Security and Encryption

Transcription

1 Security and Encryption Jane Hsu Copyright (C) 2004 Jane Hsu 1 The Internet Is An Insecure Place Many protocols do not provide any security. Viruses, worms, Trojan horses etc. Client/server applications often require transmission of user identity/passwords. Crackers may sniff passwords and other sensitive information off the network. Need to restrict control access privileges Crackers also actively exploit many system vulnerability or security holes to inflict damages or to gain access to valuable information. No system is totally immune to security problems. Copyright (C) 2004 Jane Hsu 2

2 Copyright (C) 2004 Jane Hsu 3 Solution? There is nothing more secure then a computer which is not connected to the network and powered off! But These restrictions are simply unrealistic and unacceptable. Copyright (C) 2004 Jane Hsu 4

3 Firewalls Problems Firewalls assume that the bad guys are on the outside a bad assumption! Firewalls restrict how your users can use the Internet. Copyright (C) 2004 Jane Hsu 5 Web Security Content security Digital rights management (DRM) Encryption Digital watermark Network security Encryption Symmetric encryption: DES Asymmetric encryption: RSA IP security Digital signature/envelope Digital Certificates and certification authorities Copyright (C) 2004 Jane Hsu 6

4 German Enigma Cipher Machine In 1918, Arthur Scherbius filed for a patent for Enigma Cipher Machine and offered it to the German Navy. In 1926, German navy begins using Enigma Machine, lightly modified from a commercial model. In 1930, German armed forces introduced a significantly modified military model. In1932, Marian Rejewski, a 27-year-old Cryptanalyst (Cipher Bureau of the Polish Intelligence Service in Warsaw, Poland) mathematically determined the wiring of the Enigma's first rotor. Since 1933 Poland was able to read thousands of German messages encrypted by the Enigma Machine. The National Security Agency Museum in Fort George Meade, Maryland has a real WW2 Enigma Cipher Machine on display. Copyright (C) 2004 Jane Hsu 7 Enigma Mechanics Three rotors (chosen from 5), scrambled letters Each new letter, first rotor advances Other rotors advance when ring is hit Reflector Plugboard Copyright (C) 2004 Jane Hsu 8

5 Simple Cryptography Ciphertext τηε ροµανσ αρε χοµινγ τοδαψ Plaintext Key The following slides are adapted from presentations by Lincoln Stein, MIT & KL Lin, NTU Copyright (C) 2004 Jane Hsu 9 Two basic principles Substitution THIS IS A SECRET (key n=3) WKLV LV D VHFUHW Transposition THIS IS A SECRET (key 4213) IHSTSI S EAERTC Copyright (C) 2004 Jane Hsu 10

6 Caesar Cipher ABCDEFGHIJKLMNOPQRSTUVWXYZ rotate 13 positions NOPQRSTUVWXYZABCDEFGHIJKLM THE GOTHS COMETH 13 FUR TAFUE PAYRFU Plaintext Key Ciphertext Copyright (C) 2004 Jane Hsu 11 Rotating Key Cipher ABCDEFGHIJKLMNOPQRSTUVWXYZ BCDEFGHIJKLMNOPQRSTUVWXYZA CDEFGHIJKLMNOPQRSTUVWXYZAB DEFGHIJKLMNOPQRSTUVWXYZABC EFGHIJKLMNOPQRSTUVWXYZABCD FGHIJKLMNOPQRSTUVWXYZABCDE GHIJKLMNOPQRSTUVWXYZABCDEF HIJKLMNOPQRSTUVWXYZABCD... SOUND THE RETREAT DEADFED VSUPC XKG UEWWEX plaintext key ciphertext Copyright (C) 2004 Jane Hsu 12

7 Goals of Cipher: Diffusion and Confusion Claude Shannon [1945] Diffussion: Small change in plaintext, changes lots of ciphertext Statistical properties of plaintext hidden in ciphertext Confusion: Statistical relationship between key and ciphertext as complex as possible So, need to design functions that produce output that is diffuse and confused Copyright (C) 2004 Jane Hsu 13 General Principles Longer keys make better ciphers Random keys make better ciphers Good ciphers produce random ciphertext Best keys are used once and thrown away Copyright (C) 2004 Jane Hsu 14

8 Symmetric (Private Key) Cryptography Examples: DES (Data Encryption Standard) 56-bit key IDEA (International Data Encryption Algorithm) 128-bit key AES (Advanced Encryption Standard) RC4, RC5, Skipjack Advantages: fast, ciphertext secure Disadvantages: must distribute key in advance, key must not be divulged Copyright (C) 2004 Jane Hsu 15 DES: Data Encryption Standard DES is the most popular symmetric key encryption method. It is based on research by IBM. Standardized by the USA government in Complex series of bit substitutions, permutations and re-combinations Basic DES: 56-bit keys Crackable in hours using specialized hardware Triple DES: effective 112-bit key Three stages of encryption with two keys Uncrackable by known techniques Copyright (C) 2004 Jane Hsu 16

9 Brute Force Attacks RSA DES challenges: 1997: 96 days (using 70,000 machines) Feb 1998: 41 days (distributed.net) July 1998: 56 hours (custom hardware) January 1999: 22 hours (EFF + distributed.net) 245 Billion keys per second NSA can probably crack DES routinely (but they won t admit it) Copyright (C) 2004 Jane Hsu 17 Asymmetric (Public Key) Cryptography Examples: RSA, Diffie-Hellman, ElGamal Advantages: public key widely distributable, does digital signatures Disadvantages: slow, key distribution Copyright (C) 2004 Jane Hsu 18

