MIS Cryptography. Class 4

Transcription

1 MIS 5214 Cryptography Class 4

2 Agenda Cryptography Open Systems Interconnection (OSI) Reference Model Case Study The Titan Incident Quiz

3 Cryptography Method of transmitting and storing data in a form that only those it is intended for can read and process An effective way of protecting sensitive information as it is transmitted through untrusted network communication paths or stored on media Complements physical and logical access controls

4 The study of methods to break cryptosystems Often targeted at obtaining a key Attacks may be passive or active Kerckhoff s Principle The only secrecy involved with a cryptosystem should be the key Cryptosystem Strength How hard is it to determine the secret associated with the system?

5 Terminology Plaintext is the readable version of a message Ciphertext is the unreadable results after an encryption process is applied to the plaintext Cryptosystem includes all the necessary components for encryption and decryption Algorithms Keys Software Protocols Harris, S. and Maymi, F. (2016) All-In-One CISSP Exam Guide, McGraw Hill Education

6 Cipher = encryption algorithm 2 main attributes combined in a cypher 1. Confusion: usually carried out through substitution 2. Diffusion: Usually carried out through transposition Harris, S. and Maymi, F. (2016) All-In-One CISSP Exam Guide, McGraw Hill Education

7 Example: Substitution cipher or algorithm A mono-alphabetic substitution cipher SECURITY <=> HVXFIRGB Poly-alphabetic substitution cipher

8 Services of cryptosystems Repudiation the sender denying he sent the message Harris, S. and Maymi, F. (2016) All-In-One CISSP Exam Guide, McGraw Hill Education

9 XOR Exclusive OR Creating confusion through a binary mathematical function called exclusive OR, abbreviated as XOR Harris, S. and Maymi, F. (2016) All-In-One CISSP Exam Guide, McGraw Hill Education

10 One-Time Pad a perfect encryption scheme One-Time Pad Requirements Harris, S. and Maymi, F. (2016) All-In-One CISSP Exam Guide, McGraw Hill Education

11 2 main attributes combined in a cypher 1. Confusion: usually carried out through substitution 2. Diffusion: Usually carried out through transposition Harris, S. and Maymi, F. (2016) All-In-One CISSP Exam Guide, McGraw Hill Education

12 Dichotomies is cryptography Symmetric versus Asymmetric Stream versus block Synchronous versus Asynchronous 1-Way functions versus 2-Way functions

13 Symmetric versus asymmetric algorithms Symmetric cryptography Use a copied pair of symmetric (identical) secret keys The sender and the receive use the same key for encryption and decryption functions Asymmetric cryptography Also know as public key cryptography Use different ( asymmetric ) keys for encryption and decryption One is called the private key and the other is the public key

14 Symmetric cryptography Two types: Stream and Block Ciphers Stream Ciphers treat the message a stream of bits and performs mathematical functions on each bit individually Block Ciphers divide a message into blocks of bits and transforms the blocks one at a time

15 Symmetric Stream Ciphers Easy to implement in hardware Used in cell phones and Voice Over Internet Protocol Harris, S. and Maymi, F. (2016) All-In-One CISSP Exam Guide, McGraw Hill Education

16 Symmetric versus asymmetric algorithms Symmetric cryptography Use a copied pair of symmetric (identical) secret keys The sender and the receive use the same key for encryption and decryption functions Asymmetric cryptography Also know as public key cryptography Use different ( asymmetric ) keys for encryption and decryption One is called the private key and the other is the public key

17 Asymmetric cryptography Public and Private keys are mathematically related Public keys are generated from private key Private keys cannot be derived from the associated public key (if it falls into the wrong hands) Public key can be known by everyone Private key must be known and used only by the owner Asymmetric cryptography is computational intensive and much slower than symmetric cryptography Harris, S. and Maymi, F. (2016) All-In-One CISSP Exam Guide, McGraw Hill Education

18 Asymmetric cryptography Do not get confused and think the public key is only for encryption and private key is only for decryption! Each key type can be use used to encrypt and decrypt If data is encrypted with a private key it cannot be decrypted with the same private key (but it can be decrypted with the related public key) If data is encrypted with a public key it cannot be decrypted with the same public key (but it can be decrypted with the related private key)

