communications application security dr. ron rymon efi arazi school of computer science idc,...
TRANSCRIPT
Communications Application Security
Dr. Ron Rymon
Efi Arazi School of Computer Science
IDC, Herzliya. 2010/11
Pre-requisite: Basic Cryptography, Identity Authentication
Overview
E-mail Confidentiality (S/MIME, PGP) Spam and Phishing Voice over IP Telephony
Secure E-mail
Pretty Good Privacy (PGP)
Secure MIME
E-mail Security Requirements E-mail is one of most widely used network application
– Compatibly available on virtually any platform and OS– Now mobile too
Desired Security Services– Confidentiality– Source and Message Integrity Authentication– Intrusion prevention (Viruses)– Content filtering (Spam, Phishing)– Interruption Prevention (Spam, DoS)
Must be cross-platform Must support asynchronous communication
SMTP does not provide these services– Some control over access to outgoing servers– Added user authentication (1999)– Recent discussion about adding source domain auth @ destination
Source Authentication in SMTP
Pretty Good Privacy (PGP) Created by Philip Zimmerman Free version: OpenPGP, GPG (GNU Privacy Guard) Enterprise-grade version widely available
Security Services:– Confidentiality
• Key exchange: Diffie-Hellman, or RSA• Encryption: CAST-128, or IDEA, or 3DES
– Authentication• Digital signature using SHA-1/MD5, and encrypted using DSS/RSA
– Attachments also encrypted using PGP’s file encryption protocol– New approaches to combine with MIME
Other services– Compression: ZIP– Partitioning and reassembly of large messages– Available also for icq and wireless communication
PGP Confidentiality Sender processing
– Generates a distinct session key per message– Compresses message– Encrypts session key using receiver’s public key
• RSA, or ElGamal/DH for key exchange– Encrypts message using session key
• Using conventional cryptography faster than RSA– Appends encrypted key and message, and sends
Receiver processing– Decrypts session key using own private key– Decrypts message– Unzips
PGP Message Integrity and Source Authentication Sender processing
– Use SHA-1/MD5 to generate 160-bit hash code for the message
– Hash code is signed with sender’s private key– Signed hash code is appended to message and sent
Receiver processing– Decrypts the hash code using the sender’s public key– Generates a new hash code from the message– Compares received and computed hash codes
Note: Signatures can be kept detached from the message, e.g., allowing multiple non-nested signatures on same document, and for record purposes
PGP Authentication+Confidentiality Sender processing
– Signature is generated first, and appended to message– (Msg+Sig) compressed and encrypted with session key– Session key is encrypted using receiver’s public key
Compression is applied after the signature– Signature can be kept with original message for later
verification– Compression algorithm is independent
Encryption applied to compressed message– has less redundancy than original plaintext – harder
cryptanalysis
PGP Key Management Session Keys. PGP employs a keystroke-based technique
for generating cryptographically strong session keys– Next Session Key = EPrevKey(keystroke)
Rings. PGP allows users to maintain “rings” with multiple pairs of private-public keys– To be able to decrypt messages encrypted with older keys
– To communicate with different users using different keys
– Each key is identified (almost uniquely) by its rightmost 64 bits
– Each key is also indexed by the User ID
Passphrases. Private keys are kept encrypted, using the hash code of a user-chosen passphrase as key
PGP Public-Key Management Key distribution main concern is impersonation Options:
– Alice can physically deliver the key
– Alice can e-mail or dictate key to Bob over the phone; Bob can verify the key with Alice using its hash code “fingerprint”
– A trusted “introducer” can sign a certificate that contains Alice’s key
– Obtain Alice’s key from a trusted certificate authority (key servers) PGP associates with each key
– a set of introducers, and Bob’s trust in each
– a level of legitimacy, computed by PGP from the combined legitimacies of the introducers
– a level of trust in each user to legitimize another user
Key owner can revoke it by signing revocation certificate
S/MIME Developed by RSA Data Security Secure / Multipurpose Internet Mail Extension
– Built on top of MIME– S/MIME and OpenPGP considered for IETF standard (RFC 2015)
MIME fixes some of the limitations of SMTP (Simple Mail Transfer Protocol)– Large files– Non-ASCII characters (binaries, special)
MIME header allows specification – multiple types, e.g., application/postscript, video/mpeg– multiple transfer encodings, e.g., 7bit, base64
MIME Messages can be multi-part and contain multiple different contents
S/MIME Services Confidentiality
– Enveloped data Authentication
– Signed data: digital signature is created and is encoded with content in radix-64
– Clear-signed data: only signature is encoded in radix-64 and the rest of the message is clear
Confidentiality and Authentication– Nesting of signature and enveloping in either order
New MIME types (pkcs) added
S/MIME Algorithms
Message digesting– SHA-1, MD5
Encrypt message digest– DSS, RSA-512/1024
Encrypt session key– DH/ElGamal, RSA
Encrypt message with session key– 3DES, RC2-40
S/MIME Key Management
Based on a hybrid of X.509 (CA) and PGP (local) User must establish herself at a recognized CA Certificate registration and revocation can be
communicated using a special MIME type S/MIME uses CA to verify UserID-public key
match Users manage copies of certificates/keys locally
Summary – Email Security PGP and S/MIME
– Both implemented on top of SMTP, which does not provide security
– Both implement confidentiality, message and source authentication
– Both implemented as post/pre-processor– Both allow a choice of encryption/authentication algs– S/MIME based on centralized CA; PGP is distributed– PGP/MIME and OpenPGP use MIME too
PEM (Privacy Enhanced Mail)– Earlier protocol that was used for text (7-bit) messages
Spam and Phishing
Spam Spam is part impersonation part an interruption of service
– Primarily porn and marketing– 60-95% of all US mail is spam (2007)
• Less in non-english speaking countries
– Some companies send 100’s of millions of messages a day
US CAN-SPAM (Controlling Assault of Non-Solicited Pornography and Marketing Act)
– enacted in 2004 to regulate pornographic and marketing emails– requires labeling a message – no standard way to do it– requires opt-out facility – cannot opt out entire domain, or to apply to all spammers
Spam is not a virus, but has some similar features:– Usually distributed via e-mail– Some messages attempt to send “live” indicators (web beacons)– Some try to plant a spyware/cookie– Can be filtered based on signatures
BarracudaBarracuda
Phishing: What would YOU do if you received this email?
