distributed systems security

advertisement
Distributed systems security
The aims of this unit are to:




identify the issues and threats to computer systems;
understand how cryptography is used to assist in security;
understand the purpose and use of digital certificates and signatures;
appreciate the requirements placed on security by e-commerce.
Section 1: Introduction to security
This section will describe a general introduction to issues of security and
protection. It introduces some of the threats that face computer systems.
Introduction to security
There is a need to protect a computing system and its resources from unauthorized
access by those who seek to gain some advantage. They are intruders who try to read,
change or delete the data that is stored, processed or passed around a computing
system.
Some examples of intruders are:
 hackers who test their skills against the security measures of a system for their
personal pleasure;
 competitors who may try to gain access to commercial secret information;
 fraudsters who try to obtain financial gain from the owner of the system or some
third party.
Computer security is concerned with the detection and prevention of
unauthorized actions by users of a computer system.
With a stand-alone computer you could affect security by physical means (put the
computer in a room and guard the room).
Interception (Passive or Active)
With a distributed computing system, there is the possibility of someone being able to
intercept users’ communications. This interception may be passive (just listening to the
communications) or active (listening and retransmitting the messages with or without
changes). Hence, in a distributed computing system, security becomes a major issue.
E-commerce is a particular example of distributed computing system
A particular example where security is a major issue is that of e-commerce. We define ecommerce to be a distributed system (often using the Internet) where commercial
transactions take place. Such transactions might be the sale of goods or services.
You must assume that it is not possible to protect all resources from
malicious abuse. But, you can make the cost of attack very high (in time,
money, equipment and people).
In this section, you will look at the different kinds of security threat to a distributed
computing system and then examine what can be done to alleviate them.
Threats and attacks to a distributed computing system
For any kind of computing system, you want to ensure that all resources (objects) are
accessed and used as intended under all known circumstances. If you can prevent misuse,
the computing system is secure.
Although you can prevent certain forms of accidental misuse, you may only delay the
malicious actions of a resourceful intruder, whose intentions might be as follows.
Threats




Disclosure (of confidential information) or the unauthorized release of
information. For example, an intruder might intercept the network and read
your messages en route (in electronic mail).
Modification (integrity) or the unauthorized alteration of data (information).
For example, intruders change your messages.
Denial of use or service where there is some denial of network service to its
authorized (legitimate) users. This might be a competitor who is trying to put you
out of business by preventing access to your system by your customers.
Repudiation where you (a legitimate user) claim that you did not send or receive a
particular message. For example, you send an email them denies that you sent it.
Forms of system attack
A malicious intruder can present a number of forms of system attack, which include
the following.
 A worm, which is a program that can exploit weaknesses in an operating system to
generate copies of itself in order to use up local resources. Hence it can prevent
other legitimate processes from obtaining resources. Once introduced, a worm can
exploit the facilities of a network to propagate from one computing system to
another.
 A virus, which is a fragment of code embedded in a legitimate program or file. As
the name implies, a virus can wreak havoc in a computing system by, for example,
deleting files when the program that contains it is executed. Viruses are usually
transferred by users obtaining copies of virus-infected programs or files.
 A Trojan horse is a program which appears to the user to be a program for doing
one legitimate task, but has a side effect similar to a virus or performs some other
illegitimate function such as transmitting a user’s password to an unauthorized
party (usually the author of the Trojan horse program).
Infection of a computer system by infected software comes from active executable
components only. However, the line between data and executable code has been blurred.
Many word-processed documents contain (or can contain) very powerful macros and many
email programs use Rich Text Format documents and in some cases exchange wordprocessed documents.
There is no overall solution to these problems but the following can help:




load and execute only from reliable sources;
a good virus checker that checks not only executable files but ‘data’ files that
contain executable components;
ensure that all valuable data is backed up so that in the event of a problem the
loss can be minimized;
ensure the virus checker is kept up to date.
Security services
Protection relates to the controlled access to the resources within a computing system
by its users.
Security is about the prevention of unauthorized access to a computing system and
possible malicious alteration or destruction of resources (e.g. data).
Protection depends upon the ability to

identify the processes that execute within a computing system.

