Download Document

Drošība / Security
Ievads
• Pašā sakumā datortīklus pamata izmantoja
universitātes pētnieki e-pasta rakstīšanai un
korporatīvie darbinieki printeru koplietošanai
• Tādos apstākļos par drošību daudz nedomāja...
• Tagad miljoni cilvēku izmanto Internetu, lai
•
•
•
Pārvaldīt banka rēķinus
Aizpildīt nodokļu deklarācijas
Iepirkties e-veikalos
• Līdz ar to problēma kļūst ļoti aktuāla!
Pakrāpēji
• Visvairāk drošības problēmas rādās ļaundarīgu
personu dēļ, kuri mēģina iegūt labumu sev, jeb
kaitēt citiem
• Pakrāpēju kategorijas:
•
•
•
•
Students - intereses pēc
Biznesmenis - uzzināt
konkurentu plānus
Afērists - nozagt kredītkaršu
numurus
Spiegs - nozagt pretinieka
militāru informāciju
Drošības problēmas
• Drošības problēmas var sadalīt četros apgabalos:
• Slepenums
• Lai informācija nenokļūtu pie ne-autorizēta lietotāja
• Autentifikācija
• Lietotāja identitātes noskaidrošana
• Saistību izpildīšanas stingrā nodrošināšana
• Digitālais paraksts
• Integritātes nodrošināšana
• Atklāt gadījumus, kad informācija ceļā ir modificēta
TCP/IP protokolu steks
• Tīklu drošība ir
tāds aspekts,
kurš aptver visus
TCP/IP modeļa
protokolu
līmeņus
IPsec
• A suite of protocols for securing Internet Protocol
(IP) communications by authenticating and/or
encrypting each IP packet in a data stream
• Operates at the network layer of the TCP/IP model
• For an application to use IPsec no code change is
required
• Mandatory part of IPv6 (mandatory to implement,
not mandatory to use), optional for use with IPv4
Informācijas drošības pamati
• Visos līmeņos (izņemot fizisko)
informācijas aizsardzība balstās uz
KRIPTOGRĀFIJAS
Kriptogrāfijas pamati
• Kriptogrāfija – no grieķu:
• κρυπτός
• γράφω
kryptós
gráfo
“noslēpts"
“rakstīt"
• Kriptogrāfijai ir gara un krāsaina vēsture
Kriptogrāfijas pamatjēdzieni
• Šifrēšana / Atšifrēšana
• Atklāts teksts  [šifrs]  Šifrēts teksts
• Šifrs – algoritmu pāris, ar kuriem var šifrēt/atšifrēt
• Atslēga – slepens (mainīgais) parametrs
• Kerkgofa (Kerckhoff) princips [1883]:
Šifrēšanas algoritmi ir atklāti,
tikai atslēgas ir slepenas
Kriptogrāfiskie algoritmi
• Kriptogrāfiskie algoritmi sadalās divās grupās:
• Algoritmi ar simetrisku atslēgu
• AES (Rjindael)
• DES (tripple-DES)
• RC4
• Algoritmi ar publisku atslēgu
• RSA
• Diffie-Hellman
Algoritmi ar simetrisku atslēgu
• Viena atslēga tiek izmantota gan šifrēšanai, gan
atšifrēšanai
• Sadalījums:
•
Stream ciphers
• Iešifrē ziņojuma bitus pa vienam
•
Block ciphers
• Iešifrē bitu blokus (64-256 biti vienā blokā)
• Priekšrocība: Strādā daudz ātrāk nekā publiskās
atslēgas algoritmi
• Trūkums: Atslēgas pārvaldība
AES (Rjindael)
• Advanced Encryption Standard:
Simetriskais bloku šifrs, kuru ASV valdība
izvēlējas par šifrēšanas standartu (2002)
• Aizvietoja DES algoritmu, kurš bija atzīts par
nedrošu
• Algoritma struktūra:
Substitūciju-permutāciju tīkls
• Bloka izmērs: 128 biti
• Atslēgas garums: 128, 192 vai 256 biti
AES vienas iterācijas soļi
1
3
2
4
http://en.wikipedia.org/wiki/Advanced_Encryption_Standard
Algoritmi ar publisku atslēgu
•
1976. gadā Stenfordas universitātes pētnieki Diffie un
Hellman piedāvāja radikāli jaunu kriptosistēmu –
šifrēšanas un atšifrēšanas atslēgas bija dažādas!
