Sunteți pe pagina 1din 24

Your Title Here

Security Primer
Sameh El Naggar
1

Security Primer
Presentation contents

Technical Security Issues Presentation Focus
Cryptography Symmetric Key Non-Symmetric (Public Key)
Public Key distribution and integrity PKI and certificates

Encryption (Privacy)
Authentication Integrity Non-repudiation Security Protocols Authorization Availability Auditing Establishing Trust Managing Risk

Authentication

Kerberos Certificates Message Integrity Hashes and message digests Security Protocols How they work SSL, etc

Establishing trust on the net


content protection

Privacy, profiling, safe code,

Technical Security Issues and goals



Encrypt your messages so only the intended receiver should be able to read them. Make sure that the messages really came from the sender (Authentication). Also, be absolutely sure you are buying from Barnes & Noble, for example, who will charge your credit card. Additionally you do not want an intruder to intercept and steal your credit card number during the transaction (Secure protocols) Guarantee the Integrity of the message. Make sure it was not tampered with during transmission, or replayed maliciously. Have electronic transactions, and electronic commerce paperless contracts that will not be reneged upon (Non-repudiated) even in court! The sender cannot disown the message he or she sent Understand what these security technologies are all about. For example, cryptography, digital signatures, certificates and Secure Protocols like Secure Socket Layers (SSL) or IPsec Develop or purchase the proper Security Products. There are easily more than 500 products out there, growing weekly.

Technical Security Issues and goals



Establish a security policy in your organization, including physical security and data availability Develop a security policy and be able to create and follow an effective security policy document Understand what authorization is versus authentication Understand some of the issues involved regarding trust and privacy on the internet Develop a strategy to manage risk Be able to audit, monitor, log and prove your case in front of a judge, if you have to go to court Finally, understand what everyone is talking about in a security seminar or course. The technical jargon and abbreviations are introduced and defined In the appendix there is a taste of the math involved in the most widely used public encryption algorithm, RSA

If Security is compromised?
The Army General Stock Broker Contract
I said attack, not retreat!! Client: I said sell at 11am not at 2 PM, broker disagrees,
how will the judge decide?

The contract was for 4 million not 2 million Dollars Who has the electronic contracts and receipts? They already used my card to the maximum limit. I couldnt
use it for my emergency

Credit Card

Recent break-ins into the following sites


Microsystems, and Prohosting

City Bank, New York Times, US Department of Justice, SUN

Encryption & Cryptography


Cryptography Historically (secret Algorithms)
Also used by lovers to hide their secrets

Cryptography was used by the Romans hiding troop movements using Ciphers (sticks).

Techniques used to produce cipher text from plain text


Substitution ciphers:
Each letter or group of letters is replaced by another letter or a group of letters Example: In the Caesar Cipher letter a becomes d, b becomes e, and z becomes c reorders the letters but doesnt disguise them Choose a random bit string as the key, convert the text into a bit string, using ASCII representation for example. Finally compute the EXCLUSIVE OR of these two strings, bit by bit.

Transposition ciphers One-Time pads

Two Fundamental Cryptography Principles

All encrypted messages must contain some redundancy Some measure must be taken to prevent active intruders from playing back old
messages, time stamps and nonces are some solutions.

Modern Cryptography

Uses the same basic ideas as traditional Cryptography, transpositions and substitution,
but with a different emphasis:
Traditional cryptography uses simple algorithms and long keys Modern cryptography relies on complex and convoluted encryption algorithms A P-box is a device that effects a transposition on an 8 bit input (10011011->01011101) An S-box does Substitution, a 3 bit plain text is entered, a 3 bit cipher text is output An S-box has a 3-8 bit decoder, a P-box, then an 8 to 3 encoder (01234567 -> 24506713) A Product Cipher is when we cascade a whole series of these S-boxes By cascading a sufficient number of stages in the product cipher, the output can be made to be an exceedingly complicated function of the input 6

Modern Algorithms

Modern Cryptography (Algorithms are usually public)


Symmetric Key Cryptography
Also known as conventional, single, secret, session, or shared key Only one key is used to encrypt as well as decrypt Fast for bulk data compared to Asymmetric, but less secure because you have to send the key to decrypt the message across the network.

