@Yuan Xue Case Study (Mid-term question) Bob sells BatLab Software License Alice buys BatLab Credit card information Number of licenses Alice Bob

@Yuan Xue Security Requirements Alice wants Authentication of Bob Confidentiality and integrity of the order information Prevention of order replay Bob wants Non-repudiation of the order Confidentiality and integrity of the licenses Integrity of the software Other Issues DoS (message lost) Attacks to the host Alice Bob

@Yuan Xue Security Mechanisms What do we need/how we get them? Authentication (of Bob)/Key distribution  Certificate  Public key  Public key  Secret session key Confidentiality (order/license)  Symmetric cipher encryption based on secret key  E.g. AES Message Integrity Protection (software)  Message authentication code based on secret key  E.g. HMAC-SHA1 Non-repudiation (order)  Digital signature Defense against replay attack  Usage of Timestamp

@Yuan Xue Questions Where these security functions should be implemented? Who should implement them? Application developer? (BatLab.com) Application service developer? (Apache/Mazilla) System developer? (Microsoft) Network service provider? (Sprint) Etc.. If it is not a single person’s job, what security protocols/services are available? How they are designed?

@Yuan Xue Network Design Network Stack/Layer Link Network (IP) Network (IP) Transport (TCP) Application (HTTP) Link Network (IP) Transport (TCP) Application (HTTP) Link Network (IP) Link … Internet network End host

@Yuan Xue Placement of Security Function What to encrypt/protect Message format Where the security function should be located? Network stack Link vs. End-to-end Where each layer is located and how it may get attacked Aspects to consider Message security (which fields in the packet are protected) Number of keys required Number of encryption/decryptions Transparency to users/end hosts

@Yuan Xue Link vs. End-to-End Encryption

@Yuan Xue Big Picture Application-specific solutions Web security End-host-based solutions Secure network-based applications  PGP, application layer solution  SSL, transportation layer solution Network-based solutions Secure network + support for application  IPsec  Internet Security  Wireless Security IEEE security Link Network Transport Application SSL Connection-oriented vs. connectionless IPSec WPA PGP BGP Web security

@Yuan Xue Our Goal Learn these important security protocols so that we can use them Learn how they are designed and use similar design in our system Many pitfalls exist in secure networking system design Home-brew security solutions usually have many weaknesses The correct usage of cryptography is crucial Following conventions is very important

@Yuan Xue CS 285 Network Security PGP Fall 2012 Yuan Xue

@Yuan Xue Pretty Good Privacy Overview Phil Zimmermann in 1991 Phil Zimmermann Open PGP  Open Standard followed by PGP, GnuPG PGP vs. GnuPG  PGP goes commercial in 1996  GnuPG is a free replacement for PGP Basics Build a general-purpose security application that is independent of OS Select the existing cryptographic algorithms as building blocks Operations Encryption Signature Key management More info:

@Yuan Xue Overview Key Generation public and privacy key pair/session keys Key Storage Key Distribution Import/export Fingerprint Web of Trust Security Operations Encryption Message Authentication Signature and Verification Start with

@Yuan Xue Operation -- Authentication ZIP SHA-1 DSS/RSA

@Yuan Xue Operation -- Encryption CAST-128/IDEA/3DES in CFB mode one-time session key ElGamal/RSA

@Yuan Xue Operation – Put two together

@Yuan Xue Details Compression Signature before compression  Convenience of future verification  Flexibility in compression algorithm/implementation choice Message encryption after compression  Less redundancy in plaintext strengthen cryptographic security Capability Usage of ASCII in Converting 8-bit binary code to ASCII characters Radix-64 conversion  3 octets of binary code (3*8 = 24 bits)  4 ASCII characters (4*8 = 32 bits) why?  33% expansion  compression offset

@Yuan Xue Keys Types Public and private key pair One-time session symmetric key Issues Key generation Key storage Key management (distribution)

@Yuan Xue Key Identifier A user may have multiple keys Need an ID Unique to user ID with very high probability Key ID of KU a = KU a mod 2 64

@Yuan Xue Key Generation Session Key Generation Generating unpredictable session keys E.g., 128-bit CAST key Two 64-bit blocks encrypted by a 128-bit key in CFB mode  two 64-bit ciphertext as the 128-bit session key Two 64-bit blocks from a 128-bit random stream based on keystroke input from the user Previous session key and the random stream forms the 128-bit key input 64-bit block CAST-128 in CFB mode 64-bit block User input Previous Session key + Key input New session key

@Yuan Xue PGP Message Format Plaintext copy of the first two octets. -Enable the recipient to determine if the correct public key was used to decrypt the message digest -Error detection for the message Time the signature is made Time the message is made keys are needed for the recipient to identify the keys to -decrypt the key (KU b ) -Verify the signature(KU a )

@Yuan Xue Key Storage Pubic and Private Key Ring Secure the private key with passphrase Passphrase  hash code via SHA-1 Encrypt the private key via CAST-128/IDEA/3DES with the hash code as the key Store the encrypted private key

@Yuan Xue Put Things Together

@Yuan Xue Key management Direct Verification Physical delivery Fingerprint Trusted Third Party Signed certificate of a key Web of Trust A self-organized trust management mechanism Revoke Public Key Key revocation certificate

@Yuan Xue Web of Trust 1.Directly signed by you A,B,…,F (first tier) 2.By the ones you trust to sign (D, E, F, L) L,M,N, O (2nd tier), P, Q (3 rd tier) 3.By getting enough signatures from partially trusted parties (A,B) H