•
Publiskās atslēgas kriptogrāfijas pamata principi:
•
•
•
Šifrēšanas atslēga ir publiska
Atšifrēšanas atslēga ir privāta un to praktiski nevar
iegūt no publiskās atslēgas
Lietojumi:
•
•
Sazināšanas konfidencialitāte
Digitālais paraksts
Darbības principi
http://en.wikipedia.org/wiki/Public-key_cryptography
RSA
1. Izvēlēties divus lielus skaitļus p un q
2. Aprēķināt n=pq un z=(p-1)(q-1)
3. Izvēlēties skaitļi d, kas ar z ir savstarpēji
pirmskaitļi
4. Atrast tādu skaitļi e, lai de=1(mod z)
Lai iešifrēt ziņojumu P izmanto formulu:
C  P (mod n)
e
Lai atšifrēt atpakaļ:
P  C (mod n)
d
Digitālais paraksts
• Lai elektroniskie ziņojumi varētu aizvietot
fiziskus dokumentus ir nepieciešams atrisināt
paraksta jautājumu
• Ir vajadzīga tāda ziņojumu sūtīšanas sistēma, lai:
•
•
•
Saņēmējs varētu pārbaudīt sūtītāja personību
Sūtītājs vēlāk nevarētu noliegt ziņojuma saturu
Saņēmējs nevarētu vēlāk samainīt saņemtu ziņojumu
• Parasti digitāla paraksta algoritmi balstās uz
asimetriskās (publiskās atslēgas) kriptogrāfijas
Digitāla paraksta princips
• Šifrēšanas funkcija E un atšifrēšanas funkcija D
ar īpašībām:
• D(E(m))=m un E(D(m))=m
Digitāla paraksta shēma
•
Tipiski sastāv no trīs algoritmiem:
1. Atslēgu ģenerācijas algoritms, kas izveido
publisku atslēgu PK un privātu atslēgu SK
paraksta īpašniekam
2. Parakstīšanas algoritms:
•
3.
Paraksta verifikācijas algoritms:
•
•
S(m, SK)=k
V(m, PK, k)={true/false}
Digital Signature Algorithm (DSA):
ASV digitāla paraksta standarts (1991)
Message Digest
• Parasti nav nepieciešams šifrēt visu ziņojumu, bet
vajag tikai izveidot digitālu parakstu autora
autentifikācijas mērķim
• Ideja – izmantot neatgriezenisku heš-funkciju
•
•
Ieeja: patvaļīga garuma bitu virkne
Izeja: fiksēta garuma (128, 160) bitu virkne
Prasības ziņojuma profila funkcijai
Heš-funkciju MD sauc par ziņojuma profilu un tai ir
jāizpildās sekojošiem nosacījumiem:
1. Dotam tekstam P ir vienkārši aprēķināt MD(P)
2. Zinot MD(P) praktiski nav iespējams aprēķināt P
3. Dotam P praktiski nav iespējams atrast tādu P’,
lai MD(P)=MD (P’)
4. Pat viena bita izmaiņa ieejas virkne noved pie
ļoti atšķirīga rezultāta
Digitālais paraksts ar profila
izmantošanu
m - ziņojums
DA – Alises privātā atslēga
MD – ziņojuma profila (message digest) funkcija
Digitālais paraksts
http://gdp.globus.org/gt4-tutorial/singlehtml/progtutorial_0.2.1.html#id2563251
Message Digest algoritmi
Divi populāri heš-funkciju algoritmi:
• MD5 (Message-Digest algorithm 5)
•
•
•
•
Digest size: 128 bits
Designer: Ron Rivest, 1991
Internet standard
Widely used to check integrity of files
• SHA-1 (Secure Hash Algorithm)
•
•
Digest size: 160 bits
Applications: Digital Signature Algorithm, TLS/SSL,
PGP, SSH, S/MIME, and IPsec
Российские стандарты алгоритмов
• ГОСТ 28147-89 - советский и российский
стандарт симметричного шифрования,
введённый в 1990 году (КГБ)
• ГОСТ Р34.11-94 - процедура вычисления
хэш-функции, введён в 1995 году
• ГОСТ Р34.10-2001 - стандарт, описывающий
алгоритмы формирования и проверки
электронной цифровой подписи
Java Security
Platform Security
• The Java™ platform was designed with a strong
emphasis on security
• Core language features:
•
•
•
•
•
•
•
Strong data typing
Automatic memory management
Garbage collection
Range-checking on arrays
Access modifiers (public, protected, private)
Byte-code verification
