GE Global eXchange Services A Review of Security Concerns, Techniques and Methodologies <Bills_Info> <Name>Bill Cafiero</Name> <Phone>972-231-2180</Phone> <e-mail>jcaf@airmail.net</e-mail> </Bills_Info> Copyright © William G. Cafiero, 2001 Page 1 GE Global eXchange Services Dot-Com is fast becoming DOW-Com Honeywell intends to use the Internet to cut costs by $500M-$1B no later than 2005. Chairman Lawrence Bossidy The Internet is going to be about a lot more than the ability to call up stock quotes. It will really explode for us when broadband arrives. Disney CEO Michael Eisner Évery dealer in this country has about 70 days of supply. In simple truth, there's tremendous waste in that. GM CEO Jack Smith As highlighted in the now-famous destroyyourbusiness.com speech, old-line companies have to think in radically new ways. GE Chief Jack Welch Copyright © William G. Cafiero, 2001 Page 2 GE Global eXchange Services Strengths Become Weaknesses • Access points become International • Partners Can Now Collaborate • You’ll have access to your partners (and they’ll have access to you) • Employees can work from home, at night, over the weekends, and on holiday • Application servers can support entire divisions • Every internal modem is now a gateway into a network of networks Copyright © William G. Cafiero, 2001 Page 3 GE Global eXchange Services Yesterday Internal focus Access is granted to employees only Centralized assets Applications and data are centralized in fortified IT bunkers Prevent losses The goal of security is to protect against confidentiality breaches IT control Security manager decides who gets access A New Focus Is Needed Today External focus Suppliers, customers, and prospects all need some form of access Distributed assets Applications and data are distributed across servers, locations, and business units Generate revenue The goal of security is to enable eCommerce Business control Business units want the authority to grant access Source: Forrester Research, Inc. Copyright © William G. Cafiero, 2001 Page 4 GE Global eXchange Services But there are security challenges • Electronic Business Is a Priority – “Time to market” will always win over security if you are not careful • Dynamic Networks and Security Confusion – Who owns security? Who knows about new projects, new networks, new connections? • Limited Security Resources and Expertise – Security administrators in California earn an unburdened average of $73,863 (SANS 2000 salary survey) – Average turnover is 24 months. • Security Management Is Too Complex Copyright © William G. Cafiero, 2001 Page 5 GE Global eXchange Services Copyright © William G. Cafiero, 2001 …and more security challenges Page 6 GE Global eXchange Services Copyright © William G. Cafiero, 2001 Some Examples Page 7 GE Global eXchange Services Credit Card Data We Sources can only inside guess the what credit-card this breach industry cost told Egghead ZDNet News in terms that Egghead of downtime, may audit, warn up negative to 3.7 PR, and million lostcredit-cards business. holders that their card numbers had been stolen. Copyright © William G. Cafiero, 2001 Page 8 GE Global eXchange Services New technology is cool, but hardly ever secure Clay "We Shirky, walkedaaround well-known the open Financial source District pundit with anda partner laptop and withan New antenna, York investment and we could firm pick up Accelerator about six networks Group, is per thrilled block,"by says all Matt this network openness. Peterson, a"I'm network not worried about engineer security, because security and convenience are always a tradeoff," he explains. Copyright © William G. Cafiero, 2001 Page 9 GE Global eXchange Services Copyright © William G. Cafiero, 2001 AirTran Page 10 GE Global eXchange Services Copyright © William G. Cafiero, 2001 AirTran Hacked Page 11 GE Global eXchange Services Copyright © William G. Cafiero, 2001 Nothing is Sacred Page 12 GE Global eXchange Services Consequences • Lack of consumer confidence • Exposure to Legal Liability • Decreased Stockholder Equity • Damaged Image - 30 Seconds on CNN • Decreased Employee Productivity • Loss of Intellectual Property & Assets Copyright © William G. Cafiero, 2001 Page 13 GE Global eXchange Services The Issues The rest of this presentation deals with message security: • What are our security needs? • Just how do cryptographic security techniques work? • In other words - a primer on authentication, encryption, digital signatures and key management Copyright © William G. Cafiero, 2001 Page 14 GE Global eXchange Services What are the Security Needs? Alice and Bob are planning a merger Now I have the details on the merger Confidentiality Copyright © William G. Cafiero, 2001 Page 15 GE Global eXchange Services What are the Security Needs? I will convince Bob that I am Alice Authentication Copyright © William G. Cafiero, 2001 Page 16 GE Global eXchange Services What are the Security Needs? I’ll just change this a bit. Bob will never notice Integrity Copyright © William G. Cafiero, 2001 Page 17 GE Global eXchange Services You can’t deny your role in this transaction Bob What are the Security Needs? Neither can you Alice Non-repudiation Copyright © William G. Cafiero, 2001 Page 18 Basics of Encryption GE Global eXchange Services This is plain text. It can be read by anyone. PlainText Encrypt qazws ed ty xedcr dcrfv ui rgbth thn olputui n loijg frt ugd iopyt nuytrbyi Decrypt CipherText This is plain text. It can be read by anyone. PlainText Encryption satisfies two of our needs: • Confidentiality - Original data is completely private • Integrity - Data has not been