At the same time, you need the ability to identify the users of each process
correctly. While each user has a given identity, an authentication service can
confirm that they are who they say they are.
In a distributed computing system, there are two kinds of authentication:
 the ability to identify the sender of a message namely, origin or one-way
authentication;
 the ability for two communicating parties to identify each other to their mutual
satisfaction namely, peer or two-way authentication.
Secrecy is a feature that usually comes to mind when you consider security. You
would expect to provide a level of confidentiality in order to keep information out of
the hands of unauthorized users. In a distributed computing system, confidentiality
has two aspects:
 to protect against unauthorized disclosure of the contents of messages traveling
through the network (data confidentiality);
 to protect against the disclosure of the origin, destination, volume and also the
existence of messages traveling through the network (traffic confidentiality).
In order to counter those who deny that they are the originators of certain messages, a nonrepudiation service is necessary. Like authentication, there are two aspects to nonrepudiation:
 the ability to convince a third party of the identity of the origin of a message in
order to prevent the sender from denying the source of that message (non-repudiation
of origin);
 the ability to convince a third party of the identity of the destination of a message
in order to prevent the intended recipient from denying the arrival of that message
(non-repudiation of receipt).
In addition, you need to be sure that a received message is really the one that was sent
and not, in fact, a message altered or constructed by an intruder. In other words, an
integrity service should protect messages (or data) from the threat of modification by
an unauthorized user.
Finally, you need to identify a special user who is accountable for every action or event
that affects the security of a distributed computing system. Such a role is essential in
order to monitor the network and respond to intrusions.
There are two aspects to the issues involved.
 Accountability How is the audit trail kept? How do those responsible keep records of
access and change?
 Authorization Who has responsibility? For what do they have responsibility? How
can that responsibility be delegated?
In practice, you might find that a system administrator performs such a controlling role.
Security firewalls
A firewall is a device placed between an organization’s networks (distributed
computing system) and the rest of the world, in order to prevent intrusion from
outside the organization.
It is important that no other external connection via a modem or network exists to
circumvent the firewall.
Firewalls are an important security tool when handling network traffic between
organizations that do not trust each other. A firewall on each external connection to
the outside world can prevent arbitrary access from outside an organization. At the
same time, a firewall can police access to the outside world by members of the
organization.
Looking for intruders
We end this section by looking at two techniques that a security administrator can use
for the detection of intruders.
The first technique, known as threat monitoring, is simple to describe, yet can easily
consume a lot of resources in a large, distributed computing system. A security
administrator checks for any suspicious patterns of activity that might indicate the
presence and activities of an intruder.
The second technique is to use audit logging, which logs significant activities on a
network. You can use an audit log to determine where and how an intruder entered the
system; then you attempt to assess the amount of damage.
Unfortunately, audit logs can be large in both number and variety, which implies a need
for extra resources or the denial of resources to other, legitimate users.
However, an audit log can help with the recovery process when there has been some damage
to resources. You can also use such logs to identify measures to guard against intrusions in
the future. Furthermore, replication of audit logs by both sending and receiving parties can
be used as part of a (non-)repudiation service.
Security Section 2:
Cryptography
Cryptography is the science of devising codes and ciphers. Due to its use power, there are
restrictions on the export and sales of encryption software.
A way to hide your secrets
Figure 2.1 shows the general model that has been used since the beginning of
cryptography (the art of devising ciphers).
The original message is known as plaintext as it is unchanged (or plain) and can be
read.
A key is used in the encryption of the plaintext so that you can vary the way in which
the ciphertext is encrypted by varying the key.
A fixed algorithm (i.e. without a key) will produce the same ciphertext from a given
plaintext each time. By varying the key a given plaintext can be translated into different
ciphertexts.
Keys are usually numeric values especially for computer algorithms. In the same way,
decryption also requires a key but this key may be different from the one used for
encryption.
Thus encryption and decryption are algorithms with two inputs, the key and the text.
An intruder might be able to copy or intercept the ciphertext and might even know the
encryption and decryption algorithms. But, without a key, the intruder cannot easily reform
the original plaintext even though the encryption method is well known.
Two fundamental assumptions in cryptography are:
1. The general method of encryption/decryption is well known, since it is
impractical to change the method every time it is compromised.
2. Privacy is achieved with the key. The length of the key usually determines the
difficulty in breaking the cipher and is a design issue.
The plaintext is made up of characters but for the purpose of cryptography we
may treat the plaintext as

single letters,

double letters or

multiple letters.

