Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide


  1. 1. Security• In most systems security is an important concern – Communications should be secure against eavesdropping and tampering – Servers/clients should be able to verify the identity of their clients/servers – The originator of a message should be verifiable after the message has been delivered04/29/12 ICSS420 - Security 1
  2. 2. Policy vs. Mechanism• Security policies – Who can access what resource – Defines the appropriate levels of security• Security Mechanisms – Techniques used to implement the security policies04/29/12 ICSS420 - Security 2
  3. 3. Principal• The agents accessing the information or resources – Human beings – Servers – Applications• Principals with the same access rights are often collected together in groups• Each principal has a unique user identifier associated with it04/29/12 ICSS420 - Security 3
  4. 4. Threats• Security threats common to computer systems fall into four broad classes – Leakage • Acquisition of information by unauthorized parties – Tampering • The unauthorized alteration of information – Resource Stealing – Vandalism04/29/12 ICSS420 - Security 4
  5. 5. Methods of Attack• Some common methods of attack include – Eavesdropping • Information in transit • Information in storage – Masquerading • Sending/receiving messages using the identity of another user – Message Tampering – Replaying • Storing messages and sending them at a later date – Denial of Service04/29/12 ICSS420 - Security 5
  6. 6. Infiltration• Attacker must have access to the system in order to attack – Password cracking – Virus • Attaches itself to an existing program – Worm • Standalone program • Not always nasty!! – Trojan Horse04/29/12 ICSS420 - Security 6
  7. 7. Morris Worm rsh attack finger attack Grappling hook sendmail attack Request for worm Worm sent Worm Worm Target System Target System04/29/12 ICSS420 - Security 7
  8. 8. Security in a Network• In a networked system – The principal threats to security come from the openness of communication channels – Potential violators are not easily identifiable, so we must not assume trust. Assume untrustworthy until proven otherwise – The mechanisms used to implement security must be validated to a high standard04/29/12 ICSS420 - Security 8
  9. 9. Techniques• Security mechanisms are based on three techniques – Cryptography • Used to conceal information • Used in support of authentication • Used to implement digital signatures – Authentication • Validate the identity of the sender – Access Control • Allow resources to access only by authorized individuals04/29/12 ICSS420 - Security 9
  10. 10. Cryptography• Information can be encoded using a key when it is written (or transferred) – encryption• It is then decoded using a key when it is read (or received) – decryption• Very widely used for secure network transmission04/29/12 ICSS420 - Security 10
  11. 11. More on Cryptography encryptionplaintext ciphertext decryption 04/29/12 ICSS420 - Security 11
  12. 12. More on Cryptography Ke Kd C = EKe(plaintext)plaintext Encrypt Decrypt plaintext 04/29/12 ICSS420 - Security 12
  13. 13. More on Cryptography Ke Kd C = EKe(plaintext)plaintext Encrypt Decrypt plaintext Side information Invader plaintext Cryptanalysis 04/29/12 ICSS420 - Security 13
  14. 14. Cryptographic Systems Cryptographic Systems Conventional Systems Modern Systems •Ke and Kd are essentially the Private Key Public Key same •Ke and Kd are •Ke is public private •Kd is private04/29/12 ICSS420 - Security 14
  15. 15. Private Key Systems• In private key systems, such as the US Federal Data Encryption Standard (DES), a single key is used for both encryption and decryption• This means that both parties must know the key(s) before communication can take place – write it down ahead of time – have some sort of physical key – exchange key(s) via secure channels04/29/12 ICSS420 - Security 15
  16. 16. Block Ciphers• Many commonly used ciphers are block ciphers. – This means that they take a fixed-size block of data (usually 64 bits) – Transform it to another 64 bit block using a function selected by the key.04/29/12 ICSS420 - Security 16
  17. 17. Block Cipher Modes• If the same block is encrypted twice with the same key, the resulting ciphertext blocks are the same – It is desirable to make identical plaintext blocks encrypt to different ciphertext blocks.• Two methods are commonly used for this: – CFB mode: a ciphertext block is obtained by encrypting the previous ciphertext block, and xoring the resulting value with the plaintext. – CBC mode: a ciphertext block is obtained by first xoring the plaintext block with the previous ciphertext block, and encrypting the resulting value.04/29/12 ICSS420 - Security 17