Secure class loading
Java Security Technology
• Java security technology includes a large set of
APIs, tools, and implementations of commonly
used security algorithms, mechanisms, and
protocols
• cryptography
• public key infrastructure
• secure communication
• authentication
• access control
Basic Security Architecture
• Security APIs were designed around the
following principles
•
Implementation independence
• Applications do not need to implement security
themselves, they can request security services from the
Java platform via providers
•
Implementation interoperability
• Providers are interoperable across applications
•
Algorithm extensibility
• The Java platform includes a number of built-in
providers, supports the installation of custom providers
Security Providers
• Implementation independence is achieved using a
"provider"-based architecture
• Provider - a package or set of packages that
implement one or more security services
import java.security.*;
Provider[] providers =
Security.getProviders();
for (Provider p: providers){
System.out.println(p.toString());
}
Java 6.0
SUN version 1.6
SunRsaSign version 1.5
SunJSSE version 1.6
SunJCE version 1.6
SunJGSS version 1.0
SunSASL version 1.5
XMLDSig version 1.0
SunPCSC version 1.6
SunMSCAPI version 1.6
Cryptographic engines
•
Algorithm independence is achieved by defining
types of cryptographic "engines" (services)
•
An engine class provides the interface to a specific
type of cryptographic service, independent of a
particular cryptographic algorithm or provider
•
Examples:
•
•
•
•
SecureRandom
MessageDigest
Signature
Cipher
Listing provider services
Provider[] providers = Security.getProviders();
for (Provider p: providers){
System.out.println(p.toString());
Set<Service> services = p.getServices();
for (Service s: services){
System.out.println("
" + s.getType() +
" --> " + s.getAlgorithm());
}
}
SUN version 1.6 services
SUN version 1.6
SecureRandom --> SHA1PRNG
Signature --> SHA1withDSA
Signature --> NONEwithDSA
KeyPairGenerator --> DSA
MessageDigest --> MD2
MessageDigest --> MD5
MessageDigest --> SHA
MessageDigest --> SHA-256
MessageDigest --> SHA-384
MessageDigest --> SHA-512
AlgorithmParameterGenerator --> DSA
AlgorithmParameters --> DSA
KeyFactory --> DSA
CertificateFactory --> X.509
KeyStore --> JKS
KeyStore --> CaseExactJKS
Policy --> JavaPolicy
Configuration --> JavaLoginConfig
CertPathBuilder --> PKIX
CertPathValidator --> PKIX
CertStore --> LDAP
CertStore --> Collection
CertStore --> com.sun.security.IndexedCollection
Requesting service
• To use the JCA, an application
•
•
•
requests a particular type of object (such as a
MessageDigest)
and a particular algorithm or service (such as the
"MD5" algorithm)
and gets an implementation from one of the installed
providers
try {
MessageDigest md = MessageDigest.getInstance("MD5");
}
catch (NoSuchAlgorithmException e) {
// no such algorithm provided
}
Provider selection
md = MessageDigest.getInstance("MD5");
md = MessageDigest.getInstance("MD5", "ProviderC");
The SecureRandom Class
•
•
Provides the functionality of a Random Number
Generator
Produces cryptographically strong random numbers
SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
System.out.println("Int: " + random.nextInt());
System.out.println("Float: " + random.nextFloat());
System.out.println("Long: " + random.nextLong());
