John Kim, Co-Director E: [email protected] P: 213.989.1300 x127
POSTECH ITEC559 Su 03 1 ITEC559 Secure Internet Protocols Lecture 11 POSTECH Prof. Jong Kim © 2003...
-
Upload
ashley-fagan -
Category
Documents
-
view
216 -
download
0
Transcript of POSTECH ITEC559 Su 03 1 ITEC559 Secure Internet Protocols Lecture 11 POSTECH Prof. Jong Kim © 2003...
POSTECH ITEC559 Su ‘03 1
ITEC559Secure Internet Protocols
Lecture 11
POSTECH
Prof. Jong Kim© 2003 JKIM@POSTECH
POSTECH ITEC559 Su ‘03 2
Lecture Topics
• Week3 : Secure Email– Mon : E-mail, SMTP Security
– Wed : PEM, S/MIME
– Fri : PGP, openPGP
POSTECH ITEC559 Su ‘03 3
PGP
POSTECH ITEC559 Su ‘03 4
PGP
• PGP=“Pretty Good Privacy”
• Widely used de facto secure email
• First released in 1991, developed by Phil Zimmerman, provoked export control and patent infringement controversy.
• Selected best available crypto algs to use;
• Integrated into a single program;
POSTECH ITEC559 Su ‘03 5
Pretty Good Privacy (PGP)
• Available on Unix, PC, Macintosh and Amiga systems ;
• Originally free, now have commercial versions available also.
• Freeware: OpenPGP and variants:– www.openpgp.org, www.gnupg.org
• Commercial: formerly Network Associates International, now PGP Corporation at www.pgp.com
• OpenPGP specified in RFC 2440 and defined by IETF OpenPGP working group.– www.ietf.org/html.charters/openpgp-charter.html
• Available as plug-in for popular e-mail clients, can also be used as stand-alone software.
POSTECH ITEC559 Su ‘03 6
PGP
• Functionality similar to S/MIME:– encryption for confidentiality.
– signature for non-repudiation/authenticity.
• One level of processing only, so less flexible than S/MIME.
• Sign before encrypt, so signatures on unencrypted data - can be detached and stored separately.
• PGP-processed data is base64 encoded and carried inside RFC822 message body.
POSTECH ITEC559 Su ‘03 7
PGP Algorithms
Broad range of algorithms supported:
• Symmetric encryption:– DES, 3DES, AES and others.
• Public key encryption of session keys:– RSA or ElGamal.
• Hashing:– SHA-1, MD-5 and others.
• Signature:– RSA, DSS, ECDSA and others.
POSTECH ITEC559 Su ‘03 8
PGP Operation – Authentication
1. Sender creates a message;2. SHA-1 used to generate 160-bit hash code of
message;3. Hash code is encrypted with RSA using the sender's
private key, and result is attached to message;4. Receiver uses RSA or DSS with sender's public key
to decrypt and recover hash code;5. Receiver generates new hash code for message and
compares with decrypted hash code, if match, message is accepted as authentic.
POSTECH ITEC559 Su ‘03 9
PGP Operation – Confidentiality
1. Sender generates message and random 128-bit number to be used as session key for this message only;
2. Message is encrypted, using CAST-128 / IDEA/3DES with session key;
3. Session key is encrypted using RSA with recipient's public key, then attached to message;
4. Receiver uses RSA with its private key to decrypt and recover session key;
5. Session key is used to decrypt message.
POSTECH ITEC559 Su ‘03 10
PGP Operation – Confidentiality
(Stallings Fig 15.1b)
POSTECH ITEC559 Su ‘03 11
PGP Operation – Confidentiality & Authentication
• Uses both services on same message:– Create signature & attach to message,
– Encrypt both message & signature,
– Attach RSA (or ElGamel) encrypted session key.
(Stallings Fig 15.1c)
POSTECH ITEC559 Su ‘03 12
PGP Operation – Compression
• By default PGP compresses message after signing but before encrypting:– So can store uncompressed message & signature for
later verification,
– & because compression is non deterministic;
• Uses ZIP compression algorithm.