These are known as n-grams; many of the simple schemes uses 1-grams
or single letters.
The collection of all the n-grams, which might appear in the encryption scheme, are
known as the alphabet.
For 1-grams the alphabet might be thus:
ABCDEFGHIJKLMNOPQRSTUVWXYZ
Most schemes use the same alphabet for both plaintext and for ciphertext.
If we used a scheme that used pairs of letters our alphabet would be:
AA AB AC AD …
Thus the message SECRET would be considered as being made up of the following 2grams:
/SE/CR/ET/
A fundamental issue in cryptography is that the cipher must be designed so that it is easy
and practical for users to employ, and that it is sufficiently secure against intruders.
The longer the key, the harder it is for the intruder to break the cipher. We say that
there is a higher work factor when we increase the key length.
The work factor is a measure of the number of computer operations (or computations)
required to break a code or cipher. The time taken also depends on the speed of the
machine(s) used and the number of machines.
Although one way of ‘breaking the code’ is to try all the possible combinations of key,
there are other ways in which plaintext can be recovered from ciphertext or the ciphertext
message changed. The science (and art) of gaining information from ciphertext is
called cryptanalysis.
Substitution and transposition
There are two simple methods to encrypt the plaintext; each can be used
separately or together, for added complexity.
Substitution
The first method involves swapping the original character (or n-gram)
with another one, known as substitution, which involves a simple mapping between
the original plaintext and the resulting ciphertext shown in Figure 2.1.
Shift cipher
Substitution ciphers have a long history. Julius Caesar, the Roman Emperor, used them for
communications in his many military adventures. His method was based on a simple shift,
which becomes the key.
So, for a shift of 3, a becomes d, b becomes e, c becomes f, and so on. When the shift
takes the letter past z the alphabet is started again so that a is the letter following z. In
a shift of 3, y becomes b and z becomes c.
One method of encryption involves using a table to decide upon the new character.
For this simple code a Vigenère table (see Figure 2.2) is often used.
Java could be used to perform the encryption as shown below.
Each character in the plaintext is cast as an integer. Characters in Java use the Unicode
alphabet with the characters having a 16-bit code. The first 256 characters and their code
correspond to extended ASCII code. For the example given, letters A to Z have codes
of 65 to 90.
The ciphertext is decrypted using key 21 of the Vigenère table. The
encryption key and decryption key are related. The sum of the numbers
of both sets of keys is equal to the number of letters in the alphabet, 26 in
this case.
The cipher can be attacked and the plaintext recovered by trying all the keys. For an
alphabet of 26 letters there are 26 keys (one of which leaves the plaintext
unchanged!). A simple computer program could be written to display all 25
possibilities and the line in plaintext identified by eye.
This simple shifting code is not very secure and it does not take any training to be able to
recover the plaintext from the ciphertext and hence discover both keys.
Although we would not use this code for sensitive information, the code is used on the
Internet newsgroups and for email postings.
Key 13 is used and the cipher is called ROT-13. It is used to hide email or newsgroup
postings from immediate view.
Improving Caesar's scheme using a code word as well as the key
Caesar’s scheme can be improved by using a ‘code word’ as well as the key.
1- Before shifting the text it is transformed using a table.
2- The ‘code word’ is written under the first letters of the alphabet (repeated letters
are omitted).
3- The remaining letters of the alphabet are written in order to complete the table.
4- The plaintext is encoded with this table and then shifted using a Vigenère table as
before.
For example,
If the ‘code words’ were OPEN UNIVERSITY and the shift were 2, the initial table
would be:
Thus SECRET would be transformed to JUEHUK by the first table and
then after a shift of 2 would become the ciphertext, lwgjwm.
General substitution cipher
A non-trivial substitution code would change each letter of the alphabet into another
letter of the alphabet.
Cryptanalysis uses the following approach to decipher a ciphertext.
 If the plaintext is in a natural language use can be made of the statistical
properties of natural languages. For example, the five most common letters in
English are e, t, o, a and n. (In a text of 100 words of English we would expect E
to occur 13 times, T 10 times, A 9 times and O 8 times, if the letters occurred at the
standard frequency).
 There are also a number of common patterns such as th, in, er, the, ing and
ion, which occur frequently. The use of suspected words in a message is known as a
crib.
 If the intruder had a copy of both the plaintext and its corresponding
ciphertext, a simple comparison of the two would reveal the substitution being
made (for those letters used in the message).
Hence, it is important not to have both plaintext and ciphertext of the same message
available to third parties, and both versions of the message should be disposed of
securely.
The possession of information in addition to ciphertext is called side-information. Side
information can be any type of useful additional information, such as target language,
subject content of messages (see crib above) or format of the message.
Having data in fixed formats gives an intruder considerable advantage. In manual coding
systems messages that use these types of code, spaces are often removed as these spaces give
considerable help in recovering plaintext from ciphertext. This is not usually possible on
computer systems because although removing spaces is an easy task, to write a program to
put the spaces back a difficult problem that requires knowledge of linguistic structures.
Improvements to substitution ciphers
One improvement to the use of single-character substitution ciphers or 1-grams is to
use more characters, i.e. n-grams. A scheme using 2-grams was used by the British Navy
(until this was cracked by the Germans in 1915). It was called the Playfair code after a
Baron Playfair of Saint Andrews.
Some modern codes use n-grams of 8 or more bytes. An 8-gram of bytes (each byte
8
can contain 256 different codes i.e. characters) represents an alphabet of 256
different characters which precludes conventional statistical attack.
Transposition ciphers
In contrast with substitution ciphers, you can shuffle the plaintext so that the ciphertext
represents a reordering or transposition of the original plaintext. Individual characters are
not disguised.
You can repeat the use of a table for transposition ciphers. This time, you form a table
of m rows and n columns (a matrix).
We begin the encryption of a message by

