Security- Chapter 7Security- Chapter 7

By Carrie Mace

And Bill Coley

Chapter 7: SecurityChapter 7: Security

7.1 Introduction

7.2 Overview of Security Techniques

7.3 Cryptographic algorithms

7.4 Digital Signatures

7.5 Cryptographic Pragmatics

7.6 Case Studies

Next

Previous

OverviewOverview

Security is needed to guarantee the privacy, integrity and availability of resources

Designers of secure distributed systems must cope with the possibility of exposed service interfaces and insecure networks

Next

Previous

Types of Service AttacksTypes of Service Attacks

MasqueradingTampering Denial of Service

Next

Previous

CryptographyCryptography

Provides the basis for the authentication of messages as well as their secrecy and integrity

Cryptographic algorithms and the management of keys are critical to the security mechanisms effectiveness

Next

Previous

Where Are Security Measures Where Are Security Measures NeededNeededIn any computer system that is a

possible target for attacksEspecially important for financial

systems or systems that handle confidential data

Need for protection arises from the desire to share resources

Security mechanisms are used to ensure security policies are enforced

Next

Previous

Threats and AttacksThreats and Attacks

Security Threats fall into three categories– Leakage which is the acquisition of

information by unauthorized recipients– Tampering which is the unauthorized

alteration of information– Vandalism which is the interference with

the proper operation of a system without gain to the perpetrator

Next

Previous

Channel misuseChannel misuse

Methods of attacks can be further classified according to the way in which a channel is misused– Eavesdropping which is copies of

messages without authority–Masquerading is sending or receiving

messages using the identity of another principal without their authority

Next

Previous

Channel Misuse-ContinuedChannel Misuse-Continued

Message Tampering is intercepting messages and altering their contents before passing them on to the intended recipient

Replaying is storing intercepted messages and sending them at a later date

Denial of service is flooding channels or other resource with messages in order to deny access for others

Next

Previous

Threats from Mobile CodeThreats from Mobile Code

Several programming languages have been designed to enable programs to be loaded into a process from a remote server and then executed locally

Internal interfaces and objects within an executing process may be exposed to attack by mobile code

Next

Previous

Java -Threats from Mobile CodeJava -Threats from Mobile Code

The sandbox model of protection against mobile code

The Java Virtual Machine gives each application its own environment in which to run

Each environment has a security manager that determines which resources are available to the application

Next

Previous

Information LeakageInformation Leakage

If a transmission of a message between two processes can be observed then information can be gained from its mere existence

Potential for leakage arises whenever the results of a computation can be observed

Next

Previous

Securing Electronic Transaction -Securing Electronic Transaction -TypesTypes E-mail –contents of message might need

to be secured Purchase of Goods and Service – need to

secure private purchases data and sometimes the product itself

Banking Transactions – must secure customers private banking information

Micro-Transactions – supply of small quantities of information to many customers at a low cost

Next

Previous

Requirements for Securing Web Requirements for Securing Web PurchasesPurchases Authenticate the vendor to the buyer Keeping buyer’s credit card and payment

detail from falling into unauthorized hands and keeping the information accurate from buyer to vendor

If goods are downloadable they also need to be secured from third parties and accurate when they reach the buyer

Authenticate the identity of the account holder to the bank

Next

Previous

Designing Secure SystemDesigning Secure System

The big dilemma is that the designer aims to exclude all possible attacks and loop holes but it is difficult to plan for all possible attacks

There is always a balance act between costs and threats and convenience

Next

Previous

CryptographyCryptography

Encryption is the process of encoding a message to hide its content

Uses several secure algorithms for encrypting and decrypting messages

Based on the use of secret keys Two main classes of encryption algorithms

– Shared secret keys where the sender and receiver share knowledge of the key

– Public/Private keys where the sender of the message uses the public key to encrypt the message and the receiver uses the private key to decrypt the message

Next

Previous

Uses of CryptographyUses of Cryptography

Three major uses– Secrecy and Integrity– Authentication– Digital Signatures

Next

Previous

Cryptography – Secrecy and Cryptography – Secrecy and IntegrityIntegrity Exploits the fact that a message that is

encrypted with a particular encryption key can only be decrypted by a recipient who knows the corresponding decryption key

