GE Global eXchange Services

advertisement
GE Global eXchange Services
A Review of Security Concerns,
Techniques and Methodologies
<Bills_Info>
<Name>Bill Cafiero</Name>
<Phone>972-231-2180</Phone>
<e-mail>jcaf@airmail.net</e-mail>
</Bills_Info>
Copyright © William G. Cafiero, 2001
Page 1
GE Global eXchange Services
Dot-Com is fast becoming DOW-Com
Honeywell intends to use the Internet to cut
costs by $500M-$1B no later than 2005.
Chairman Lawrence Bossidy
The Internet is going to be about a lot more than the
ability to call up stock quotes. It will really explode for us
when broadband arrives.
Disney CEO Michael Eisner
Évery dealer in this country has about 70
days of supply. In simple truth, there's
tremendous waste in that.
GM CEO Jack Smith
As highlighted in the now-famous destroyyourbusiness.com
speech, old-line companies have to think in radically new
ways.
GE Chief Jack Welch
Copyright © William G. Cafiero, 2001
Page 2
GE Global eXchange Services
Strengths Become Weaknesses
• Access points become International
• Partners Can Now Collaborate
• You’ll have access to your partners (and they’ll have
access to you)
• Employees can work from home, at night, over the
weekends, and on holiday
• Application servers can support entire divisions
• Every internal modem is now a gateway into a network
of networks
Copyright © William G. Cafiero, 2001
Page 3
GE Global eXchange Services
Yesterday
Internal focus
Access is granted to
employees only
Centralized assets
Applications and data are
centralized in fortified IT bunkers
Prevent losses
The goal of security is to
protect against confidentiality
breaches
IT control
Security manager decides
who gets access
A New Focus Is Needed
Today
External focus
Suppliers, customers, and
prospects all need some
form of access
Distributed assets
Applications and data are
distributed across servers,
locations, and business units
Generate revenue
The goal of security is to
enable eCommerce
Business control
Business units want the
authority to grant access
Source: Forrester Research, Inc.
Copyright © William G. Cafiero, 2001
Page 4
GE Global eXchange Services
But there are security challenges
• Electronic Business Is a Priority
– “Time to market” will always win over security if you
are not careful
• Dynamic Networks and Security Confusion
– Who owns security? Who knows about new
projects, new networks, new connections?
• Limited Security Resources and Expertise
– Security administrators in California earn an
unburdened average of $73,863 (SANS 2000 salary
survey)
– Average turnover is 24 months.
• Security Management Is Too Complex
Copyright © William G. Cafiero, 2001
Page 5
GE Global eXchange Services
Copyright © William G. Cafiero, 2001
…and more security challenges
Page 6
GE Global eXchange Services
Copyright © William G. Cafiero, 2001
Some Examples
Page 7
GE Global eXchange Services
Credit Card Data
We
Sources
can only
inside
guess
the
what
credit-card
this breach
industry
cost
told Egghead
ZDNet News
in
terms
that Egghead
of downtime,
may
audit,
warn up
negative
to 3.7 PR,
and
million
lostcredit-cards
business.
holders that their
card numbers had
been stolen.
Copyright © William G. Cafiero, 2001
Page 8
GE Global eXchange Services
New technology is cool, but
hardly ever secure
Clay
"We Shirky,
walkedaaround
well-known
the
open
Financial
source
District
pundit
with
anda
partner
laptop and
withan
New
antenna,
York
investment
and we could
firm
pick up
Accelerator
about six networks
Group, is
per
thrilled
block,"by
says
all Matt
this network
openness.
Peterson, a"I'm
network
not worried
about
engineer
security, because
security and convenience
are always a tradeoff," he
explains.