Asymmetric Key Cryptography (Public Key, or key pair)


Two keys are used, one public (available to anyone), the other private The private key stays with the computer or user, hence private If you encrypt with the public you have to decrypt with the private If you encrypt with the private you have to decrypt with the public Very Slow for bulk data compared to Symmetric, but more secure.

Symmetric Key Algorithms


DES (Data Encryption Standard)

1977: US government adopted a product cipher developed by IBM It is no longer secure in its original form, still useful in a modified form Plaintext is encrypted in blocks of 64 bits (8 bytes) 56 bit key, 19 distinct stages Decryption uses the same key as encryption, in reverse DES Chaining is possible with DES in ECB (Electronic Code Book) mode

Triple DES or 3DES is highly secure


uses two keys and triple stages: encrypt, decrypt then encrypt Encryption & decryption is still mapping between sets of 64 bit numbers.

RC2, RC4, RC5 IDEA


International, designed by two researchers in Switzerland Like DES, 64 bit plain text input blocks are mangled in a sequence of parameterized
iterations to produce 64 bit cipher text output blocks 128 bit is used to generate 52 sub keys of 16 bits each Decryption uses the same algorithm, only with different sub keys

Other Block Ciphers


Blowfish, Crab, FEAL, KHAFRE, LOKI91, NEWDES, REDOCII and SAFER64

Asymmetric Key Issues


How to acquire the receivers public key
Implement PKI (Public Key Infrastructure)
The integrity of the public Key and the ability to bind a public key to its owner is crucial to the proper functioning of the system

Keys can be stored in Certificates using


Certificate authorities (CA) Verisign, Entrust, etc.. Proprietary Certificate Server (example: Microsoft Certificate Server) Use a mixture of both, CA and proprietary

Asymmetric Algorithms:

RSA (Rivest, Shamir & Adelman) from MIT patented by RSA 1977
Based on the difficulty of factoring large numbers, see Appendix Well suited for Encryption and digital signatures No requirement to use a particular hash algorithm for RSA signatures

El Gamal, 1985 Merkle and Helman 1978


Based on the difficulty of computing discrete logarithms Also Schnorr (1991) Based on the Knapsack Algorithm determine the contents of a knapsack from its weight based on Elliptic curves
9

Menezes and Vanstone, 1993

Mixing Symmetric and Asymmetric keys


Why mix the two technologies

Symmetric is faster (100-1000 times) for bulk data but less

secure Asymmetric is slower than Symmetric but more secure Asymmetric is less efficient to use for encrypting a message to be sent to multiple recipients, because each has to be encrypted with the receivers public key

Diffie-Helman Key exchange is the solution to the


above problems
We use the public key cryptosystem to encrypt the secret key
which is usually randomly created for that session (the secret key is the message to be encrypted and exchanged) Use the secret key (now called the session key) to encrypt and decrypt messages between the client and the server

10

Diffie-Hellman Key Exchange


Diffie-Hellman secret key Exchange Allows two users or computers to exchange a secret key 2 Messages are sent in the clear for anyone to intercept After the exchange of 2 messages they both have the key Now they can use conventional cryptography (symmetric) like DES, to exchange encrypted messages Bob picks a prime number p (512 bits), the larger the better Bob also picks g which is smaller than p Bob sends both numbers to Alice or publish them in the NY Times Each picks a 512 bit random secret number lets call them Sa & Sb Alice Ta = g^Sa mod p.Bob calculates Tb = g^Sb mod p They exchange their Ts i.e. Ta and Tb Alice Tb^Sa mod p Bob computes Ta^Sb mod p They both come up with the same number!!!

