1 / 79

Security

Security. Echelon in Action. Enercon GmbH develops a new type of wind energy generator ... Shortly afterwards, US company Kennetech files a patent for identical technology in the US ... Kennetech obtained a court order preventing Enercon from operating in the US

damara
Download Presentation

Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security

  2. Echelon in Action • Enercon GmbH develops a new type of wind energy generator ... • Shortly afterwards, US company Kennetech files a patent for identical technology in the US ... • Kennetech obtained a court order preventing Enercon from operating in the US • Loss to Enercon: 100 million DM, 300 jobs

  3. Other Typical Echelon Uses • Aiding transfer of $200M Indonesian deal from NEC to AT&T • Forwarding details of Thomson­CSF deal in Brazil to Raytheon • Obtaining Japanese research on advanced automobiles for Ford, GM, and Chrysler

  4. Other Typical Echelon Uses • Providing information to US negotiators facing Japanese car companies in trade dispute • Intercepting Mexican trade representatives during NAFTA negotiations • Intercepting Canadian negotiations for sale of 3 reactors to South Korea • Monitoring activities of Robert Maxwell

  5. Security Requirements • Confidentiality • Protection from disclosure to unauthorised persons • Integrity • Maintaining data consistency • Authentication • Assurance of identity of person or originator of data • Non­repudiation • Originator of communications can't deny it later

  6. Security Requirements • Availability • Legitimate users have access when they need it • Access control • Unauthorised users are kept out • These are often combined • User authentication for access control purposes • Non­repudiation combined with authentication

  7. Security Threats • Information disclosure/information leakage • Integrity violation • Masquerading • Denial of service • Illegitimate use • Generic threat: Backdoors, trojan horses, insider attacks

  8. Most Internet security problems are access control or authentication ones • Denial of service is also popular, but mostly an annoyance • Security problems in dedicated systems not yet widespread, but prevention is better than cure ...

  9. Attack types • Passive attack • can only observe communications or data • Active attack • can actively modify communications or data • very difficult, but very effective • Mail forgery & modification • TCP/IP spoofing, session hijacking

  10. Security Mechanisms • Three basic building blocks are used: • Encryption is used to provide confidentiality, can provide authentication and integrity protection • Digital signatures are used to provide authentication, integrity protection, and non­repudiation • Checksums/hash algorithms are used to provide integrity protection, can provide authentication • One or more security mechanisms are combined to provide a security service

  11. Services, Mechanisms, Algorithms • A typical security protocol provides one or more services • Services are built from mechanisms • Mechanisms are implemented with algorithms protocol Services mechanisms signatures encryption hashing algorithms DSA RSA RSA DES SHA1 MD5

  12. Conventional encryption • Uses shared key • Problem of secure communication of large message in secret reduced to one of small key • Alternative: key agreement Anasdkjadiuer dsflkjdflkjwqpweur asdkljasldj234 ads;fklkjlrq elkjsdfjlsdfp sdlkfjsldjf Anasdkjadiuer dsflkjdflkjwqpweur asdkljasldj234 ads;fklkjlrq elkjsdfjlsdfp sdlkfjsldjf A clear text message must be sent to somewhere else without anybody being able to read it. This is done through encryption A clear text message must be sent to somewhere else without anybody being able to read it. This is done through encryption

  13. Public key encryption • Uses matched public/private key pairs • Anyone can encrypt with he public key, only one person can decrypt with private key Anasdkjadiuer dsflkjdflkjwqpweur asdkljasldj234 ads;fklkjlrq elkjsdfjlsdfp sdlkfjsldjf Anasdkjadiuer dsflkjdflkjwqpweur asdkljasldj234 ads;fklkjlrq elkjsdfjlsdfp sdlkfjsldjf A clear text message must be sent to somewhere else without anybody being able to read it. This is done through encryption A clear text message must be sent to somewhere else without anybody being able to read it. This is done through encryption Public key Private key

  14. Public key encryption • How can you use two different keys? • One is the inverse of the other: key1 = 3, key2 = 1/3, message M = 4 Encryption: Ciphertext C = M × key1 = 4 × 3 = 12 Decryption: Plaintext M = C × key2 = 12 × 1/3 = 4 • One key is published, one is kept private public­key crytopgraphy

  15. Example: RSA n, e = public key, n = product of two primes p and q d = private key e . d = 1 mod((p-1)(q-1)) Encryption: C = M e mod n Decryption: M = C d mod n p, q = 5, 7 n = p × q = 35 e = 5 5.d = 1 mod 24, thus d = 5

  16. message M = 4 Encryption C = 4 5 mod 35 = 9 Decryption M = 9 5 mod 35 = 9049 mod 35 = 4

  17. Hash function • Unique fingerprint for a message • Anyone can modify message and generate new hash A clear text message must be sent to somewhere else without anybody being able to read it. This is done through encryption A clear text message must be sent to somewhere else without anybody being able to read it. This is done through encryption Hash Message hash

