security chapter 10 copyright 2001 prentice hall revision 2: may 2001
TRANSCRIPT
Security
Hackers break into organizations from the outside
However, most security breaches are internal, by employees and ex-employees
3Network Security Threats
Interception If interceptor cannot read, have
confidentiality (privacy) If cannot modify without detection, have
message integrity
4Network Security Threats
Impersonation An impostor claims to be someone else Need to authenticate the sender--prove
that they are who they claim to be
TruePerson
Impostor
5Network Security Threats
Denial of Service (DOS) Attacks Overload system with a flood of
messages Or, send a single message that crashes
the machine
6Network Security Threats
Remotely Log in as Root User Requires cracking the root login
password Then control the machine Read and/or steal information Damage data (erase hard disk) Create backdoor user account that will
let them in easily later
Root Login Command
7Super Accounts
Have Access to Everything on the Machine UNIX/LINUX: root Microsoft: Administrator NetWare: Supervisor Other accounts can be given equivalent
rights
Dangerous If intruder gets the password to this
accountProtect with a super-strong password
If the server administrator is dishonest
New
8Security Threats
Content Threats
Application layer content may cause problems
VirusesIn many ways, most severe security problem
in corporations today
Must examine the contents of application messages
• At least extensions of files or MIME data type being transferred
10Encryption
Encryption: Transforms Message so that Interceptor Cannot Read it For confidentiality, do not want an
interceptor to read the message Plaintext (original message)
Not necessarily text; Can be graphics, etc.
Plaintext Encryption Ciphertext Decryption Plaintext
MethodKey
MethodKey
TransmittedOriginalMessage
OriginalMessage
“47”
11Encryption
Encryption: Transforms Message so that Interceptor Cannot Read it Ciphertext (transformed) for
transmissionStream of ones and zeros for transmissionInterceptor cannot make sense of it
Plaintext Encryption Ciphertext Decryption Plaintext
MethodKey
MethodKey
TransmittedOriginalMessage
OriginalMessage
101101
12Encryption
Encryption: Transforms Message so that Interceptor Cannot Read it
Receiver decrypts ciphertext back to plaintext
Plaintext Encryption Ciphertext Decryption Plaintext
MethodKey
MethodKey
TransmittedOriginalMessage
OriginalMessage
“47”
13Encryption
Encryption Requires a Method and a Key Encryption method is the specific
mathematical transformation process
Key is a string of bits used in the method
Get different ciphertexts with different keys
Plaintext Encryption Ciphertext Decryption Plaintext
MethodKey
MethodKey
TransmittedOriginalMessage
OriginalMessage
14Encryption
Encryption Requires a Method and a Key Method cannot be kept secret
Key must be kept secret
Plaintext Encryption Ciphertext Decryption Plaintext
MethodKey
MethodKey
TransmittedOriginalMessage
OriginalMessage
15Encryption: Key Length
Key can be “guessed” by exhaustive search Try all possible keys See which one decrypts the message
Long keys make exhaustive search difficult
If length is n bits, 2n tries maximum needed
Today: <100 bits are weak
Today: >100 bit keys are strong
Tomorrow will need even longer keys
16Methods and Algorithms
Encryption Method Categories Two general ways of doing encryption Symmetric key versus public key
encryption
Encryption Method Algorithms Specific ways of doing encryption With symmetric key encryption: DES,
3DES, AES, IDEA, Blowfish, and RC5 algorithms
With public key encryption: RSA, elliptical curve cryptosystem (ECC) algorithms
17Symmetric Key Encryption
Both sides use a single key to encrypt & decrypt When A send to B
A encrypts with the key, B decrypts with the key
When B sends to AB encrypts with the key, A decrypts with the
keyA
B
Symmetric Key
18Symmetric Key Encryption
Symmetric key encryption and decryption processes are simple enough for fast encryption/decryption Fast enough for long messages
AB
Symmetric Key
19Symmetric Key Encryption
Problem 1: Symmetric key must be distributed secretly between partners or interceptors can read subsequent messages
Key A
Key B
A
B
20Symmetric Key Encryption
Problem 2: Need a different symmetric key for each business partner Or other partners could read messages Complicates symmetric key distribution
