Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.

Secure communications

Week 10 – Lecture 2

To summarise yesterday

• Security is a system issue• Technology and security specialists are part of the

system• Users from inside the organisation are usually the

biggest risk – they have the motivation• As systems architect – you are responsible• The system has to be designed to protect itself –

user profiles, database views etc.

Are Networks a risk?

• Yes• Two main areas where an intruder can listen

passively• Within a collision zone on the LAN – a “sniffer”

can look at all datagrams passing the NIC not just datagrams addressed to it

• At a router – much more difficult

• Internet• More difficult to read – sniff

• Easier to write – spoof - pretend to be someone else

Firewalls

• Routers as packet filters

• Application level firewalls - proxy

InternalNetwork

Outside worldRouter

Application

Firewalls

But there may be other connections to the outside world

Routers as Firewalls

• A Router is usually the connection to the outside world

• Routers can check all packets• Source & destination addresses

• Protocol – eg TCP UDP

• Port number – application eg Telnet

• Little intelligence – work quickly• Use NAT to hide topology of the internal network

Application firewalls

• Mail servers & Internet proxy servers are examples

• Higher level of intelligence

• Can implement most security policies e.g. could limit WEB requests from Purchasing to between 8:00am and 6:00pm

• Has logging & auditing capabilities

• Slows throughput but as a caching device can also speed up WEB access

• Application specific

Secure communications

• Secrecy – only the two parties should understand the messages

• Authentication – each party should know the messages are from the right person

• Message integrity – the messages must not be able to be changed

Secrecy - encryption

• Encryption has been around for centuries• It used to be reliant on keeping the algorithm

secret• But computers make it easier to encrypt and to

break the code• Early computer development was made by code

breakers during WW2 – Enigma - Turing at Bletchley Park

Four elements to encryption

• The Original or plain text• An Encryption method – the algorithm is common

and normally well known – a transformation method

• The Key – many locks are the same but the key is different. The key must be secret to the parties.

• The Encrypted text

So keeping the key secret is the requirement

• Secret

• Secure

• So how do you share keys?

Attacks on algorithms

• Brute force is too difficult

• Plain text attacks is more useful if you know– The algorithm– The encrypted text and the– Plain text (remember Enigma)

Common security protocols

• IPsec for IP traffic across the Internet – VPNs• SSL – Secure Socket Layer – secures WWW

connections• PGP – Pretty Good Privacy and S/MIME secure

email• SET secures Internet financial transactions

These protocols may use different algorithms for encryption and Digital signatures

Protocols use 6 basic tools

• Symmetric encryption

• Public key encryption

• One way hash codes

• Message authentication schemes

• Digital signature schemes

• Random number generators

Two types of key

• Symmetric key – each party has the same key and thus must be kept secret

• Asymmetric or public keys – • the writer uses a public key to encrypt, but this

cannot decrypt, thus it can be public knowledge

• The reader has a private key to decrypt. This must be kept secret

Bob generates two keys- he gives the public key to any one who wants it - Bob keeps the private key

Alice et al

Alice sends Bob a messageEncrypted with HIS public key

No one can decrypt the Message with the public key

Bob however is the only Person to have the privateKey, and thus only he can Decrypt the message

Bob

DES – Data Encryption Standard

• Symmetric key• Developed by US National Bureau of Standards• Uses a 56 bit key (triple DES 112 bits)• In 2000 it took a network of computers 22 hours

to break the key• Good enough for most of us.

RSA Algorithm

• Asymmetric key method

• Recommends a key length of 768 bits or greater

• Asymmetric encryption takes 1000 more CPU time

• Usually used in combination with DES• Alice wants to talk to Bob

• Alice sends a DES key for the session to Bob, encrypted using his public RSA key

• Only Bob can decrypt the session key

• It is then used for the session

• Kurose page 571 for details on these methods

Using the hybrid approach is usual

• It is normal in all security protocols– PGP– S/MIME– Etc

• The protocol generates a session key using a random number generator

• This is encrypted using the receiver’s public key and sent to the other party

• The symmetric key is then used to encrypt the session

Authentication

• If Alice sends a message to Bob, how does he know it is Alice?

• Alice’s IP address – but can be spoofed

• Use a special password – but even if encrypted it can be used in playback mode

• Use of a random number or nonce

Authentication by Nonce

• Alice sends Hi to Bob

• Bob sends back a “nonce” in plain text

• Alice encrypts the nonce with their symmetric key

• Bob decrypts and compares it to the number he sent

Message integrity

• The digital world need some way of knowing that a message came from the specified person, has not been changed, and that the writer cannot repudiate the message

• One characteristic of the RSA method is that it also works in reverse. If Bob encrypts a message using his private key, then it can be decrypted by a person having the public key

• Thus one knows• It came from Bob

• It has not been changed

Message Digest

• Use of the RSA key might be overkill for large documents

• Can calculate a fingerprint (like a hash total) that will prove the message has not been changed

• This fingerprint is then encrypted with the author’s private key

• Holders of the author’s public key can then know that the message came from the author and has not been changed

Key Distribution Centres

• Trusted intermediary - Verisign

• Can be authorised to distribute shared private keys, or a person’s public key

VPN – Virtual Private Network

• Over a shared network infrastructure, usually the Internet

• Through an encrypted connection– Tunneling – set of predetermined router hops– Encryption of the packet contents– Packet and user authentication

• Most private WANs will soon be VPNs – 30 to 0% cheaper