System.out.println("Boolean: " + random.nextBoolean());
Int: 256421598
Float: 0.63456607
Long: 7589616350181670704
Boolean: true
The MessageDigest Class
•
Designed to provide the functionality of
cryptographically secure message digests such as
SHA-1 or MD5
•
The MD5 algorithm produces a 16 byte digest, and
SHA-1's is 20 bytes
•
Message digests are used to produce unique and
reliable identifiers of data, sometimes called
"checksums" or the "digital fingerprints" of the data
Computing a MessageDigest object
MessageDigest sha = MessageDigest.getInstance("SHA-1");
byte[] i1 = "Hello World".getBytes();
sha.update(i1);
byte[] hash = sha.digest();
System.out.println((new BASE64Encoder()).encode(hash));
byte[] i2 = "Hello World!".getBytes();
sha.update(i2);
hash = sha.digest();
System.out.println((new BASE64Encoder()).encode(hash));
sha.update(i1);
hash = sha.digest();
System.out.println((new BASE64Encoder()).encode(hash));
Ck1VqNd45QIvq3AZd8XYQLvEhtA=
Lve95gjOVATpfV8EL5X4nxwjKHE=
Ck1VqNd45QIvq3AZd8XYQLvEhtA=
The Signature Class
• Provide the functionality of a cryptographic
digital signature algorithm such as DSA
Signature Object States
• Signature objects are modal objects
• Signature object is always in a given state, where
it may only do one type of operation
• The three states a Signature object may have are:
initSign()
SIGN
UNINITIALIZED
initVerify()
VERIFY
Generating a Pair of Keys
• First step is to generate public/private key pair
• All key pair generators share the concepts of a
keysize and a source of randomness
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DSA");
SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
keyGen.initialize(1024, random);
KeyPair pair = keyGen.generateKeyPair();
PrivateKey privateKey = pair.getPrivate();
PublicKey publicKey = pair.getPublic();
Generating/verifying a signature
byte[] data = "Data to be signed".getBytes();
// generating a signature
Signature dsaForSign = Signature.getInstance("SHA1withDSA");
dsaForSign.initSign(privateKey);
dsaForSign.update(data);
byte[] signature = dsaForSign.sign();
// verifying a signature
Signature dsaForVerify = Signature.getInstance("SHA1withDSA");
dsaForVerify.initVerify(publicKey);
dsaForVerify.update(data);
boolean verifies = dsaForVerify.verify(signature);
System.out.println("Signature verifies: " + verifies);
The Cipher Class
• Provides the functionality of a cryptographic
cipher used for encryption and decryption
for (String a: Security.getAlgorithms("Cipher")){
System.out.println(a);
}
ARCFOUR
PBEWITHMD5ANDDES
RC2
RSA
PBEWITHMD5ANDTRIPLEDES
PBEWITHSHA1ANDDESEDE
DESEDE
AESWRAP
AES
DES
DESEDEWRAP
RSA/ECB/PKCS1PADDING
PBEWITHSHA1ANDRC2_40
Using Encryption (AES)
// Generate AES key
KeyGenerator keygen = KeyGenerator.getInstance("AES");
SecretKey aesKey = keygen.generateKey();
// Initialize cipher object
Cipher aesCipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
aesCipher.init(Cipher.ENCRYPT_MODE, aesKey);
byte[] cleartext = "Data to be encoded".getBytes();
// Encrypt the cleartext
byte[] ciphertext = aesCipher.doFinal(cleartext);
// Initialize the same cipher for decryption
aesCipher.init(Cipher.DECRYPT_MODE, aesKey);
// Decrypt the ciphertext
byte[] cleartext1 = aesCipher.doFinal(ciphertext);
Encryption Exceptions
try {
// algorithm from previous slide
. . .