  18. Hash function • Map variable­length input to fixed­length output • Requirements • Can't deduce input from output • Can't generate a given output (CRC fails this requirement) • Can't find two inputs which produce the same output (CRC also fails this requirement) • Used to • Produce fixed­length fingerprint of arbitrary­length data • Produce data checksums to enable detection of modifications • Distill passwords down to fixed­length encryption keys • Also called message digests or fingerprints

  19. MAC • Message Authentication Code: add a password/key to hashcode • Only owner of key can generate MAC A clear text message must be sent to somewhere else without anybody being able to read it. This is done through encryption A clear text message must be sent to somewhere else without anybody being able to read it. This is done through encryption MAC Message MAC

  20. MAC • Hash algorithm + key to make hash value dependant on the key • Most common form is HMAC (hash MAC) hash( key, hash( key, data )) • Key affects both start and end of hashing process MD2, MD4, MD5: various weaknesses, 128 bits SHA-1: designed by NSA, 160 bits RIPEMD-160: 160 bits HMAC-SHA: SHA-1 turned into MAC

  21. Digital signatures • Combines hash with digital signature algorithm A clear text message must be sent to somewhere else without anybody being able to read it. This is done through encryption A clear text message must be sent to somewhere else without anybody being able to read it. This is done through encryption Hash sign signature Message hash Sender’s private key

  22. Digital signatures • Signature checking A clear text message must be sent to somewhere else without anybody being able to read it. This is done through encryption Hash ? Verify signature Sender’s public key

  23. Message/data encryption • Combines conventional and pblic-key encryption Recipient’s public key Session key Encrypted session key encrypt A clear text message must be sent to somewhere else without anybody being able to read it. This is done through encryptionC A clear text message must be sent to somewhere else without anybody being able to read it. This is done through encryption encrypt

  24. Message/data encryption • Public key encryption provides secure channel for excahnging conventional keys Recipient’s private key Session key Encrypted session key decrypt A clear text message must be sent to somewhere else without anybody being able to read it. This is done through encryptionC A clear text message must be sent to somewhere else without anybody being able to read it. This is done through encryption decrypt

  25. Historical Ciphers • Nonstandard hieroglyphics, 1900BC • Atbash cipher (Old Testament, reversed Hebrew alphabet, 600BC) • Caesar cipher: letter = letter + 3 `fish' `ilvk' • rot13: Add 13/swap alphabet halves • Usenet convention used to hide possibly offensive jokes • Applying it twice restores original text

  26. Substitution Ciphers • Simple substitution cipher: • a = p, b = m, c = f, ... • Break via letter frequency analysis • Polyalphabetic substitution cipher 1. a = p, b = m, c = f, ... 2. a = l, b = t, c = a, ... 3. a = f, b = x, c = p, ... • Break by decomposing into individual alphabets, then solve as simple substitution

  27. One­time Pad (1917) • OTP isunbreakable provided • Pad is never reused • Unpredictable random numbers are used (physical sources, eg radioactive decay) Message s e c r e t 18 5 3 17 5 19 OTP + 15 8 1 12 19 5 7 13 4 3 24 24 g m d c x x

  28. Used by • Russian spies • The Washington­Moscow “hot line” • CIA covert operations • Many “snake oil” algorithms claim unbreakability by claiming to be a OTP • Pseudo­OTP's give pseudo­security • Cipher machines attempted to create approximations to OTP's, first mechanically, then electronically

  29. Cipher machines (~1920) • Basic component: wired rotor • simple substitution • Step rotor after each letter • polyalphabetic substitution, period 26 Q A

  30. C A Cipher machines • Chain multiple rotors • each rotor steps the next after a full turn

  31. Cipher machines • 2 rotors: period is 26 x 26 = 676 • 3 rotors: period is 26 x 26 x 26 = 17576 • Key: • rotor wiring • start position

  32. Famous rotor machines • US: Converter M­209 • UK: TYPEX • Japan: Red, Purple • Germany: Enigma

  33. Enigma secure if used properly • Use of predictable openings: ”Mein Fuehrer! …” “Nothing to report” • Use of the same key over an extended period • Encryption of the same message with old (compromised) and new keys • Device treated as a magic black box, a mistake still made today • Inventors believed it was infallible

  34. Stream ciphers • Binary pad (keystream) use XOR instead of addition • plaintext 1 0 0 1 0 1 1 • keystream 0 1 0 1 1 0 1 • ciphertext 1 1 0 0 1 1 0 • keystream 0 1 0 1 1 0 1 • plaintext 1 0 0 1 0 1 1

  35. Stream Ciphers (ctd) • Using the keystream and ciphertext, we can recover the plaintext • Using the plaintext and ciphertext, we can recover the keystream • Using two ciphertexts from the same keystream, we can recover the XOR of the plaintexts • Any two components of an XOR­based encryption will recover the third • Never reuse a key with a stream cipher • Better still, never use a stream cipher