Copyright © William G. Cafiero, 2001
Page 9
GE Global eXchange Services
Copyright © William G. Cafiero, 2001
AirTran
Page 10
GE Global eXchange Services
Copyright © William G. Cafiero, 2001
AirTran Hacked
Page 11
GE Global eXchange Services
Copyright © William G. Cafiero, 2001
Nothing is Sacred
Page 12
GE Global eXchange Services
Consequences
• Lack of consumer confidence
• Exposure to Legal Liability
• Decreased Stockholder Equity
• Damaged Image - 30 Seconds on CNN
• Decreased Employee Productivity
• Loss of Intellectual Property & Assets
Copyright © William G. Cafiero, 2001
Page 13
GE Global eXchange Services
The Issues
The rest of this presentation deals with
message security:
• What are our security needs?
• Just how do cryptographic security
techniques work?
• In other words - a primer on
authentication, encryption, digital
signatures and key management
Copyright © William G. Cafiero, 2001
Page 14
GE Global eXchange Services
What are the Security Needs?
Alice and Bob are
planning a merger
Now I have the
details on the
merger
Confidentiality
Copyright © William G. Cafiero, 2001
Page 15
GE Global eXchange Services
What are the Security Needs?
I will convince Bob
that I am Alice
Authentication
Copyright © William G. Cafiero, 2001
Page 16
GE Global eXchange Services
What are the Security Needs?
I’ll just change this a bit.
Bob will never notice
Integrity
Copyright © William G. Cafiero, 2001
Page 17
GE Global eXchange Services
You can’t deny
your role in this
transaction Bob
What are the Security Needs?
Neither can you
Alice
Non-repudiation
Copyright © William G. Cafiero, 2001
Page 18
Basics of Encryption
GE Global eXchange Services
This is
plain
text. It
can be
read by
anyone.
PlainText
Encrypt
qazws ed
ty xedcr
dcrfv ui
rgbth thn
olputui n
loijg frt
ugd iopyt
nuytrbyi
Decrypt
CipherText
This is
plain
text. It
can be
read by
anyone.
PlainText
Encryption satisfies two of our needs:
• Confidentiality - Original data is completely private
• Integrity - Data has not been altered
Plus encryption provides an additional feature:
• Access Control - Only those who have the right keys
can decrypt the CipherText
Copyright © William G. Cafiero, 2001
Page 19
GE Global eXchange Services
Encryption
There are two types of algorithms
• Symmetric (or Private Key) algorithms
• Asymmetric (or Public Key) algorithms
Both types of algorithms have
advantages and disadvantages
Copyright © William G. Cafiero, 2001
Page 20
Private Key Encryption
GE Global eXchange Services
Shared Key
Encrypt
PlainText
Decrypt
CipherText
PlainText
Symmetric Encryption
• Ex: Data Encryption Standard (DES)
Copyright © William G. Cafiero, 2001
Page 21
Public Key Encryption
GE Global eXchange Services
Bob’s Public Key
Bob’s
Private Key
Encrypt
PlainText
Decrypt
CipherText
PlainText
Asymmetric Key Encryption
• Ex: Rivest Shamir Adleman (RSA)
Copyright © William G. Cafiero, 2001
Page 22
GE Global eXchange Services
Public Key Encryption
Bob’s Public Key
Bob’s Private Key
• Made publicly available
to others
• Used by others to
encrypt message for
Bob; or…
• Used by others to verify
Bob’s digital signature
• Kept secret and
secure by Bob
• Used by Bob to
decrypt messages
from others; or…
• Used by Bob to
generate his digital
signature
Knowing the public key, it is not
possible to deduce the private key
Copyright © William G. Cafiero, 2001
Page 23
Basics of Digital Signature
GE Global eXchange Services
This is
plain
text. It
can be
read by
anyone.
Sign
This is
plain
text. It
can be
read by
anyone.
Verify
tybs58bdn6
PlainText
Signed PlainText
Digital Signatures satisfy the last two needs:
• Authentication - The originator’s signature is on the file
• Non-repudiation - The originator cannot deny signing the file
Copyright © William G. Cafiero, 2001
Page 24
GE Global eXchange Services
Alice’s Signing Process
How a Digital Signature Works
Bob’s Verification Process
This is
plain
text. It
can be
read by
anyone.
This is
plain
text. It
can be
read by
anyone.
