Security- Chapter 7
description
Transcript of Security- Chapter 7
Security- Chapter 7Security- Chapter 7
By Carrie Mace
And Bill Coley
Chapter 7: SecurityChapter 7: Security
7.1 Introduction
7.2 Overview of Security Techniques
7.3 Cryptographic algorithms
7.4 Digital Signatures
7.5 Cryptographic Pragmatics
7.6 Case Studies
Next
Previous
OverviewOverview
Security is needed to guarantee the privacy, integrity and availability of resources
Designers of secure distributed systems must cope with the possibility of exposed service interfaces and insecure networks
Next
Previous
Types of Service AttacksTypes of Service Attacks
MasqueradingTampering Denial of Service
Next
Previous
CryptographyCryptography
Provides the basis for the authentication of messages as well as their secrecy and integrity
Cryptographic algorithms and the management of keys are critical to the security mechanisms effectiveness
Next
Previous
Where Are Security Measures Where Are Security Measures NeededNeededIn any computer system that is a
possible target for attacksEspecially important for financial
systems or systems that handle confidential data
Need for protection arises from the desire to share resources
Security mechanisms are used to ensure security policies are enforced
Next
Previous
Threats and AttacksThreats and Attacks
Security Threats fall into three categories– Leakage which is the acquisition of
information by unauthorized recipients– Tampering which is the unauthorized
alteration of information– Vandalism which is the interference with
the proper operation of a system without gain to the perpetrator
Next
Previous
Channel misuseChannel misuse
Methods of attacks can be further classified according to the way in which a channel is misused– Eavesdropping which is copies of
messages without authority–Masquerading is sending or receiving
messages using the identity of another principal without their authority
Next
Previous
Channel Misuse-ContinuedChannel Misuse-Continued
Message Tampering is intercepting messages and altering their contents before passing them on to the intended recipient
Replaying is storing intercepted messages and sending them at a later date
Denial of service is flooding channels or other resource with messages in order to deny access for others
Next
Previous
Threats from Mobile CodeThreats from Mobile Code
Several programming languages have been designed to enable programs to be loaded into a process from a remote server and then executed locally
Internal interfaces and objects within an executing process may be exposed to attack by mobile code
Next
Previous
Java -Threats from Mobile CodeJava -Threats from Mobile Code
The sandbox model of protection against mobile code
The Java Virtual Machine gives each application its own environment in which to run
Each environment has a security manager that determines which resources are available to the application
Next
Previous
Information LeakageInformation Leakage
If a transmission of a message between two processes can be observed then information can be gained from its mere existence
Potential for leakage arises whenever the results of a computation can be observed
Next
Previous
Securing Electronic Transaction -Securing Electronic Transaction -TypesTypes E-mail –contents of message might need
to be secured Purchase of Goods and Service – need to
secure private purchases data and sometimes the product itself
Banking Transactions – must secure customers private banking information
Micro-Transactions – supply of small quantities of information to many customers at a low cost
Next
Previous
Requirements for Securing Web Requirements for Securing Web PurchasesPurchases Authenticate the vendor to the buyer Keeping buyer’s credit card and payment
detail from falling into unauthorized hands and keeping the information accurate from buyer to vendor
If goods are downloadable they also need to be secured from third parties and accurate when they reach the buyer
Authenticate the identity of the account holder to the bank
Next
Previous
Designing Secure SystemDesigning Secure System
The big dilemma is that the designer aims to exclude all possible attacks and loop holes but it is difficult to plan for all possible attacks
There is always a balance act between costs and threats and convenience
Next
Previous
CryptographyCryptography
Encryption is the process of encoding a message to hide its content
Uses several secure algorithms for encrypting and decrypting messages
Based on the use of secret keys Two main classes of encryption algorithms
– Shared secret keys where the sender and receiver share knowledge of the key
– Public/Private keys where the sender of the message uses the public key to encrypt the message and the receiver uses the private key to decrypt the message
Next
Previous
Uses of CryptographyUses of Cryptography
Three major uses– Secrecy and Integrity– Authentication– Digital Signatures
Next
Previous
Cryptography – Secrecy and Cryptography – Secrecy and IntegrityIntegrity Exploits the fact that a message that is
encrypted with a particular encryption key can only be decrypted by a recipient who knows the corresponding decryption key
