Copyright © William G. Cafiero, 2001 GE Global eXchange Services Page 1 A Review of Security...

Copyright © William G. Cafiero, 2001

GE Global eXchange Services

A Review of Security Concerns,

Techniques and Methodologies

A Review of Security Concerns,

Techniques and Methodologies

<Bills_Info> <Name>Bill Cafiero</Name> <Phone>972-231-2180</Phone> <e-mail>[email protected]</e-mail></Bills_Info>



Dot-Com is fast becoming DOW-Com

The Internet is going to be about a lot more than the ability to call up stock quotes. It will really explode for us when broadband arrives.Disney CEO Michael Eisner

As highlighted in the now-famous destroyyourbusiness.com speech, old-line companies have to think in radically new ways. GE Chief Jack Welch

Évery dealer in this country has about 70 days of supply. In simple truth, there's tremendous waste in that.GM CEO Jack Smith

Honeywell intends to use the Internet to cut costs by $500M-$1B no later than 2005. Chairman Lawrence Bossidy



Strengths Become Weaknesses

• Access points become International

• Partners Can Now Collaborate

• You’ll have access to your partners (and they’ll have access to you)

• Employees can work from home, at night, over the weekends, and on holiday

• Application servers can support entire divisions

• Every internal modem is now a gateway into a network of networks



A New Focus Is Needed

Source: Forrester Research, Inc.

Access is granted to employees only

Applications and data are centralized in fortified IT

bunkers

Security manager decides who gets

access

Internal focus

Centralized assets

The goal of security is to protect against

confidentiality breaches

Prevent losses

IT control

Yesterday

Suppliers, customers, and prospects all need some form of access

Applications and data are distributed across

servers, locations, and business units

The goal of security is to enable eCommerce

Business units want the authority to grant

access

External focus

Distributed assets

Generate revenue

Business control

Today



But there are security challenges

• Electronic Business Is a Priority

– “Time to market” will always win over security if you are not careful

• Dynamic Networks and Security Confusion

– Who owns security? Who knows about new projects, new networks, new connections?

• Limited Security Resources and Expertise– Security administrators in California earn an unburdened

average of $73,863 (SANS 2000 salary survey)

– Average turnover is 24 months.

• Security Management Is Too Complex



…and more security challenges



Some Examples



Sources inside the credit-card industry told ZDNet News that Egghead may warn up to 3.7 million credit-cards holders that their card numbers had been stolen.

We can only guess what this breach cost Egghead in terms of downtime, audit, negative PR, and lost business.

Credit Card Data



Clay Shirky, a well-known open source pundit and partner with New York investment firm Accelerator Group, is thrilled by all this network openness. "I'm not worried about security, because security and convenience are always a tradeoff," he

explains.

New technology is cool, but hardly ever secure

"We walked around the Financial District with a laptop and an antenna, and we could pick up about six networks per block," says Matt Peterson, a network engineer



AirTran



AirTran Hacked



Nothing is Sacred



Consequences

• Lack of consumer confidence

• Exposure to Legal Liability

• Decreased Stockholder Equity

• Damaged Image - 30 Seconds on CNN

• Decreased Employee Productivity

• Loss of Intellectual Property & Assets



The Issues

The rest of this presentation deals with message security:

• What are our security needs?

• Just how do cryptographic security techniques work?

• In other words - a primer on authentication, encryption, digital signatures and key management



Alice and Bob are planning a merger

ConfidentialityConfidentiality

What are the Security Needs?

Now I have the details on the merger



AuthenticationAuthentication

I will convince Bob that I am Alice




IntegrityIntegrity

I’ll just change this a bit. Bob will never notice




Non-repudiationNon-repudiation

Neither can you Alice

You can’t deny your role in this transaction Bob




Encrypt Decrypt

PlainText CipherText PlainText

qazws ed ty xedcr dcrfv ui rgbth thn olputui n loijg frt ugd iopyt nuytrbyi

Basics of Encryption

Encryption satisfies two of our needs:• Confidentiality - Original data is completely private• Integrity - Data has not been altered

Plus encryption provides an additional feature:• Access Control - Only those who have the right keys

can decrypt the CipherText

Encryption satisfies two of our needs:• Confidentiality - Original data is completely private• Integrity - Data has not been altered

Plus encryption provides an additional feature:• Access Control - Only those who have the right keys

can decrypt the CipherText

This is plain text. It can be read by anyone.