filling the table one row at a time.

Then, you produce the ciphertext by joining the columns in a given sequence,
which becomes the key.
Example:
Suppose you have a plaintext that reads, ‘SEND ME SEVEN HUNDRED POUNDS
TOMORROW’. You can use a table containing eight columns, with a key based on
the column number.
First, you form the ciphertext by taking the contents of columns 1, 3, 5, 7, 2, 4, 6, 8 —
i.e. the key is 13572468. So, the ciphertext is:
svetnnpmmuursddoeedodhooennrersw
The intruder must use the statistical properties of language and work through the
permutations of column pairs or triples to find the key.
One-time pad code
The codes you have looked at above are called mono-alphabetic codes. This means
that an n-gram from plaintext will always be enciphered to a particular n-gram in the
ciphertext.
For example, the modified Caesar code SECRET became lwgjwm. You will notice that
E in plaintext becomes w in ciphertext irrespective of where it is in the plaintext. This
enables the use of the statistical properties of a language to recover the plaintext without
knowing the key.
a poly-alphabetic code. (random numbers)
If the substitution varies with the location of the n-gram in the text, you have a polyalphabetic code.
One example is the one-time pad scheme. This code is theoretically unbreakable. It has
been used by spies for some time.
If you look at an example using a 26- letter alphabet, you will have a pad with a long
list of random numbers each of which will be in the range 0 to 25.
You start coding by:
1. Changing each letter in the plaintext to its corresponding number. For example,
the letters A and B are changed to the numbers 0 and 1 respectively.
2. To each letter value you add a number from your onetime pad in the same
position.
3. The addition is done modulo 26.
4. The number stream is then either sent as it is or converted back to letters with 0
being A, 1 being B, etc.
Example:
The plaintext TESTMESSAGE with a one-time pad values of 3, 19, 21, 4,
7, 22, 17, 25, 3, 11, 3, would be enciphered as shown below: Note that S
has been enciphered to N in the third position, to J in the seventh position
and to R in the eighth position. Thus showing it to be a poly-alphabetic
cipher.
The reverse process is carried out by the recipient using the same random numbers in
an exact copy of the one-time pad.
If any of the letters go missing en route, the text cannot be recovered. Indeed, if any
synchronization failure occurs between the sender and receiver the text cannot be
recovered.
It is important that the sequence of random numbers be used only once and hence the
name one-time pad.
The key for this cipher is the very large set of numbers on the pad! One of the
problems with this cipher is how to send this pad securely to each user.
Since the numbers added are random, all the statistical properties of the message are
lost; frequency counts and other tools cannot help an intruder recover the message.
Furthermore, having more messages in ciphertext does not help crack the code because
each message is enciphered with a different key.
Enigma
An advance on simple mono-alphabetic substitution codes is a poly-alphabetic scheme
such as the one-time pad, described earlier. A number of electro-mechanical code
machines have been built to use such schemes. A famous example of this is the German
Enigma machine which was used in the Second World War.
Secret key encryption
The most well-known cipher for computing is probably the Data Encryption Standard
(DES), which was adopted by the US Government in 1977.
The DES works by taking successive chunks of plaintext that are 64 bits in length and
performing a series of 16 different substitution cycles with a single 56-bit key. Each 64bit block undergoes a transposition before and after the series of substitutions, with an
additional 32-bit swapping before the final transposition, as Figure 2.6 illustrates.
The major problem with DES is that it is in essence a mono-alphabetic substitution
cipher. That is, whenever the same 64-bit plaintext is encrypted, the same 64-bit
ciphertext is produced. So, a message using DES can be copied and all or part of it can
be reused even though the intruder does not know the exact contents of the message.
Encryption and decryption, using methods such as DES, can be made sufficiently fast
to use within a distributed computing system.
However, there remains the problem of key distribution. For example, methods such as
DES rely upon keeping the identity of the key a secret to prevent intrusion. In addition, the
DES is symmetric in that both sender and receiver share a common key that only they
know.
Public key encryption
One way to reduce the problem of key distribution is to use a cipher based on a
combination of public and private keys.