altered Plus encryption provides an additional feature: • Access Control - Only those who have the right keys can decrypt the CipherText Copyright © William G. Cafiero, 2001 Page 19 GE Global eXchange Services Encryption There are two types of algorithms • Symmetric (or Private Key) algorithms • Asymmetric (or Public Key) algorithms Both types of algorithms have advantages and disadvantages Copyright © William G. Cafiero, 2001 Page 20 Private Key Encryption GE Global eXchange Services Shared Key Encrypt PlainText Decrypt CipherText PlainText Symmetric Encryption • Ex: Data Encryption Standard (DES) Copyright © William G. Cafiero, 2001 Page 21 Public Key Encryption GE Global eXchange Services Bob’s Public Key Bob’s Private Key Encrypt PlainText Decrypt CipherText PlainText Asymmetric Key Encryption • Ex: Rivest Shamir Adleman (RSA) Copyright © William G. Cafiero, 2001 Page 22 GE Global eXchange Services Public Key Encryption Bob’s Public Key Bob’s Private Key • Made publicly available to others • Used by others to encrypt message for Bob; or… • Used by others to verify Bob’s digital signature • Kept secret and secure by Bob • Used by Bob to decrypt messages from others; or… • Used by Bob to generate his digital signature Knowing the public key, it is not possible to deduce the private key Copyright © William G. Cafiero, 2001 Page 23 Basics of Digital Signature GE Global eXchange Services This is plain text. It can be read by anyone. Sign This is plain text. It can be read by anyone. Verify tybs58bdn6 PlainText Signed PlainText Digital Signatures satisfy the last two needs: • Authentication - The originator’s signature is on the file • Non-repudiation - The originator cannot deny signing the file Copyright © William G. Cafiero, 2001 Page 24 GE Global eXchange Services Alice’s Signing Process How a Digital Signature Works Bob’s Verification Process This is plain text. It can be read by anyone. This is plain text. It can be read by anyone. Calculate hash Calculate fresh hash nh9ft4mjae tybs58bdn6 tybs58bdn6 nh9ft4mjae tybs58bdn6 Encrypt hash with Alice’s private key This is plain text. It can be read by anyone. Decrypt original hash with Alice’s public key tybs58bdn6 Signed PlainText nh9ft4mjae Copyright © William G. Cafiero, 2001 =? tybs58bdn6 Compare decrypted hash with fresh hash Page 25 Putting it All Together GE Global eXchange Services This is plain text. It can be read by anyone. Encrypt and Sign qazws ed ty xedcr dcrfv ui rgbth thn olputui n loijg frt ugd iopyt nuytrbyi Decrypt and Verify tybs58bdn6 PlainText Signed CipherText This is plain text. It can be read by anyone. PlainText Verify Hash • Confidentiality • Authentication • Integrity • Non-repudiation and • Access control Are we done yet? Copyright © William G. Cafiero, 2001 Page 26 Another Issue GE Global eXchange Services I’ll just substitute my public key for what Alice thinks is Bob’s public key Interloper’s Private Key Decrypt Alter Interloper uses Bob’s Public Key Interloper’s Public Key Masquerading as Bob’s Public Key Encrypt CipherText Encrypt PlainText Public Key Substitution Risk Copyright © William G. Cafiero, 2001 Bob’s Private Key Decrypt PlainText It’s a valid message from Alice Page 27 GE Global eXchange Services Certificate Issuance Binds a key to its owner Digitally signed by a “certification authority” • Guarantees integrity Bob • Authenticates the owner Prevents masquerading Establishes trust An electronic version of a “notary public” Copyright © William G. Cafiero, 2001 Page 28 GE Global eXchange Services Key Expiry and Update Public key expiry date defined in certificate • Set by security officer Key update • Automatic • Transparent • Different rules for encryption and digital signature key pairs Key histories • Easily decrypt data protected with “old” keys Copyright © William G. Cafiero, 2001 Page 29 Third Party Trust GE Global eXchange Services Certification Authority Trust Trust Trust Bob Alice Third Party Trust Copyright © William G. Cafiero, 2001 Page 30 Cross Certification GE Global eXchange Services Certification Authority Certification Authority Cross Certify Trust Trust Trust Trust Alice Copyright © William G. Cafiero, 2001 Trust Trust Bob Carol Ted Page 31 GE Global eXchange Services The Real Issues Cryptographic algorithms are not the problem The problems are: • Large scale key management •Establishing and maintaining third party trust •Corporate control of information • Making cryptography accessible to everyone, across applications •Security has to be easy to use Key management issues... Copyright © William G. Cafiero, 2001 Page 32 GE Global eXchange Services Key Management The most difficult security problem • Generating keys • Keeping backup keys • Delivering keys • Dealing with compromised keys • Changing keys • Destroying old keys The Public Key advantage Copyright © William G. Cafiero, 2001 Page 33 Key Management Lifecycle GE Global eXchange Services Key Generation Bob Certificate Issuance Bob Key Usage Key Expiry Key Update Copyright © William G. Cafiero, 2001 Page 34 GE Global eXchange Services Summary Five key security requirements • Confidentiality - Encryption • Integrity - Encryption • Authentication - Digital signature • Non-repudiation - Digital signature • Access Control - Encryption Two types of algorithms • Private Key - Symmetric • Public Key - Asymmetric Importance of key management Certification of public keys Make security easy to use and implement it across all of your important applications Copyright © William G. Cafiero, 2001 Page 35 GE Global eXchange Services Thank you Copyright © William G. Cafiero, 2001 Page 36