  18. 18. Secret Key Systems• DES – Developed in the 1970s adopted as a standard by the US government – DES is a block cipher with 64-bit block size. It uses 56- bit keys. – This makes it fairly easy to break with modern computers or – A variant of DES, Triple-DES or 3DES is based on using DES three times (normally in an encrypt-decrypt- encrypt sequence with three different, unrelated keys).04/29/12 ICSS420 - Security 18
  19. 19. Secret Key Systems• Blowfish – An algorithm developed by Bruce Schneier. – It is a block cipher with 64-bit block size and variable length keys (up to 448 bits). – No attacks are known against it.• IDEA (International Data Encryption Algorithm) – Developed at ETH Zurich in Switzerland. – Uses a 128 bit key, and is considered to be very secure. – No practical attacks on it have been published despite numerous attempts to analyze it.04/29/12 ICSS420 - Security 19
  20. 20. Secret Key Systems• RC4 – The algorithm is very fast. – Its security is unknown, but breaking it does not seem trivial either.• SAFER – Developed by J. L. Massey (a developer of IDEA). – It is claimed to provide secure/fast encryption• Enigma – The cipher used by the Germans in World War II. – This cipher is used by the unix crypt(1) program04/29/12 ICSS420 - Security 20
  21. 21. Public Key Systems• In public key cryptosystems, everyone has two related complementary keys, a publicly revealed key and a secret key• Each key unlocks the code that the other key makes. Knowing the public key does not help you deduce the corresponding secret key• The public key can be published and widely disseminated across a communications network• This protocol provides security without the need to reveal the private key04/29/12 ICSS420 - Security 21
  22. 22. Public Key Systems Public Key Database Kpublic Kprivate C = EKpublic(plaintext)plaintext Encrypt Decrypt plaintext 04/29/12 ICSS420 - Security 22
  23. 23. RSA• Rivest, Shamir and Adelman (RSA) – To find a key pair e and d: • Chose two large prime numbers, P and Q (each greater than 10100), and form – N=PxQ – Z = (P-1) x (Q-1) • For d chose any number relatively prime to Z • To find e solve the equation – e x d = 1 mod Z04/29/12 ICSS420 - Security 23
  24. 24. Comparison• Secret and public key systems – With suitable keys both are secure enough – Public-key systems are more convenient to implement because they do not require a secure channel to exchange keys – Secret-key systems are faster04/29/12 ICSS420 - Security 24
  25. 25. Establishing a Shared Key• In order for a symmetrical system to work, both parties need to know a shared key• Is it possible for two parties to safely use the network to agree on a shared key? – To put this another way, can two machines agree on a common number such that anyone who listens to that conversation can determine the number?04/29/12 ICSS420 - Security 25
  26. 26. Diffie-Hellman Key Exchange n and g, both are prime, public and special. A picks x in private, B picks y in private n, g, gx mod n A gy mod n B Compute (gy mod n)x mod n = Compute (gx mod n)y mod n = gxy mod n gxy mod n04/29/12 ICSS420 - Security 26
  27. 27. It Works!!• n=47, g=3• I’ll pick a small x, you pick a small y• I send to you – (47, 3, 9)• You send to me – 3y mod 47 (call it z)• I compute zx mod 47• You compute 9y mod 4704/29/12 ICSS420 - Security 27
  28. 28. To Break it• You know – n = 47, g = 3• You also know – gx mod n = 9 – gy mod n = z• You need to solve the equation – zx mod 47 = 9y mod 4704/29/12 ICSS420 - Security 28
  29. 29. Bucket Brigade Also known as the person in the middle attack n, g, gx mod n gq mod nA X B n, g, gq mod n gy mod n Session key S Session key R 04/29/12 ICSS420 - Security 29
  30. 30. Key Distribution Center• With the previous example, you would need n different keys to talk to n different people – Perhaps the same key could be used for an entire session• An alternative approach is to use a key distribution center (KDC) – The KDC stores a single key for each user – Authentication and session key management goes through the KDC04/29/12 ICSS420 - Security 30
  31. 31. KDC A, KA(B,KS) KB(A,KS) KDC A, KA(C,KS) KC(A,KS) BA KS(message1) C KS(message2) 04/29/12 ICSS420 - Security 31
  32. 32. Analysis• Authentication comes for free – The KDC knows the message came from A – B knows the first message came from the KDC – B knows the third message came from A04/29/12 ICSS420 - Security 32
  33. 33. Replay Attack A, KA(B,KS) KDC KB(A,KS)A KS(message) B KB(A,KS) C KS(message) 04/29/12 ICSS420 - Security 33
  34. 34. Solutions• Timestamp messages – Obsolete messages are discarded – Clocks cannot be perfectly synchronized – So timestamps are valid for an interval• Unique message numbers (nonce) – Each party remembers all previous nonces – Messages with used nonces are rejected – Nonces have to be remembered forever04/29/12 ICSS420 - Security 34