Key A
Key B
A
B
21Symmetric Key Encryption
Data Encryption Standard (DES) Extremely popular symmetric key
algorithm
Uses 56-bit key, which is inadequate for consumer transactions
3DES (Triple DES)
Uses three 56-bit keys for 3 stages of encryption
168-bit effective key length
Sufficient for financial networks
22Symmetric Key Encryption
DES is an old algorithm Developed in 1970s 3DES is merely a way of extending its life
Advanced Encryption System (AES)
Being developed by the U.S. National Institutes for Standards and Technology
Will be much stronger with longer keys
Will be efficient enough to implement on hand-held devices
23Public Key Encryption
Recap: There are Two General Encryption Method Categories
Symmetric key encryption (just seen)
Public key encryption (next)
24Public Key Encryption Methods
Different keys for encryption and decryption
Encryption with receiver’s public key
Decryption with receiver’s private key
Once encrypted, sender cannot decrypt the ciphertext; does not have receiver’s private key
Plaintext Encryption Ciphertext Decryption Plaintext
Receiver’s Public Key Receiver’s Private Key
25Public Key Encryption
Everyone has a public and private key
Keep the private key secret
Distribute the public key to everybody without security
PublicKey
PublicKey
PrivateKey
26Public Key Encryption
Then anyone can encrypt messages to you using your public key
But only you can decrypt the messages
PublicKey
PublicKey
PrivateKey
Encryption
27Public Key Encryption
Four Keys Needed for Two-Way Communication
Encrypt with receiver’s public key
Decrypt with sender’s private key
A BB’sPub Key
B’sPriv Key
A’sPriv Key
A’sPub Key
28Public Key Encryption
Four Keys Needed for Two-Way Communication
Never refer to public and private keys without saying to whose public or private key you are referring
A BB’sPub Key
B’sPriv Key
A’sPriv Key
A’sPub Key
29Public Key Encryption
Unfortunately, highly processing-intensive
100 times slower than symmetric key encryption
So can only encrypt small messages
Also, often can only encrypt messages about the size of the public key (typically a few thousand bits because of limitations in the algorithms)
New
30Combining Public, Symmetric Key
Symmetric Key Encryption and Public Key Encryption are Complementary, not Competitors
Often, partners first communicate with public key encryption Including initial authentication
Public Key AuthenticationA B
31Combining Public, Symmetric Key
Then one sides generates a symmetric key
Encrypts symmetric key with partner’s public key, sends to partner
Now, both sides have the symmetric key
SymmetricSessionKey
Public Key EncryptionA B
32Combining Public, Symmetric Key
Afterward, both sides communicate with the symmetric key
This symmetric “session key” is good only for this session--single flow of communications
Symmetric Session KeyA B
33Public Key Algorithms
Public Key Encryption is a Method Category Must Use a Specific Public Key Algorithm
RSA Most widely used public key algorithm Patented, but public domain in October
2000
Elliptical Curve Cryptosystem (ECC) Can use smaller keys than RSA with same
degree of protection Faster than RSA
35Confidentiality versus Authentication
Confidentiality (Privacy) Interceptors cannot read messages
Authentication: proving the sender’s identity The Problem of Impostors Uses encryption So encryption is not only for
confidentiality!
36Authentication
Authentication methods: Passwords
Short passwords are easy to guess with exhaustive search
Passwords that are common words or repetitive letter combinations are even easier to guess
Automated password cracking is very effective for weak passwords
Users must be forced to pick long passwords containing case changes and numerals, such as Tri6Vial
37Authentication
Authentication methods Biometrics
Fingerprint analysis, iris analysis, etc.New and not standardized
Authentication CardPush into slot of a machineAlso must give password usually
Public Key AuthenticationProve that sender holds their private key,
which only they should know
38Authentication
Verifier is the party who wishes the other party to authenticate themselves
Applicant is the other party, which wishes to prove its identity
ApplicantApplicant VerifierVerifier
Prove Your
Identity
Can WeTalk?