11

Integrity using Message digests


A message digest is a digital fingerprint of a message. It is the result of applying a mathematical algorithm (called hash function) Sender: A message digest (A hash function applied to the

message) is sent with the message. The digest is a fixed size (e.g. 128 bits) Receiver: the same hash function is applied to the message at the receiving end to calculate the 128 bit digest. This digest is compared with the one sent, if they match the message has not been tampered with

Properties of Message Digest Algorithms Input is of variable length, output is a considerably smaller fixed-

length size (e.g.128 bits, 160 bits or more) It is impossible to determine the original message from the digest, this is known as a one way function Algorithms should be relatively simple and non-CPU intensive Where are message digests used Digital signatures for non repudiation and trusts Integrity In Challenge response protocols where we send encrypted hashed passwords across the network, not in the clear.
12

Integrity using Message digests


Why use message digests instead of digital signatures? Digital signatures couples two distinct functions:
Authentication and Secrecy (Encryption)
Often authentication is needed but not secrecy. You want to send signed plain text documents, since encryption is slow and is not always needed

Most Common Message Digest Algorithms: MD5 Rivest 1992, generates a 128 bit digest, used on the internet SHA-1 (Secure Hash Algorithm-1) developed by NSA and blessed by NIST
Generates a 160 bit message digest which is more secure than MD5, but slower It is a government standard used by companies dealing with the government

MAC (Symmetric Message Authentication codes) use symmetric key Keyed Hashing - Hash a shared secret key along with the message HMAC special kind of keyed Hashing (keyed hash inside a keyed hash)
HMAC-SHA, HMAC-MD5
Example: All message authentication in IPsec uses HMACs

13

Digital Signatures provide:


Authentication, Integrity & Non-Repudiation

Digital signatures using Public Key Cryptosystems


Public Key signatures (swapping the roles of public and private keys) Sender encrypts the message with his or her private key Receiver decrypts the message with the senders public key which should be publicly available The piece of data encrypted with the private key is called a digital signature Common practice is to use a condensed version of the message (message digest) rather than the message itself. The message digest is the data to be encrypted instead of the whole message because 1) Sometimes the message is not secret, you only want to confirm who sent it 2) It is faster and less CPU intensive to send a smaller fixed size digest, Note: A message digest is generated by hash functions DSS Digital signature Standard is developed by NIST (National Institute of Standards) used by the US government Uses DSA (Digital Signature Algorithm) DSA requires the use of SHA as a hash function for signatures SHA is defined in FIPS (Federal Information Processing standard)

14

Authentication using a shared secret key


ChallengeResponse Protocols

The challenge is a unique binary number sent from server to client Client generates an encrypted value (the response) using the challenge and the password The Password is then not sent in clear text, but an encrypted hash of the password Challenge-Handshake Authentication protocol (CHAP) is configured on PPP servers Windows NT LAN Manager (NTLM) authentication uses Challenge Response Problem 1 Reflection attack Problem 2 It does not allow the users credentials to be delegated to a remote service and used in proxy. If you access a network service A that in turn requires access to another network service B, Service A cannot respond to the challenge of service B because it doesnt have the password Solution: Kerberos, which is also faster than NTLM Send the shared key (the message) using Public key Cryptosystems Use the shared key (session key) for secure encrypted communications for that session Problem: Fire Brigade attack or (wo)man in the middle attack Solution: The attack can be avoided by having both parties digitally sign their public keys

Diffie-Helman Key exchange (Establishing the shared Key)


Authentication using a Key Distribution Center (KDC)


Each user has a shared key with the KDC. Authentication goes through the KDC Problem: the replay attack, Fix: Use timestamps or a one time message number called a nonce in
each message. These nonces has to be remembered for ever and reject any message that had a previous nonce. What if a computer crashes? Nonces are lost

15

Authentication using a shared secret key

Multi-way Challenge response protocols (Needham-Shroeder)


Here we use fresh random numbers for session keys not static like previous Kerberos (a variant of Needham-Shroeder) there are two versions V4 and V5
Developed at MIT (RFC 1510) at Project Athena (1980s), the Kerberos Triangle: 1. The Clients to be authenticated 2. The service doing the authentication 3. The Kerberos Central System, called the key distribution center KDC At logon the user gets a session ticket based on an encrypted hash of the password The ticket is stored in a ticket cache associated with the user on the client computer When the client accesses a network service it presents the ticket, if the ticket is not available, the client will request a session ticket from the KDC which will be used for subsequent connections to the same service When client connects to the remote Network service the session ticket is sent as part of the protocol handshake Parts of the session ticket are encrypted using a shared secret key between the service and the KDC The Network service can quickly authenticate the request since it will have a copy of the secret key in its own cache Session establishment with Kerberos is much faster than Challenge response methods (NTLM for example). With NTLM the service has to pass the users credentials on to a domain controller for an additional authentication to occur Kerberos overcomes the Challenge/Response of NTLM with delegation, Kerberos delegation allows a service to impersonate a client
16

