Cryptography in e-Business

Guest Lecture, November 13, 2006, Olin College

Steven R. GordonProf. of Info Tech ManagementBabson College

Agenda

Simple protocols– Logging in: MS-CHAP

PKI Protocols– About PKI– Secure Email– Secure Web Transactions: SSL

Logging InWith

MS-CHAP

A Simple Application

MS-CHAP Challenge-Response Authentication Protocol

2.Verifier sends Challenge Message

Challenge

Applicant(Client)

Verifier(Server)

1.Verifier creates

Challenge Message

Note: Both the client and the serverknow the client’s password.

Source: Panko: Corporate Computer and Network Security by Raymond Panko, Prentice-Hall, 2005.

MS-CHAP Challenge-Response Authentication Protocol

3. Applicant creates a Response Message:

(a) Adds password toChallenge Message

(b) Hashes the resultant bit string

(c) The hash is theResponse Message

ChallengePassword

Response

Hashing(Not Encryption)

Source: Panko: Corporate Computer and Network Security by Raymond Panko, Prentice-Hall, 2005.

MS-CHAP Challenge-Response Authentication Protocol

4.Applicant sends Response Message without encryption

Transmitted Response

Source: Panko: Corporate Computer and Network Security by Raymond Panko, Prentice-Hall, 2005.

MS-CHAP Challenge-Response Authentication Protocol

ChallengePassword

Expected Response

Hashing

5. Verifier adds password to theChallenge Message it sent.

Hashes the combination.This is the expectedResponse Message.

Source: Panko: Corporate Computer and Network Security by Raymond Panko, Prentice-Hall, 2005.

MS-CHAP Challenge-Response Authentication Protocol

Expected ResponseTransmitted Response =?

6. If the two Response Messages are equal, theapplicant knows the password and is authenticated.Sever logs Client in.

Note that only hashing is involved.There is no encryption.

Source: Panko: Corporate Computer and Network Security by Raymond Panko, Prentice-Hall, 2005.

Advantages of MS-CHAP

The password never gets transmitted Eve can see the challenge and response Eve cannot learn the password Eve cannot respond to the challenge

Problems With MS-CHAP?

Solutions to Key Distribution Problem A selects a key and physically delivers it to B.

Trusted third party key distribution center selects a key and physically delivers it to A and B.

If A and B already share a key, it can be used to distribute a new key.

If A and B already share keys with key distribution center, it can distribute a new key.

Or …

Public Key Encryption Each user gets a pair of keys

– 1 private; 1 public

Public key is shared with the world and used for encryption

Private key is kept private and used for decryption

There is no way to determine the private key from knowledge of the public key

There is no need to exchange keys secretly

Public Key Encryption

Alice createsmessage

Bob’s public key Bob’s private key

Bob readsmessage

Encryptedmessage

Eve cannot read intercepted message becauseEve does not have Bob’s private key

Authentication

How does Bob know that message came from Alice?

Everyone knows Bob’s public key Solution:

– Alice signs the message

Authentication: Signing a Message

Alice hashes the message

She encrypts the hash, date, and time with her private key and appends it to message (signature)

Then entire message is encrypted with Bob’s public key

How Does Bob Know Message is From Alice? Bob decrypts the message and reads the

signature

Tries to decrypt the signature with Alice’s public key– OK: Must be Alice -- only she has the

corresponding private key– Not OK: Sent by someone else

Non-Repudiation

Alice cannot repudiate message Signature is hers Signature hash matches document Nobody else could have sent it and Bob

could not have made it up

Integrity

Nobody can intercept the message, modify it, and resend

If so, hash would be incorrect

Potential Problems with Public Key Cryptography Too hard to keep track of all partners’ public keys What if partner wants to change public key

(perhaps private key was compromised)? Cannot trust sender to send you their public key,

because they could be imposter Solution is Public Key Infrastructure

Solution -- Digital Certificate

What is it?– Document signed with the private key of a well

known third party (certificate issuer)

What does it contain– Name and public key of certificate owner– Serial number, expiration date– Other info on rights and privileges of owner– Name of certificate issuer

Public Key InfrastructureAnalog to Physical World

Physical

Signatures/Seal Envelope ID (passport/license) Notary/Bank

PKI

Digital Signature Encryption Digital certificate Certificate authority

Certificate Authority (CA)

The CA is a trusted and known authority for issuing digital certificates

Examples:– Verisign– Thawte– InstantSSL

How Does Bob Know Alice’s Certificate is Valid? It is “signed” by a recognized certificate

authority It identifies Alice and her public key

Key Management Issues

Who generates the key pairs?– Should the CA have access to everyone’s

private key?– If the CA doesn’t have a copy of the private

key, how does it know that it has the right public key

Key Management Issues

Should the CA need to see physical proof of identity before issuing a certificate?– If not, how can CA avoid being fooled?– If so, how can CA have adequate geographical

coverage?