Each user has a pair of keys such that one is kept private and the other is
in the public domain alongside the user’s identity.
The private and public keys are different, and the private key cannot, for all practical
purposes, be derived from the public key.
Even two people who have never communicated before can use public key encryption
to send confidential messages, as shown in Figure 2.7.
1. The sender uses the intended recipient’s public key (which is freely available) to
encrypt the message.
2. Only the intended recipient can decrypt the ciphertext using the private key.
3. Conversely, the recipient can reply to the sender using the sender’s public key.
4. The sender can decode the message using the sender’s private key.
The Rivest Shamir Adleman (RSA) algorithm is one of the most common public key
mechanisms, for which there are a number of both software and hardware implementations.
Unfortunately, the RSA algorithm is not as efficient as the DES, which implies that the DES
is better for large volumes of plaintext (that is, data).
Cryptography is not enough
You have seen with the substitution code that a cryptanalyst can often recover plain text
without finding the decryption key. It is also possible to compose and send messages without
knowing the key. We shall examine some of these in use in this section.
One form of attack is the replay attack. Here, the intruder records a message you send and
replays it (for an example, read p. 24 and 25). One partial solution to the replay attack is to
time-stamp transactions.
Section 3: Security in action
Key distribution
In the subsection on ‘Secret key encryption’, we mentioned the difficulty of
distributing the secret keys in DES.
If public keys can be distributed in a safe way we can use public key cryptography to
distribute secret key in a public key encrypted message.
We shall therefore look at public key distribution first.
One of the problems that we left unresolved in the subsection on ‘Public key encryption’
was how we could be sure the public key we had for a particular individual was really
from that individual and that it was not a fake key placed there by an intruder.
You need a method of authentication to establish the identity of the person telling us
the details of the public key. You also need to receive this information from
somebody you trust.
If you encrypt a message with a private key it can be decrypted by the public key.
You can encrypt the message with the private key as it is held securely by you for
your exclusive use.
A message encrypted by you using your private key can be read by anybody who has
your public key. There is no secrecy in such a message but it does indicate to the
receiver that it must have come from you.
Thus you can use public key systems for authentication.
The whole scheme relies on members of the public obtaining your public key and knowing
that it is yours and not belonging to somebody masquerading as you. What is needed is a
way of associating the identity of individuals (and corporations) with the public key and
having a reliable way of distributing this information.
Together digital certificates and certifying authorities are one way to do
this.
In order that a recipient of an encrypted message knows that the message has been
sent by you, you can append a digital ‘signature’ to the message.
An example of a digital signature is a digital certificate, an encrypted message
containing your name, your public key and other information too. Your digital
signature will have been encrypted by a Certifying Authority (CA) using their
private key. If the recipient of your message trusts the CA and has the CA’s public
key, they will decrypt the digital certificate and, on seeing your name, will believe that
the message has been sent by you. The recipient can then decrypt your message using
your public key, helpfully enclosed in the digital certificate. For the whole process to
work, you must have registered your public key with the CA in order to receive a
digital certificate from them.
Both Internet Explorer and Netscape Communicator support the use of digital
certificates and both contain digital certificates for major CAs.
The digital certificates for CAs are called root certificates. They contain
the CA’s public key and allow you to read digital certificates. You can add other CA
root certificates if you wish.
Digital certificates are prepared to a format given in an international standard of the
ITU (International Telecommunications Union) standard X509.
If you have a digital certificate some of the items it will contain are as follows:
 the issuer's (or CA’s) name;
 the class or type of certificate;
 an expiry date (and a start date);
 your name;
 the issuer’s (or CA’s) public key;
 your identity (an email address, for example);
 your public key.
There are three types of digital certificate:

