Secure communications Week 10 – Lecture 2
To summarise yesterday Security is a system issue Technology and security specialists are part of the system Users from inside the organisation are usually the biggest risk – they have the motivation As systems architect – you are responsible The system has to be designed to protect itself – user profiles, database views etc.
Are Networks a risk? Yes Two main areas where an intruder can listen passively Within a collision zone on the LAN – a “sniffer” can look at all datagrams passing the NIC not just datagrams addressed to it At a router – much more difficult Internet More difficult to read – sniff Easier to write – spoof - pretend to be someone else
Firewalls Routers as packet filters Application level firewalls - proxy Internal Network Outside world Router Application Firewalls But there may be other connections to the outside world
Routers as Firewalls A Router is usually the connection to the outside world Routers can check all packets Source & destination addresses Protocol – eg TCP UDP Port number – application eg Telnet Little intelligence – work quickly Use NAT to hide topology of the internal network
Application firewalls Mail servers & Internet proxy servers are examples Higher level of intelligence Can implement most security policies e.g. could limit WEB requests from Purchasing to between 8:00am and 6:00pm Has logging & auditing capabilities Slows throughput but as a caching device can also speed up WEB access Application specific
Secure communications Secrecy – only the two parties should understand the messages Authentication – each party should know the messages are from the right person Message integrity – the messages must not be able to be changed
Secrecy - encryption Encryption has been around for centuries It used to be reliant on keeping the algorithm secret But computers make it easier to encrypt and to break the code Early computer development was made by code breakers during WW2 – Enigma - Turing at Bletchley Park
Four elements to encryption The Original or plain text An Encryption method – the algorithm is common and normally well known – a transformation method The Key – many locks are the same but the key is different. The key must be secret to the parties. The Encrypted text
So keeping the key secret is the requirement Secret Secure So how do you share keys?
Attacks on algorithms Brute force is too difficult Plain text attacks is more useful if you know –The algorithm –The encrypted text and the –Plain text (remember Enigma)
Common security protocols IPsec for IP traffic across the Internet – VPNs SSL – Secure Socket Layer – secures WWW connections PGP – Pretty Good Privacy and S/MIME secure SET secures Internet financial transactions These protocols may use different algorithms for encryption and Digital signatures
Protocols use 6 basic tools Symmetric encryption Public key encryption One way hash codes Message authentication schemes Digital signature schemes Random number generators
Two types of key Symmetric key – each party has the same key and thus must be kept secret Asymmetric or public keys – the writer uses a public key to encrypt, but this cannot decrypt, thus it can be public knowledge The reader has a private key to decrypt. This must be kept secret
Bob generates two keys - he gives the public key to any one who wants it - Bob keeps the private key Alice et al Alice sends Bob a message Encrypted with HIS public key No one can decrypt the Message with the public key Bob however is the only Person to have the private Key, and thus only he can Decrypt the message Bob
DES – Data Encryption Standard Symmetric key Developed by US National Bureau of Standards Uses a 56 bit key (triple DES 112 bits) In 2000 it took a network of computers 22 hours to break the key Good enough for most of us.
RSA Algorithm Asymmetric key method Recommends a key length of 768 bits or greater Asymmetric encryption takes 1000 more CPU time Usually used in combination with DES Alice wants to talk to Bob Alice sends a DES key for the session to Bob, encrypted using his public RSA key Only Bob can decrypt the session key It is then used for the session Kurose page 571 for details on these methods
Using the hybrid approach is usual It is normal in all security protocols –PGP –S/MIME –Etc The protocol generates a session key using a random number generator This is encrypted using the receiver’s public key and sent to the other party The symmetric key is then used to encrypt the session
Authentication If Alice sends a message to Bob, how does he know it is Alice? Alice’s IP address – but can be spoofed Use a special password – but even if encrypted it can be used in playback mode Use of a random number or nonce
Authentication by Nonce Alice sends Hi to Bob Bob sends back a “nonce” in plain text Alice encrypts the nonce with their symmetric key Bob decrypts and compares it to the number he sent
Message integrity The digital world need some way of knowing that a message came from the specified person, has not been changed, and that the writer cannot repudiate the message One characteristic of the RSA method is that it also works in reverse. If Bob encrypts a message using his private key, then it can be decrypted by a person having the public key Thus one knows It came from Bob It has not been changed
Message Digest Use of the RSA key might be overkill for large documents Can calculate a fingerprint (like a hash total) that will prove the message has not been changed This fingerprint is then encrypted with the author’s private key Holders of the author’s public key can then know that the message came from the author and has not been changed
Key Distribution Centres Trusted intermediary - Verisign Can be authorised to distribute shared private keys, or a person’s public key
VPN – Virtual Private Network Over a shared network infrastructure, usually the Internet Through an encrypted connection –Tunneling – set of predetermined router hops –Encryption of the packet contents –Packet and user authentication Most private WANs will soon be VPNs – 30 to 0% cheaper