As long as the decryption key is not compromised and the encryption algorithm is strong enough to defeat possible attempts to crack it the message will remain a secret
It can also help maintain integrity if the encrypted algorithm contains things like check sum
Next
Previous
Cryptography - AuthenticationCryptography - Authentication
Cryptography is used in support of mechanisms for authentication communication between pairs and principals
A principal who decrypts a message can successfully using a particular key can assume that the message is authenticated if it contains the correct checksum
Can infer that the sender of the message possessed the corresponding encryption key and hence deduce the identity of the sender if the key is only known to two parties
Next
Previous
Cryptography – Digital Cryptography – Digital SignaturesSignatures Implemented by cryptography Verifying to a third party that a message or a
document is an unaltered copy of one produced by the signer
Digital signatures are based upon the irreversible binding to the message or document of a secret known only to the signer
Achieved by encrypting the message or a compression form of the message called a digest
Next
Previous
CertificatesCertificates A digital certificate is a document containing a
statement signed by a principal For a certificate to be useful the following is
required:– A standard format and representation for them so that
certificate issuers and certificate users can successfully construct and interpret them
– Agreement on the manner in which chains of certificates are constructed and in particular the notion of trusted authority
There is sometimes a need to revoke a certificate since it is expensive to track down and delete all certificates, this is usually addressed with an expiration date included in the signature
Next
Previous
Cryptography AlgorithmCryptography Algorithm
A message is encrypted by the sender applying some rule to transform the plaintext message to a ciphertext
Recipient must know the inverse rule in order to transform the ciphertext into the original plaintext
Other principals are unable to decipher the message unless they know the inverse rules
Next
Previous
7.4 Digital Signatures7.4 Digital Signatures
Handwritten signatures are used to meet the needs of document recipients to very that the document is :
AuthenticUnforgeableNon-repudiable Digital documents are easy to generate, copy,
and alter. Simply appending the identity of the originator to a document has no value.
Next
Previous
Digital SigningDigital Signing
An electronic document or message M can be signed by a principal A by encrypting a copy of M with a key KA and attaching it to a plaintext copy of M and A’s identifier.
Signed document will be of the form: M, A, [M]KA.
By verifying the signature the recipient can be assured the message was unaltered and originated by A.
Next
Previous
Digital SigningDigital Signing
If a secret key is used to encrypt the document, only others who share the secret key can verify the signature.
If public-key cryptography is used, the signer uses her private key, and anyone who has the corresponding public key can verify the signature.
The public-key method is more analogous to a written signature.
Next
Previous
Digest FunctionsDigest Functions
Also called secure hash functions and denoted H(M).
Must be carefully designed to ensure that H(M) is different from H(M’) for all values of M, and M’.
Next
Previous
7.4.1 Digital signatures with 7.4.1 Digital signatures with public keyspublic keys
Relatively simple and does not require communication between recipient and signer.
1. A generates a key pair KPUB and KPRIV and publishes the public key KPUB.
2. A computes the digest of M, H(M) with an agreed hash function and encrypts it with KPRIV to produce the signature S = {H(M)} KPRIV
3. A sends the signed message [M]K = M,S to B
4. B decrypts S using KPUB and computes the digest of M, H(M). If they match, the signature is valid.
Next
Previous
7.4.2 Digital signatures with 7.4.2 Digital signatures with secret keys - MACssecret keys - MACs
To verify, the secret key must be shared Problems:1. Signer must arrange for the verifier to receive the
secret key
2. It may be necessary to verify a signature in several contexts, and at different times
3. Disclosure weakens the security of signatures made with that key.
Exception: message authentication codes (MAC) - requires a secure channel.
Next
Previous
Message authentication code (MAC)Message authentication code (MAC)
Depends on the existence of a secure channel through which the shared key can be distributed.
1. A generates a random key K for signing and distributes it through secure channels
2. For any document M to be signed: h = H(M + K)
Then the message sent is [M]K = M, h
3. Receiver B computes h’ = H(M + K) using the secret, shared key. Signature is verified if h = h’
The digest h is a MAC
Next
Previous
7.4.3 Secure Digest Functions7.4.3 Secure Digest Functions
A secure digest function h = H(M) should have the following properties:
1. Given M, it is easy to compute h
2. Given h, it is hard to compute M
3. Given M, it is hard to find another message M’, such that H(M)=H(M’)
Vulnerable to the birthday attack, where an alternate M’ is found to hash the same as M.