19 Asymmetric cryptography If the sender ( Jill ) encrypts data with her private key, the receiver ( Bill ) must have a copy of Jill s public key to decrypt it By decrypting the message with Jill s public key Bill can be sure the message really came from Jill A message can be decrypted with a public key only if the message was encrypted with the corresponding private key This provides authentication because Jill is only the only one who is supposed to have her private key If Bill (the receiver) wants to make sure Jill is the only one who can read his reply, he will encrypt the response with her public key Only Jill will be able to decrypt the message, because she is the only one who has the necessary private key This provides confidentiality because only Jill is able to decrypt the message with her private key

20 Asymmetric cryptography Why would Bill (now the sender) choose to encrypt his reply to Jill with his private key instead of using Jill s public key? Authentication Bill wants Jill to know that the message came from him and no one else If he encrypted the data with Jill s public key, it does not provide authenticity because anyone can get Jill s public key If he uses his private key to encrypt the data, then Jill can be sure the message came from him and no one else Note: Symmetric keys do not provide authenticity because the same key is used on both ends (using one of the secret keys does not ensure the message originated from a specific individual

21 Asymmetric cryptography If confidentiality is the most important security service, the sender would encrypt the file with the receiver s public key This is called a secure message format because it can only be decrypted by the person with the corresponding private key If authentication is most important, the sender would encrypt the data with his private key This provides assurance to the receiver that the only person who could have encrypted the data is the individual in possession of the private key If the sender encrypted the data with receivers public key, authentication is not provided because the public key is available to anyone Encrypting data with the senders private key is called an open message format because anyone with a copy of the corresponding public key can decrypt the message Confidentiality is not assured

22 Hybrid Encryption (a.k.a. digital envelope ) Symmetric and asymmetric and algorithms are often used together Public key cryptography s asymmetric algorithm is used to create public and private keys for secure automated key distribution Symmetric algorithm is used to create secret keys for rapid encryption/decryption of bulk data Harris, S. and Maymi, F. (2016) All-In-One CISSP Exam Guide, McGraw Hill Education

23 Hybrid Encryption Symmetric algorithm uses a secret key to encrypt the message and the asymmetric key encrypts the secret key for transmission (SSL/TLS uses hybrid) Harris, S. and Maymi, F. (2016) All-In-One CISSP Exam Guide, McGraw Hill Education

24 Quick review 1. If a symmetric key is encrypted with a receiver s public key, what security service is provided?

25 Quick review 1. If a symmetric key is encrypted with a receiver s public key, what security service is provided? Confidentiality: only the receiver s private key can be used to decrypt the symmetric key, and only the receiver should have access to this private key

26 Quick review 2. If data is encrypted with the sender s private key, what security services is provided?

27 Quick review 2. If data is encrypted with the sender s private key, what security services are provided? Authenticity of the sender and nonrepudiation. If the receiver can decrypt the encrypted data with the sender s public key, then receiver knows the data was encrypted with the sender s private key

28 Quick review 3. Why do we encrypt the message with the symmetric key rather than the asymmetric key?

29 Quick review 3. Why do we encrypt the message with the symmetric key rather than the asymmetric key? Because the asymmetric key algorithm is too slow

30 Session keys Single-use symmetric keys used to encrypt messages between two users in an individual communication session This is how secure web client applications communicate with server-side services Harris, S. and Maymi, F. (2016) All-In-One CISSP Exam Guide, McGraw Hill Education

31 One-way Hash Assures message integrity A function that takes a variable-length string (i.e. message) and produces a fixedlength value called a hash value Does not use keys 1. Sender puts message through hashing function 2. Message digest generated 3. Message digest appended to the message 4. Sender sends message to receiver 5. Receiver puts message through hashing function 6. Receiver generates message digest value 7. Receiver compares the two message digests values. If they are the same, the message has not been altered

32 One-way hash example Testing the integrity of a file (e.g. program) downloaded from the internet

33 One-way hash example Testing the integrity of a file (e.g. program) from the internet Is the Kali I downloaded the same Kali that was published?