As long as the decryption key is not compromised and the encryption algorithm is strong enough to defeat possible attempts to crack it the message will remain a secret

It can also help maintain integrity if the encrypted algorithm contains things like check sum

Next

Previous

Cryptography - AuthenticationCryptography - Authentication

Cryptography is used in support of mechanisms for authentication communication between pairs and principals

A principal who decrypts a message can successfully using a particular key can assume that the message is authenticated if it contains the correct checksum

Can infer that the sender of the message possessed the corresponding encryption key and hence deduce the identity of the sender if the key is only known to two parties

Next

Previous

Cryptography – Digital Cryptography – Digital SignaturesSignatures Implemented by cryptography Verifying to a third party that a message or a

document is an unaltered copy of one produced by the signer

Digital signatures are based upon the irreversible binding to the message or document of a secret known only to the signer

Achieved by encrypting the message or a compression form of the message called a digest

Next

Previous

CertificatesCertificates A digital certificate is a document containing a

statement signed by a principal For a certificate to be useful the following is

required:– A standard format and representation for them so that

certificate issuers and certificate users can successfully construct and interpret them

– Agreement on the manner in which chains of certificates are constructed and in particular the notion of trusted authority

There is sometimes a need to revoke a certificate since it is expensive to track down and delete all certificates, this is usually addressed with an expiration date included in the signature

Next

Previous

Cryptography AlgorithmCryptography Algorithm

A message is encrypted by the sender applying some rule to transform the plaintext message to a ciphertext

Recipient must know the inverse rule in order to transform the ciphertext into the original plaintext

Other principals are unable to decipher the message unless they know the inverse rules

Next

Previous

7.4 Digital Signatures7.4 Digital Signatures

Handwritten signatures are used to meet the needs of document recipients to very that the document is :

AuthenticUnforgeableNon-repudiable Digital documents are easy to generate, copy,

and alter. Simply appending the identity of the originator to a document has no value.

Next

Previous

Digital SigningDigital Signing

An electronic document or message M can be signed by a principal A by encrypting a copy of M with a key KA and attaching it to a plaintext copy of M and A’s identifier.

Signed document will be of the form: M, A, [M]KA.

By verifying the signature the recipient can be assured the message was unaltered and originated by A.

Next

Previous

Digital SigningDigital Signing

If a secret key is used to encrypt the document, only others who share the secret key can verify the signature.

If public-key cryptography is used, the signer uses her private key, and anyone who has the corresponding public key can verify the signature.

The public-key method is more analogous to a written signature.

Next

Previous

Digest FunctionsDigest Functions

Also called secure hash functions and denoted H(M).

Must be carefully designed to ensure that H(M) is different from H(M’) for all values of M, and M’.

Next

Previous

7.4.1 Digital signatures with 7.4.1 Digital signatures with public keyspublic keys

Relatively simple and does not require communication between recipient and signer.

1. A generates a key pair KPUB and KPRIV and publishes the public key KPUB.

2. A computes the digest of M, H(M) with an agreed hash function and encrypts it with KPRIV to produce the signature S = {H(M)} KPRIV

3. A sends the signed message [M]K = M,S to B

4. B decrypts S using KPUB and computes the digest of M, H(M). If they match, the signature is valid.

Next

Previous

7.4.2 Digital signatures with 7.4.2 Digital signatures with secret keys - MACssecret keys - MACs

To verify, the secret key must be shared Problems:1. Signer must arrange for the verifier to receive the

secret key

2. It may be necessary to verify a signature in several contexts, and at different times

3. Disclosure weakens the security of signatures made with that key.

Exception: message authentication codes (MAC) - requires a secure channel.

Next

Previous

Message authentication code (MAC)Message authentication code (MAC)

Depends on the existence of a secure channel through which the shared key can be distributed.

1. A generates a random key K for signing and distributes it through secure channels

2. For any document M to be signed: h = H(M + K)

Then the message sent is [M]K = M, h

3. Receiver B computes h’ = H(M + K) using the secret, shared key. Signature is verified if h = h’

The digest h is a MAC

Next

Previous

7.4.3 Secure Digest Functions7.4.3 Secure Digest Functions

A secure digest function h = H(M) should have the following properties:

1. Given M, it is easy to compute h

2. Given h, it is hard to compute M

3. Given M, it is hard to find another message M’, such that H(M)=H(M’)

Vulnerable to the birthday attack, where an alternate M’ is found to hash the same as M.