39Challenge-Response Authentication
Verifier sends the applicant a challenge message This challenge message is a string of
bits
Applicant sends back a response message This is the challenge message
encrypted with the applicant’s private key
ApplicantApplicant VerifierVerifierChallengeMessage
ResponseMessagePrivate Key
40Challenge-Response Authentication
Verifier decrypts the response message with the true party’s public key If matches the challenge message, was
encrypted with the true party’s private key, which only the true party should know
Applicant is authenticated
ApplicantApplicant VerifierVerifier
ResponseMessage
ChallengeMessage
41Frequency of Authentication
Challenge-Response Authentication Only done initially Or done at most a few times during a
session
Digital Signature Authentication (next) Provides authentication for every message Called message-by-message authentication Also provides message integrity—proof that
the message has not been changed en route
42Public Key Authentication
Ultimate goal is to send an original plaintext message from the applicant to the verifier If security was not an issue, the
applicant simply would send it For confidentiality only, would simply
encrypt with symmetric key
ApplicantApplicant VerifierVerifier
Ciphertext UsingSymmetric Key
43Public Key Authentication
For authentication, also send a digital signature with each packet
First create a message digest (MD) A small binary string calculated on the
basis of all of the bits in the message
MessageMessageDigest
Calculation
44Public Key Authentication
How to create a message digest (MD) Normally, use a process called hashing For a message of arbitrary size, hashing
produces a small bit string of predictable size
MD5: 128 bits SHA-1: 160 bits
MessageMessageDigest
Hash
45Public Key Authentication
Hashing Hashing is not reversible Cannot get back original message if you
know its hash Just done to produce something small
enough (message digest) to encrypt with public key encryption
MessageMessageDigest
46Public Key Authentication
Next create a digital signature
Encrypt the message digest with sender’s private key, which only the sender should be able to do
Also called signing the message digest with the sender’s private key
DigitalSignature
Encrypt withSender’s
Private Key
MessageDigest
47Public Key Authentication
Encrypt combined message and digital signature with the symmetric session key and send to the receiver This gives confidentiality (privacy)
during transmission Easy to forget the encryption with the
symmetric session key
DigitalSignature
Message
Encrypt with symmetric session key
48Public Key Authentication
Receiver decrypts arriving ciphertext with symmetric session key
Then decrypts digital signature with true party’s public key to get the original message digest
This is the transmitted message digest
DigitalSignature
Decrypt withSender’s
Public Key
TransmittedMessageDigest
49Public Key Authentication
Then decrypts digital signature with true party’s public key to get the original message digest (transmitted message digest)
Receiver then hashes the original plaintext, just as the sender did (computed message digest)
Message Digestfrom Digital Signature
Message DigestComputed from
Original Plaintext
50Public Key Authentication
Digital Signature also Provides a Second Benefit: Message Integrity
Proof that the message has not been altered en route
If message has been changed by error or by an attacker, message digests will not match
Message Digestfrom Digital Signature
Message DigestComputed from
Original Plaintext
Digital Certificates
Public Key Deception
Digital Certificates
Certificate Authorities
Public Key Infrastructures (PKIs)
52Public Key Deception
Impostor Claims to be a True Party True party has a public and private key Impostor also has a public and private key
Impostor sends impostor’s own public key to the verifier Says, “This is the true party’s public key” This is the critical step in the deception Impostor would be “authenticated” using
any public key authentication method
53Digital Certificates
Created by a Certificate Authority
Certificate authority is the trusted third party
However, not regulated today
CertificateAuthority
CertificateAuthority
AuthenticatedParty
AuthenticatedParty
DigitalCertificate
DigitalCertificate
54Digital Certificates
Assert that a true party (named) has the public key contained in the digital certificate Provides a name-public key pair
To prevent public key deception
Fields and content are standardized by the ITU-T X.509 Standard
Does not vouch forintegrity of the namedparty—only their publicKey
55Digital Certificates
Certificate authorities may revoke digital certificates Revoked certificate ID numbers are placed in a
certificate revocation list (CRL)
Verifier must check with the certificate authority to determine if a digital certificate is on the CRL
Without the CRL check, digital certificates do not support authentication
56Public Key Infrastructures (PKIs)
To use public key methods, an organization must establish a comprehensive Public Key Infrastructure (PKI) A PKI automates most aspects of using
public key encryption and authentication
Uses a PKI Server PKIServer
57PKIs
PKI Server Creates Public Key-Private Key Pairs Distributes private keys to applicants
securely Often, private keys are embedded in
delivered software
PKIServer
Private Key
58PKIs
PKI Server Provides CRL Checks Distributes digital certificates to
verifiers Checks certificate revocation list before
sending digital certificates
PKIServer
Digital Certificate
59PKIs
CRL Checks If applicant gives verifier a digital
certificate, The verifier must check the certificate
revocation list
PKIServer
OK?