10 RSA RSA (Rivest, Shamir Adleman) is a popular asymmetric key encryption standard. It is based on number theory (more specifically the difficulty in factorizing a large number). The key size ranges between 512 and 2048 bits. It is used in many e-commerce applications such as the Secure Electronic Transaction (SET) protocol for credit card payment. Copyright (C) 2004 Jane Hsu 19 RSA Encryption Copyright (C) 2004 Jane Hsu 20

11 RSA Example Copyright (C) 2004 Jane Hsu 21 Public Key Encryption: The Frills Frills Fast encryption/decryption Authentication of sender Verification of message integrity Safe distribution of public keys Technique Digital envelopes Digital signature Message digests Certifying authorities Copyright (C) 2004 Jane Hsu 22

12 Digital Envelopes Copyright (C) 2004 Jane Hsu 23 Hybrid encryption RSA encryption is slower than DES encryption. It is more effective to combine them. How? Suppose that A wants to send messages to B. B generates a random session (DES) key. This session key is encrypted with A s public key. The encrypted session key is sent to A. A can obtain the session key by means of decryption with his/her private key. The session key can then be used for encrypting subsequent messages (using DES encryption). Copyright (C) 2004 Jane Hsu 24

13 Message digest In some cases, we may only concern with data integrity. As it is slow to perform encryption, it may not be necessary to encrypt all messages. A message digest algorithm can generate an almost unique message digest (looks like a fingerprint ) for a message. A popular message digest algorithm is MD5. Message 1 Message digest 1 : Message : Digest : : Algorithm Message N (different size) Message digest N (same size) Copyright (C) 2004 Jane Hsu 25 Message Digests Copyright (C) 2004 Jane Hsu 26

14 Message authentication code (MAC) Basic idea (using symmetric key encryption): Suppose that the sender and receiver share a large random number (i.e. a secret). The secret is attached to the message for finding the message digest. The message (without the secret) together with the message digest is sent. Copyright (C) 2004 Jane Hsu 27 Digital Signature Copyright (C) 2004 Jane Hsu 28

15 Steps in digital signature generation Step 1 : Compute the message digest of the file File Message Digest Step 2 : Encrypt the message digest with sender s private key Digital Signature Step 3 : Send the file and digital signature (signed file) File + Digital Signature (signed file) Copyright (C) 2004 Jane Hsu 29 Steps in digital signature verification Sender Signed file File Step 1a : Find the message digest of the file Digital Signature Step 1b : Decrypt the digital signature with sender s public key Receiver Message Digest Step 2 : Compare the two message digests Message Digest Same Accept Different Reject Copyright (C) 2004 Jane Hsu 30

16 Format of Digital Certificate X.509 Digital Certificate Version Serial number Signature algorithm identifier Issuer Validity period Subject Subject public key information Issuer unique identifier Subject unique identifier Extension fields Digital signature Copyright (C) 2004 Jane Hsu 31 Revocation of certificates Each certificate is assigned a validity period like a credit card. However, a certificate may still be revoked before the expiry date (e.g., the user is no longer certified by the CA). Each CA uses a certificate revocation list (CRL) to provide information on the revoked certificates. The CRL is usually kept in a public directory. A user should check if a certificate has been revoked from the public directory. Copyright (C) 2004 Jane Hsu 32

17 Certifying Authorities Copyright (C) 2004 Jane Hsu 33 Hierarchy of Trust Copyright (C) 2004 Jane Hsu 34

18 Public Key Cryptography on the Web Secure Socket Layer (SSL) Netscape Communications Corporation Secure HTTP (SHTTP) Commerce Net SET (Secure Electronic Transaction) Copyright (C) 2004 Jane Hsu 35 Secure Sockets Layer ClientHello Supported options ServerHello Options to be used ServerCertificate (ServerKeyExchange) ServerHelloDone ClientKeyExchange Finished (sent by client) Application (HTTP) SSL TCP IP Copyright (C) 2004 Jane Hsu 36

19 SSL and SHTTP, similarities RSA public key cryptography MD5 message digests Variety of private key systems Strong cryptography for use in U.S. Weakened cryptography for export. Copyright (C) 2004 Jane Hsu 37 SSL and SHTTP, differences HTTP FTP TELNET SHTTP Application SSL Transport Internet Network interface NNTP Physical Layer Copyright (C) 2004 Jane Hsu 38

20 SSL Failures Two well-publicized incidents in bit secret key used in export versions vulnerable to brute force attack Single encrypted message vulnerable to cracking in a few weeks on a network of workstations Specialized hardware (probably) can crack in a matter of hours Implementation problem Navigator 2.0 used predictable random number generator to generate secret keys Messages crackable in a few minutes on conventional workstation Copyright (C) 2004 Jane Hsu 39 Web Encryption Isn t Panacea Protect data at browser side & server side Server certificates vouch safe name of server but not honesty of merchant! Protect integrity of browser & server software Copyright (C) 2004 Jane Hsu 40

21 Kerberos KERBEROS was the fierce watchdog of Hades. It was depicted as a three-headed dog with a serpent's tail, a mane of snakes, and a lion's claws. To provide strong authentication for client/server applications by using secret key cryptography. A client can prove its identity to a server (and vice versa) across an insecure network connection. Client/server can also encrypt all of their communications to assure privacy and data integrity as they go about their business. Free implementation available from MIT Copyright (C) 2004 Jane Hsu 41 Reference URLs Separate Layer Protocol Over TCP: SSL Over IP: IPSec Application-Specific Protocol S-HTTP Verisign RSA Data Security Copyright (C) 2004 Jane Hsu 42