07security
DESCRIPTION
TRANSCRIPT
04/09/23 ICSS420 - Security 1
Security
• In most systems security is an important concern– Communications should be secure against
eavesdropping and tampering– Servers/clients should be able to verify the
identity of their clients/servers– The originator of a message should be
verifiable after the message has been delivered
04/09/23 ICSS420 - Security 2
Policy vs. Mechanism
• Security policies– Who can access what resource– Defines the appropriate levels of security
• Security Mechanisms– Techniques used to implement the security
policies
04/09/23 ICSS420 - Security 3
Principal
• The agents accessing the information or resources– Human beings
– Servers
– Applications
• Principals with the same access rights are often collected together in groups
• Each principal has a unique user identifier associated with it
04/09/23 ICSS420 - Security 4
Threats
• Security threats common to computer systems fall into four broad classes– Leakage
• Acquisition of information by unauthorized parties
– Tampering• The unauthorized alteration of information
– Resource Stealing– Vandalism
04/09/23 ICSS420 - Security 5
Methods of Attack
• Some common methods of attack include– Eavesdropping
• Information in transit• Information in storage
– Masquerading• Sending/receiving messages using the identity of another user
– Message Tampering– Replaying
• Storing messages and sending them at a later date
– Denial of Service
04/09/23 ICSS420 - Security 6
Infiltration
• Attacker must have access to the system in order to attack– Password cracking– Virus
• Attaches itself to an existing program
– Worm• Standalone program• Not always nasty!!
– Trojan Horse
04/09/23 ICSS420 - Security 7
Morris Worm
Target System
Grappling hook
Worm
Target System
Worm
rsh attack
finger attack
sendmail attack
Request for worm
Worm sent
04/09/23 ICSS420 - Security 8
Security in a Network
• In a networked system– The principal threats to security come from the
openness of communication channels– Potential violators are not easily identifiable, so
we must not assume trust. Assume untrustworthy until proven otherwise
– The mechanisms used to implement security must be validated to a high standard
04/09/23 ICSS420 - Security 9
Techniques
• Security mechanisms are based on three techniques– Cryptography
• Used to conceal information
• Used in support of authentication
• Used to implement digital signatures
– Authentication• Validate the identity of the sender
– Access Control• Allow resources to access only by authorized individuals
04/09/23 ICSS420 - Security 10
Cryptography
• Information can be encoded using a key when it is written (or transferred)– encryption
• It is then decoded using a key when it is read (or received)– decryption
• Very widely used for secure network transmission
04/09/23 ICSS420 - Security 11
plaintext ciphertext
encryption
decryption
More on Cryptography
04/09/23 ICSS420 - Security 12
plaintext plaintextEncryptEncrypt DecryptDecrypt
Ke Kd
C = EKe(plaintext)
More on Cryptography
04/09/23 ICSS420 - Security 13
plaintext EncryptEncrypt DecryptDecrypt
Ke Kd
C = EKe(plaintext)
InvaderInvaderSide information plaintext
plaintext
More on Cryptography
Cryptanalysis
04/09/23 ICSS420 - Security 14
Cryptographic Systems
Cryptographic Systems
Conventional Systems Modern Systems
Private Key Public Key
•Ke and Kd are essentially the same
•Ke and Kd are private
•Ke is public•Kd is private
04/09/23 ICSS420 - Security 15
Private Key Systems
• In private key systems, such as the US Federal Data Encryption Standard (DES), a single key is used for both encryption and decryption
• This means that both parties must know the key(s) before communication can take place– write it down ahead of time
– have some sort of physical key
– exchange key(s) via secure channels
04/09/23 ICSS420 - Security 16
Block Ciphers
• Many commonly used ciphers are block ciphers. – This means that they take a fixed-size block of
data (usually 64 bits)– Transform it to another 64 bit block using a
function selected by the key.
04/09/23 ICSS420 - Security 17
Block Cipher Modes
• If the same block is encrypted twice with the same key, the resulting ciphertext blocks are the same– It is desirable to make identical plaintext blocks encrypt
to different ciphertext blocks.
• Two methods are commonly used for this:– CFB mode: a ciphertext block is obtained by
encrypting the previous ciphertext block, and xoring the resulting value with the plaintext.
– CBC mode: a ciphertext block is obtained by first xoring the plaintext block with the previous ciphertext block, and encrypting the resulting value.
04/09/23 ICSS420 - Security 18
Secret Key Systems
• DES– Developed in the 1970s adopted as a standard by the
US government
– DES is a block cipher with 64-bit block size. It uses 56-bit keys.
– This makes it fairly easy to break with modern computers or
– A variant of DES, Triple-DES or 3DES is based on using DES three times (normally in an encrypt-decrypt-encrypt sequence with three different, unrelated keys).