Class 1 is issued to individuals to identify themselves for email and web site
access.

Class 2 is usually used for code signing, which will be discussed later.

Class 3 is used for secure web servers.
Issuing a personal (class 1) digital certificate
There are a number of ways that a digital certificate can be issued. For most people the
easiest way is to apply for one using a web browser. The process by which you would
obtain a class 1 digital certificate is as follows:
1. The browser is started and the URL of a CA is entered. Typically there is an on-line
form to fill in with your details including a credit card payment for the fee (which
also serves as your authentication).
2. Completion of the form constitutes a contract between you and CA. A fraudulent
application can expose those guilty to a fine or penalty of US$100000! You give your
email address and send the form.
3. A pair of keys is generated by your browser in response to a request from the CA.
The private key is held on your machine. It is stored securely. The public key is sent
to the CA.
4. Usually the next part of the validation requires you to read an email from the CA.
This is a way of verifying that the email address you send to the CA is under your
control.
5. By responding to this email a digital certificate is forwarded and loaded into your
email system.
It was mentioned that digital certificates have an expiry date rather like a credit card. The
validity range is to ensure that in the event of a certificate being revoked it can only be used
for a limited time. If the private key is compromised then the certificate can be revoked.
When reading a digital certificate a check should be made to ensure that it has not been
revoked before trusting it. The certificate can be checked to see if it has been revoked by
connecting to the CA’s server: some email systems perform this check automatically.
Authentication by digital signature
In many cases you do not necessarily need to secure the message from being read by an
intruder but you do want to do the following:
 Authenticate the sender.
 Check that the message has not been modified en route.
A message digest is a technique to ensure that a message has been received in its
entirety and has not been changed either maliciously or by accident during
transmission. A message digest ensures integrity of the message.
A message digest is formed by taking portions of the message and performing some
arithmetic operations on them. This will vary from message to message and prevents
the encrypted digital signature being subject to a replay attack.
There are a number of good algorithms which minimize the ability to change a message
without changing the message digest, or deliberately trying to forge a message with a
similar message digest. Two commonly used algorithms for message digests are SHA
(Secure Hashing Algorithm) produced by NSA (National Security Agency) and MD5
(Message Digest (algorithm 5)) by Ron Rivest.
To sign a message digitally:
1. You first compute a message digest by hashing.
2. The message digest is then encrypted using the sender’s private key.
3. The original message (unencrypted) plus the encrypted digest are transmitted
together.
4. The recipient separates the message and encrypted digest.
5. A new digest is generated from the message using the same hashing algorithm and
compared with the decrypted digest which was received with the message.
If they are both the same you can conclude that the message came from the
sender whose public key you used to decrypt the digest (authentication) and also
that the message was not changed en route (integrity).
This process is illustrated in Figure 3.1.
If it is desired to keep the message confidential then both message and message digest are
encrypted.
Secure socket layer (SSL)
In e-commerce there is a need to have a way of sending secure information
such as credit card details from a web browser to a web site.
Briefly, the SSL process works as follows.
The browser requests a page which is ‘secure’.
The web server offers the browser the option to go into secure mode.
The browser accepts the offer to go secure.
The web server sends its digital certificate.
The browser checks that the digital certificate sent is valid (i.e. that the dates are
valid, that the issuing CA is trustworthy and that the domain name of the server
matches the certificate) and extracts the server’s public key.
6. The browser generates a secret key (a session key) for use in this session with
this web server. The session key is encrypted using the web server’s public key
and is sent to the web server. Subsequent pages are now sent securely and the
browser goes into secure mode. Browser page requests are also securely sent
and so are the data on any forms in the pages sent.
7. The web server now sends subsequent pages encrypted with the session key that
is supplied. (This might be an order form.) The browser indicates that a secure
session is in progress: often using a lock symbol.
8. The browser sends its response to the web server encrypted with the DES
session key. (This is the completed information on the form).
