Академический Документы
Профессиональный Документы
Культура Документы
Introduction Taxonomy
Conventional Encryption
Private Key Cryptography DES Public Key Cryptography RSA
Message Digest
Authentication Protocols Message Integrity Protocols Public Key Distribution Case Study: ATM Firewalls
Network Security
Attacks, Services and Mechanisms Security Attack: Any action that compromises the security of information. Security Mechanism: A mechanism that is designed to detect, prevent,
or recover from a security attack.
Security Attacks
Security Attacks
Interruption: This is an attack on availability Interception: This is an attack on confidentiality Modification: This is an attack on integrity Fabrication: This is an attack on authenticity
Cryptography Algorithms
Security Services
Privacy
Security depends on the secrecy of the key, not the secrecy of the algorithm
Cryptography
Classified along three independent dimensions:
The type of operations used for transforming plaintext to ciphertext The number of keys used
symmetric (single key) asymmetric (two-keys, or public-key encryption)
cipher text
symmetric: both participants share a single secret key 64-bit plaintext blocks 64-bit key (56-bits + 8-bit parity) 16 rounds of encryption. Each 64-bit plaintext block is mangled in a sequence of parameterized iterations to produce a 64-bit ciphertext block.
Concerns about:
The algorithm and the key length (56-bits)
Plaintext:
M = Cd (mod n)
3.
4.
Authentication protocols
SK session key, the subsequent transmission takes place with this key. The permanent secret key is exposed for few transmissions.
Authentication protocols
Kerberos was a three-headed dog who guarded the gates of Hades.
A wants to talk to B S: authentication server T: timestamp, like the random number x L: lifetime K: session key, K is not valid after L time.
Authentication protocols
Bob
Message digest
protects the receiver from accidental changes to the message, a cryptographic checksum protects the receiver from malicious changes to the message.
a message, it is virtually impossible to figure out what message produced that checksum; it is not computationally feasible to find two messages that hash to the same cryptographic checksum.
& you are able to compute exactly the same checksum for that message, then it is highly likely this message produced the checksum you were given.
Message digest
Properties:
Given M it is easy to compute MD(M) Given MD(M), it is effectively impossible to find M
Certificate: Data: Version: 1 (0x0) Serial Number: 7829 (0x1e95) Signature Algorithm: md5WithRSAEncryption Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA/emailAddress=server-certs@thawte.com Validity Not Before: Jul 9 16:04:02 1998 GMT Not After : Jul 9 16:04:02 1999 GMT Subject: C=US, ST=Maryland, L=Pasadena, O=Brent Baccala, OU=FreeSoft, CN=www.freesoft.org/emailAddress=baccala@freesoft.org Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:b4:31:98:0a:c4:bc:62:c1:88:aa:dc:b0:c8:bb: 33:35:19:d5:0c:64: b9:3d:41:b2:96:fc:f3:31:e1: 66:36:d0:8e:56:12:44:ba:75:eb:e8:1c:9c:5b:66: 70:33:52: 14:c9:ec:4f:91:51:70:39:de:53:85:17: 16:94:6e:ee:f4:d5:6f:d5:ca:b3:47:5e:1b:0c:7b: c5:cc:2b:6b:c1:90:c3:16:31:0d:bf:7a:c7:47:77: 8f:a0:21:c7:4c:d0:16:65:00:c1:0f:d7: b8:80:e3: d2:75:6b:c1:ea:9e:5c:5c:ea:7d:c1:a1:10:bc:b8: e8:35:1c:9e:27:52:7e:41:8f Exponent: 65537 (0x10001) Signature Algorithm: md5WithRSAEncryption 93:5f:8f:5f:c5:af:bf:0a:ab:a5:6d:fb:24:5f:b6:59:5d:9d: 92:2e:4a:1b:8b:ac:7d:99:17:5d:cd:1
Certificates
X.509 certificates contain the following fields: 1. Version no: The current version of X.509 is 2. 2. Serial Number: A number assigned to each certificate. (a unique number) 3. Signature: Algorithm used to sign the certificate including the parameters, if any. 4. Issuer: Identifies the certification authority (country->state>organization->department ..so on.) 5. Period of validity: Earliest time and the latest time the certificate is valid.
Certificates
6. Subject: Defines the entity to which the public key belongs. Contains the common name of the subject. 7. Subjects public key: Public key + the corresponding algorithm along with its parameters 8. Issuer unique identifier: Optional. Allows two issuers to have the same value if the issuer unique identifier is different. 9. Subject Unique identifier: Optional. 10. Extension: Allows addition of more private information to the certificate. 11. Encrypted: Algorithm identifier + secure hash of other fields + digital signature of the hash.