04/09/23 ICSS420 - Security 19
Secret Key Systems
• Blowfish– An algorithm developed by Bruce Schneier.– It is a block cipher with 64-bit block size and variable
length keys (up to 448 bits).– No attacks are known against it.
• IDEA (International Data Encryption Algorithm)– Developed at ETH Zurich in Switzerland. – Uses a 128 bit key, and is considered to be very secure. – No practical attacks on it have been published despite
numerous attempts to analyze it.
04/09/23 ICSS420 - Security 20
Secret Key Systems
• RC4– The algorithm is very fast. – Its security is unknown, but breaking it does not seem
trivial either.
• SAFER– Developed by J. L. Massey (a developer of IDEA). – It is claimed to provide secure/fast encryption
• Enigma– The cipher used by the Germans in World War II. – This cipher is used by the unix crypt(1) program
04/09/23 ICSS420 - Security 21
Public Key Systems
• In public key cryptosystems, everyone has two related complementary keys, a publicly revealed key and a secret key
• Each key unlocks the code that the other key makes. Knowing the public key does not help you deduce the corresponding secret key
• The public key can be published and widely disseminated across a communications network
• This protocol provides security without the need to reveal the private key
04/09/23 ICSS420 - Security 22
plaintext EncryptEncrypt DecryptDecrypt
Kpublic Kprivate
C = EKpublic(plaintext)
Public KeyDatabase
Public KeyDatabase
plaintext
Public Key Systems
04/09/23 ICSS420 - Security 23
RSA
• Rivest, Shamir and Adelman (RSA)– To find a key pair e and d:
• Chose two large prime numbers, P and Q (each greater than 10100), and form
– N = P x Q
– Z = (P-1) x (Q-1)
• For d chose any number relatively prime to Z
• To find e solve the equation– e x d = 1 mod Z
04/09/23 ICSS420 - Security 24
Comparison
• Secret and public key systems– With suitable keys both are secure enough– Public-key systems are more convenient to
implement because they do not require a secure channel to exchange keys
– Secret-key systems are faster
04/09/23 ICSS420 - Security 25
Establishing a Shared Key
• In order for a symmetrical system to work, both parties need to know a shared key
• Is it possible for two parties to safely use the network to agree on a shared key?– To put this another way, can two machines
agree on a common number such that anyone who listens to that conversation can determine the number?
04/09/23 ICSS420 - Security 26
Diffie-Hellman Key Exchange
A B
n, g, gx mod n
gy mod n
n and g, both are prime, public and special. A picks x in private, B picks y in private
Compute (gy mod n)x mod n = gxy mod n
Compute (gx mod n)y mod n = gxy mod n
04/09/23 ICSS420 - Security 27
It Works!!
• n=47, g=3• I’ll pick a small x, you pick a small y • I send to you
– (47, 3, 9)
• You send to me– 3y mod 47 (call it z)
• I compute zx mod 47• You compute 9y mod 47
04/09/23 ICSS420 - Security 28
To Break it
• You know– n = 47, g = 3
• You also know– gx mod n = 9– gy mod n = z
• You need to solve the equation– zx mod 47 = 9y mod 47
04/09/23 ICSS420 - Security 29
Bucket Brigade
A BX
n, g, gx mod n
gy mod n
gq mod n
n, g, gq mod n
Session key S Session key R
Also known as the person in the middle attack
04/09/23 ICSS420 - Security 30
Key Distribution Center
• With the previous example, you would need n different keys to talk to n different people– Perhaps the same key could be used for an entire
session
• An alternative approach is to use a key distribution center (KDC)– The KDC stores a single key for each user
– Authentication and session key management goes through the KDC
04/09/23 ICSS420 - Security 31
KDC
A
BKDC
A, KA(B,KS) KB(A,KS)
KS(message1)
A, KA(C,KS)
CKS(message2)
KC(A,KS)
04/09/23 ICSS420 - Security 32
Analysis
• Authentication comes for free– The KDC knows the message came from A– B knows the first message came from the KDC– B knows the third message came from A
04/09/23 ICSS420 - Security 33
Replay Attack
A B
KDCA, KA(B,KS)
KB(A,KS)
KS(message)
CKB(A,KS)
KS(message)
04/09/23 ICSS420 - Security 34
Solutions
• Timestamp messages– Obsolete messages are discarded– Clocks cannot be perfectly synchronized– So timestamps are valid for an interval
• Unique message numbers (nonce)– Each party remembers all previous nonces– Messages with used nonces are rejected– Nonces have to be remembered forever
04/09/23 ICSS420 - Security 35