9. Steps 7 and 8 are repeated for any further secure transmissions of pages and
data.
10. When the browser requests a non-secure page, the secure link is terminated and
the lock symbol is removed from the browser window.
1.
2.
3.
4.
5.
SSL also allows for client authentication. After the server has passed its digital certificate
to the browser, it requests the browser to send its digital certificate. If that certificate is
valid the identity of the browser user is now known to the server. The server decides
whether or not to send particular pages.
Code signing
The process of signing software is similar to digital signatures used in email. A digital
certificate must be obtained by the software developer prior to code signing. Currently,
code signing digital certificates are issued as class 3 certificates to software developer
companies.
Validation of identity is more rigorous than that for a class 1 personal certificate described
before. (A class 1 certificate cannot be used to sign code.) Also, the certificate request is
made by a utility program which generates the public–private key pair and a Certificate
Signing Request (CSR) which is sent to a certifying authority to obtain a digital certificate. A
Microsoft utility program, CERT2SPC, is used to generate a Software Publisher’s Certificate
(SPC) from the digital certificate.
Code signing is then done by another utility program called Signcode giving the file names
for the SPC and for the cabinet to be signed.
Java applet security
Java applets can pose a threat to the recipient computer and any local network to which it is
connected because they are downloaded from the Internet. Security considerations were
fundamental in the design of the Java system especially in regard to applets.
The sandbox security model in Java is the set of restrictions which are placed, by
default, on an applet. You will see later that these restrictions can be lifted in certain
circumstances.
The execution of an applet is described as running in a sandbox. The metaphor is that
if the applet ‘blows up’ it will explode safely inside the Java machine sandbox without
damaging the host machine or its network.
A number of security features are built into the Java Virtual Machine (JVM) (e.g.
access to the hard disk is limited; applet does not look like a standard window, etc).
JVM uses three components to achieve this.
1. class loader is responsible for finding and downloading all the classes used by
the applet. It ensures that the applet does not use classes from another source.
2. A bytecode verifier checks that the applet does not circumvent security
restrictions, for example, by altering the Java bytecode to breach security.
3. A security manager has to approve potentially dangerous operations before they
are performed. These include network communications, access to the class
loader, and operating system access.
Trust-based security
However, the above are very severe restrictions which are unnecessary if you trust the applet
supplier. Microsoft’s Internet Explorer uses a scheme which works as follows: To
establish this trust an applet must be digitally signed as described in the subsection on
‘Code signing’. A signed Java applet can request permission to use features not
provided in the sandbox model. The additional permissions requested are contained as
part of the digital signature mechanism.
Some examples of these are:
 permission to execute programs on the client’s machine;
 file I/O permission on the client machine;
 network I/O permission to other than the applet host site.
Depending on the settings inside the browser, the applet may be permitted to load and run
with additional permissions as requested in the signing. The security manager ensures that
the applet does not exceed its level of permission. So, if an applet tries to perform network
I/O (other than to the applet host) it can only do so if:
 the applet signing includes network I/O permission; and
 the client machine will grant that permission.
Microsoft’s Internet Explorer has a number of security zones:
1. local intranet;
2. trusted sites (a user-supplied list of Internet sites which can be trusted);
3. Internet (all Internet sites not in the trusted or restricted sites lists);
4. restricted sites.
For each zone, each security permission can be set to one of the following three
categories.
1. Permission is granted without user intervention.
2. Permission is granted with user intervention. (The user is asked whether
permission should be given each time a request is made. One can question if this
is suitable for naive users who might accept such a request without
understanding its implications.)
3. Permission is denied.
The security levels are pre-set for these zones but can normally be adjusted by the user.
A network or company administrator can change and lock these settings by creating a policy.
The policy is created and changed using the Internet Explorer Administrator’s Kit (IEAK).
The values are stored with the Window’s registry and are not user-accessible.
This mechanism allows the deployment of powerful Java applets, but with the safeguard
that they can only have the more dangerous permissions for trusted sites.
Download