34 One-way hash example

35 One-way hash example

36

37 One-way hash example

38 One-way hash example Notice the amount of confusion and diffusion resulting from a 1 character change!

39 Digital Signature A hash value encrypted with the sender s private key The act of signing means encrypting the message s hash value with the private key Creating a digital signature for a message Harris, S. and Maymi, F. (2016) All-In-One CISSP Exam Guide, McGraw Hill Education

40 Small block of data generated with a secret key and appended to a message HMAC (RFC 2104) Uses hash instead of cipher for speed Used in SSL/TLS and IPSec

41 Cryptographic algorithms and their functions Harris, S. and Maymi, F. (2016) All-In-One CISSP Exam Guide, McGraw Hill Education

42 Reason Confidentiality The message can be encrypted How achieved Integrity The message can be hashed and/or digitally signed Authentication The message can be digitally signed Nonrepudiation The message can be digitally signed

43 Agenda Cryptography Open Systems Interconnection (OSI) Reference Model Case Study The Titan Incident Quiz

44 Telecommunication Models Electromagnetic transmission of data among systems Through digital, wireless and analog transmission types Models and standards of the following organizations have shaped our IT communication technology today International Telecommunication Union (ITU) International Standards Organization (ISO)

45 Information and Communications Technologies (ICT) Network protocol Standard set of rules that determines how systems communicate across networks Different systems can use the same protocol to communicate and understand each other despite their differences Windows Linux OSX

46 Open Systems Interconnection(OSI) Reference Model ISO Standard Computer 1 Computer 2 OSI Model Guidelines used by vendors, engineers, developers to develop products that enable computer systems to interoperate Open network architecture is Not owned by vendors and not proprietary Can easily integrate various technologies and vendor implementation of those technologies Graphics on the following slides come from Harris S. and Maymi F. (2016) All in One CISSP Exam Guide, Seventh Edition

47 Open Systems Interconnection(OSI) Reference Model ISO Standard OSI Model Guidelines used by vendors, engineers, developers to enable their systems to interoperate Layers networking tasks, protocols and services into different layers Each layer has its own responsibilities regarding how two computers communicate over a network Computer 1 Computer 2 Layer 8 Layer 7 Layer 6 Layer 5 Layer 4 Layer 3 Layer 2 Computer 1 Computer 2 Layer 1

48 Computers communicate via network Computer 1 Computer 2 Protocols function in specific OSI layers Each protocol on one computer communicates with the same corresponding protocol within the same OSI layer on another computer Via logical channels At the physical layer electronic/light signals are passed from one computer over a wire/fiber optic cable to the other computer

49 Encapsulation Process by which a protocol is used to enable two computers to communicate with each other within a specific OSI layer on each Computer 1 Computer 2 1. A message is constructed within a program on one computer and passed down through the network protocol s stack A protocol at each layer adds its own information to the message, and the message grows in size as it does down the protocol stack

50 Encapsulation 2. At the physical layer of the network the message is passed by the sending computer as bits via electronic or light pulses (on/off) across the network to the destination computer 3. At the destination computer the encapsulation is reversed taking the message apart via the protocols of each layer until the data is ready for the application processing

51 OSI Network Model A protocol at each layer expects the data in a particular format ( syntax ) and has specific responsibilities and control functions it performs on the data Control functions are added by the protocols at each layer in the form of headers and trailers of the datagram/packet/frame Each layer has a connection point ( interface ) that allows it to communicate with 3 other layers, communications with: 1. Interface of the layer above 2. Interface of the layer below it 3. Communications with the same layer in the interface of the destination computer

52 OSI Layers Specifications for each layer s interface is very structured Implementing international standard protocols and interfaces within different vendors technologies makes them part of an open system in which computers can communicate with one another Being part of an open system of protocols makes the different layers of a common network stack vulnerable and targets of attack A network can be: 1. Used as a channel of an attack i.e. as a resource for an attacker For example: Attacker sends a virus via a network channel from one system to another 2. The target of an attack For example: Attacker carries out a denial-of-service (DoS) attack which sends a large volume of badly formed protocol message traffic over a network link to bog it down

53 Layer 7: Application Layer Works closest to the user providing protocols that support the user s applications For example: File transmissions, message exchanges, terminal sessions When an application needs to send data over the network, it passes instructions and the data through the protocols that support it at the application layer Application layer properly formats the data and sends it down to the presentation layer (after data makes it through all the layers it has all the information needed to transmit it over the network)