Next

Previous

Secure Digest FunctionsSecure Digest Functions

Similar to symmetric cryptography but does not preserve information.

MD5 SHA Using an encryption algorithm to make a

digest– Used in CBC mode

Next

Previous

7.4.4 Certificate standards and 7.4.4 Certificate standards and certificate authoritiescertificate authoritiesX.509 is the most widely used standard

format for certificates Structure and content of X.509 Certificate:– Subject Distinguished Name, Public Key

– Issuer Distinguished Name, Signature

– Period of Validity Not before & not after dates

– Administrative Info Version, Serial Number

SPKI - Simple Public-key Infrastructure – recent proposal enables chains of certificates

Next

Previous

7.5.1 Performance of 7.5.1 Performance of cryptographic algorithmscryptographic algorithms

Key size /hash size

(bits)

Extrapolatedspeed

(kbytes/sec)

PRBOptimized

(kbytes/sec)TEA 128 700 -

DES 56 350 7746

Triple-DES 112 120 2842

IDEA 128 700 4469

RSA 512 7 -

RSA 2048 1 -

MD5 128 1740 62425

SHA 160 750 25162

Table 7.5.1

Next

Previous

7.5.2 Applications of cryptography and 7.5.2 Applications of cryptography and political obstaclespolitical obstacles

Algorithms described in this chapter emerged in the 1980’s and 1990’s

Strongly resisted by the US government Cryptographic software had stringent

export restrictions US software companies protested Current position - software that implements

most of the major algorithms has been available worldwide for several years

Next

Previous

Applications of cryptography and Applications of cryptography and political obstaclespolitical obstacles

Example: PGP (Pretty Good Privacy)– Generates and manages public and

secret keys on behalf of a userIn Jan. 2000 US government changed

its policy on exported software.Current proposals want to require the

inclusion of loopholes for gov’t law enforcement, and security agencies

Next

Previous

7.6.1 The Needham and 7.6.1 The Needham and Schroeder authentication Schroeder authentication protocolprotocol Solution to authentication and key

distribution using authentication server Authentication server maintains a table

containing a name and secret key for each principal known to the system.

Protocol is based on the use of tickets from the authentication server.

Next

Previous

Needham-SchroederNeedham-Schroeder

NA and NB are nonces

Nonces are used only once, and generated on demand

Next

Previous

7.6.2 Kerberos7.6.2 Kerberos

Developed at MIT in the 1980’s Deals with three kinds of security objects:– Ticket– Authentication– Session Key

Client processes must possess a ticket for each server that they use (most have a lifetime of several hours)

Next

Previous

KerberosKerberos

Figure 7.16 System architecture of Kerberos

Next

Previous

KerberosKerberos

A Kerberos server is known as a Key Distribution Center (KDC), supplying:– Authentication Service (AS)– Ticket-Granting Service (TGS)

Next

Previous

7.6.3 Securing electronic 7.6.3 Securing electronic transactions with secure socketstransactions with secure sockets

Secure Socket Layer protocol (SSL)SSL is supported by most browsers and

is widely used in Internet commerce.Algorithms used for encryption and

authentication are negotiated between the two processes

The only requirement is for public-key certificates recognized by both parties

Next

Previous

Low-value electronic transactions: Low-value electronic transactions: The Millicent protocolThe Millicent protocolA scheme for the secure distribution

of scrip - a specialized form of digital cash for use in low value transactions

Scalable: each vendor’s server is responsible only for validating the scrip that it has issued.

Next

Previous

The Millicent protocolThe Millicent protocol

Scrip is designed to offer the following features:– it has value only at a specific vendor– it can be spent only once– it is tamper-resistant and hard to counterfeit– it can be spent only by its rightful owner– it can be produced and validated efficiently

Next

Previous

The Millicent protocolThe Millicent protocol

Scrip is represented by digital tokens with the following format:

Vendor Value Scrip ID Cust ID Expiry date Properties Certificate

Properties field - for vendor defined uses. i.e. for applying correct taxesCertificate field - digital signature protecting all the fields in the scrip

from modification (MAC method)