Certificates
X.509 certificates were originally defined using X.500 names for subject names. X.500 names have a hierarchical format, such as
where "C" denotes country, "O" denotes organization, "OU" denotes organizational unit and "CN" denotes common name. Subject names are actually encoded numerically, using object identifiers (OIDs). So, for example, instead of containing the alphabetic string "Microsoft," the certificate will contain a numerical OID that stands for "Microsoft."
experimental (3) private (4) fddi (8) transmission(10) fddimib (73) fddi (15)
Certificate: Data: Version: 1 (0x0) Serial Number: 7829 (0x1e95) Signature Algorithm: md5WithRSAEncryption Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA/emailAddress=server-certs@thawte.com Validity Not Before: Jul 9 16:04:02 1998 GMT Not After : Jul 9 16:04:02 1999 GMT Subject: C=US, ST=Maryland, L=Pasadena, O=Brent Baccala, OU=FreeSoft, CN=www.freesoft.org/emailAddress=baccala@freesoft.org Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:b4:31:98:0a:c4:bc:62:c1:88:aa:dc:b0:c8:bb: 33:35:19:d5:0c:64: b9:3d:41:b2:96:fc:f3:31:e1: 66:36:d0:8e:56:12:44:ba:75:eb:e8:1c:9c:5b:66: 70:33:52: 14:c9:ec:4f:91:51:70:39:de:53:85:17: 16:94:6e:ee:f4:d5:6f:d5:ca:b3:47:5e:1b:0c:7b: c5:cc:2b:6b:c1:90:c3:16:31:0d:bf:7a:c7:47:77: 8f:a0:21:c7:4c:d0:16:65:00:c1:0f:d7: b8:80:e3: d2:75:6b:c1:ea:9e:5c:5c:ea:7d:c1:a1:10:bc:b8: e8:35:1c:9e:27:52:7e:41:8f Exponent: 65537 (0x10001) Signature Algorithm: md5WithRSAEncryption 93:5f:8f:5f:c5:af:bf:0a:ab:a5:6d:fb:24:5f:b6:59:5d:9d: 92:2e:4a:1b:8b:ac:7d:99:17:5d:cd:1
Certificate Revocation
When is it required? When a certificate becomes invalid. How does a certificate become invalid? When the private key of the subject is compromised. CRL: Certificate Revocation List Contains the list of serial numbers of all certificates that are revoked but not expired.
Certificate Revocation
Delta CRLS: CRLs are updated periodically, the expired certificates are removed from the CRL, the newly discarded certificates are added. Used for updating the CRL. It contains the new revocations that have occurred since the last CRL or delta CRL was issued.
CRLs may be issued on monthly basis whereas the delta CRLs are used on daily basis.
Trust Models
Certificate path: Often a certificate will not be signed by a trusted CA. Rather, it is necessary to follow a certificate path from a trusted CA to a given certificate. Each certificate in the path is signed by the owner of the previous certificate in the path. By validating all the certificates in the path, the user can be confident that the last certificate in the path is valid.
Trust Models
What is a trust model? It specifies rules which determines how a certificate path should be constructed.
Strict Hierarchy
Strict Hierarchy
1. 2. 3. 4. Root CA has a self-signed certificate. The root CA is called the trust anchor. It is a directed graph, whose nodes are CAs and end users. x y means entity corresponding to x has signed a certificate for the entity y. 5. An end user is not allowed to sign a certificate of the end user. Bob provides all the certificates to Alice:
Networked PKI
Mesh configuration: The strict hierarchy may work well within an organization When the root CA s of two or more different PKI domains are connected then it is called networked PKIs. 3. Often termed as Super-PKI consisting of users of different domains 4. Cross-certification: A CA signs the certificate of another CA. 5. All root CAs cross-certify each other. 6. If there are n root CAs then n(n-1) cross certifications are required. 7. The bi-directed edges indicate the cross-certification
Networked PKI
1. Hub and spoke configuration. 2. Each root CA cross certify independently with the hub-CA. 3. The cross-certifications required are 2n.
Networked PKI
Certificate Path discovery:
Mesh:
Alice needs to validate Bobs certificate. Trust anchor of Alice: CAroot(i) and that of Bob CAroot(j). Bob sends certificates from CAroot(j) to Bob. CA root(i) and CAroot(j) has croos certified each other. Alice finds the certificate of CAroot(j) from the directory maintained by CAroot(i). Now, Alice will be able to verify the certificates.
