CET 458/598 Fall 2000 Lecture Notes Chapter 8 - Security There are several to compromise communication between two computers: 1. on shared media eavesdrop (listen in) 2 spoof – pretend to be source or destination after a communication has started or start one pretending to be a different computer (/user) 3 insert packets (up to taking over a connection) 4 modify packets The eventual goal is to take-over an end-point computer or router/switch/hub. At a higher level attacks are built out of one or more of the above four methodologies using application layer functionality in unintended ways. Examples are Denial-of-service attacks based on overwhelming a computer/network with packets to tie-up resources; open port probes, password cracking, applications with holes such as buffer overflow issues. And lastly, there is the use of the application functionality to smuggle in a program that can be helpful in taking over the computer (viruses, worms, etc). The idea not stated in the text is to use encryption and associated technologies to hide data and provide strong authentication (verify that a communication is from who it is purported to be from). If used appropriately this gets rid of most of the above problems (e.g., except some application level problems). You are responsible for all Sections of Chapter 8 except 8.3.1 & 8.3.2. Terminology Encryption, decryption, plaintext, ciphertext, , authentication, message integrity, nonrepudiation, key distribution, secret key, public (&private) key, hashing algorithms, message digest, , one-way functions, MD5, computational feasibility, DES, triple-DES Requirements of an encryption algorithm Very, very hard to get plaintext from ciphertext. Algorithm will be know widely,\. Uses an encryption key. Impossible (hard) to deduce key given algorithm ciphertext and plaintext. Requirements of a message digest Doesn’t use a key. One-way function (computationally infeasible to produce same result without original text and nor by modifying original text) Computationally efficient. DES (Data Encryption Standard) US government standard Operates on 64 byte blocks of plaintext producing 64 byte blocks of ciphertext Uses 56 byte key. Uses 16 rounds of permutations and combinations. LN2 1/5 CET 458/598 Fall 2000 Lecture Notes For messages longer than 64 bytes uses cipher-block-chaining (output of 1st block XOR’d with next block of plaintext before being input to DES function. (An initialization vector, sometimes called the salt, is used for block 0.) Now on border of easy crackability. So use triple-DES – DESify 3 times with two keys 1 for round and round 3 and the other for round 2 Reasonably efficient. RSA A public key algorithm – two key: a public and a private (only owner knows); symmetric keys (either can be used to encrypt or decrypt the other one’s cipher text). Uses large keys (512 bytes or longer) derived from large prime numbers (256 or greater). The encryption and decryption are computationally intense using exponentiation and modulus operators. Organizations are already moving to 768 & 1024 or larger keys. Quit slow. MD5 – Message Digest 5 (MD4 and MD2 are in use some places.) Like SHA (US gov.). Produces an apparently random fix length output from a message in a mathematical way. The same output is always produced from the same message and digest function. Block is 512 bytes (message length up to 2**64). Reasonable efficiency. Authentication Protocols Is the other party who they say they are? Three-way handshake with encrypted messages. But where did the keys come from? Trusted third party (the authentication server). Useful if the party know nothing about one another. Kerberos (used at ASU, Windows 2000 uses it, too) is a trusted third party system where there is a key shared between server and user. Public key – requires that the public key you believe belongs to XYZ actually does. Frequently uses a trusted third party to store and disseminate public keys. Message Integrity Protocols May want to guarantee that it isn’t modified in transit (or later) but don’t care about privacy or just want to be sure isn’t changed after receipt. Could use DES CBC residue (last block output). RSA Digital Signature Sender encrypts the message with private key, which can be decrypted with the private key (Variation encrypt just a hash code with RSA private key.) Keyed MD5 Append shared key to message and use MD% , send message (less key) and MD5 hash; user appends key to message & computes MD 5 & compares. LN2 2/5 CET 458/598 Fall 2000 Lecture Notes Alternative: sender picks key at random, computes hash and sends as above but also send as above, but also sends the key encrypted in the recipients public key that is encrypted with the senders private key. Recipient decrypts the key using the senders public key and recipient’s private key then appends to message to compute the hash before comparing. Public Key Distribution Problem is how can we be sure that a public key legitimately belongs to the entity claiming that it does. The answer is a digital certificate, which is an electronic document that is digitally signed by a certificate authority (a trusted third party). The CA is usually the entity that issued the key and the certificate. To do this the public key of the CA has to be widely known. Under some circumstances there needs to be a hierarchy of CA’s that end up form a chain of trusts certifying a key/certificate. A certificate usually contains: name of entity being certified, public key, name of the CA, digital signature, digital