Encryption

There are two types of algorithms

• Symmetric (or Private Key) algorithms

• Asymmetric (or Public Key) algorithms

Both types of algorithms have advantages and disadvantages

Both types of algorithms have advantages and disadvantages



Private Key Encryption

Encrypt Decrypt

Shared Key


Symmetric Encryption• Ex: Data Encryption Standard (DES)

Symmetric Encryption• Ex: Data Encryption Standard (DES)



Encrypt Decrypt

Bob’s Public Key

Bob’s Private Key


Public Key Encryption

Asymmetric Key Encryption

• Ex: Rivest Shamir Adleman (RSA)

Asymmetric Key Encryption

• Ex: Rivest Shamir Adleman (RSA)



Bob’s Public Key

• Made publicly available to others

• Used by others to encrypt message for Bob; or…

• Used by others to verify Bob’s digital signature

Bob’s Private Key

• Kept secret and secure by Bob

• Used by Bob to decrypt messages from others; or…

• Used by Bob to generate his digital signature

Public Key Encryption

Knowing the public key, it is not possible to deduce the private key

Knowing the public key, it is not possible to deduce the private key



Sign Verify

PlainText Signed PlainText

Basics of Digital Signature

Digital Signatures satisfy the last two needs:• Authentication - The originator’s signature is on the file• Non-repudiation - The originator cannot deny signing the file

Digital Signatures satisfy the last two needs:• Authentication - The originator’s signature is on the file• Non-repudiation - The originator cannot deny signing the file



tybs58bdn6



Alice’s Signing Process

Calculate hash

Encrypt hash with Alice’s private key

Bob’s Verification Process

Compare decrypted hash with fresh hash

Calculate fresh hash

= ?

How a Digital Signature Works

Signed PlainText

Decrypt original hash with Alice’s public key


tybs58bdn6

nh9ft4mjae



tybs58bdn6

tybs58bdn6tybs58bdn6

nh9ft4mjae

nh9ft4mjaetybs58bdn6



Encrypt and Sign

Decrypt and Verify

PlainText

Signed CipherText

Putting it All Together

PlainText

• Confidentiality• Authentication• Integrity• Non-repudiationand• Access control

• Confidentiality• Authentication• Integrity• Non-repudiationand• Access control

Verify Hash



tybs58bdn6

qazws ed ty xedcr dcrfv ui rgbth thn olputui n loijg frt ugd iopyt nuytrbyi

Are we done yet?Are we done yet?



Another Issue

I’ll just substitute my public key for what Alice thinks is Bob’s public key

Encrypt Decrypt

Bob’s Private Key

PlainText PlainText

Decrypt

Interloper’s Private Key

Encrypt

Interloper uses Bob’s Public Key

Public Key Substitution RiskPublic Key Substitution Risk

CipherText

Alter

Interloper’s Public Key Masquerading as Bob’s Public Key

It’s a valid message from Alice



Certificate Issuance

Binds a key to its owner

Digitally signed by a “certification authority”

• Guarantees integrity

• Authenticates the owner

Prevents masquerading

Establishes trust

An electronic version of a “notary public”

Bob



Key Expiry and Update

Public key expiry date defined in certificate

• Set by security officer

Key update

• Automatic

• Transparent

• Different rules for encryption and digital signature key pairs

Key histories

• Easily decrypt data protected with “old” keys



Third Party Trust

Alice Bob

Certification Authority

Third Party TrustThird Party Trust

Trust Trust

Trust



Cross Certification

Carol Ted


Trust Trust

Trust

Alice Bob


Trust Trust

Trust

Cross Certify



The Real Issues

Cryptographic algorithms are not the problem

The problems are:

• Large scale key management

•Establishing and maintaining third party trust

•Corporate control of information

• Making cryptography accessible to everyone, across applications

•Security has to be easy to use

Key management issues...Key management issues...



Key Management

The most difficult security problem

• Generating keys

• Keeping backup keys

• Delivering keys

• Dealing with compromised keys

• Changing keys

• Destroying old keys

The Public Key advantageThe Public Key advantage



Key Management Lifecycle

Bob

Bob

Key Generation

Certificate Issuance

Key Usage

Key Expiry

Key Update



Summary

Five key security requirements• Confidentiality - Encryption• Integrity - Encryption• Authentication - Digital signature• Non-repudiation - Digital signature• Access Control - Encryption

Two types of algorithms• Private Key - Symmetric• Public Key - Asymmetric

Importance of key management

Certification of public keys

Make security easy to use and implement it across all of your important applications

Make security easy to use and implement it across all of your important applications



Thank Thank youyou

Copyright © William G. Cafiero, 2001 GE Global eXchange Services Page 1 A Review of Security...

Documents

Transcript of Copyright © William G. Cafiero, 2001 GE Global eXchange Services Page 1 A Review of Security...