54 Layer 7: Application Layer Protocols functioning at this layer communicate include: SMTP Simple Mail Transfer Protocol HTTP Hyper Text Transfer Protocol DNS Domain Name System IRC Internet Relay Chat LPD Line Printer Daemon Applications communicate with Layer 7 protocols by sending requests using Application Program Interface (API) libraries E.g. Outlook user clicks send, and the client sends this information to SMTP which adds information to the user s message and passes it down to the Presentation Layer

55 Layer 6: Presentation Layer Receives data from the application layer protocol and puts it in a standard format with annotation that enables any process operating at Layer 6 on destination computer can understand Presentation layer 1. Translates the format of data an application is using into a standard format used for passing messages over a network 2. Adds file type data to tell destination computer the file type and how to process and present it 3. Handles compression and encryption requests and adds data that enables the receiving computer to know how to decompress and decrypt the data Application layer properly formats the data and sends it down to the presentation layer (after data makes it through all the layers it has all the information needed to transmit it over the network)

56 Layer 6: Presentation Layer Protocols functioning at this layer communicate include: MIME Multipurpose Internet Main Extensions standards TIFF - Tagged Image File Format GIF Graphic Interchange Format JPEG Joint Photographic Experts Group For example, user compresses file on Windows computer with WinZip sends it to someone on Linux computer When the Linux computer receives the file, it looks at the file header, interprets the header s MIME type (Content-Type: application/zip) and knows what application can decompress the file If systems does not have WinZip or other program that understands the compression/decompression instructions, the file will be presented to the user with an unassociated icon

57 Layer 5: Session Layer When two applications need to communicate or transfer data between themselves, Layer 5 is responsible for: 1. Establishing a connection between two applications 2. Dialog management to maintain the connection during the transfer of data Restarts and recovers the session to maintain the connection if needed 3. Controlling release of the connection Provides inter-process communication channels, enables one software module on a local system to call a second software module running on a remote system. The results of the second module are retuned to the first system over the same session protocol channel This is how the RPC (Remote Procedure Call) protocol works The session layer protocol enables 3 different modes of communications between 2 applications running on different computers across the network: 1. Simplex: Communication takes place in one direction (very seldom used) 2. Half-duplex: Communication takes place in both directions, but only one application can send information at a time 3. Full-duplex: Communication takes place in both directions, and both applications can send information at the same time

58 Layer 5: Session Layer Provides inter-process communication channels, enables one software module on a local system to call a second software module running on a remote system. The results of the second module are retuned to the first system over the same session protocol channel Protocols include: PAP Password Authentication Protocol PPTP Point to Point Tunneling Protocol NetBIOS Network Basic Input Output System RPC Remote Procedure Call Session layer protocols provide the middleware functionality that connects and maintains the connection between software applications on different computers as they communicate (i.e. application to application communication) Client-server model Service oriented architecture (SOA)

59 Layer 5: Session Layer One security issue affecting the session layer common to inter-process communication software (e.g. RPC) is the lack of authentication or use of weak authentication Example mitigation: Use SRPC Secure RPC Requires authentication to take place before two computers located in different locations are able to communicate with each other Session layer protocols need to secure authentication capabilities, however, which use shared secret keys, public keys, or Kerberos tickets Unused Session Layer protocols should be identified and disabled on systems to decrease the chance of them getting exploited RPC and NetBIOS and similar distributed processing calls usually only take place within a single organization s network, thus firewalls should be configured to filter this dangerous traffic and prevent it into or out of the network

60 Layer 4: Transport Layer Establishes a logical connection between two computer systems and provides end-to-end data transport services Provides connection level protocols for two computers to engage in a handshaking process and agree on parameters for: 1. How much data each computer will send at a time 2. How to verify data integrity once received 3. How to determine if a data packet was lost Receives data from different applications and assembles their data into a stream for transmission over the network

