Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
One-time pad wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Authentication wikipedia , lookup
Mobile security wikipedia , lookup
Cryptography wikipedia , lookup
Web of trust wikipedia , lookup
Cryptanalysis wikipedia , lookup
Post-quantum cryptography wikipedia , lookup
Quantum key distribution wikipedia , lookup
Certificate authority wikipedia , lookup
EE579T Network Security 4: Authentication, Encryption, and VPN’s Prof. Richard A. Stanley Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T/4 #1 Thought for the Day “Never attribute to a conspiracy that which can be explained by incompetence.” Judge Larry Silberman Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T/4 #2 Overview of Tonight’s Class • • • • • • Review last week’s lesson Look at network security in the news Course project discussion Encryption overview Authentication Virtual Private Networks Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T/4 #3 Last Week... • Attacking the network topology is basic, and not limited to the the network media • Firewalls can be a useful security tool – Control access to/from network segments – Filter traffic by type, source/destination, content – Provide logs of activity • Firewalls are not a panacea, and can even be dangerous if not properly configured Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T/4 #4 Network Security Last Week-1 • World Economic Forum security breach – 161MBS of data totaling 80,000 pages of text and tables in Excel spreadsheets – 27,000 names of current and prior WEF participants with detailed private data Personal data on prominent WEF participants – 1400 credit card numbers with the names and sometimes with spouses' names included – 3200 WEF participants' travel intermarry data including hotel names, room numbers, and arrival and departure details – User passwords for all participants on the WEF Davos information system Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T/4 #5 Network Security Last Week- 2 • WEF security breach (continued) – Hackers approached newspapers with secret data, later verified as correct – Persons involved include Yasser Arafat, Bill Gates, Madeline Albright – Possible link to anti-globalization hacktivism? – Crime or prank? Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T/4 #6 Network Security Last Week- 3 • Wireless LAN security breached – Wired Equivalent Privacy algorithm broken – Altered equipment can be used to intercept or disrupt legitimate networks • Acer, Compaq introduce notebook computers with fingerprint scanners • Personalization Consortium releases new privacy guidelines (voluntary) Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T/4 #7 Course Projects • • • • • Teams Topics Schedule What’s expected Issues Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T/4 #8 Access Control • Determines and monitors who can do what with what in the computer • Is much more than establishing a physical perimeter around the computer • Can be achieved without a physical perimeter • Is a vulnerable link if not protected Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T/4 #9 Subjects and Objects • • • • Remember your English grammar Subjects act Objects are acted upon These roles are not graven in stone – If you hit the ball, you are the subject – If the ball hits you, you are the object • It is just the same in computer science Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T/4 #10 Access Control Model Subject Reference Monitor Request Object Any of these points is a vulnerability. How to protect? Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T/4 #11 NIC’s • All network segment packets are potentially visible to the NIC • The NIC is set (by software) to respond only to packets addressed to itself • If it is set in promiscuous mode, it will trap ALL packets • Packet payloads are in plain text • Is there a potential problem here? Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T/4 #12 Encryption Primer • • • • • Cryptography = “secret writing” Input = clear text Output = cipher text Cipher text = clear text + key (in general) Two basic types of cipher – Secret (symmetric) key – Public (asymmetric) key Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T/4 #13 Encryption • A means for rendering plain language text (cleartext) into recoverable gibberish (ciphertext) • Only ONE provably secure cryptosystem – One-time pad – Secure even if pad or operator captured – BUT…errors can lead to decryption – http://www.cia.gov/csi/books/venona/preface.htm Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T/4 #14 Why Use Anything Except Onetime Pads? • • • • • Speed of encipherment Letters vs. numbers Logistics Usability Error rates Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T/4 #15 Symmetric Ciphers • Same code at each end • Important that message length < cipher length • Billions of combinations possible • Codes changed frequently • Each circuit requires a code pair Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T/4 #16 Enigma Perhaps the most famous cipher machine in history. This is an early model. Later versions had as many as five rotors. Enigma was a tactical machine-designed for battlefield use. Even today, Enigma would provide excellent security…IF no errors occurred on the part of the operators. Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T/4 #17 Sigaba Similar in theory to Enigma. Designed for strategic (fixed station) use; note direct punching of teletypewriter paper tape for transmission. Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T/4 #18 Cipher Example (Vernam) • Encipher • Decipher • Plain: 001 010 011 100 • +key: 111 011 010 101 • Cipher: 110 001 001 001 • Cipher: 110 001 001 001 • +key: 111 011 010 101 • Plain: 001 010 011 100 The ciphertext is simply the plain text added to the key, modulo 2. This is a reversible process, as seen above. Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T/4 #19 Breaking Symmetric Ciphers • Brute force – Inelegant, but sometimes effective if enough computing power can be brought to bear – If cipher is complex enough, this doesn’t work • Exploit errors – Same message enciphered in two codes – Plaintext attack – Exploit operator errors Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T/4 #20 Asymmetric Ciphers • Also known as public key cryptography • Until Diffie-Hellman, this concept was heretical. It is still counterintuitive. • Key has two parts – Public: everybody knows or can know – Private: only holder knows • Based on large prime numbers Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T/4 #21 Brute Force Attacks on PK Systems Assume a number N, having L decimal digits (N@10L). Now posit a computer capable of 1010 divisions/second. The computer can factor any N, using the trial division method, in approximately N0.5/1010 seconds. If N has 100 digits, this process will require approximately 1040 seconds. However, the currently estimated age of the Universe is approximately 3.8 x 1017 seconds. Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T/4 #22 Public Key Cryptography Alice Bob Bob’s private key Bob’s public key Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T/4 #23 Curious Public Key Properties • The encryption function is one-way • The encryption process is fungible – Can encrypt with public key and decrypt with private key, and vice versa • So what? – How about using this approach to sign documents? – Can a signed document be used for authentication? Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T/4 #24 Crypto Weaknesses • All cryptosystems depend on the security of the key for their security – If a symmetric system, he who has the key reads the mail – Asymmetric systems rely on the private remaining private. How good an assumption is this? • Attacks on assumptions work better than attacks on the front door Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T/4 #25 Cryptography • Many ways to combine clear text and key; all are functionally equivalent (but NOT equivalent in other ways) • Key things to know for computer security purposes are: – Cryptography is not a panacea – Two-way functions are potential problems – Key management is a difficult problem Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T/4 #26 Identification • Not as simple as it seems – Who are you? – Can you prove it? – How? • Now--how can I prove you are who you purport to be? Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T/4 #27 Identification & Authentication • Identification – A unique entity descriptor • Authentication – verifying the claimed identification These are two sides of the same coin, but they are NOT the same thing Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T/4 #28 Means of Identification • • • • Password Physical key Token Biometric Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T/4 #29 Authentication • Validates you are who you claim to be – – – – – Something you know Something you have Who you are What you do Where you are • An intruder who has the authentication keys looks just like the real user! Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T/4 #30 Something You Know • Password • PIN • Some other piece of information (e.g. your mother’s maiden name -- very popular) • NB: anyone who obtains this information is -- so far as the computer knows -- you. Is there a problem here? Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T/4 #31 Something You Have • Physical token – – – – Physical key Magnetic card Smart card Calculator • What if you lose it? Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T/4 #32 Who You Are • Biometrics – – – – – Fingerprints Face geometry Voiceprints Retinal scanning Hand geometry • False positives, negatives • User acceptance Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T/4 #33 What You Do • Mechanical tasks – Signature (pressure, speed) – Joystick • False positives, negatives • Potential for forgery, etc. Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T/4 #34 Where You Are • Limit use by user location • Vet location by GPS, etc. • Reliability, dependability, complexity Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T/4 #35 I See You, Can You See Me? • Passwords and authentication can do a decent job of identifying the user to the computer if they are closely coupled • How does the user know who he/she is connected to? • Why does the user care? Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T/4 #36 Authentication of the Computer • Public key infrastructure • Digital certificates – Certificate authority – Certificate revocation • Is it foolproof? • Is it legal? Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T/4 #37 Networked Systems Security • Users not necessarily registered at the node they are accessing – How to authenticate users? – What is basis for access control decisions? • Some options: – User ID – User address – Service being invoked Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T/4 #38 User Identity Checking • Unix approach for remote services – ftp, telnet • How do user rights travel with the user? – Local vs. remote nodes – Labeling inconsistencies – Write vs. read • What about trusted hosts? Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T/4 #39 Controlled Invocation • Program typically given user’s access rights and then run on remote node – This is called delegation – Is there a problem here? • More desirable to delegate rights selectively – Proxy servers often used for this – Proxy runs with its own rights Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T/4 #40 System Design Decisions • • • • • Focus of control: data, operations, users Security layer: where should it be? Simplicity versus feature-rich Enforcement: central vs. distributed? Protection: how to keep attacker from lower levels? Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T/4 #41 Security Enforcement • Where is a user authenticated? – Centrally? • Authentication servers • Ticket-granting servers – Locally? • Firewalls • Where are access control decisions made? Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T/4 #42 Authentication • Kerberos – Q: Who is/was Kerberos? – A: The three-headed dog that guards the entrance to Hell (also Cerberus) – www.web.mit.edu/kerberos/www/ • Distributed System Security alternatives • Personal security tokens Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T/4 #43 Kerberos Components • • • • Users (of course!) Kerberos Authentication Server (KAS) Ticket-granting Server (TGS) Strong cryptography – Triple DES Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T/4 #44 How Does Kerberos Work? • Example: Alice desires to establish a secure authenticated session with Bob • Step 1: Alice logs onto her local host, entering user ID and password, and requests service from a TGS – Message 1 generated from Alice to TGS – Contains ID, TGS name, ticket expiry, nonce – Sent in cleartext Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T/4 #45 Kerberos Protocol TGS KAS Alice Bob 1 Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T/4 #46 Step Two • KAS generates a message back to Alice – Contents • Session key • Ticket • Nonce (another one from what Alice sent) – Contents encrypted with Alice’s secret key (which is