Πρακτικές Ασφαλούς Προγραμματισμού
Download
Report
Transcript Πρακτικές Ασφαλούς Προγραμματισμού
A crash course in cryptography and
network security
Patroklos Argyroudis
CITY Liberal Studies
May 2002
Patroklos Argyroudis
1
Presentation topics
•
•
•
•
•
•
•
•
•
•
•
•
Introductions
Objectives of cryptography
Hash functions
Symmetric encryption
Asymmetric encryption
Hybrid cryptosystems
Digital signatures
Digital certificates
Network security
Network layer security: IPsec
Transport layer security: SSL/TLS
Conclusion
May 2002
Patroklos Argyroudis
2
Introductions
• The scope of this presentation is to provide an overview of
cryptography and its application in the field of network security
• This presentation does not provide enough details in order to
implement any of the described algorithms or protocols
• The following people will assist me in presenting the topics:
- Alice: One participant of the communication (initiator)
- Bob: The other participant of the communication
- Eve: The passive eavesdropper
- Mallory: The malicious active attacker
• In all cases:
- Alice tries to talk to Bob
- Eve tries to intercept the transmitted information
- Mallory tries to disrupt the entire communication
May 2002
Patroklos Argyroudis
3
Objectives of cryptography
• The objectives of cryptography include all or some of the
following (depending on the situation):
- Confidentiality: Ensures that only an authorised person can
access the protected data of a message
- Authentication: Ensures that a person is who he claims to be,
also Mallory should not be able to masquerade as someone else
- Integrity: Ensures that transmitted messages are not
manipulated during transmission
- Non-repudiation: Ensures that a person cannot falsely deny
later that he send a message
• It is obvious that the objectives of cryptography are vital
requirements not only for computer communication, but also for
face-to-face real life interactions
May 2002
Patroklos Argyroudis
4
Hash functions
• A hash function typically takes a variable length message, and
returns a fixed length string
• Example:
M = “Hello I am Bob and my password is hello_world”
H(M) = 5hjf6H7Uf7HEfR53H5fY
• Typically hash algorithms output 160 bits, and the probability of
two messages to have the same hash is negligible
• Computing the hash given M is easy, but deducing M given its
hash is nearly impossible
• Therefore it is almost impossible to find two messages that have
the same hash
May 2002
Patroklos Argyroudis
5
Applications of hash functions
• Integrity:
- Alice sends message M to Bob
- Bob wants to verify that the message was not corrupted
during transmission
- Alice computes the message’s hash H1 = H(M) and sends both
M and H1 to Bob
- Bob computes a hash H2 of M, if H1 = H2 the message was
not tampered
• A possible attack: Mallory intercepts M, modifies it to M2,
generates H3 = H(M2), and sends M2 and H3 to Bob, forging it
as coming from Alice
• Other applications: authentication (Unix passwd), compression
May 2002
Patroklos Argyroudis
6
Symmetric encryption
• Symmetric encryption is also referred to as secret-key
encryption since there is one key for both encrypting and
decrypting:
• Mathematically: E(M) = C and D(C) = M and D(E(M)) = C
• Security resides on how well the key is protected, and not in
keeping the algorithm secret
• In fact the most secure algorithms are the public ones
• Security is usually a function of length of the key (in bits)
May 2002
Patroklos Argyroudis
7
More on symmetric encryption
• Symmetric encryption algorithms: Digital Encryption Standard
(DES), Blowfish, Rijndael (winner of AES)
• Confidentiality and authentication:
- Alice encrypts a message using her key and sends it to Bob
- Bob uses Alice’s key to decrypt the message
- Bob is assured that whomever send the message knew Alice’s
key
- But Alice can claim that she did not send the message since
Bob shared it with others (repudiation)
• More problems of symmetric encryption:
- Need of a different key for every private conversion
- How can Alice transmit a key to Bob without Eve intercepting
it?