61 Layer 4: Transport Layer Transport layer protocol controls data flow across computer to computer connections without tracking connections between individual pairs of applications communicating across the network Protocols: TCP Transmission Control Protocol Connection-oriented provides reliable data transmission UDP User Datagram Protocol Connectionless TLS Transport Layer Security protocol, straddles both Session and Transport layers After the Transport Layer appends it s information to the data message, it is called either a TCP segment or a UDP Packet

62 Layer 3: Network Layer s Routing protocols Build and maintain routing tables Routing tables are maps of the network Determine best route to send packet from source computer to destination computer Inserts information into the data packet s header consisting of addresses (source and destination) and routes to their destination Do not guarantee delivery of packets Transport layer protocols catch problems and resend packets as needed (TCP not UDP) Protocols IP Internet Protocol ICMP Internet Control Message Protocol RIP Routing Information Protocol OSPF Open Shortest Path First IPX Internet Packet Exchange Routers operate on OSI Layer 3 After the Network Layer appends it s information to the data message, it converts it to binary format and the unit of data is called a packet Computer 1 Computer 2

63 Layer 2: Data Link Layer Translates the data packet with header/footer information accumulated from layers above into LAN (Local Area Network) or WAN (Wide Area Network) binary format for transmission over the network transmission line After the network layer adds its routing information into the data packet, it passes the packet to the Data Link Layer s LCC sublayer LCC sublayer takes care of flow of control and error checking and passes it to the MAC sublayer Framing is the name of the process when the data link layer applies its header and trailer to the data message The unit of data is called a frame Switches operation on OSI Layer 2

64 Layer 2: Data Link Layer The MAC sublayer determines if the data will be transmitted over a LAN or WAN, the network type and protocols and puts the last header and trailer on the packet before it is put on the wire and transmitted Each network type uses different protocols, NICs (network interface cards), cables, and transmission methods The MAC sublayer determines the format of the data frame for transmission over the particular type network the computer s NIC is attached to the following protocols: Ethernet (IEEE 802.3) Token Ring (IEEE 802.3) FDDI Fiber Distributed Data Interface Wireless Ethernet (IEEE ) Other protocols at this layer include: ARP Address Resolution Protocol RARP Reverse Address Resolution Protocol SLIP Serial Line Internet Protocol (SLIP) Each component has a different: Header data format structure Protocol for physical transmission across the network type (coaxial, twisted pair, fiber optic cable; or wireless) The computer s network card bridges the data link and physical layers, takes data passed down from the user s application through the 6 layers above and its network card driver encodes the bits at the data link layer

65 Layer 1: Physical Layer The NIC Produces and interprets electromagnetic signals Converts bits into signals or voltages suitable for transmission across the LAN or WAN technology it is connected Determines synchronization, data transfer rates, line noise and transmission techniques based on the physical connection to electrical, optical or mechanical equipment E.g. A 1 bit transmitted via Ethernet would be translated by the NIC to +0.5-volt electric signal, and 0 bit would be transmitted as 0-volts TIA Telecommunications Industry Association EIA Electronic Industry Alliance Standard interfaces at this layer include: RS/EIA/TIA-422, RS/EIA/TIA-423, RS/EIA/TIA-429, RS/EIA/TIA-449, RS/EIA/TIA Base-T, 10Base2, 10Base5, 100Base-TX, 100Base-FX, 100Base-T, 1000Base-T, 1000-Base-SX

66 Layer 1: Physical Layer Data/file requests and terminals Standard formats, encryption, compression Applications communicating data Computers communicating Routing packets formed Data frames ready for transfer Signal processing

67 Layer 7 Domain Name e.g. mycomputer.temple.edu Layer 6 Layer 5 Layer 4 Layer 3 IP Address e.g. xxx.xxx.xxx.xxx Layer 2 MAC (Media Access Control) Address Layer 1 Switch Note: Synonyms for host computer across the OSI Model

68 At what layer(s) of the OSI model did the Titan attack take place? Data/file requests and terminals Standard formats, encryption, compression Applications communicating data Computers communicating Routing packets formed Data frames ready for transfer Signal processing

69 Agenda Cryptography Open Systems Interconnection (OSI) Reference Model Case Study The Titan Incident Quiz

70 How did the attacker attack the Titan cluster?

71 Agenda Cryptography Open Systems Interconnection (OSI) Reference Model Case Study The Titan Incident Quiz