Next
Previous
Secure Digest FunctionsSecure Digest Functions
Similar to symmetric cryptography but does not preserve information.
MD5 SHA Using an encryption algorithm to make a
digest– Used in CBC mode
Next
Previous
7.4.4 Certificate standards and 7.4.4 Certificate standards and certificate authoritiescertificate authoritiesX.509 is the most widely used standard
format for certificates Structure and content of X.509 Certificate:– Subject Distinguished Name, Public Key
– Issuer Distinguished Name, Signature
– Period of Validity Not before & not after dates
– Administrative Info Version, Serial Number
SPKI - Simple Public-key Infrastructure – recent proposal enables chains of certificates
Next
Previous
7.5.1 Performance of 7.5.1 Performance of cryptographic algorithmscryptographic algorithms
Key size /hash size
(bits)
Extrapolatedspeed
(kbytes/sec)
PRBOptimized
(kbytes/sec)TEA 128 700 -
DES 56 350 7746
Triple-DES 112 120 2842
IDEA 128 700 4469
RSA 512 7 -
RSA 2048 1 -
MD5 128 1740 62425
SHA 160 750 25162
Table 7.5.1
Next
Previous
7.5.2 Applications of cryptography and 7.5.2 Applications of cryptography and political obstaclespolitical obstacles
Algorithms described in this chapter emerged in the 1980’s and 1990’s
Strongly resisted by the US government Cryptographic software had stringent
export restrictions US software companies protested Current position - software that implements
most of the major algorithms has been available worldwide for several years
Next
Previous
Applications of cryptography and Applications of cryptography and political obstaclespolitical obstacles
Example: PGP (Pretty Good Privacy)– Generates and manages public and
secret keys on behalf of a userIn Jan. 2000 US government changed
its policy on exported software.Current proposals want to require the
inclusion of loopholes for gov’t law enforcement, and security agencies
Next
Previous
7.6.1 The Needham and 7.6.1 The Needham and Schroeder authentication Schroeder authentication protocolprotocol Solution to authentication and key
distribution using authentication server Authentication server maintains a table
containing a name and secret key for each principal known to the system.
Protocol is based on the use of tickets from the authentication server.
Next
Previous
Needham-SchroederNeedham-Schroeder
NA and NB are nonces
Nonces are used only once, and generated on demand
Next
Previous
7.6.2 Kerberos7.6.2 Kerberos
Developed at MIT in the 1980’s Deals with three kinds of security objects:– Ticket– Authentication– Session Key
Client processes must possess a ticket for each server that they use (most have a lifetime of several hours)
Next
Previous
KerberosKerberos
Figure 7.16 System architecture of Kerberos
Next
Previous
KerberosKerberos
A Kerberos server is known as a Key Distribution Center (KDC), supplying:– Authentication Service (AS)– Ticket-Granting Service (TGS)
Next
Previous
7.6.3 Securing electronic 7.6.3 Securing electronic transactions with secure socketstransactions with secure sockets
Secure Socket Layer protocol (SSL)SSL is supported by most browsers and
is widely used in Internet commerce.Algorithms used for encryption and
authentication are negotiated between the two processes
The only requirement is for public-key certificates recognized by both parties
Next
Previous
Low-value electronic transactions: Low-value electronic transactions: The Millicent protocolThe Millicent protocolA scheme for the secure distribution
of scrip - a specialized form of digital cash for use in low value transactions
Scalable: each vendor’s server is responsible only for validating the scrip that it has issued.
Next
Previous
The Millicent protocolThe Millicent protocol
Scrip is designed to offer the following features:– it has value only at a specific vendor– it can be spent only once– it is tamper-resistant and hard to counterfeit– it can be spent only by its rightful owner– it can be produced and validated efficiently
Next
Previous
The Millicent protocolThe Millicent protocol
Scrip is represented by digital tokens with the following format:
Vendor Value Scrip ID Cust ID Expiry date Properties Certificate
Properties field - for vendor defined uses. i.e. for applying correct taxesCertificate field - digital signature protecting all the fields in the scrip
from modification (MAC method)