Key Management

What if a company wanted multiple keys for its different subsidiaries, departments, and/or servers?– Should it be allowed to generate new keys and

sub-certificates?

Key Management

Where and how should private keys be stored?

How can a certificate be revoked? How is a certificate renewed?

PKI Components and Relationships

Source: PGP Corporation webcast, “PGP Education Series -- Is PKI Relevant?”, viewed on 3/18/04.

PKI Components

Need to add Certificate Revocation List– Usually maintained by CA– Periodically downloaded to CA’s cross-

certificate partners

Hierarchical Trust Relationships

Trust users if you trust the root CA

Trust based on brand

Example: Verisign

Source: http://www.pgpi.org/doc/pgpintro/

Network Trust Relationships

There is no root authority

Based on who knows who

Assumes six degrees of separation

Example: PGP

PKI Standards Leave (too many?) Options X.509 Version 3 Certificate

– Version, Validity period, Serial Number

– Issuer identifier (could be domain name, email, or directory name) and signature

– Subject identifier (same options), public key, and algorithms used for encryption

– Optional identifiers for issuer and subject

– Optional extensions

– CA’s digital signature

Examples of Optional X.509 Certificate Extensions List of allowed uses (such as only for email) Certificate policies Subject directory attributes CRL distribution points Additional signers

PKI Application: Secure Email

Obtain a Free Personal Digital Certificate Go to Comodo Fill out form selecting defaults Accept

Pick Up and Install Digital Certificate Within a few minutes, you’ll receive email

with your collection password Click on Collect and Install Certificate If you are using Outlook

– Follow the instructions to pick up and install your digital

Otherwise, do not continue until you have Outlook installed and configured

Configure Outlook to Use Your Certificate In Outlook, select Tools/Options/Security Click the “Settings” button in the Encrypted e-

mail section Click the “Choose” button to select your

certificate for signing and encryption Check “Send these certificates with signed

messages” Click OK, Apply, and OK

Sign An E-Mail Message

Create an email message to yourself Click Options/Security Settings/Add

Digital Signature Send the message

Check Your Digital Signature

Note “secure message” icon in your inbox next to incoming message

Open message. Note security iconin upper right corner

Click on the security icon

Click on Details

Click on Signer thenView Details

Click onView Certificate

Explore:Issuer StatementTrust tabCertification Path tab

Now click on Details tab

Click on any of the fields, includingPublic key, to seecertificate details.

Close the Message

Click OK and Close and Close to return to the message view

Close the message

Optional: Configure Outlook to Always Use Your Certificate Select Tools/Options/Security Check “Add digital signature …” Click Apply and OK

Adding Encryption

Create a new message to yourself Select Options/Security Settings/Encrypt Try to send the message. What happens? You can only send encrypted messages to

people whose public keys are published

Publish Your Public Key

Select Tools/Options/Security Select “Publish to GAL…”

– Outlook confirms you are publishing your key to the global address list

– Click on OK– Click on OK again to close Security window

Test Your Encryption

Send yourself a message Note encryption icon

next to message in inbox Click on blue lock icon in upper right corner

Details are availablefor the EncryptionLayer.

If message is signed, details will also be available for the signer.

Your Certificate is Known to IE

Select Tools/Internet Options/Content

Click Certificates Highlight your Comodo

certificate Click on View

PKI Applications: Secure Web Transactions With SSL

Works below the application layer Creates a secure channel between a client

and server Can be used to secure a “session”

SSL Protocol Simplified

Source: http://www.rdcormia.com/COIN56/presentations/Security.ppt

SSL Pros and Cons

Server authentication Client authentication Integrity Confidentiality Establishes “session” Can be used by any

application

No support for non-repudiation

No encryption of IP or TCP headers

Pros Cons

How HTTP Uses SSL

HTTP invokes SSL if URL starts with https://

Browsers display a lock when in the status area when SSL is in use

Contact Information

Prof. Steven GordoneMail: gordon@babson.eduTel: 781-239-4571Web: http://faculty.babson.edu/gordon