Академический Документы
Профессиональный Документы
Культура Документы
Email Security
Enhancements
confidentiality
protection from disclosure
authentication
of sender of message
message integrity
protection from modification
non-repudiation of origin
protection from denial by sender
PGP Operation
Authentication
1. sender creates message
2. use SHA-1 to generate 160-bit hash
of message
3. signed hash with RSA using sender's
private key, and is attached to
message
4. receiver uses RSA with sender's
public key to decrypt and recover
hash code
5. receiver verifies received message
using hash of it and compares with
decrypted hash code
PGP Operation
Confidentiality
1. sender generates message and 128bit random number as session key
for it
2. encrypt message using CAST-128 /
IDEA / 3DES in CBC mode with
session key
3. session key encrypted using RSA
with recipient's public key, &
attached to msg
4. receiver uses RSA with private key
to decrypt and recover session key
PGP Operation
Compression
by default PGP compresses message
after signing but before encrypting
so can store uncompressed message &
signature for later verification
& because compression is non
deterministic
S/MIME (Secure/Multipurpose
Internet Mail Extensions)
security enhancement to MIME email
original Internet RFC822 email was text
only
MIME provided support for varying
content types and multi-part messages
with encoding of binary data to textual
form
S/MIME added security enhancements
S/MIME Functions
enveloped data
encrypted content and associated keys
signed data
encoded message + signed digest
clear-signed data
cleartext message + encoded signed
digest
S/MIME Cryptographic
Algorithms
digital signatures: DSS & RSA
hash functions: SHA-1 & MD5
session key encryption: ElGamal &
RSA
message encryption: AES, Triple-DES,
RC2/40 and others
MAC: HMAC with SHA-1
have process to decide which algs to
use
S/MIME Messages
S/MIME secures a MIME entity with a
signature, encryption, or both
forming a MIME wrapped PKCS object
have a range of content-types:
enveloped data
signed data
clear-signed data
registration request
certificate only message
S/MIME Certificate
Processing
S/MIME uses X.509 v3 certificates
managed using a hybrid of a strict
X.509 CA hierarchy & PGPs web of
trust
each client has a list of trusted CAs
certs
and own public/private key pairs &
certs
certificates must be signed by
trusted CAs
IP Security
have a range of application specific
security mechanisms
eg. S/MIME, PGP, Kerberos, SSL/HTTPS
IPSec
general IP Security mechanisms
provides
authentication
confidentiality
key management
IPSec Uses
Benefits of IPSec
in a firewall/router provides strong
security to all traffic crossing the
perimeter
in a firewall/router is resistant to
bypass
is below transport layer, hence
transparent to applications
can be transparent to end users
can provide security for individual
users
secures routing architecture
IP Security Architecture
specification is quite complex
defined in numerous RFCs
incl. RFC 2401/2402/2406/2408
many others, grouped by category
IPSec Services
Access control
Connectionless integrity
Data origin authentication
Rejection of replayed packets
a form of partial sequence integrity
Confidentiality (encryption)
Limited traffic flow confidentiality
Security Associations
a one-way relationship between
sender & receiver that affords
security for traffic flow
defined by 3 parameters:
Security Parameters Index (SPI)
IP Destination Address
Security Protocol Identifier
Authentication Header
Encapsulating Security
Payload
Web Security
Web now widely used by business,
government, individuals
but Internet & Web are vulnerable
have a variety of threats
integrity
confidentiality
denial of service
authentication
SSL Architecture
SSL Architecture
SSL connection
a transient, peer-to-peer,
communications link
associated with 1 SSL session
SSL session
an association between client & server
created by the Handshake Protocol
define a set of cryptographic
parameters
may be shared by multiple SSL
confidentiality
using symmetric encryption with a
shared secret key defined by Handshake
Protocol
AES, IDEA, RC2-40, DES-40, DES, 3DES,
Fortezza, RC4-40, RC4-128
message is compressed before
encryption
specific alert
fatal: unexpected message, bad record mac,
decompression failure, handshake failure,
illegal parameter
warning: close notify, no certificate, bad
certificate, unsupported certificate,
certificate revoked, certificate expired,
certificate unknown
SET Components
SET Transaction
1. customer opens account
2. customer receives a certificate
3. merchants have their own certificates
4. customer places an order
5. merchant is verified
6. order and payment are sent
7. merchant requests payment authorization
8. merchant confirms order
9. merchant provides goods or service
10.merchant requests payment
Dual Signature
customer creates dual messages
order information (OI) for merchant
payment information (PI) for bank
Purchase Request
Customer
Purchase Request
Merchant
1. verifies cardholder certificates using CA
sigs
2. verifies dual signature using customer's
public signature key to ensure order has
not been tampered with in transit & that
it was signed using cardholder's private
signature key
3. processes order and forwards the
payment information to the payment
gateway for authorization (described
later)
4. sends a purchase response to cardholder
Purchase Request
Merchant
Payment Gateway
Authorization
1. verifies all certificates
2. decrypts digital envelope of authorization block
to obtain symmetric key & then decrypts
authorization block
3. verifies merchant's signature on authorization
block
4. decrypts digital envelope of payment block to
obtain symmetric key & then decrypts payment
block
5. verifies dual signature on payment block
6. verifies that transaction ID received from
merchant matches that in PI received (indirectly)
from customer
7. requests & receives an authorization from issuer
Payment Capture
merchant sends payment gateway a
payment capture request
gateway checks request
then causes funds to be transferred
to merchants account
notifies merchant using capture
response
Chapter 20 Firewalls
The function of a strong position is to
make the forces holding it practically
unassailable
On War, Carl Von Clausewitz
Introduction
What is a Firewall?
a choke point of control and
monitoring
interconnects networks with differing
trust
imposes restrictions on network
services
only authorized traffic is allowed
Firewall Limitations
cannot protect from attacks
bypassing it
eg sneaker net, utility modems, trusted
organisations, trusted services (eg
SSL/SSH)
Bastion Host
Firewall Configurations
Firewall Configurations
Firewall Configurations
Access Control
given system has identified a user
determine what resources they can
access
general model is that of access
matrix with
subject - active entity (user, process)
object - passive entity (file or resource)
access right way object can be
accessed
can decompose by
Reference Monitor
Evaluated Computer
Systems
governments can evaluate IT
systems
against a range of standards:
TCSEC, IPSEC and now Common Criteria
Common Criteria
international initiative specifying security
requirements & defining evaluation criteria
incorporates earlier standards
eg CSEC, ITSEC, CTCPEC (Canadian), Federal
(US)
Common Criteria
defines set of security requirements
have a Target Of Evaluation (TOE)
requirements fall in two categories
functional
assurance
Common Criteria
Requirements
Functional Requirements
security audit, crypto support,
communications, user data protection,
identification & authentication, security
management, privacy, protection of
trusted security functions, resource
utilization, TOE access, trusted path
Assurance Requirements
configuration management, delivery &
operation, development, guidance
documents, life cycle support, tests,
vulnerability assessment, assurance
Common Criteria
Common Criteria