Académique Documents
Professionnel Documents
Culture Documents
Security Primer
Sameh El Naggar
1
Security Primer
Presentation contents
Technical Security Issues Presentation Focus
Cryptography Symmetric Key Non-Symmetric (Public Key)
Public Key distribution and integrity PKI and certificates
Encryption (Privacy)
Authentication Integrity Non-repudiation Security Protocols Authorization Availability Auditing Establishing Trust Managing Risk
Authentication
Kerberos Certificates Message Integrity Hashes and message digests Security Protocols How they work SSL, etc
If Security is compromised?
The Army General Stock Broker Contract
I said attack, not retreat!! Client: I said sell at 11am not at 2 PM, broker disagrees,
how will the judge decide?
The contract was for 4 million not 2 million Dollars Who has the electronic contracts and receipts? They already used my card to the maximum limit. I couldnt
use it for my emergency
Credit Card
Cryptography was used by the Romans hiding troop movements using Ciphers (sticks).
All encrypted messages must contain some redundancy Some measure must be taken to prevent active intruders from playing back old
messages, time stamps and nonces are some solutions.
Modern Cryptography
Uses the same basic ideas as traditional Cryptography, transpositions and substitution,
but with a different emphasis:
Traditional cryptography uses simple algorithms and long keys Modern cryptography relies on complex and convoluted encryption algorithms A P-box is a device that effects a transposition on an 8 bit input (10011011->01011101) An S-box does Substitution, a 3 bit plain text is entered, a 3 bit cipher text is output An S-box has a 3-8 bit decoder, a P-box, then an 8 to 3 encoder (01234567 -> 24506713) A Product Cipher is when we cascade a whole series of these S-boxes By cascading a sufficient number of stages in the product cipher, the output can be made to be an exceedingly complicated function of the input 6
Modern Algorithms
Asymmetric Algorithms:
RSA (Rivest, Shamir & Adelman) from MIT patented by RSA 1977
Based on the difficulty of factoring large numbers, see Appendix Well suited for Encryption and digital signatures No requirement to use a particular hash algorithm for RSA signatures
secure Asymmetric is slower than Symmetric but more secure Asymmetric is less efficient to use for encrypting a message to be sent to multiple recipients, because each has to be encrypted with the receivers public key
10
11
message) is sent with the message. The digest is a fixed size (e.g. 128 bits) Receiver: the same hash function is applied to the message at the receiving end to calculate the 128 bit digest. This digest is compared with the one sent, if they match the message has not been tampered with
Properties of Message Digest Algorithms Input is of variable length, output is a considerably smaller fixed-
length size (e.g.128 bits, 160 bits or more) It is impossible to determine the original message from the digest, this is known as a one way function Algorithms should be relatively simple and non-CPU intensive Where are message digests used Digital signatures for non repudiation and trusts Integrity In Challenge response protocols where we send encrypted hashed passwords across the network, not in the clear.
12
Most Common Message Digest Algorithms: MD5 Rivest 1992, generates a 128 bit digest, used on the internet SHA-1 (Secure Hash Algorithm-1) developed by NSA and blessed by NIST
Generates a 160 bit message digest which is more secure than MD5, but slower It is a government standard used by companies dealing with the government
MAC (Symmetric Message Authentication codes) use symmetric key Keyed Hashing - Hash a shared secret key along with the message HMAC special kind of keyed Hashing (keyed hash inside a keyed hash)
HMAC-SHA, HMAC-MD5
Example: All message authentication in IPsec uses HMACs
13
14
15
Client Certificates
Certificate Format: X.509 v3 is the most widely used, it contains Version, Serial#, Algorithm identifier, Issuer, Period of validity, Subject (user
name), Subjects public key, the CA signature
2. Proprietary (e.g. implement Microsoft Certificate Server) 3. Mixing 1 and 2 above in a Hierarchy, trees of trusts, or using Cross
Certification. In a hierarchy you can follow the tree up to the root CA. Every certificate is signed by a higher certificate Authority in the hierarchy. The root CA has to be trusted because it signs its own Certificates at the top
Certificate Administration: Certificate disposition Tools to monitor and log the certificates issued,
denied, or pending further investigation Revoking Certificates; maintain and publish Certificate Revocation List
17
Layer 2 Tunneling Protocol (L2TP) ..combines the best of PPTP and a Cisco protocol Internet Protocol Security (IPsec): by IETF (secure tunneling using IP layer security)
18
4. Client asks server again to prove that it is the server it claims ( Barnes & Noble), 5. 6. 7.
because the certificate received by client could be hacked. Server sends its digital signature, which is a random block of data plus a message digest of this data encrypted with the servers private key Client verifies that the server is Barnes and Noble by recalculating the message digest sent in step 5, decrypting the digital signature and checking for a match between the calculated and sent digests. Client now generates a random secret key (session key), encrypts it with the Servers public key obtained from the Server Certificate and sends it to server Only the server can decode this session key because it can only be done by the servers private key. This shows how important to protect the private key Server sends an encrypted message (now using the shared session key obtained in step 8). Only the client now can decipher it. Communications then continues securely (encrypted) using the shared session key, only known to the client and server. Credit card information is sent etc
19
8.
9. 10.
Availability
There is no point in securing systems from external attacks that
really dont need attacks, they fail so often every now and then!! Data could be lost that way also
20
Same Computer, firewall protected Network, the Internet are examples of zones Each security zone can be set to one of the following security levels (Internet explorer)
Low automatically invokes any executable content Medium warns us before invoking any damaging content High excludes all content that can damage our computer Custom allows us to set various individual security settings
Privacy
Profiling
Very sophisticated tools to create reports about your activities on web and proxy servers Cookies Small item of coded information stored on the client from the server Should be stored in a defined area (4K) and cannot be executed Stealth cookies (example Double Click ) A user visiting a group of sites, could be redirected to a master site that can read the
single cookie shared by all these Microsoft sites (Microsoft site, MSNBC, MSN, hotmail, Expedia Travel, Internet Gaming Zone etc), redirect the user back to the site and passes the user identifier in the URL A good example of user activity tracking is Double Click Ad Network
21
22
Managing Risk
Assessing the risk
What to protect and from whom Analyzing the worst possible security breaches and costs Choose a security strategy depending on usability and cost (financial and
tangible)
Users and their responsibilities Access restrictions (Authorization) Procedures for backups and other maintenance operations Procedures to handle security violation incidents Procedures for handling audit logs Password policy Procedures to guarantee privacy of information Rules and regulations to download software from internet or intranet Physical security guidelines Implementing Firewalls and/or proxy servers Virus Protection Policy Continual Analysis of Risk involved Security mechanisms should be kept up to date with latest technologies There is always new types of attacks, brute force and others Use higher levels of encryption if necessary
23