Network Security and Public Key Infrastructure (PKI) Bill Chu.

Network Security and Public Key Infrastructure (PKI)

Bill Chu

Introduction to Security

Internet environment Information security addresses:

Confidentiality E.g. illegal access to secret information

Integrity E.g. illegal addition/deletion/modification of data E.g. perform illegal operations E.g. nonrepudiation

Availability E.g. Severely load the system so that the system cannot perform

normal functions Usability

Appropriate use of information

Requirements for Electronic Business Transactions Authentication of transacting partners

Am I dealing with the one who claim to be Once authenticated, business evaluations become

possible credit history (report), bank verifications

Data integrity any change to data are detected by receiver

Non-repudiation can not deny if one issued a transaction

Confidentiality keep transactions to only transacting partners

How can We Meet these Requirements?

Solutions: cryptography-based technologies Cryptography for

authentication private key of cryptography is the evident you are who you claim

to be you are the only one who has that key

data confidentiality data encrypted prevents eavesdrops by others

non-repudiation the data is encrypted with your key, you can not deny you did not

send it you are the only one who has that encryption key

it is typically called encryptedly signed (digital signature)

Message digest for data integrity

run a “checksum” over the data & encrypt it changing data will be detected by the encrypted “checksum”

others can not decrypt the checksum

Cryptography Concept: Secret writing

communicating in secret writing prevent others from reading your message

Process encrypt messages before send decrypt message after receive secret writing can not be read by others

Keys encryption and decryption is private knowledge it is computationally difficult to break encryption/decryption

Encryption Decryption“hello” ~!#@$% “hello”

cleartext ciphertext cleartext

Key-based Cryptography Encryption/Decryption with keys

computationally difficult without keys Two types

private key or symmetric key cryptography one key used for encryption and decryption key has to be kept secret between partners how to distribute the shared private key is a problem

public key or asymmetric key cryptography a pair of keys for encryption and decryption each partner has a pair of keys

it keeps one key private to itself & publishes another for others to use

Encryption Decryption“hello” ~!#@$% “hello”

cleartext ciphertext cleartext

key key

Using Cryptography

Encryption Decryption“hello” ~!#@$% “hello”

cleartext ciphertext cleartext

Private key Private key

Encryption Decryption

“I love you” ~!#@$% “I love you”

cleartext ciphertext cleartext

Alice’s private key Allice’s public key

AliceBob

Digital Signature, non-repudiation

Encryption Decryption~!#@$% “Meet me at 3”

cleartext ciphertext cleartext

Bob’s Public key Bob’s private key

Alice

Confidential message

“Meet me at 3”

Bob

Alice

Bob

Cryptographic hash function A hash function is a one-way function

(analogous to meat grinder). A cryptographic hash function typically hashes

objects of any size to a fixed length hash (e.g. 128 bits)

A cryptographic has function has to satisfy the following properties:

It is computationally infeasible to find the original object based on the hash result

It is computationally infeasible to find two documents that produce the same hash result

Digital Signature and its verification

Hash Encription

“I love you” ~!#@$% 67Y(*%

Allice’s private key

Send

MD5

I love you + 67(*% +

MD5 + RSA

Digital signature

Hash Decription

“I love you”

Allice’s public key

=?

MD5

67Y(*%

Verification of digital signature

Yes=verification success

The trust establishment problem In order to verify a signature of Alice we

must trust that we know that we have Alice’s public key.

Closed trust model: we verify the public keys ourselves, or we know everyone we are dealing with

Open trust model: we must deal with people we do not know

The Internet is definitely an open world, therefore a closed trust model will not work

Public key infrastructure Have a third trusted party to verify

the identity of public keys using signed statements (digital certificates) from the trusted party (certification authority)

Have an directory of valid digital certificates so that users can check (analogous to credit card validation)

Digital Certificate

A Public-key certificate binds an entity’s (e.g. amazon.com) public key and one or more attributes relating to its identity.

Trusted authority Binding process, verification by the trusted authoraty Digital document (digital certificate) as proof

Helps key distribution as digital certificates can be transmitted without encryption

Fields in a digital certificate:

version (1,2,or 3)serial number: unique within a CAsignature algorithm idissuer: CAvalidity period

subject name: unique for a CA, however, multiple certificates may be issued to the same entity by a CAsubject public keyOptional fieldsSignature of the above.

