart card & biometrics

Vivek Kapoor

KerberosIt is an authentication protocol.Basis of this protocol is another protocol called Needham-Shroeder.Kerberos means a multi-headed dog in greek mythology (apperently used to keep outsiders away).Version 4 is used in practical implantations, version 5 is also out now.There are four parties involved in Kerberos protocol: Alice: Client work station.Authentication server (AS): Verifies the user during login.Ticket Granting server (TGS): Issue tickets to certify proof of identity.Bob: Server offering services such as network printing, file sharing, application program etc

Vivek Kapoor

How does Kerberos Work? (Step 1)Alice (Client) sits down at an arbitrary workstation & enters her name.Workstation sends her name in plain text to the Authentication server (AS).User NameRandomly generated session key (KS)EncryptSymmetric key shared by the ticket granting server (TGS)TGTSession Key (KS)KS + TGTKS + TGTEncryptOutputSymmetric key derived from Alices password (KA)AS

Vivek Kapoor

How does Kerberos Work? (Step 1)Fig.

After message is received, Alice work station generates symmetric key (KA) derived from password & uses that key to extract the session key (KS) & Ticket Granting Key (TGT).Alice cannot open TGT since it is encrypted by key of TGS which is shared between TGS & AS.

ASOutputAlice

Vivek Kapoor

How does Kerberos Work? (Step 2)Obtaining a service granting ticket (SGT).TimestampEncryptSession Key (KS)Encrypted TimestampTGTBobOutputOutputRequest for a SGT

Vivek Kapoor

How does Kerberos Work? (Step 2)TGT is encrypted by secret key of Ticket granting server (TGS). Thus TGS can only open it.Once TGS is satisfied with the credentials of Alice, it creates a session key KAB, for Alice to have secure communication with Bob.

Vivek Kapoor

How does Kerberos Work? (Step 2)Fig.AliceKABEncryptBs Secret keyBobKABSession Key (KS)EncryptOutputOutput

Vivek Kapoor

How does Kerberos Work? (Step 3)User contact Bob for accessing server.Alice can now send KAB to Bob in order to enter a session with him.To make it more secure Alice will send encrypted KAB to Bob.To guard against replay attacks, Alice also sends the timestamp, encrypted with Bobs secret key.Bob acknowledges by adding 1 o the time stamp sent by Alice, encrypts the result with KAB & send it back to the Alice.Now Alice & Bob communicate with each other using key KAB.

Vivek Kapoor

Single Sign On (SSO)Since Alice needs to authenticate or sign on only once, this mechanism is called Single Sign On (SSO).She needs to authenticate to the AS only once.SSO is very important for corporate networks since network grows over a period of time. Thus multiple authentication mechanisms can be segregated into a single, uniform authentication mechanism using SSO.There are two broad approaches for SSO: Script based approach, Agent based approach.In script based approach SSO software mimics user action i.e by simulating the user depressing keyboard keys.In agent based approach every web server must have a piece of software called as agent, then there must be SSO server which interacts with the user database.

Vivek Kapoor

Thank You-----------------------------------------------------------

Vivek Kapoor

Chapter 4Network Security

Vivek Kapoor

Brief introduction to TCP/IPNetwork security is key aspect in internet based security mechanism.People are only interested in application level security, but data at lower level should be protected.ApplicationPresentationSessionSMTPFTPDNSHTTPApplicationTELNETTransportTCPUDPNetworkICMPIPARPRARPData LinkPhysical

Vivek Kapoor

TCP Segment FormatFig.20 to 60 bytes header consisting of the following fieldsSource port no.Destination port no.Sequence no.Ack No.Header lengthReservedFlagWindow SizeChecksumUrgent pointerOptions2 bytes2 bytes4 bytes4 bytes4 bytes6 bytes6 bytes2 bytes2 bytes2 bytes0 to 40 bytesDATA

Vivek Kapoor

IP Datagram FormatFig.Version (4bits)HELEN(4bits)Service Type(8bits)Total Length(4bits)Identification(16 bits)Flags(3 bits)Fragmentation Offset (13 bits)Time to live (8 bits)Protocol (8 bits)Header Checksum (16 bits)Source IP address (32 bits)Destination IP address (32bits)Data (32 bits) Options(32 bits)

Vivek Kapoor

FirewallsIn internet any computer can be connected to any other computer in the world.This is a great advantage for individuals and corporate.But it is a nightmare for network support staff to protect the corporate network from variety of attacks.There is a possibility of leakage of confidential information as well as viruses & worms can create havoc.We encrypt the confidential info. To protect it from outside world.To protect from outside attacks Firewall comes into the picture.Firewall is just like a guard which checks all the in coming & outgoing packets in the corporate network.A firewall is a specialized version of router which it performs with the help of additional software resources.