May 2002
Patroklos Argyroudis
8
Asymmetric encryption
• Asymmetric encryption is also called public-key cryptography
• One has two keys: a private key and a public key
• One can encrypt messages with the public key, and decrypt
them with the private key:
• Example of confidentiality using public-key cryptography:
- Bob sends to Alice his public key
- Alice encrypts a message with Bob’s public key and sends it to
him
- Bob decrypts the message using his private key
May 2002
Patroklos Argyroudis
9
More on asymmetric encryption
• Although asymmetric encryption allows secure communication
between strangers, it suffers from man-in-the-middle attacks:
- Bob sends to Alice his public key
- Mallory intercepts this key and sends to Alice his own public key
- When Alice sends a message to Bob, encrypted in “Bob’s” public
key, Mallory intercepts it, and since it is really encrypted with his
own public key, decrypts it with his private key and reads it
• Of course the above attack works in both sides of the
communication of Alice and Bob
• This man-in-the-middle attack works because Alice and Bob have
no way to verify that they are talking to each other
• In theory any protocol that does not involve some kind of a secret
is vulnerable to man-in-the-middle attacks
May 2002
Patroklos Argyroudis
10
Hybrid cryptosystems
• Public-key encryption is slow, symmetric encryption is at least
1000 times faster than public-key encryption
• In the real world, public-key encryption is not a substitute for
symmetric encryption
• Public-key encryption is not used to encrypt messages, is used
to encrypt keys of symmetric encryption
• A hybrid cryptosystem:
- Bob sends Alice his public key
- Alice generates a session key, encrypts it using Bob’s public
key, and sends it to Bob
- Bob decrypts Alice’s message using his private key to get the
session key
- Both encrypt their messages using the same session key and
symmetric encryption
May 2002
Patroklos Argyroudis
11
Digital signatures
• A digital signature is a way to prove that you are really the
person that sent a message:
- Alice signs a message with her private key and sends it to Bob
- Bob checks the signature of Alice with her public key
- Bob is sure that the sender had Alice’s private key
• Digital signatures offer:
- Message integrity: Bob is sure that the message was not
corrupted during transmission, otherwise the check of the
signature would have failed
- Sender authentication: Bob is sure that the sender owns the
private key that corresponds to the public key he has (Alice’s)
May 2002
Patroklos Argyroudis
12
Digital certificates
• Nothing prevents Mallory from creating a key pair, send the
public key to Bob, and masquerading as Alice
• When Bob receives future messages from Mallory (pretending to
be Alice), Bob can verify that is Alice (when it is really Mallory)
• A digital certificate binds a public key to a person
• Purpose: to convince a person who does not know Alice that
Alice owns a particular public key
• When Alice signs a message with her private key, this
authenticates Alice to the receiver of the message
• Certification authority: generates, distributes, and manages
digital certificates, essential component of secure e-commerce
• You must completely trust a certification authority to
authenticate Alice when Alice applies for her certificate
May 2002
Patroklos Argyroudis
13
Network security
• Cryptography finds most of its application these days in the field
of network security
• Data must be protected during transmission, network
connections must be authenticated, man-in-the-middle attacks
must be successfully resolved
• Of course, network security does not provide a solution if the
rest of the system is not properly secured, therefore computer
security is also very important
• Network security can be applied in different layers (or levels):
- At the network layer (2nd layer of the TCP/IP 4-layer suite)
- At the transport layer (3rd layer of the TCP/IP 4-layer suite)
May 2002
Patroklos Argyroudis
14
Network layer security: IPsec
• The goal of IPsec is to make networking operations secure in
their core: the IP protocol
• IPsec encompasses many different security technologies:
- Symmetric encryption for encrypting the actual transferred
data
- Hash functions for providing authentication for network
packets
- Public-key cryptography for key exchanging and identification
of the communicating end points
- Digital certificates for ensuring identification
• Advantages:
- Application independency: no changes to existing or legacy
applications are required
- Flexibility: supports any network situation and topology
May 2002
Patroklos Argyroudis
15
Transport layer security: SSL/TLS
• The Secure Sockets Layer (SSL), and its newest specification
Transport Layer Security (TLS), provides security to specific
applications that utilise it
• SSL works on top of the Transmission Control Protocol (TCP):
• It is mainly used to secure WWW connections, also used in WAP
(WTLS)
• Other transport layer protocols: SHTTP, DNSSEC, SSH
May 2002
Patroklos Argyroudis
16
Conclusion
• The security of an entire system is only as strong as its weakest
link
• Everything must be secure: the cryptographic algorithms, the
security protocols, the key management, all of the components
• If a system uses strong cryptographic algorithms, but has a
weak key management scheme, then someone is going to
attack the system through its key management
• Cryptography is only a small part of computer and network
security, the implementation code must be robust, system
configuration must be correct, patches must be frequently
applied, etc..
• Finally, it must be understood that security is an ongoing
process and not goal
• For more information:
- Contact me at: [email protected]
- Visit: http://www.city.academic.gr/acm/crypto_page/
May 2002
Patroklos Argyroudis
17