Transcript Lec 2

Secure communications
Week 10 – Lecture 2
To summarise yesterday
• Security is a system issue
• Technology and security specialists are part of the
system
• Users from inside the organisation are usually the
biggest risk – they have the motivation
• As systems architect – you are responsible
• The system has to be designed to protect itself –
user profiles, database views etc.
Are Networks a risk?
• Yes
• Two main areas where an intruder can listen
passively
• Within a collision zone on the LAN – a “sniffer” can
look at all datagrams passing the NIC not just
datagrams addressed to it
• At a router – much more difficult
• Internet
• More difficult to read – sniff
• Easier to write – spoof - pretend to be someone else
Firewalls
• Routers as packet filters
• Application level firewalls - proxy
Application
Internal
Network
Outside world
Router
Firewalls
But there may be other connections to the outside world
Routers as Firewalls
• A Router is usually the connection to the outside
world
• Routers can check all packets
• Source & destination addresses
• Protocol – eg TCP UDP
• Port number – application eg Telnet
• Little intelligence – work quickly
• Use NAT to hide topology of the internal network
Application firewalls
• Mail servers & Internet proxy servers are examples
• Higher level of intelligence
• Can implement most security policies e.g. could limit
WEB requests from Purchasing to between 8:00am and
6:00pm
• Has logging & auditing capabilities
• Slows throughput but as a caching device can also speed
up WEB access
• Application specific
Secure communications
• Secrecy – only the two parties should
understand the messages
• Authentication – each party should know
the messages are from the right person
• Message integrity – the messages must not
be able to be changed
Secrecy - encryption
• Encryption has been around for centuries
• It used to be reliant on keeping the algorithm
secret
• But computers make it easier to encrypt and to
break the code
• Early computer development was made by code
breakers during WW2 – Enigma - Turing at
Bletchley Park
Four elements to encryption
• The Original or plain text
• An Encryption method – the algorithm is common
and normally well known – a transformation
method
• The Key – many locks are the same but the key is
different. The key must be secret to the parties.
• The Encrypted text
So keeping the key secret is the
requirement
• Secret
• Secure
• So how do you share keys?
Attacks on algorithms
• Brute force is too difficult
• Plain text attacks is more useful if you
know
– The algorithm
– The encrypted text and the
– Plain text (remember Enigma)
Common security protocols
• IPsec for IP traffic across the Internet – VPNs
• SSL – Secure Socket Layer – secures WWW
connections
• PGP – Pretty Good Privacy and S/MIME secure
email
• SET secures Internet financial transactions
These protocols may use different algorithms for encryption and
Digital signatures
Protocols use 6 basic tools
•
•
•
•
•
•
Symmetric encryption
Public key encryption
One way hash codes
Message authentication schemes
Digital signature schemes
Random number generators
Two types of key
• Symmetric key – each party has the same
key and thus must be kept secret
• Asymmetric or public keys –
• the writer uses a public key to encrypt, but this
cannot decrypt, thus it can be public knowledge
• The reader has a private key to decrypt. This must
be kept secret
Bob
Alice et al
Bob generates two keys
- he gives the public key to any one who wants it
- Bob keeps the private key
Bob however is the only
Person to have the private
Key, and thus only he can
Decrypt the message
Alice sends Bob a message
Encrypted with HIS public key
No one can decrypt the
Message with the public key
DES – Data Encryption Standard
•
•
•
•
Symmetric key
Developed by US National Bureau of Standards
Uses a 56 bit key (triple DES 112 bits)
In 2000 it took a network of computers 22 hours
to break the key
• Good enough for most of us.
RSA Algorithm
•
•
•
•
Asymmetric key method
Recommends a key length of 768 bits or greater
Asymmetric encryption takes 1000 more CPU time
Usually used in combination with DES
• Alice wants to talk to Bob
• Alice sends a DES key for the session to Bob, encrypted using
his public RSA key
• Only Bob can decrypt the session key
• It is then used for the session
• Kurose page 571 for details on these methods
Using the hybrid approach is usual
• It is normal in all security protocols
– PGP
– S/MIME
– Etc
• The protocol generates a session key using a
random number generator
• This is encrypted using the receiver’s public key
and sent to the other party
• The symmetric key is then used to encrypt the
session
Authentication
• If Alice sends a message to Bob, how does
he know it is Alice?
• Alice’s IP address – but can be spoofed
• Use a special password – but even if
encrypted it can be used in playback mode
• Use of a random number or nonce
Authentication by Nonce
• Alice sends Hi to Bob
• Bob sends back a “nonce” in plain text
• Alice encrypts the nonce with their
symmetric key
• Bob decrypts and compares it to the number
he sent
Message integrity
• The digital world need some way of knowing that a
message came from the specified person, has not been
changed, and that the writer cannot repudiate the message
• One characteristic of the RSA method is that it also works
in reverse. If Bob encrypts a message using his private key,
then it can be decrypted by a person having the public key
• Thus one knows
• It came from Bob
• It has not been changed
Message Digest
• Use of the RSA key might be overkill for large
documents
• Can calculate a fingerprint (like a hash total) that
will prove the message has not been changed
• This fingerprint is then encrypted with the
author’s private key
• Holders of the author’s public key can then know
that the message came from the author and has not
been changed
Key Distribution Centres
• Trusted intermediary - Verisign
• Can be authorised to distribute shared
private keys, or a person’s public key
VPN – Virtual Private Network
• Over a shared network infrastructure,
usually the Internet
• Through an encrypted connection
– Tunneling – set of predetermined router hops
– Encryption of the packet contents
– Packet and user authentication
• Most private WANs will soon be VPNs – 30
to 0% cheaper