  35. 35. Needham-Schroeder RA, A, B KDC KA(RA, B, KS, KB(A,KS)) Not a replay Who the Ticket ticket is forA Challenge B KB(A,KS), KS(RA2) B Must be B, Challenge A KS(RA2-1), RB KS(RB-1) Must be A KS(message) 04/29/12 ICSS420 - Security 35
  36. 36. Attack Obtains an old session key Replays old message (RA2 could be different)X Challenge B KB(A,KS), KS(RA2) B Must be B, Challenge A KS(RA2-1), RB KS(RB-1) Must be A KS(message) 04/29/12 ICSS420 - Security 36
  37. 37. Otway-Rees A, B, R, KA(A,B,R,RA) A, KA(A,B,R,RA), B, KB(A,B,R,RB)A B KDC KB(RB,KS) KA(RA,KS) 04/29/12 ICSS420 - Security 37
  38. 38. Kerberos Authentication Server ClientTrusted server, repository ofkeys, protected by a nasty three-headed dog (Kerberos of Greekmytholodgy) Server 04/29/12 ICSS420 - Security 38
  39. 39. Kerberos Authentication Encrypted for client Server Encrypted for server Ticket Client ID Client Session Key Session Key After message arrives, user is prompted for password which is used Server to decrypt the message04/29/12 ICSS420 - Security 39
  40. 40. Kerberos Authentication Encrypted for client Server Encrypted for server Session Key Client Ticket Client ID Session Key Server04/29/12 ICSS420 - Security 40
  41. 41. Kerberos Authentication Encrypted for client Server Encrypted for server Session Key Client Ticket Client ID Server Session Key04/29/12 ICSS420 - Security 41
  42. 42. Kerberos Authentication Encrypted for client Server Encrypted for server Session Key Client Server Client ID Session Key04/29/12 ICSS420 - Security 42
  43. 43. Kerberos Authentication Encrypted for client Server Encrypted for server Encrypted for session Client Message Server04/29/12 ICSS420 - Security 43
  44. 44. Authentication• User/process authentication – Is this user/process who it claims to be? • Passwords • More sophisticated mechanisms• Authentication in networks – Is this computer who it claims to be? • File downloading • Obtaining network services04/29/12 ICSS420 - Security 44
  45. 45. Public-Key Authentication PublicB(A,RA) A Must be B PublicA(RA,RB, KS) B KS(RB) Must be A04/29/12 ICSS420 - Security 45
  46. 46. Challenge Response A RB KAB(RB) A B RA KAB(RA) KAB(Message)04/29/12 ICSS420 - Security 46
  47. 47. Challenge Response A, RA A RB, KAB(RA) B KAB(RB)04/29/12 ICSS420 - Security 47
  48. 48. Reflection Attack A, RX RB, KAB(RX) Needs KAB(RB) X A, RB B RB2, KAB(RB) KAB(RB)04/29/12 ICSS420 - Security 48
  49. 49. The Lesson• Designing a correct authentication protocol is harder than it looks• General rules – Have the initiator prove who they are before the responder has to – Have the initiator and responder use different keys for proof – Have the initiator and challenger draw their challenges from different sets04/29/12 ICSS420 - Security 49
  50. 50. Digital Signatures• Public key systems can also be used to provide message authentication: – The sender’s secret key can be used to encrypt a message, thereby signing it – This creates a digital signature of a message, which the recipient (or anyone else) can check by using the senders public key to decrypt it. – This proves that the sender was the true originator of the message, and that the message has not been subsequently altered by anyone else04/29/12 ICSS420 - Security 50
  51. 51. Secure Shell• Secure Shell (ssh/ssh2) is a tool for improving Internet security by providing – Strong authentication – All communications are automatically and transparently encrypted – X11 connection forwarding provides secure X11 sessions – Arbitrary TCP/IP ports can be redirected over the encrypted channel in both directions. – The client RSA-authenticates the server machine in the beginning of every connection04/29/12 ICSS420 - Security 51
  52. 52. How It Works• SSH uses both authentication and encryption – Authentication is done using RSA public/private keys – Encryption can be done using a variety of algorithms • IDEA (default) • DES • 3DES • Blowfish04/29/12 ICSS420 - Security 52
  53. 53. SSH in Action Random string encrypted with public key for mordor Public/private keys stored on mordor Mordor returns unencrypted string If the string matches what was sent, mordor has been authenticatedPublic key formordor availableon laptop Both hosts authenticate themselves!! 04/29/12 ICSS420 - Security 53
  54. 54. User Authentication• User name and password sent to remote host encrypted with host’s public key• Host sends random session key encrypted with user’s public key• Session key is decrypted• User is authenticated• Rest of conversation is encrypted using IDEA04/29/12 ICSS420 - Security 54
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.