Vivek Kapoor

FirewallsFig.Corporate NetworkFirewallInternet

Vivek Kapoor

FirewallsAll traffic inside & outside must pass through firewall.Access to local network via firewall should be permitted.Only traffic authorized as per local security policy should be allowed.Firewall should render attack on itself.There are two types of firewalls : Packet filters & Application Gateway.

Vivek Kapoor

Firewalls ( Packet filters)Packet filter applies a set of rules to each packet, & based on outcome, decides to forward or discard the packet.Packet filter is also called screening router or screening filter.The filtering rules are based on number of fields i.e IP & TCP/UDP destination headers, source & destination IP addresses, IP protocol field, TCP/UDP port numbers.A packet filter performs following functions: Receive each packet as it arrives.Pass the packets through a set of rules & see weather it matches the set of rules or not.If there is no match then take default action.The default action may be to accept or discard all packets.

Vivek Kapoor

Firewalls ( Packet filters)Advantages of packet filters are its simplicity & there fast operating speed.Disadvantages are difficulties in setting up packet filter rules & lack of support for authentication.Following types of attacks takes place in case of packet filters:IP address spoofing: An intruder can send packet outside the network having IP address equal to IP address with in the network.Source routing attacks: Here attacker specify the route that a packet should take as it moves with along the internet.Tiny fragment attacks: IP packets pass through variety of networks such as Ethernet, Token ring, X.25 etc. So IP packets get fragmented each time. Attacker feels that packet filter can be fooled, so that after fragmentation, it checks only 1st fragment & by intentionally creating the fragments he can intrude into the system.

Vivek Kapoor

Firewalls ( Packet filters)An advanced type of packet filter called dynamic packet filter or stateful packet filter is used.Here it allow in comming TCP packets only if they are responses to the outgoing TCP packets that have gone through the network.Dynamic packet filter has to maintain a list of the currently open connections & outgoing packets in order to deal with this rule.

Vivek Kapoor

Firewalls (Application gateways)It is also called proxy server.It decides the flow of application level traffic.It typically work as follows:An internal user contacts the application gateway using TCP/IP application.Application gateway ask the user about the remote host which he user wants to set up a connection for actual communication & ask for its user id & password.The user provides this information.The application gateway now access the remote host on behalf of user and passes the packets of the user to the remote host.There is a variation called circuit gateway.Here circuit gateway creates a new connection between itself & remote host.It also changes source IP address of the user to its own.

Vivek Kapoor

Firewalls (Application gateways)User thinks that a direct connection between itself & remote host has been established.Thus computers from internal users are hidden from outside world.SOCKS server is an example of the real life implementation.Socks client runs on the internal hosts & server runs on the firewall.Thus application gateway act as a proxy of the actual end user & remote host.It is more secure than packet filters.Rather examining every packet against number of rules, here we simply detect that weather user is allowed to work with TCP/IP application or not.Disadvantage is that there is a overhead in terms of connections.There are two sets of connections: between end user & application gateway another between application gateway & remote host.

Vivek Kapoor

Firewall configurationsFirewall is a combination of packet filter & application gateway.Based on this there are three possible configuration of the firewall.Screened host firewall, single-homed bastionScreened host firewall, dual-homed bastionScreened subnet firewall

Vivek Kapoor

Screened host firewall, single-homed bastion

It consist of packet filtering router & application gateway.

Application gatewayPacket filterInternet

Vivek Kapoor

Screened host firewall, Dual-homed bastion

Direct connection between internal host & packet filter are avoided.

Application gatewayPacket filterInternet

Vivek Kapoor

Screened host firewall, Dual-homed bastion

Two packet filters are used one between internet & application gateway other between application gateway & internal network.

Application gatewayPacket filterInternetPacket filter

Vivek Kapoor

Demilitarized Zone (DMZ) NetworksIt is used where an organization has servers which it need to make them available to the outside world.

DMZFirewallInternet

Vivek Kapoor

Limitations of firewall Insider intrusions.Direct internet traffic.Virus attacks.

Vivek Kapoor