Needham-Schroeder
A B
KDC
RA, A, B
KA(RA, B, KS, KB(A,KS))
KB(A,KS), KS(RA2)
KS(RA2-1), RB
KS(RB-1)
Not a replay Ticket
KS(message)
Who the ticket is for
Challenge B
Must be B, Challenge A
Must be A
04/09/23 ICSS420 - Security 36
Attack
X BKB(A,KS), KS(RA2)
KS(RA2-1), RB
KS(RB-1)
KS(message)
Challenge B
Must be B, Challenge A
Must be A
Obtains an old session key
Replays old message (RA2 could be different)
04/09/23 ICSS420 - Security 37
Otway-Rees
A BKDC
A, B, R, KA(A,B,R,RA)
A, KA(A,B,R,RA),B, KB(A,B,R,RB)
KB(RB,KS)
KA(RA,KS)
04/09/23 ICSS420 - Security 38
Kerberos
Client
Server
AuthenticationServer
Trusted server, repository of keys, protected by a nasty three-headed dog (Kerberos of Greek mytholodgy)
04/09/23 ICSS420 - Security 39
Kerberos
Client
Server
Client ID
Session Key
Session Key
Encrypted for clientEncrypted for server
Ticket
AuthenticationServer
After message arrives, user is prompted for password which is used to decrypt the message
04/09/23 ICSS420 - Security 40
Kerberos
Client
Server
Encrypted for clientEncrypted for server
Session Key
AuthenticationServer
Client ID
Session Key
Ticket
04/09/23 ICSS420 - Security 41
Kerberos
Client
Server
Encrypted for clientEncrypted for server
Client ID
Session Key
Ticket
Session Key
AuthenticationServer
04/09/23 ICSS420 - Security 42
Kerberos
Client
Server
Encrypted for clientEncrypted for server
Session Key
Client ID
Session Key
AuthenticationServer
04/09/23 ICSS420 - Security 43
Kerberos
Client
Server
Encrypted for clientEncrypted for server
AuthenticationServer
Message
Encrypted for session
04/09/23 ICSS420 - Security 44
Authentication
• User/process authentication– Is this user/process who it claims to be?
• Passwords
• More sophisticated mechanisms
• Authentication in networks– Is this computer who it claims to be?
• File downloading
• Obtaining network services
04/09/23 ICSS420 - Security 45
Public-Key Authentication
A B
PublicB(A,RA)
PublicA(RA,RB, KS)
KS(RB)
Must be B
Must be A
04/09/23 ICSS420 - Security 46
Challenge Response
A B
A
RB
KAB(RB)
KAB(RA)
RA
KAB(Message)
04/09/23 ICSS420 - Security 47
Challenge Response
A B
A, RA
RB, KAB(RA)
KAB(RB)
04/09/23 ICSS420 - Security 48
Reflection Attack
X B
A, RX
RB, KAB(RX)
KAB(RB)
A, RB
RB2, KAB(RB)
Needs KAB(RB)
04/09/23 ICSS420 - Security 49
The Lesson
• Designing a correct authentication protocol is harder than it looks
• General rules– Have the initiator prove who they are before the
responder has to– Have the initiator and responder use different
keys for proof– Have the initiator and challenger draw their
challenges from different sets
04/09/23 ICSS420 - Security 50
Digital Signatures
• Public key systems can also be used to provide message authentication:– The sender’s secret key can be used to encrypt a
message, thereby signing it
– This creates a digital signature of a message, which the recipient (or anyone else) can check by using the sender's public key to decrypt it.
– This proves that the sender was the true originator of the message, and that the message has not been subsequently altered by anyone else
04/09/23 ICSS420 - Security 51
Secure Shell
• Secure Shell (ssh/ssh2) is a tool for improving Internet security by providing– Strong authentication– All communications are automatically and
transparently encrypted– X11 connection forwarding provides secure X11
sessions– Arbitrary TCP/IP ports can be redirected over the
encrypted channel in both directions. – The client RSA-authenticates the server machine in the
beginning of every connection
04/09/23 ICSS420 - Security 52
How It Works
• SSH uses both authentication and encryption– Authentication is done using RSA
public/private keys– Encryption can be done using a variety of
algorithms• IDEA (default)
• DES• 3DES• Blowfish
04/09/23 ICSS420 - Security 53
SSH in Action
Public/private keys stored on mordor
Public key for mordor available on laptop
Random string encrypted with public key for mordor
Mordor returns unencrypted stringIf the string matches what was sent, mordor has been authenticated
Both hosts authenticate themselves!!
04/09/23 ICSS420 - Security 54
User Authentication
• User name and password sent to remote host encrypted with host’s public key
• Host sends random session key encrypted with user’s public key
• Session key is decrypted• User is authenticated• Rest of conversation is encrypted using
IDEA