Phishing Masqueraded attempt to extract information
– 43% of adults received phishing emails (2005) – 100% now– 60 Million phishing emails/year; 11M clicked (Gartner, 2006)
Common examples– Emails that show graphics of a bank, or refers to a copycat web
site, and ask for the user’s banking credentials– Emails that attempt to blackmail employees, e.g., threating to
expose that they were browsing a porn site– 419 Nigerian Connection scamming campaigns– Preying on users that mistype a website name, e.g., googkle.com,
and try to install a trojan on their machine– Key logging Trojans
Most attempts are linked to professional criminals Spear Phishing – attacking a specific crowd
– Executives of a credit union received a message asking them to download a TH
Few Email Phishing ExamplesCompany: Citizens Bank, Date: 4/25/2005Subject line: "Citizens Bank Instant 5 USD reward survey'"Information request: Getting victim's Citizens Bank debit card information.
Company: Ameritrade, Date: 4/22/2005Subject line: "Ameritrade Online Application"Information request: Getting victim's login information (username/password).
Company: Barclays, Date: 4/20/2005Subject line: "Barclays Verification Service"Information request: Getting victim's Barclays account information.
Company: Bank Of America, Date: 4/19/2005Subject line: "Online Banking Alert (Change of Email Address)"Information request:Getting victim's username/password, ATM card info.
Company: eBay, Date: 4/18/2005Subject line: "eBay Verify Accounts"Information request: Getting victim's eBay and Paypal username/password, credit card information, bank account information, etc.
Anti-Spam/Phishing Some use source/content filtering techniques
– Sender identity (black/white lists)– Correlating IPs to known email servers (IBM FairUCE)– Key words, e.g., xxx, viagra, “make money fast”– Semantic mapping– Some learn from user feedback– Centralized and/or collaborative tagging
Challenges– False positives
– Spammers adapt
Anti-Spam/Phishing Some work at client, others at mail gateway
– Client: can adapt; one person’s garbage is another’s gold– Gateway: can save a lot of individual effort
Newer anti-spam methods work at ISP level– Identify spam based on their mass distribution
Spam filtering– Like anti-virus, but bigger scale
Shut down spam/phishing URLs
Post-hoc management (Phishing)
Fighting Outgoing Spam
ISPs try to block spammers from obtaining e-mail accounts and service– Prevent robotic enrollment through CAPTCHAs– Limit the number of messages from a single account– Hotmail reported 20% fewer new accounts with such
measures
ISPs try to block spammers messages– Filter messages and close rogue accounts– Shutdown outgoing mail relaying– Slowing down outgoing messages is a new approach– MSN/Hotmail/AOL report blocking 2B messages/day
VoIP Telephony
The VoIP (R)evolution Voice over IP uses data networks to transmit voice
(telephony)
2005 is the year of VoIP adoption– 23% of the top 500 firms are using or at least trying VoIP– 2%t of all US firms use VoIP (19% in 2007)– Most small/medium companies will move to VoIP in next 5 years
In 2005, 73% of wire line service providers and 31% of wireless operators implemented, or are testing VOIP– 50% of Internet households interested in VoIP to save costs– About 1MM subscribers in each of US, Europe, and Asia– Vonage has 500K users and adds 15K/week (Jan 2005)
How VoIP Works
Main protocols: H.323, SIP VoIP can also work wirelessly through WLAN (802.11) Big boost with fiber optic to the home Peer-to-peer VoIP (Skype, Fring, Jaja, Viber) Desktop-based softphone
VoIP Potential Vulnerabilities Inherits most of the security issues of data networks
– Eavesdropping, impersonation, rerouting, denial-of-service, etc.
VoIP Potential Vulnerabilities Security became the greatest inhibitor to VoIP; more than budgets
• VoIP Security Alliance launched in Feb 2005, www.voipsa.org
Attacks on infrastructure– Denial of service is number one concern (e.g. 911 emergency call)– SPIT - Spamming of voice mailboxes (and phishing for information)– Breaking into PBXs to make calls– Stealing and spoofing phone numbers and calls– Viruses
Attacks on communication– Eavesdropping– Injection of voice (esp. for transcription)– Hijacking and rerouting calls– VoIP phising (vishing)– Traffic analysis – who is calling, when, how long, etc.
Users are 2x more concerned about attacks on infrastructure
VoIP security shall use same solutions as in data networks– But QoS demands real-time solutions (crypto-engine, tunneling…)– VoIP solutions integrating security solutions (e.g., gateways/firewalls)
Next Class
Guest Lectures
Attendance is required !