Calculate hash
Calculate
fresh hash
nh9ft4mjae
tybs58bdn6
tybs58bdn6
nh9ft4mjae
tybs58bdn6
Encrypt hash with
Alice’s private key
This is
plain
text. It
can be
read by
anyone.
Decrypt original hash
with Alice’s public key
tybs58bdn6
Signed PlainText
nh9ft4mjae
Copyright © William G. Cafiero, 2001
=?
tybs58bdn6
Compare decrypted
hash with fresh hash
Page 25
Putting it All Together
GE Global eXchange Services
This is
plain
text. It
can be
read by
anyone.
Encrypt
and Sign
qazws ed
ty xedcr
dcrfv ui
rgbth thn
olputui n
loijg frt
ugd iopyt
nuytrbyi
Decrypt
and
Verify
tybs58bdn6
PlainText
Signed CipherText
This is
plain
text. It
can be
read by
anyone.
PlainText
Verify
Hash
• Confidentiality
• Authentication
• Integrity
• Non-repudiation
and
• Access control
Are we done yet?
Copyright © William G. Cafiero, 2001
Page 26
Another Issue
GE Global eXchange Services
I’ll just substitute my
public key for what
Alice thinks is Bob’s
public key
Interloper’s Private Key
Decrypt
Alter
Interloper uses
Bob’s Public Key
Interloper’s
Public Key
Masquerading
as Bob’s
Public Key
Encrypt
CipherText
Encrypt
PlainText
Public Key Substitution Risk
Copyright © William G. Cafiero, 2001
Bob’s Private
Key
Decrypt
PlainText
It’s a valid message
from Alice
Page 27
GE Global eXchange Services
Certificate Issuance
Binds a key to its owner
Digitally signed by a “certification
authority”
• Guarantees integrity
Bob
• Authenticates the owner
Prevents masquerading
Establishes trust
An electronic version of a “notary public”
Copyright © William G. Cafiero, 2001
Page 28
GE Global eXchange Services
Key Expiry and Update
Public key expiry date defined in certificate
• Set by security officer
Key update
• Automatic
• Transparent
• Different rules for encryption and digital
signature key pairs
Key histories
• Easily decrypt data protected with “old”
keys
Copyright © William G. Cafiero, 2001
Page 29
Third Party Trust
GE Global eXchange Services
Certification Authority
Trust
Trust
Trust
Bob
Alice
Third Party Trust
Copyright © William G. Cafiero, 2001
Page 30
Cross Certification
GE Global eXchange Services
Certification Authority
Certification Authority
Cross Certify
Trust
Trust
Trust
Trust
Alice
Copyright © William G. Cafiero, 2001
Trust
Trust
Bob
Carol
Ted
Page 31
GE Global eXchange Services
The Real Issues
Cryptographic algorithms are not the problem
The problems are:
• Large scale key management
•Establishing and maintaining third party trust
•Corporate control of information
• Making cryptography accessible to everyone,
across applications
•Security has to be easy to use
Key management issues...
Copyright © William G. Cafiero, 2001
Page 32
GE Global eXchange Services
Key Management
The most difficult security
problem
• Generating keys
• Keeping backup keys
• Delivering keys
• Dealing with compromised
keys
• Changing keys
• Destroying old keys
The Public Key advantage
Copyright © William G. Cafiero, 2001
Page 33
Key Management Lifecycle
GE Global eXchange Services
Key Generation
Bob
Certificate Issuance
Bob
Key Usage
Key Expiry
Key Update
Copyright © William G. Cafiero, 2001
Page 34
GE Global eXchange Services
Summary
Five key security requirements
• Confidentiality - Encryption
• Integrity - Encryption
• Authentication - Digital signature
• Non-repudiation - Digital signature
• Access Control - Encryption
Two types of algorithms
• Private Key - Symmetric
• Public Key - Asymmetric
Importance of key management
Certification of public keys
Make security easy to use and implement it
across all of your important applications
Copyright © William G. Cafiero, 2001
Page 35
GE Global eXchange Services
Thank you
Copyright © William G. Cafiero, 2001
Page 36
Download