POSTECH ITEC559 Su ‘03 13
PGP Operation – Email Compatibility
• When using PGP will have binary data to send (encrypted message etc);
• However email was designed only for text;
• Hence PGP must encode raw binary data into printable ASCII characters;
• Uses radix-64 algorithm:– Maps 3 bytes to 4 printable chars,
– Also appends a CRC;
• PGP also segments messages if too big.
POSTECH ITEC559 Su ‘03 14
PGP Operation – Summary
(Stallings Fig 15.2)
POSTECH ITEC559 Su ‘03 15
Format of PGP Message
(Stallings Fig 15.3)
POSTECH ITEC559 Su ‘03 16
PGP Session Keys
• Need a session key for each message:– of varying sizes: 56-bit DES, 128-bit CAST or IDEA, 168-
bit Triple-DES;
• Generated using ANSI X12.17 mode;
• Uses random inputs taken from previous uses and from keystroke timing of user;
• Random input is used to provide key and plaintext which is encrypted to provide session key.
POSTECH ITEC559 Su ‘03 17
PGP Public & Private Keys
• Since many public/private keys may be in use, need to identify which is actually used to encrypt session key in a message;
• Could send full public-key with every message, but this is inefficient;
• Rather use a key identifier based on key:– is least significant 64-bits of the key,
– will very likely be unique,
• Also use key ID in signatures.
POSTECH ITEC559 Su ‘03 18
PGP Key Rings
• PGP supports multiple public/private keys pairs per sender/recipient.
• Keys stored locally in a PGP Key Ring – essentially a database of keys.
• Each PGP user has a pair of keyrings:– Public-key ring contains all the public-keys of other PGP
users known to this user, indexed by key ID,
– Private-key ring contains the public/private key pair(s) for this user, indexed by key ID & encrypted using a key derived from a hashed passphrase.
POSTECH ITEC559 Su ‘03 19
PGP Key Rings
(Stallings Fig 15.5)
POSTECH ITEC559 Su ‘03 20
PGP Key Management
• Rather than relying on certificate authorities in PGP every user is own CA:– can sign keys for users they know directly;
• Forms a “web of trust”;– Trust keys signed by someone you “trust”,
– Can trust keys others have signed if have a chain of signatures to them;
• Key ring includes trust indicators;
• Users can also revoke their keys.
POSTECH ITEC559 Su ‘03 21
PGP Key Management
• PGP adopts a completely different trust model – the web of trust.
• No centralised authority like a root of trust in X.509.
• Individuals sign one another’s public keys, these “certificates” are stored along with keys in key rings.
• PGP computes a trust level for each public key in key ring.
• Users interpret trust level for themselves.
POSTECH ITEC559 Su ‘03 22
PGP Trust Model Example
(Stallings Fig 15.7)
POSTECH ITEC559 Su ‘03 23
Key Management for PGP and S/MIME
• PGP and S/MIME use – public keys for encrypting session keys / verifying
signatures.
– private keys for decrypting session keys / creating signatures.
• Where do these keys come from and on what basis can they be trusted?
POSTECH ITEC559 Su ‘03 24
PGP Trust Levels
• Trust levels for public keys dependent on:– number of signatures on the key;
– trust level accorded to each of those signatures.
• Trust levels recomputed from time to time.
• See Stallings pp. 132-136 for details.
POSTECH ITEC559 Su ‘03 25
PGP Key Mgmt Issues
• Original intention was that all e-mail users would contribute to web of trust.
• Reality is that this web is sparsely populated.
• How should security-unaware users assign and interpret trust levels?
• Later versions of PGP support X.509 certs.
• PGP fine for small groups and out-of-band public key distribution (eg floppy).
POSTECH ITEC559 Su ‘03 26
E-mail Security: Beyond PGP and S/MIME
• PGP and S/MIME counter the basic threats to confidentiality, integrity and authenticity of e-mail quite well (assuming good key management).