System.out.println("Cipher successful!");
}
catch (NoSuchAlgorithmException e1) {. . .}
catch (NoSuchPaddingException e2) {. . .}
catch (BadPaddingException e3) {. . .}
catch (InvalidKeyException e4) {. . .}
catch (IllegalBlockSizeException e5) {. . .}
HTTPS
HTTPS
• Hypertext Transfer Protocol Secure
• HTTP protokola paplašinājums, kas atbalsta
šifrēšanu
• Dati, kas tiek pārraidīti pa HTTP tiek “iepakoti”
kriptogrāfiskā protokolā SSL vai TLS, līdz ar ko
tiek nodrošināta aizsardzība
• Tiek izmantots URL prefikss https://
• Porta numurs pēc noklusējuma: 443
HTTPS
• Sistēmu izstrādāja Netscape Communications
Corporation, lai nodrošināt autentifikāciju un
šifrētu savienojumu
• HTTPS tiek plaši izmantots Web aplikāciju
pasaulē, kur ir svarīga savienojuma drošība,
piemērām, maksājumu sistēmās
• HTTPS aizsarga datus pārraides gaitā no slepus
noklausīšanas un "man-in-the-middle" tipa
uzbrukumiem
HTTPS
•
Stingri ņemot, HTTPS nav atsevišķs protokols:
HTTPS = HTTP + SSL/TLS
•
Lai sagatavot Web serveri HTTPS savienojumu
pieņemšanai administratoram ir jāizveido publiskas
atslēgas sertifikātu
•
HTTPS izmanto atslēgas garumu tikai 40, 56 vai 128
biti, kas ir nepietiekami
•
Līdz ar to nevajadzētu uzskatīt, ka HTTPS nodrošina
augstu drošības līmeni
SSL/TLS
SSL/TLS
• SSL = Secure Sockets Layer (first released in 1994)
• TLS = Transport Layer Security (first defined in 1999)
• TLS is the successor to the SSL
• A protocol that ensures privacy between
communicating applications and their users on the
Internet
• Provides secure communications for such things as
•
web browsing, e-mail, Internet faxing, instant
messaging and other data transfers
TLS authentication
• TLS provides endpoint authentication and
communications privacy over the Internet
• Typically, only the server is authenticated, while
the client remains unauthenticated
• So, the end users can be sure with whom they are
communicating
• The next level of security - both ends of the
"conversation" are authenticated 
mutual authentication
TLS phases
TLS involves three basic phases:
1. Peer negotiation for algorithm support
2. Key exchange and authentication
3. Symmetric cipher encryption and message
authentication
Typical algorithms could be:
•
•
Key exchange: RSA, Diffie-Hellman, DSA, SRP, PSK
Symmetric ciphers: RC4, Triple DES, AES or Camellia
Cryptographic hash function: HMAC-MD5 or HMAC-SHA
TLS Handshake (1/3)
•
A TLS client and server negotiate a stateful
connection by using a handshaking procedure
•
Aim: to agree on various parameters used to
establish the connection's security
1. Client connects to a TLS-enabled server
requesting a secure connection
2. Client presents a list of supported ciphers and
hash functions
TLS Handshake (2/3)
3. From this list, the server picks the strongest
cipher and hash function that it also supports and
notifies the client of the decision
4. The server sends back its identification in the
form of a digital certificate
•
•
•
the server name
the trusted certificate authority (CA)
the server's public encryption key
5. The client may confirm that the certificate is
authentic before proceeding
TLS Handshake (3/3)
6. Secure session key generation
• The client encrypts a random number with the
server's public key
• Sends the result to the server
• Only the server can decrypt it (with its private key)
7. From the random number, both parties generate
key material for encryption and decryption
This concludes the handshake and begins the secured
connection, which is encrypted and decrypted with
the key material until the connection closes
TLS
Handshake
Applications
• TLS runs on layers beneath application protocols
such as HTTP, FTP, SMTP, and above a reliable
