Transcript Lec 2
Secure communications Week 10 – Lecture 2 To summarise yesterday • Security is a system issue • Technology and security specialists are part of the system • Users from inside the organisation are usually the biggest risk – they have the motivation • As systems architect – you are responsible • The system has to be designed to protect itself – user profiles, database views etc. Are Networks a risk? • Yes • Two main areas where an intruder can listen passively • Within a collision zone on the LAN – a “sniffer” can look at all datagrams passing the NIC not just datagrams addressed to it • At a router – much more difficult • Internet • More difficult to read – sniff • Easier to write – spoof - pretend to be someone else Firewalls • Routers as packet filters • Application level firewalls - proxy Application Internal Network Outside world Router Firewalls But there may be other connections to the outside world Routers as Firewalls • A Router is usually the connection to the outside world • Routers can check all packets • Source & destination addresses • Protocol – eg TCP UDP • Port number – application eg Telnet • Little intelligence – work quickly • Use NAT to hide topology of the internal network Application firewalls • Mail servers & Internet proxy servers are examples • Higher level of intelligence • Can implement most security policies e.g. could limit WEB requests from Purchasing to between 8:00am and 6:00pm • Has logging & auditing capabilities • Slows throughput but as a caching device can also speed up WEB access • Application specific Secure communications • Secrecy – only the two parties should understand the messages • Authentication – each party should know the messages are from the right person • Message integrity – the messages must not be able to be changed Secrecy - encryption • Encryption has been around for centuries • It used to be reliant on keeping the algorithm secret • But computers make it easier to encrypt and to break the code • Early computer development was made by code breakers during WW2 – Enigma - Turing at Bletchley Park Four elements to encryption • The Original or plain text • An Encryption method – the algorithm is common and normally well known – a transformation method • The Key – many locks are the same but the key is different. The key must be secret to the parties. • The Encrypted text So keeping the key secret is the requirement • Secret • Secure • So how do you share keys? Attacks on algorithms • Brute force is too difficult • Plain text attacks is more useful if you know – The algorithm – The encrypted text and the – Plain text (remember Enigma) Common security protocols • IPsec for IP traffic across the Internet – VPNs • SSL – Secure Socket Layer – secures WWW connections • PGP – Pretty Good Privacy and S/MIME secure email • SET secures Internet financial transactions These protocols may use different algorithms for encryption and Digital signatures Protocols use 6 basic tools • • • • • • Symmetric encryption Public key encryption One way hash codes Message authentication schemes Digital signature schemes Random number generators Two types of key • Symmetric key – each party has the same key and thus must be kept secret • Asymmetric or public keys – • the writer uses a public key to encrypt, but this cannot decrypt, thus it can be public knowledge • The reader has a private key to decrypt. This must be kept secret Bob Alice et al Bob generates two keys - he gives the public key to any one who wants it - Bob keeps the private key Bob however is the only Person to have the private Key, and thus only he can Decrypt the message Alice sends Bob a message Encrypted with HIS public key No one can decrypt the Message with the public key DES – Data Encryption Standard • • • • Symmetric key Developed by US National Bureau of Standards Uses a 56 bit key (triple DES 112 bits) In 2000 it took a network of computers 22 hours to break the key • Good enough for most of us. RSA Algorithm • • • • Asymmetric key method Recommends a key length of 768 bits or greater Asymmetric encryption takes 1000 more CPU time Usually used in combination with DES • Alice wants to talk to Bob • Alice sends a DES key for the session to Bob, encrypted using his public RSA key • Only Bob can decrypt the session key • It is then used for the session • Kurose page 571 for details on these methods Using the hybrid approach is usual • It is normal in all security protocols – PGP – S/MIME – Etc • The protocol generates a session key using a random number generator • This is encrypted using the receiver’s public key and sent to the other party • The symmetric key is then used to encrypt the session Authentication • If Alice sends a message to Bob, how does he know it is Alice? • Alice’s IP address – but can be spoofed • Use a special password – but even if encrypted it can be used in playback mode • Use of a random number or nonce Authentication by Nonce • Alice sends Hi to Bob • Bob sends back a “nonce” in plain text • Alice encrypts the nonce with their symmetric key • Bob decrypts and compares it to the number he sent Message integrity • The digital world need some way of knowing that a message came from the specified person, has not been changed, and that the writer cannot repudiate the message • One characteristic of the RSA method is that it also works in reverse. If Bob encrypts a message using his private key, then it can be decrypted by a person having the public key • Thus one knows • It came from Bob • It has not been changed Message Digest • Use of the RSA key might be overkill for large documents • Can calculate a fingerprint (like a hash total) that will prove the message has not been changed • This fingerprint is then encrypted with the author’s private key • Holders of the author’s public key can then know that the message came from the author and has not been changed Key Distribution Centres • Trusted intermediary - Verisign • Can be authorised to distribute shared private keys, or a person’s public key VPN – Virtual Private Network • Over a shared network infrastructure, usually the Internet • Through an encrypted connection – Tunneling – set of predetermined router hops – Encryption of the packet contents – Packet and user authentication • Most private WANs will soon be VPNs – 30 to 0% cheaper