OK or Revoked
CRL
61Integrated Security System
When two parties communicate …
Their software usually handles the details
First, negotiate security methods
Then, authenticate one another
Then, exchange symmetric session key
Then can communicate securely using symmetric session key and message-by-message authentication
62SSL Integrated Security System
SSL Secure Sockets Layer Developed by Netscape Protects at the transport layer; protects
any SSL-enabled application program Supported by almost all browsers Almost universal in Web financial
transactions Netscape gave IETF control over SSL IETF renamed it Transport Layer Security
63SSL Operation
SSL ISS Process
Two sides negotiate security parameters
Webserver authenticates itself
Browser may authenticate itself but rarely does
Browser generates a random symmetric session key, sends to webserver
Adds a digital signature and encrypts all messages with the symmetric key
64Other ISSs
SSL is merely an example integrated security system
Many other ISSs exist IPsec (Chapter 9 and Module F) PPTP and L2TP (Module F) Etc.
66Multi-Layer Security
Security Can be Applied at Multiple Layers Simultaneously
Application layer security for database, e-mail, etc.
Transport layer: SSL
Internet layer: IPsec (Chapter 9, Module F)
Data link layer: PPTP, L2TP (Module F)
Physical layer: locks
67Multi-Layer Security
Applying security at 2 or more layers is good
If security is broken at one layer, the communication will still be secure
However, Security slows down processing Multi-Layer security slows down
processing at each layer
68Firewalls
Firewall sits between the corporate network and the Internet Prevents unauthorized access from the
Internet Facilitates internal users’ access to the
Internet
OKNo
Firewall
Access only ifAuthenticated
69Firewalls
Packet Filter Firewalls
Examine each incoming IP packet
Examine IP and TCP header fields
If bad behavior is detected, reject the packet
Usually no sense of previous communication: analyzes each packet in isolation
IPFirewall
IP Packet
70Firewalls
Application (Proxy) Firewalls Filter based on application behavior
Viruses, extensions of files transferred, etc. Do not examine packets in isolation: use
historyIn HTTP, do not accept a response unless an
HTTP request has just gone out to that site
Application
71Firewalls
Application (Proxy) Firewall Hides internal internet addresses
through Network Address Translation Accepts packet from internal host;
packet has internal host’s IP address
PacketWith
InternalIP Address
72Firewalls
Application (Proxy) Firewalls Proxy program replaces internal IP
address with another IP address, sends to external host
PacketWith
AnotherIP Address
73Firewalls
Application (Proxy) Firewalls Proxy server receives returning IP
packet to the other IP address Passes it on to the internal host
74Firewalls
Application (Proxy) Firewalls Intruder with sniffer program will only
see other IP address; will not learn internal IP addresses to identify potential victims Packet
WithAnother
IP Address
Intruder
75Firewalls
Application Firewalls
Need a separate program (proxy) for each application
Not all applications have rules that allow filtering
76Total Security
Network Security is Only Part
Server Security
Occasionally, weakness are discovered in server operating systems
Hackers use these known security weaknesses to hack into or crash servers
Companies must install patches to fix these weaknesses; often fail to do so
77Total Security
Client PC Security
Known security weaknesses exist but patches are rarely downloaded
Users often have no passwords or weak passwords on their computer
Adversaries take over client PCs and can therefore take over control over SSL, other secure communication protocols
78Total Security
Managing Users
Often violate security procedures, making technical security worthless
Social engineering: attacker tricks user into violating security procedures
79Intrusion Detection
Intrusion detection software to detect and report intrusions as they are occurring
Needed
Lets organization stop intruders so that intruders do not have unlimited time to probe for weaknesses
Helps organization assess security threats
Audit logs list where intruder has been: vital in legal prosecution