transport protocol, such as TCP
• Visa, MasterCard, American Express and many
leading financial institutions have endorsed TLS
for commerce over the Internet
• TLS can also be used to tunnel an entire network
stack to create a VPN (Virtual Private Network)
OpenSSL
• The OpenSSL Project is a collaborative effort to
develop a
robust, commercial-grade, full-featured, and
Open Source
toolkit implementing the
•
•
Secure Sockets Layer (SSL v2/v3)
Transport Layer Security (TLS v1)
as well as a full-strength general purpose
cryptography library
http://www.openssl.org/
Java Platform Support
• Provides APIs and an implementation of the SSL
and TLS protocols that includes functionality for
•
•
•
•
data encryption
message integrity
server authentication
optional client authentication
• The javax.net.ssl.SSLSocket class
represents a network socket that encapsulates
SSL/TLS support on top of a normal stream
socket (java.net.Socket)
Piemērs: hanza.net
Piemērs: hanza.net sertifikāts (IE)
Piemērs: digi.parex.lv sertifikāts
(Firefox)
Authentication
in Java
Definitions
• Authentication is the process of
determining the identity of a user
• Authorization is the process of giving user
permission to do or have something
• Logically, authorization is preceded by
authentication
JAAS
• Java™ Authentication and Authorization Service:
Authentication and user-based access control
services in Java
• JAAS can be used for two purposes:
•
for authentication of users, to reliably and securely
determine who is currently executing Java code
•
for authorization of users to ensure they have the
access control rights (permissions) required to do the
actions performed
Authentication in Java
JAAS authentication is performed in a
pluggable fashion
pluggable login modules
Authentication mechanics
• Applications call into the LoginContext class,
which in turn references a configuration
import javax.security.auth.login.*;
LoginContext lc =
new LoginContext(<config file entry name>,
<CallbackHandler to be used for user interaction>);
lc.logn();
• The configuration specifies which login module
•
an implementation of the interface
javax.security.auth.spi.LoginModule
is to be used to perform the actual authentication
Built-in login modules
• The Java platform provides the following built-in
LoginModules:
• Krb5LoginModule
for authentication using Kerberos protocols
• JndiLoginModule
for username/password authentication using LDAP
or NIS databases
• KeyStoreLoginModule
for logging into any type of key store, including a
PKCS#11 token key store
The Login Configuration
•
A login configuration file consists of one or more
entries, each specifying which underlying
authentication technology should be used
<name used by application to refer to this entry> {
<LoginModule> <flag> <LoginModule options>;
<optional additional LoginModules, flags and options>;
};
LoginDomain {
sample.SampleLoginModule required debug=true;
com.sun.security.auth.module.NTLoginModule sufficient;
com.foo.Kerberos optional debug=true;
};
Specifying login config file
• The configuration file to be used can be specified
by setting java.security.auth.login.config
system property
• As a command line argument:
java -Djava.security.auth.login.config==login.config
• In program code:
System.getProperties().setProperty(
"java.security.auth.login.config",
"login.config");
Let’s make
secured
applications!
References
• Java™ Security Overview
http://java.sun.com/javase/6/docs/technotes/guides/s
ecurity/overview/jsoverview.html
• Java ™ Cryptography Architecture (JCA)
Reference Guide
http://java.sun.com/javase/6/docs/technotes/guides/s
ecurity/crypto/CryptoSpec.html
• Book “Java Security”
http://www.unix.org.ua/orelly/javaent/security/index.htm