Networked PKI
Certificate Path discovery: Hub and spoke:
Alice keeps a collection of certificates in a data structure called a keyring Each certificate of the keyring is associated with OTF = OWNER TRUST FIELD KLF = key legitimacy field KLF indicates whether a particular is regarded as valid by ALICE KLF = valid, marginally valid, invalid
Checks message and MAC Message3= Date+time+ATM No.+seq no. +Details of transaction kT=kT xor MAC1 MAC3, E(Message3,kT)
D(E(Message1,kT),kT)Message1 MAC=(Message1,kD) if(MAC==MAC1) { check the PIN; Message2=Go ahead MAC2,E(Message2,kT) } else /* abort*/
kT=kT xor MAC1 checks the MAC and Message check the account balance Message4=OK+new balance MAC4+E(Message4,kT)
Chaining of kT
ATM shared kM At start up generate a key kD for the day and first kT E(kD,kM) + E(kT,kM) Message1= A/C No.+Name+PIN MAC1=E(Message1,kD) MAC1+E(Mesage1,kT)
Host kM Host decrypts to find KD and KT D(E(Message1,kT),kT)Message1 MAC=(Message1,kD) if(MAC==MAC1) { check the PIN; Message2=Go ahead MAC2,E(Message2,kT) } else /* abort*/
Chaining of kT
Checks message and MAC Message3= Date+time+ATM No.+seq no. +Details of transaction kT=kT xor MAC1 MAC3, E(Message3,kT)
kT=kT xor MAC1 checks the MAC and Message check the account balance Message4=OK+new balance MAC4+E(Message4,kT)
Firewalls
Definition: A specially programmed router sitting between a site and the rest of the network.
Throw away incoming packets from a particular source (prevents denial-of-service attack). 1. Throw away packets addressed to a particular IP/port. 2. Not all security mechanisms are widely deployed. 3. A firewall allows a system administrator to implement security mechanisms in a centralised place.
Two types of firewalls: a) Filter-based firewalls
b) Proxy-based firewalls
Filter-based Firewalls
Configured with a table of addresses that characterize the packets they will, or they will not, forward. (192.12.13.14, 1234, 128.7.6.5, 80) All packets from 192.12.13.14 and port 1234 addressed to 128.7.6.5 at port 80 are filtered. (*, *, 128.7.6.5, 80) filter all packets destined for 128.7.6.5 at port 80. Issues: 1. Blocking or non blocking: Block everything unless otherwise mentioned (*,*, 128.7.6.5, 80) but allow this traffic. 2. Dynamic port selection: ftp uses a specific port for connection set up but uses different port for subsequent transfer of data. So dynamic port selection is required for such situations.
1. The client's command port contacts the server's command port and sends the command PORT 1027. 2. Server then sends an ACK back to the client's command port. 3. Server initiates a connection on its local data port to the data port the client specified earlier 4. Client sends an ACK back
Active ftp
Client side firewall: When server connects back to the specified port on the client (3), this appears to be an outside system initiating a connection to an internal client-something that is usually blocked.
Server side firewall: 1. FTP server's port 21 from anywhere (Client initiates connection) 2. FTP server's port 21 to ports > 1023 (Server responds to client's control port) 3. FTP server's port 20 to ports > 1023 (Server initiates data connection to client's data port) 4. FTP server's port 20 from ports > 1023 (Client sends ACKs to server's data port)
1. Client contacts the server on command port and issues the PASV command. 2. Server replies with PORT 2024. 3. Client initiates data connection. 4. Server sends back an ACK to the client's data port.
Passive ftp
Server Side: Issue is the need to allow any remote connection to high numbered ports on the server.
Proxy-based Firewalls
A proxy is a process sitting between a client and the server. To server proxy appears to be the client and to client proxy appears to be the server. A proxy needs application knowledge built into it. Proxy can implement a cache, so it responds to a request from the cache. Transparent proxy: Not visible to the client. Classical proxy: the source explicitly addresses the request to the proxy.
Proxy-based Firewalls
Remote site Internet Firewall Compan y net Web server
External client
Proxy
Local server
Proxy has to understand HTTP. It can cache pages. It can do some load balancing. They can be extended for other than HTTP.
Firewalls: limitations
Internal users are not protected against each other. So mobile codes cannot be prevented from spreading locally. Wireless communication is another vulnerability.