se e ey to Security - Public.Resource.Orgample, when cli nt program u di tributed datab rver, it i...
Transcript of se e ey to Security - Public.Resource.Orgample, when cli nt program u di tributed datab rver, it i...
Passw 5More ophi ticated acce control ibased on uthentication heme. Authentication i an encrypted, digital ignature that allow two computer (orany two objects to verify th identityof e ch other. Much like having a per-on ign a piece of paper, authenti
cation allow u to verify the peron' identity (and thu hold that
per n to any promise he orh ha made): Thi digital
ignature i thu like a very long, verycomplex p word.
One exampl ofauthentication i having two electronic mail u rs coinmunicate. Another i protecting a naming rvice uch ovell' etWare,
actuallyfi rthan
••
can often determined by trying (in order) th name of your , your dogand your car. Oft n, h cker can imply w Ik by your office and 100 fornote on your tenninal; chance are, it'yourp word.
o • seey to Security
So sWrPass .,W often think of the mainframe in thegl hou providing the ultimatein ecurity. Product uch the Re-mote Acce Control Facilitya(RACF) for IBM mainframe lim-it cce to computing re urce inway that are intended to foil the effons ofeven the most detenninedh ker (or "cracker").
On the other hand, awork tation appears to bea ecurity manager'nightmare. Work tation are often man-ged by inexperienced people working
with e y-to-u operating y ternuch DOS, Macinto h, or even Unix
(th t i , Unix being "e y-to-u "onlyin comparison to MVS).
ee
by Carl
n mo t computer network , de~ rminin a person' identity i often donethrough p word. But un ncrypt dpa word ar e y prey for peopletryin to bre into your y t m: fore ampl ,pr tocol analyze an vi w
the nren of pack a diagn tic -pability. How v r, aJtemativ to pword e i t offi ring ophi ticat dm thod for comput r to protect theirconv tion from eavesdropping.
Authentication i th proce of nuring th identity of another obj ctu er, program or computer). For ex
ample, when cli nt program udi tributed datab rver, it i important to verify that the client i intend dto have cce to the r que ted data.
in c to data i mo t comm nlyba d on the id ntity of a u er, auth n-
. tic tion protocol provide a ure wayof d termining th t identity, preventingm uerade and other unauthorized temp to acce data.
inc p word are a primitive wayof providing auth ntication in thi article we 100 at public key cryptography, a phi ticated way for two computer to authenticate each other andthen protect their conversation fromave dropping.
,a InwOIl COIiPUlII' JU E 1" 1
K ys fA a re ult, mo t group tend to u e acombination of public and yrnmetricmethod . In uch cherne, public keycryptognlphy i used to encrypt a DESkey. Th recipient u a ret key todecrypt the credential ,exttacting theDES key. Thi ey i then u d todecrypt th actual me ge. Becau theDES key i randomly generated for eachtran action, and i then encrypted, they tern i quite ure'
The Internet, the worldwi researchnetwork u e an example of thi combination of public and ymmetric keymethod . The Internet' new PrivacyEnhanced ail (PEM) tandards it ontop of the regular mail protocol and donot require any chang to the underlyingin tailed base. Public key credential ,available to anybody, are till employed. In addition, h PE user gen-rate and secure an RSA private key.
To nd electronic mail, a DES key isused to ncrypt the tual message. Thepublic key i then u d to encrypt theDES key. Ole that in thi heme bothauthentication and encryption are usedat the same time. Authentication encryption to protect the credential t en-uring that the credential remain ate.
Encryption of the tual e rvanother purpose: protecting the eitself from unauthorized viewing.
In addition to me age encryption,
rity. The key in thi heme which canrang up to 512 digi long, can bei nificantly harder to break than key
generated with other he . Forexamp , one of the public key used by peoplecommunicating with RSA i 301 digitslong, requiring over one trillion ipyears to break, given the current tate ofresearch in number theory.
Public key are tored onname ervers throughout the network. Since public k y are not
n itive infonn tion they can befr ely di tributed. Th privatek y i gen rat d on your wor tation and tay there' it nevernter the networ . Whil public
k y cryptography i afe, it ialso ornewhat lower than manyother heme: public key encryption take loo to 1 000 time
long ymmetric en ryption.If every ingle packet needs to beauth nticated, public y cryptography would exact an undueperfonnance burden.
work, acce ible to all other users.To encrypt something, the public key
i used; are then decrypted using private key. Anybody can encrypt ame ge u ing the public ey, but theonly way to read it i with a private key.Public and priv key are the inverse of
h other: anything encrypted with onecan only be decrypted with the other. Amessage encrypted with a public key cannot be decrypted with the same ey; aimilar limitatioo appli to private key.
The value of public key ncryption iin the difficulty of reversing the algorithm. Since public key algorithm arebased on t toring, the basic decryptionproblem i how to take a large numberand bre it up into it factor. Thecomputational difficulty of breaking a
ey i typicallyexp in Mip-years:how many years of CPU time would aI-Mip machine take to break a key?
A recent example of key-breakingw conducted by team of re hersled by A. Len tra. The team used an ingeniou algorithm to break one of theimpl t possible 155-digit numbers: twoI' with 153 zeros in the middle. Eventhi " imple" too over 250 Mipyears. More complex I55-digit numberscan e i1y require million or ten ofmillion of Mip-y to be brok n.
Most public-key scheme u an algorithm developed by RSA Data Secu-
in re arch n twor ba ed on theTCP/IP protocol . The initi I applica-tion for OSI n twor (which u
.509) and TCP/IP i in el tronic mail.Rather than baring a ingle t key
tw n two , public y ncryptionu two key: public key and a privateey. J= h user receiv a private key. The
publi key is somepl on the net-
where it i important to n ure thcan't each oth' w . Au-thentication protocol can even be uto provide secure voice communicationand font encryption.