signature algorithm type, frequently an expiration date. A certificate certifies a public key and can be copied at need. Only possession of the private key shows you are the named entity. Besides expiration certificates occasionally need to be canceled/revoked. The main reason for this is that the private key has been compromised. Solution is the publication (by the CA) of a digitally signed CRL (certificate revocation list). Note: PGP is pretty interesting. You should read it after the test. TLS/SSL/HTTPS General purpose “middleware” security protocol that “lives” between the application and the transport layer that, in effect, provides a secure transport layer to the application. Has a handshake protocol that negotiates keys to be used during “normal” data transfer. Data transfer protocol (session) transfers blocks (convenient size) that may be compressed, encrypted, and integrity protected (hashed). Sessions may be resumed as sessions contain session id’s. Despite what the book says there is not a single CA but a set of well-known CA’s (Verisign and Entrust being the most well-known). IPSEC An extension of IP that emulates Ipv6 in most things that are useful in providing security. Authentication header and Encapsulating security payload are carried in IP payload area – real data carried in their data/payload area. Uses ISAKMP for key management. The AH & ESP define a security association which is assigned a Security Parameters Index. The SPI identifies keys and procedures needed to provide the security LN2 3/5 CET 458/598 Fall 2000 Lecture Notes functionality the user wants. ISAKMP is used to negotiate keys, algorithms, packet formats and services. Frequently the VPN protocol of choice. Firewalls Firewalls are placed between that part of the network to be protected and the rest of the network (i.e., Internet). A firewall, usually, act as a packet filter at the network layer dropping/passing packets based on source/destination IP and port. Some firewalls may be configured to work on the protocol/application level as well. These later are sometimes configured as proxy firewalls (i.e., have a full application running on them that does explicit filtering) and some just know enough to block/pass certain protocols or sub-protocols. The proxy server can be moved out of the firewall to proved better security at the firewall. The proxy sever can be placed on either side of the firewall. If on the outside the proxy server has to be security hardened. It, potentially, provides better service on the outside. The firewall then filters out packets associated with the proxy service unless they come from the proxy server. When the proxy server is on the inside of the firewall all packets associated with the proxy service, regardless of destination IP, are directed to the proxy server. Further security can be obtained by putting the proxy server on a separate network connected to the firewall. Another approach is to place a second layer of firewalls behind the first and have the proxy server work in the middle ground. The extra network where the proxy server lives is usually called the DMZ. In a multi-tiered application environment, the layer closest to the client is frequently put in the DMZ. Sometimes the application server has two network interfaces for separate unconnected networks that adds yet another layer of insulation. Many times VPN tunneling software is added to a firewall to enhance the firewall to firewall communication security or user to firewall security. Chapter 9 – Applications You are responsible for the entire Chapter. DNS Domain Name System Converts human readable names to IPs and the reverse. IPs have flat structure. DNS names are hierarchical with separator of “dot”. Names are bound to values (IPs or alias names). Uses a hierarchy of name servers. A name server is responsible for one or morel zones (part of the hierarchy). See Figure 9.5 for typical name resolution process. LN2 4/5 CET 458/598 Fall 2000 Lecture Notes SMTP Simple Mail Transfer Protocol Straight SMTP only deals with ascii messages. Use MIME to send multi-part encoded messages. Can carry almost anything including: digital pictures, music, executables, viruses and worms. Messages are asynchronous. “System” consists of sending programs, mail transfer agents, mail storage agents and receiving clients. HTTP World Wide Web transfer protocol. Transfers HTML. Client (browser) requests action of server. Server either provides information, takes action dependent on server page or accepts additional info. Simple. ”POST, PUT, DELETE” see little use. SNMP System and network management protocol. Simple request response process that runs on top of UDP. Used to get or set a set of variables stored in a MIB. Notoriously unsecured. Multimedia Applications Various ways to compress data: static data – run-length encoding, differential methods, Huffman coding, dictionary (Lempel-Ziv), JPEG etc ; data streams use more dynamic variety (MPEG). Most of these are covered in Chapter 7 if you really want to know about them. They can be characterized as either lossless or lossy. Use lossless if you can’t afford to lose even a bit. Lossy usually faster and usable on streams. MPEG uses differential. Forecasting and motion detection. Use RTP for data transfer (accommodates loss). Fixed size packets with sequence number and timestamp to help playback buffer remove jitter and deal with loss. Use H.323 to do signaling (session and call control). [Newer stuff coming out next year for this functionality.] LN2 5/5