known to her and the KAS) Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T/4 #47 Kerberos Protocol TGS 2 KAS Alice Bob 1 Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T/4 #48 Step Three • Alice creates an authenticator – Alice’s ID – Creation time – Encrypted with session key from KAS • Sends authenticator, ticket, requested expiry date, another nonce, name of service requested to TGS • Encrypted with KAS, TGS secret key Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T/4 #49 Kerberos Protocol TGS 3 2 KAS Alice Bob 1 Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T/4 #50 Step Four • TGS generates session key to use with Alice • TGS sends session key for use with Bob and a ticket to use with Bob back to Alice – Encrypted with session key between Alice and TGS • Alice stores the encrypted ticket and decrypts the new session key to use with Bob Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T/4 #51 Kerberos Protocol TGS 3 4 2 KAS Alice Bob 1 Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T/4 #52 Step Five • Alice asks Bob for an authenticated session – Sends ticket, new authenticator using the session key between Alice and Bob • Bob decrypts the ticket (secret key w/TGS) – – – – Checks validity (has it expired?) Obtains session key Decrypts authenticator from Alice Verifies time stamp Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T/4 #53 Kerberos Protocol TGS 3 4 2 KAS 5 Alice Bob 1 Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T/4 #54 Step Six, and Last • Bob sends message to Alice – Contains last time stamp received – Encrypted with session key for Bob & Alice • Alice decrypts the time stamp and compares it to her own time stamp • If time stamps match, Bob is authenticated, and session proceeds Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T/4 #55 Kerberos Protocol TGS 3 4 2 KAS 5 Alice Bob 6 1 Authenticated Session Now Established! Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T/4 #56 Distributed System Security Architecture • • • • Originally developed at DEC Several variations on the theme Uses credentials, certificates, and tokens Certificate entities – Certificate Authority (CA) • issues certificates, can be off-line – Certificate Distribution Center (CDC) • stores certificates, must be on-line for authentication Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T/4 #57 DSSA: Before We Begin • Users obtain digital certificates – Based on public key technology – Certificate contains user name, public key, name of the CA, expiry date, and other details that may be desired – Certificate purports to identify the user; this is attested to by the CA – Certificate binds public key to the user Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T/4 #58 DSSA: Step One • Alice asks the CDC for Bob’s certificate CDC 1 Bob Alice Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T/4 #59 DSSA: Step Two • CDC sends Alice Bob’s certificate CDC 1 2 Bob Alice Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T/4 #60 DSSA: Step Three • Alice verifies Bob’s public key, generates session key, sends authenticator+signed ticket+delegator to Bob CDC 1 2 3 Bob Alice Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T/4 #61 DSSA: Step Four • Bob asks CDC for Alice’s certificate CDC 1 4 2 3 Bob Alice Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T/4 #62 DSSA: Step Six • Bob authenticates Alice’s public key using her certificate, retrieves session key, verifies times, etc., and sends Alice an authenticator CDC 5 1 4 2 3 Bob Alice 6 Authenticated Session Now Established! Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T/4 #63 Some Authentication Issues • Certificate revocation list • Time synchronization • How do you trust the CA? – Digital notaries • Standards – X.509 predominates, but not only one (e.g., PGP) Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T/4 #64 Personal Cryptographic Tokens • Smart cards, loading keys, etc. • How do you bind the user to the token? – If the token is stolen, I become you without hard binding – If the binding is too hard to use, the user won’t use it • Other issues? Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T/4 #65 Virtual Private Network • • • • Authenticated, encrypted, communications channel …across some kind of public network, such as the Internet, which is itself possibly not secure • BUT..we don’t care if the public network is secure or not! Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T/4 #66 VPN Prerequisites • Each site must have a VPN-capable device at the network perimeter • Each site must know the other site’s IP subnet addresses • Both sites must agree on authentication • Both sites must agree on encryption and exchange keys as needed Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T/4 #67 VPN Example Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T/4 #68 Adequate Encryption • How sensitive is the data? • How long must it be kept secret? – Work factor • What is the impact of its compromise weighed against the cost of encryption (i.e. what is the cost/benefit ration?) Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T/4 #69 Summary • Authentication is critical to achieving network security, and is harder because the user is at a distance from the computer • Encryption is key to authentication – Symmetric – Asymmetric • VPN’s provide a way to create a private “tunnel” through a public network – Not a panacea Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T/4 #70 Homework - 1 1. Write an essay of 500-1000 words on the strengths and weaknesses of public key encryption. 2. Research the basic standards for public key encryption. What are they? Where can they be found? Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T/4 #71 Homework - 2 3. Compare and contrast public and private key cryptography for achieving network security. How would you use private key crypto to distribute public keys? 4. Refer to Figure 10.5 of the text. Describe the passage of a packet from machine 192.168.1.23 to 192.168.3.3. Be specific as to what happens at boundaries. Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T/4 #72 Homework - 3 5. Conduct your own research as to the availability and price of network sniffers for Windows-based computers. Do not run these on any network without written permission of the network administrator! What is your assessment of the security of your network based on your findings? Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T/4 #73 Assignment for Next Week • Plan for project teaming • Next week’s topic: HTTP and All That Jazz! Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T/4 #74