  36. Stream Ciphers (ctd) • Vulnerable to bit-flipping attacks plaintext: QT-TRNSFER USD $000010,00 FRM ACCNT 12345-67 TO ciphertext: aMz0rspLtxMfpUn7UxOrtLm42ZuweeM0qaPtI7wEptAnxfL 00101101 00101100 ciphertext: aMz0rspLtxMfpUn7TxOrtLm42ZuweeM0qaPtI7wEptAnxfL plaintext: QT-TRNSFER USD $10010,00 FRM ACCNT 12345-67 TO

  37. RC4 • Stream cipher optimised for fast software implementation • 2048­bit key • Former trade secret of RSADSI, reverse­engineered and posted to the net in 1994 while( length­­ ) { x++; sx = state[ x ]; y += sx; sy = state[ y ]; state[ y ] = sx; state[ x ] = sy; *data++ ^= state[ ( sx+sy ) & 0xFF ]; }

  38. RC4 • Extremely fast • Used in SSL (Netscape, MSIE), Lotus Notes, Windows password encryption, MS Access, Adobe Acrobat, MS PPTP, Oracle Secure SQL, ... • Usually used in a manner which allows the keystream to be recovered (Windows password encryption, Windows server authentication, Windows NT SYSKEY, early Netscape server key encryption, some MS server/browser key encryption, MS PPTP, MS Access, ...) • Every MS product which is known to use it has got it wrong at some time • Illustrates the problem of treating a cipher as a magic black box • Recommendation: Avoid this, it's too easy to get wrong

  39. Block ciphers • Originated with early 1970's IBM effort to develop banking security systems • First result was Lucifer, most common variant has 128­bit key and block size • It wasn't secure in any of its variants • Called a Feistel or product cipher

  40. Well-known block-ciphers • DES, 56 bits • 3DES, 112 or 168 bits • Blowfish, 448 bits • IDEA, used in PGP, 128 bits • CAST-128 used in PGP 5.x, 128bits • RC2, 1024 bits • Skipjack, chipcards, 80 bits • GOST, Russian version of DES • AES, successor of DES, 128, 192, 256 bits - 1999

  41. Breaking DES • Can build a DES­breaker using • Field­programmable gate array (FPGA), software­programmable hardware • Application­specific IC (ASIC) • 100 MHz ASIC = 100M keys per second per chip • Chips = $10 in 5K+ quantities • $50,000 = 500 billion keys/sec • = 20 hours/56-bit-key (40­bit DES takes 1 second)

  42. $1M = 1 hour per key ( 1 / 20 sec for 40 bits) • $10M = 6 minutes per key ( 1 / 200 sec for 40 bits) • (US black budget is ~$25­30 billion) • (distributed.net = ~70 billion keys/sec with 20,000 computers) • EFF (US non­profit organisation) broke DES in 2½ days • September 1998: German court rules DES “out of date and unsafe” for financial applications

  43. Key management • Key management is the hardest part of cryptography • Two classes of keys • Short­term session keys (sometimes called ephemeral keys) • Generated automatically and invisibly • Used for one message or session and discarded • Long­term keys • Generated explicitly by the user • Long­term keys are used for two purposes • Authentication (including access control, integrity, and non­repudiation) • Confidentiality (encryption) • Establish session keys • Protect stored data

  44. Key management problems • Key certification • Distributing keys • Obtaining someone else's public key • Distributing your own public key • Establishing a shared key with another party • Confidentiality: Is it really known only to the other party? • Authentication: Is it really shared with the intended party? • Key storage • Revocation • Revoking published keys • Determining whether a published key is still valid

  45. Key lifetimes and key compromise • Authentication keys • Public keys may have an extremely long lifetime (decades) • Private keys/conventional keys have shorter lifetimes (a year or two) • Confidentiality keys • Should have as short a lifetime as possible • If the key is compromised • Revoke the key • Effects of compromise • Authentication: Signed documents are rendered invalid unless timestamped • Confidentiality: All data encrypted with it is compromised

  46. Key distribution • A retains private key and sends public key to B • M intercepts key and substitutes his own key • M can decrypt all messages and fake signature B A B A M

  47. Key distribution • A Certification Authority solves this problem: • CA signs A’s key to guarantee authenticiy • M cannot substitute a key, because CA will not sign it

  48. Obtaining a certificate 1. A generates a key pair and signs the public key and identification information with the private key • Proves that A holds the private key corresponding to the public key • Protects the public key and ID information while in transit to the CA 2. CA verifies A’s signature on the key and ID information 2a. Optional: CA verifies A’s ID through out­of­band means • email/phone callback • Business/credit bureau records, in­house records

  49. 3. CA signs the public key and ID with the CA key, creating a certificate • CA has certified the binding between the key and ID 4. A verifies the key, ID, and CA's signature • Ensures the CA didn't alter the key or ID • Protects the certificate in transit 5. A and/or the CA publish the certificate

  50. Steganography • From the Greek for “hidden writing”, secures data by hiding rather than encryption • Encryption is usually used as a first step before steganography • Encrypted data looks like white noise • Steganography hides this noise in other data • By replacing existing noise • By using it as a model to generate innocuous­looking data

More Related