Certificates: types, and implementation

Certificate Types Server Certificates



Authentication and public key distribution of a web server for example

Client Certificates

Authenticates individual user or organization for web browser or e-mail


Validates certificates issued by a CA, installed on browsers

CA Certificates (Certificate Authority Certificates)

Certificate Format: X.509 v3 is the most widely used, it contains Version, Serial#, Algorithm identifier, Issuer, Period of validity, Subject (user
name), Subjects public key, the CA signature

Implementation of Certificates 1. Certificate Authorities: An ever-increasing number of CAs:


Verisign, Entrust, GTE, MCI, AT&T, Thwate.

2. Proprietary (e.g. implement Microsoft Certificate Server) 3. Mixing 1 and 2 above in a Hierarchy, trees of trusts, or using Cross

Certification. In a hierarchy you can follow the tree up to the root CA. Every certificate is signed by a higher certificate Authority in the hierarchy. The root CA has to be trusted because it signs its own Certificates at the top

Certificate Administration: Certificate disposition Tools to monitor and log the certificates issued,

denied, or pending further investigation Revoking Certificates; maintain and publish Certificate Revocation List
17

Secure Network Protocols


Privacy, Integrity, Authentication, Non-repudiation
Secure Channel Services - Slots between the Application & Transport layers SSL 2.0 /SSL 3.0 Secure Socket Layers ..Netscape & Consensus PCT 1.0 - Private Communications Technology...Microsoft TLS - Transport Layer SecurityMicrosoft (Windows 2000) Simpler and more robust solution, uses the best of SSL and PCT S-HTTP - Secure http S/MIME - (Secure Multipurpose Internet Multimedia Extensions) Secure e-mail Internet (ISP) or Intranet access Dial Up PPP uses CHAP as an authentication protocol (note: PPP itself is not secure) Internet or Intranet Access - LAN VPN - Virtual Private Networks (Private Networks are called tunnels) Cost effective compared to real private leased Networks for small organizations Uses PPTP (Point to point tunneling protocol)
Client to remote or LAN to LAN

Two more tunneling protocols expected to become industry standards

Layer 2 Tunneling Protocol (L2TP) ..combines the best of PPTP and a Cisco protocol Internet Protocol Security (IPsec): by IETF (secure tunneling using IP layer security)
18

How Secure Channels work?


1. Client asks server to identify itself (e.g. Barnes&noble.com) 2. Server sends its Server Certificate (which includes its public key), signed by the
Certificate Authority (CA) issuing the certificate. 3. Client uses its CA Certificate installed on its agent (browser) to verify that the digitally signed Server Certificate is authentic, hence the public key:
If the computed hash of the servers certificate matches the hash in the certificate, then the client will proceed and extract the public key of the server

4. Client asks server again to prove that it is the server it claims ( Barnes & Noble), 5. 6. 7.
because the certificate received by client could be hacked. Server sends its digital signature, which is a random block of data plus a message digest of this data encrypted with the servers private key Client verifies that the server is Barnes and Noble by recalculating the message digest sent in step 5, decrypting the digital signature and checking for a match between the calculated and sent digests. Client now generates a random secret key (session key), encrypts it with the Servers public key obtained from the Server Certificate and sends it to server Only the server can decode this session key because it can only be done by the servers private key. This shows how important to protect the private key Server sends an encrypted message (now using the shared session key obtained in step 8). Only the client now can decipher it. Communications then continues securely (encrypted) using the shared session key, only known to the client and server. Credit card information is sent etc
19

8.
9. 10.