Authenti tion heme typically uencryption. Thi conceal data by conducting computation again t a key-analphanumeric tring. Encryption algorithm range from t t, impl methto more complex operation involvinglong key and difficult computations.
Th re are currently two fonn ofauth ntication in use: ymmetric key andpublic key. Symmetric e, typified bythe MIT-developed Kerbe y tern require two u to hare a key. That keyi then used with me fonn of encryption algorithm, uch the U.S. Go emment- pon red DES (the Data Encryption Standard), which i idely implemented both in hardware and ftware.
Once two u ers hare ymmebickey, they can encrypt and decrypt traffic on the network. In ord r to tartcommunicating, the initiating u erfonn a' ticket: compri ing th u r'cred ntial . A typical tick t h thename of the u er, the date th t the tick-
. t w fonn d and the date that the tic et expire. II thi infonnation i encrypted u ing the ymmetric key and
nt over the network. The program onthe other ide applie the ymmetric keyand d ryp the credential .
Putting time tamps into a credentialprevent a problem known a ionreplay. With replay, an unauthorizeduser pu a protocol analyzer on the network and capture th credential . Later, the credential are nt (or replayed)to an un u peeting target allowing thehac er to impersonate 1 gitimate u r.Time tamps make the c ntial worthIe after a hort period of time.
The dvantage of ymm tric keycheme like DES i that they are re
latively t t. But ey di bibution center are the weak lin in y tem likeKerbe . The key di tribution center ith computer that p out the ey tothe two computer that wi h to communicate with each other. Thi i thecia ic boot trap problem: If the keydi tribution center i al 0 on the network, how do we prot ct th information it di perse ?
International tandard, uchX.509, u an alternative methodknown public key encryption. Publickey encryption also fonn the emergingtandard for priv y and authentication
JU E"'1 InwOIl (0 , TI , "
Carl Malamud writes professional refer, nce books. He can be reached [email protected] (Internet) orcnUllamud (MCI Mail).
wid varietyof ituation.Lotu ,for exampl ,utection mechani m in ote, itgroupware oftware for conferencing.Th arne t chnology i al 0 u ed in
ovell' etWare a part of it newnaming rvice.
While ote and etWare are twofairly obviou u e for th RSA product , th re are ome Ie intuitive application . Tektronix, for example, upublic key cryptography to pro t fonon their printer . Motorola u e tharne technology to provid ecure
voice communication ,encrypting entire conve tion. Even mart cards canu public key cryptography to authenticat a card to the d vice that i readingit (and vice ve a).
Companie like RSA are beginningto addre the ecurit infra tructureon network ,m jng large public networ like the Internet more ecure.The ame ecurity infrastructure i being u d in di tributed wor group ,with oftware uch a ote and etWare. Increa d and improved curity. rather than clo ing off network • imaking them more tru t d and thumore u able.
Authentication make each com-puter parat ecurit re 1m. Fi t,RSA public key crypto raphy Ilowtwo compute to auth nti at h other; th n DES en ryption pre rv theconfidentiality of c mmunication in aparticular ion.
Authentication ba ed on public keycryptography i tarting to get u ed in a
data for th ir cli n ,plu a host of othr rvic . Howe er the data that a
eli nt leave on a h t may encryptedo that th erver and it other u r
have no idea hat th data means.Client ,on th other hand can allow
public acc to a few portion of theirlocal file y tem and eal off others.Priv te ey are tored in private
On a centralized, time baring y tern,o you've broken the initial front doory u've gone a long way toward compromi ing th curity of many otheru e . On a wor tation, you've onlycompromi done u r. If you want toacce another work tation' data, youhav to tart from ratch and b intothe new y tern.
But there' on potential problem inuch a chain. Whil authentication w
between computer • we till need toauth nticate th u r on th fir t comput r. The current method of doing ithi i a p word.
If p words are going to work on awor tation th work tation mu t bephy ically ured. Th re n to be away to prevent unauthorized u fromwandering around and rebooting workt tion in uperu er mode, uch a
locking the compu~ r in a room. Phy ical curity, mart card ,proper pas word admini tration and other management technique are th way tohandle thi problem, di tributing theri of a break-in.
ke around ith them. But ven a martcard t nd to require pe nal id ntification num r (equi I nt to a pw rd to n ure gain t 10 .
t-I u ticuth ntication i clearly ben r than
pa ord-b d control alon ,providing a mor ophi ticat d way of handling thing than a p word. Think ofthe p word key being nt in unencrypted form. pas word i typicallyonly eight to 12 characte long, i managed by a ingle pe on, and i tranmitt dover th network wire. In con-
t an RSA public key i vailable toall people while the private ey, equival nt to the p word but mathematically mor ophi ticated i virtually' ungue ble" and never en~ the network.
In ord r to u auth ntic tion, ho ever, you really need a computer.You're not going to rem mber a 512-bitquantity, let alone generate the encryption, m age integrity check ,andother a pect of a privacy-enhancedcomputing environment without omcomputational help.
Since people are unabl to remember their private key , mo t y temtor a per on' private key encrypted
by a p word-not the be t Y tern becau e th first computer in th chain itill vulnerable to a pa word attac .
Thi proce doe, how ver, prev ntwords from ever bowing up clear
text on the network, which remain oneof the bigge t urity threats. Ofco ,mart card , which place electronically
encod d infonnation on a credit cardized key, will eventually change thi ,
allowing people to carry their private
the me ag includinfonnation: theCh c IC). The12 -bit quantity ba
10