PKI Basic Components

PKI public key certificate or simply certificate an electronic record that binds a public key to an identity of

the owner of a public-private key pair, signed by a trusted entity (CA)

Certificate Revocation List (CRL) a list of certificates that have been revoked

Certification Authority (CA) a trusted entity that issues and revokes public key

certificates Registration Authority (RA)

an entity trusted by CA to register user identity & associated public key to CA

Certificate Repository electronic site that holds certificates & CRLs

Relying Party (Certificate user) an entity that uses certificates to know, with certainty, the

public key of another entity

PKI policy and practice Certificate policy statements

The CA specifies what a give certificate can be used for (e.g. email, secure server)

Driver’s License analogy: this license authorizes the holder to operate 4-wheeled vehicles of up to certain size and weight.

Certification practice statements Describes the detailed processes/mechanisms used by registration

authorities. Driver’s License analogy: types of id accepted, questions for the

written test, criterion and mechanism for eye sight test, criterion for road test

Cross certification Accepting certificates issued by different CA’s Driver’s License analogy: most state will accept driver’s licenses

issued by other states, but additional tests may be necessary, details vary in different states.

Secure Socket Layer (SSL)1. The client (e.g.SSL inside a browser) chooses a protocol

Key exchange algorithm Private key cryptography algorithm Message integrity algorithm

2. Server (e.g. SSL inside a web server) informs the client that it supports the propose protocol

3. Server asserts its identity by sending a digital certificate4. The client verifies the digital certificate by using public keys of CA’s the

client trusts5. The client then generates a session key and encrypt it with the server’s

public key and sends the ciphertext to the server6. Server decrypts the session key and complete the handshake by sending

a message back to the client using the session key for encryption.7. The client decrypts the messages and is then certain that a secure

channel has been established.8. All data transacted in this session (both directions) are encrypted using

the session key

Virtual Private Network SSL/HTTPs provides encrypted

communication for web traffic VPN provides an encrypted

communication pipe for all network traffic

Intrusion Techniques:

Discovery Scanning Target acquisition: map host names, ip addresses Host discovery

Port scanning Banner retrieval: types of machines, version information. Vulnerability Scanning: discover known bugs and attacks Exploits

NT: obtain user/admin access, NT resource Kit, cover tracks UNIX: obtain root access, root kit, cover tracks Install sniffers, keyboard loggers, acquire access to other parts of

the network Spoofing Change data, delete files, steal secrets

Dialin and backdoor Social engineering

Summary of Intrusion Techniques Brute force Patience Mis-configurations Out-of-date software versions

Firewalls Characteristics

All traffic goes through firewalls Only authorized traffic can go through The firewall itself is immune to penetration

Service control, e.g. no ftp direction control user control behavior control (e.g. filter emails, and web addresses) Types of firewalls

packet filtering router application level gateway circuit level gateway (prevents end to end TCP connection), e.g.

SOCKS

Packet filtering router firewall

Client Server

Send to port 80 At www.any.com

www.any.com web server

OK

Send to port 670 Send to port 890

Internet Private network

Circuit gateway firewall

Client Server

Internet Private network

Sockslib

Relay

•Relay will examine all packets and filter out illegal packets

•For example, a company’s policy may want to filter out all java applets through the firewall.

Sockslib

Application gateway firewall

Client Server

Internet Private network

App.gateway

• Application gateway is a proxy server

• For every application made available through the firewall, there must be a proxy on the application gateway

• The application gateway forwards requests to the server, it can also do customized filtering of messages

Deterring pranks Install appropriate defensive tools (some of)

use files virus scans, detect port scans Intrusion Detection Systems (IDS)

Install decoys and deception tools (all.net)

More serious threats Customized virus will evade popular virus scan programs

Virus immunology techniques may help, but there is no guarantee! Customized trojans IDS and popular tools are generally ineffective Attack techniques:

Be noisy Be quiet Be clever

Denial of service

Noisy sync flooding Typical denial of service starts with

a hacked account (e.g. AOL surveys!)

Synchronized attacks uses multiple staging points, very difficult to detect and deal with.

Best defenses Educate users about password and common sense security

precautions Don’t execute active MIME contents

Christmas cards etc. Security is a system engineering problem

the system is only as secure as its weakest link Clear risk assessment Turn off unwanted services, simplify, simplify and simplify Don’t blindly use defaults! Upgrade software Don’t make information easily available Use biometrics when appropriate User education and more user education

Resources

Www.securityfocus.com www.hackernews.com