Computer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University

Transcription

1 Computer Networks Network Security and Ethics Week 14 College of Information Science and Engineering Ritsumeikan University

2 Security Intro for Admins l Network administrators can break security into two parts: internal and external security l Internal security is acting to prevent and handle internal threats, that is threats from authorized users l External security is acting to prevent and handle threats from non-users

3 Internal Security Threats l Users may access data or services not intended for them and may take it out of protected areas or give it to unauthorized people, other users data or system or corporate data l Users may use services or systems for criminal or unauthorized activity l Users may impersonate other users l Users may compromise security by accident, such as by worm or virus

4 Internal Security Tasks l Managing user accounts l Managing access permissions by groups or by account type user, system (for access to specific functions), or root account (superuser) l Password policy management l File and directory permissions l Educating and handling user support for security understanding and compliance

5 External Security Threats l Front-door threats may occur when a non-user gains access to a password or cracks an access system (for example by brute force or by guessing) l Back-door threats occur from unpatched bugs in software and from intentional back doors in malicious software l Denial-of-service (DoS) attacks are typically used to eat up CPU time and network processes, thus making services unavailable

6 External Security Tasks l Examining access logs for suspicious access attempts or successes l Scanning incoming data from network or from other IO devices for known malicious software l Manage access from external sources and limit them to those that absolutely require outside access l Limit internal access to servers providing external services

7 Information Security Issues l Confidentiality sending data without letting others know any contents l Authentication establishing identity l Integrity and non-repudiation to be able to show that a message had a certain sender l Availability and Access keeping services available and accessible to the appropriate users 7

8 Confidentiality l Based on encryption and decryption l Secret algorithms or secret methods of transmission are not reliably secure l Instead, modern encryption depends on open (public) algorithms and secret (private) keys l Number theory offers a way to use both public keys and private keys together to allow open but confidential communication l Encryption and one-way functions are also the basis for other security issues, such as authentication, integrity, and non-repudiation 8

9 Basic Tools of Security l Modern security uses known algorithms l Extremely large pseudorandom numbers and prime numbers make finding passwords and keys by chance or by brute force very unlikely l Cryptographic hashing protects passwords and authenticates documents l Symmetric cryptography, such as block cryptography, is fast and strong l Asymmetric cryptography is slower but allows key exchange, public document signing, and authentication protocols 9

10 Symmetric Key Cryptography l Key is called symmetric-, secret-, private-, shared-, or single-key cryptography l The same key is used to encrypt and decrypt l A key in cryptography is generally a very large integer or set of integers and is used in a known (public) algorithm to encrypt and/or decrypt a message E BE 1E A2 5B 3A 66 D3 2C 39 6D 3A DB 6F A pseudo-randomly generated 128-bit key 10

11 Symmetric Key Cryptography Plaintext private key A Encrypted data private key A Plaintext Encryption algorithm Decryption algorithm l Sharing a key means more trust is needed and a system of key distribution is needed l Exchanging information with unknown agents would require a new key each time 11

12 Public-key Cryptography l In this method, a different key is used to encrypt and decrypt l The key for encryption can, therefore, be shared publically, even with untrusted agents l The numbers used are extremely large l The algorithms used are very well-known mathematically and thought to be secure, although this hasn t been shown conclusively l Brute force breaking even of 128 bit keys, for certain algorithms, is thought to be many decades away, if ever 12

13 Public Key Cryptography Plaintext public key A Encrypted data private key B Plaintext Encryption algorithm Decryption algorithm l The receiving agent shares the key with anyone who wants to transmit l The transmitting agent uses the public algorithm and public key to encrypt l Except by brute force, there is no known algorithm for using the public key to decrypt 13

14 Why Public Keys Work public key A (n, e) private (n, d) key B l The basic math is from over 200 years ago l Two prime numbers p and q are multiplied together to form p * q = n l Two other integers, d and e, are found such that d * e = 1, mod (p - 1) * ( q - 1) l Now we have M e d = M and M d e = M (all mod n) l The public key (n, e) is used to encrypt a plaintext char M to C by C = M e (mod n) l The private key (n, d) is used to decrypt C to plaintext char M by M = C d (mod n) 14

15 Is a Public Key Secure? l The algorithm relies on the fact that, other than brute force, there is no known way to find the two primes p and q from p * q l The number of possible prime numbers for most keys would take the fastest computers, even working in parallel, billions of years to find the factors l However, no one has proven mathematically that there is no possible way to factor p * q l If the implementation or handling of keys is poor, no system is secure 15

16 Known Plaintext Attack l One way the public-key system can be attacked is by taking some plaintext that might occur in the text and running it through the public key algorithm l This method will not find the private key but can find bits of plaintext that have been encrypted l For this and other reasons, encryption is usually combined with other security methods, plus compression to make such attacks more difficult 16

17 Public Keys for Other Purposes l Public key algorithms can be used for authentication and non-repudiation as well l These systems require more complex protocols involving trusted agents and careful exchange of signatures which include encrypted checksum results l All of these depend on one-way functions, which, like factoring, are easy to compute one-way but considered difficult (or even impossible) to reverse 17

18 Ethical Issues Tensions between government and governed: l Privacy the right to keep personal information and activities secret or closed l Openness the right to knowledge and unrestricted access to information l Intellectual Property the right to exercise control over original concepts and content l Neutrality and control networks should treat all communication the same, regardless of content l Literacy enabling access through education in computer science and networking Those who sacrifice liberty for security deserve neither [and will lose both] Benjamin Franklin 18