• They don’t protect against other threats (virus, DoS, disclosure, unauthorized use,…)
• They don’t provide any protection against traffic analysis.
• Additional security measures are needed.
POSTECH ITEC559 Su ‘03 27
Anti-virus and Content Filtering
• Supplement mail server (or client desktop?) with content filtering software– Block e-mails with active content or specific attachment types.
– Reject suspected spam e-mail.
– Scan incoming and outgoing e-mail for viruses and inappropriate content.
– Add legal disclaimers.
– Server cannot apply content filter to encrypted e-mail!
• Significant load on mail server, may annoy end users (but whose e-mail is it anyway?)
POSTECH ITEC559 Su ‘03 28
Anti-spamming Protection
• Configure mail server to disallow mail relay feature.
• Prevents server being used as an agent to forward e-mail for third parties.
• Discard all e-mail from servers on Open Relay Blacklist (ORB).
POSTECH ITEC559 Su ‘03 29
Firewalls and Mail Servers
• Place mail server behind a firewall in network.
• Configure firewall to block all external traffic to/from MTA except on port 25 (SMTP).
• Configure firewall to block all internal traffic to/from MTA except on ports 25, 110 (POP3) and 143 (IMAP)
– and other ports as needed – eg SNMP management.
• Limits attack possibilities on mail server, but successful attack may give access to internal systems.– Need additional security measures on server.
• Other (better) firewall/mail server/border router configurations possible – see Lecture 10.
POSTECH ITEC559 Su ‘03 30
Mail Server Hardening
Take additional measures on mail server:
• Harden OS:– Remove unnecessary accounts, applications and network services.
– Apply latest OS vulnerability patches.
• Harden mail server application (eg sendmail, M’soft exchange):
– Use latest versions of software.
– Choose appropriate configuration settings (eg limit attachment sizes, mail relay features and file permissions).
• Specific guidelines in NIST Report Appendices E&F.
POSTECH ITEC559 Su ‘03 31
Mail Server Administration
• Log server data and review log files regularly (consider automated analysis).
• Keep up-to-date with latest patches and vulnerability alerts.
• Use only console-based administration, or use SSH if remote admin really needed.
• Take appropriate backups of mail server and user mail.
• More guidelines in NIST Report Chapter 8.
POSTECH ITEC559 Su ‘03 32
Client Side E-mail SecurityAgain, proper configuration and patching are essential:
• Disable automatic message preview.
• Disable active content processing (ActiveX, Java, Javascript,…).
• Disable POP/IMAP “remember this password?” dialogue boxes if possible.
• Consider use of SSL to protect SMTP, POP and IMAP.
• Be aware of extra risks of web-based access:– Key stroke logging and user credential capture.
– Content over http may bypass content filters.
POSTECH ITEC559 Su ‘03 33
E-mail Policy and Training
• Develop and publicise an e-mail policy for users– Rules of use, definitions of abuse of service, clarify
ownership of e-mail.
• Ensure users sign-up to policy before use.
• Raise awareness of security issues in your organisation through training.
• Local policy at:www.rhul.ac.uk/information-services/computer-centre/
regulations/computer-use.asp
POSTECH ITEC559 Su ‘03 34
Summary
• E-mail is routed across internal LANs and the public Internet.
• E-mail is subject to many threats.
• E-mail also enables many threats!
• PGP and S/MIME can address part of the problem through encryption and signature mechanisms.
• Addressing the remaining issues requires a careful blend of computer and network security countermeasures.
POSTECH ITEC559 Su ‘03 35
E-mail Resources
• NIST Special Publication 800-45:
Guidelines on Electronic Mail Security by S. Bisker, M. Tracy and W. Jansen. Available from:
http://csrc.nist.gov/publications/nistpubs/index.html
• Stallings Chapter 5: more on PGP and S/MIME
• Open PGP: www.openpgp.org
• PGPv7 on ISG lab machines.
• S/MIME: www.ietf.org/html.charters/smime-charter.html
• All the RFCs are at www.ietf.org as usual.