Other Security Issues


Authorization
Authentication is only knowing who you are, it doesnt allow you to
access any resources Authorization is what you can access or do, based upon:
Operating System using ACL or DACL (Discretionary Access Control Lists) Database level or Application level authorization

Availability
There is no point in securing systems from external attacks that
really dont need attacks, they fail so often every now and then!! Data could be lost that way also

Auditing, monitoring and logging


Keep Non-Repudiate records of all transactions Active Auditing and offline auditing

20

Establishing Trust on the net


Internet and Intranet Security Zones

Same Computer, firewall protected Network, the Internet are examples of zones Each security zone can be set to one of the following security levels (Internet explorer)
Low automatically invokes any executable content Medium warns us before invoking any damaging content High excludes all content that can damage our computer Custom allows us to set various individual security settings

Privacy

Are you anonymous when you surf the internet?


The client IP address is known to the server through the http protocol With reverse DNS lookup they find you computer DNS name Hardware and software information is known through http, good for a hacker What http doesnt provide to the site you are visiting is then requested by asking you to register to get your name, e-mail address etc. Also they might ask you to enter competitions or sign a guest book..This information is worth a lot of money to marketing companies

Profiling

Very sophisticated tools to create reports about your activities on web and proxy servers Cookies Small item of coded information stored on the client from the server Should be stored in a defined area (4K) and cannot be executed Stealth cookies (example Double Click ) A user visiting a group of sites, could be redirected to a master site that can read the
single cookie shared by all these Microsoft sites (Microsoft site, MSNBC, MSN, hotmail, Expedia Travel, Internet Gaming Zone etc), redirect the user back to the site and passes the user identifier in the URL A good example of user activity tracking is Double Click Ad Network

21

Establishing Trust on the net


Content Protection

PICS Platform for Internet Content Selection


RSACi (Recreational Software Advisory Council Internet) is an implementation of PICS for computer games rating. Each RSACi label has four numbers indicating levels of violence, nudity, sex and offensive language

Potentially Dangerous Code that executes on the Client


Java Applets (Sun Microsystems)
The java sandbox A child is safe in a sand box, so is the client cannot be hurt from the applet Class loader manages the execution of the java code in a manner controlled from the region from where it originated Bytecode Verifier performs a series of checks to validate the integrity of any downloaded code and that the code was generated by a trustworthy complier Downloaded for each user session

ActiveX Controls (Microsoft)


Not restricted by a sand box, provides a greater functionality than with java applets No limits: Can create and modify files, do practically anything Relies on the users judgment as to whether the control can be trusted Microsoft developed Authenticode for that trust to become more defined Is typically only downloaded once and installed on the target client computer, a subsequent download will only occur if the html specifies that a newer version of the control is available

Distributing Safe code (Trusting the source)


Example: Authenticode by Microsoft, it is really for Accountabilitynot really safe

22

Managing Risk
Assessing the risk
What to protect and from whom Analyzing the worst possible security breaches and costs Choose a security strategy depending on usability and cost (financial and
tangible)

Implementation of a Security Policy, writing a policy document

Users and their responsibilities Access restrictions (Authorization) Procedures for backups and other maintenance operations Procedures to handle security violation incidents Procedures for handling audit logs Password policy Procedures to guarantee privacy of information Rules and regulations to download software from internet or intranet Physical security guidelines Implementing Firewalls and/or proxy servers Virus Protection Policy Continual Analysis of Risk involved Security mechanisms should be kept up to date with latest technologies There is always new types of attacks, brute force and others Use higher levels of encryption if necessary
23

Appendix: A taste of math (the RSA algorithm)


The math of the RSA algorithm (a public key algorithm, the most widely used) p = 61 <= first prime number (destroy this after computing e and d) q = 53 <= second prime number (destroy this after computing e and d) pq = 3233 <= modulus (give this to others, part of the public key) e = 17 <= choose public exponent (give this to others, part of public key) d = 2753 <= compute d: private exponent (keep this secret!)

Your public key is (pq, e). Your private key is d.


C = encrypt(T) = (T^17) mod 3233 T = decrypt(C) = (C^2753) mod 3233 encrypt(123) = (123^17) mod 3233 = 337587917446653715596592958817679803 mod 3233 = 855 decrypt(855) = (855^2753) mod 3233 = <very very large number> mod 3233=123 24

S-ar putea să vă placă și