Information Security Sharon Welna Information Security Officer.
Information Security Fundamentals Major Information Security Problems and Solutions Department of...
-
Upload
catherine-skinner -
Category
Documents
-
view
218 -
download
3
Transcript of Information Security Fundamentals Major Information Security Problems and Solutions Department of...
Information Security Fundamentals
Information Security FundamentalsMajor Information Security Problems and Solutions
Department of Computer ScienceSouthern Illinois University Edwardsville
Fall, 2013
Dr. Hiroshi FujinokiE-mail: [email protected]
Information_Security/001
Information Security Fundamentals
Information_Security/002
• Software programs are running two physically separated host computers
Network
Program A Program B
Assumptions throughout this discussions
ClientServer
Two assumptions
Unreliable message transmissions
Possible hijack of network resources
Information Security Fundamentals
Information_Security/003
Assumptions throughout this discussions
• Software programs communicate through insecure public networks
Network
Program A Program B
Unreliable message transmissions
(a) Messages you transmit may not reach a destination.
(b) Messages you transmit may be duplicated.(c) Messages you transmit may reach a destination out of order.
Information Security Fundamentals
Information_Security/004
Assumptions throughout this discussions
• Software programs communicate through insecure public networks
Possible hijack of network resources
• Routers store your messages in them, and they forward.
• Someone else can access (read) contents in your message.
Network
Program A Program B
Someone hasillegal accessto this router
Router
Information Security Fundamentals
Information_Security/005
Assumptions throughout this discussions
• Software programs communicate through insecure public networks
Network
Program A Program B
Possible hijack of network resources
• Routers store your messages in them, and they forward.
• Someone else can modify the contents in your message.
Information Security Fundamentals
Information_Security/006
Major Known Information Security Problems
Release of message contents
Modification of message contents
Masquerading the identity of information sender and receiver
Repudiation of message transmission and/or receiving
Denial of services
Traffic analysis
Message-replays
Information Security Fundamentals
Information_Security/007
Major Known Information Security Problems and Their Solutions
Release of message contents
Modification of message contents
Masquerading the identity of information sender and receiver
Cryptography
Message Digest
Digital Signature
Information Security Fundamentals
Information_Security/008
A
Originalinformation
A’
Encryptedinformation
f
Encryption
mathematicalfunction
=
E.g., ‘A’(ASCII ‘A’)
E.g., +
E.g., ‘B’(ASCII ‘B’)
1 Encryptionkey
A’
E.g., -
1 Encryptionkey
A
Originalinformation
Sender
ReceiverInternet
Public Network(Internet)
f ’
Decryption
Cryptography
This type of cryptography iscalled “symmetric cryptography”
Information Security Fundamentals
Information_Security/009
Cryptography (to prevent release of message contents)
Three important issues in cryptography:
(1) Encryption must be hard to break (time, computer resources)
(2) Encryption key must be safely transferred over a network
(3) Encryption must be scalable in the number of users you deal with
A solution that satisfies all the above requirements
“Asymmetric-Key Cryptography”
Different keys can be used for encryption and decryption.
The two big problems ofsymmetric cryptography
Information Security Fundamentals
Information_Security/010
Cryptography (to prevent release of message contents)
Network
S R
S
P
• Encryption keys are always made as a pair of two keys
• One of the two keys is called “secret (private) key” while the other is is called “open (public) key”.
• You must keep your private key always secret (= never transfer it to anywhere)
• You can give your public key to any people you would like to securely communicate
P
(anyone should be able to get the public key)
Information Security Fundamentals
Information_Security/011
Cryptography (to prevent release of message contents)
Network
S R
S
P
Two most important properties in asymmetric-key cryptography:
(1) If a message is encrypted by a public key, the encrypted message can be decrypted only by its private key.
(2) If a message is encrypted by a private key, the encrypted message can be decrypted only by its public key.
P
Plain Message
X P
Plain Message
Plain Message
Information Security Fundamentals
Information_Security/012
Cryptography (to prevent release of message contents)
Network
S R
S
P
Two most important properties in asymmetric-key cryptography:
(1) If a message is encrypted by a public key, the encrypted message can be decrypted only by its pair secret key.
(2) If a message is encrypted by a secret key, the encrypted message can be decrypted only by its pair public key.
P
X P
Plain MessagePlain Message
Plain Message
Information Security Fundamentals
Information_Security/013
Cryptography (to prevent release of message contents)
Three important issues in cryptography:
(1) Encryption must be hard to break (time, computer resources)
(2) Encryption key must be safely transferred over a network
(3) Encryption must be scalable in the number of users you deal with
Solved !!
Information Security Fundamentals
Information_Security/014
Message digests (to prevent modification of message contents)
Network
S R
Message
(2) Attach the digest to the message
(1) Calculate a message digest
H e l l o W o r l d !72 101108108111 32 87 111 114108100 33ASCII Code:
(8 mod (total)) = 193
193
This methods has two problems!
Message
193
Message
193
Information Security Fundamentals
Information_Security/015
Network
S R
Message digests (to prevent modification of message contents)
Message
193
How can we prevent this problem?
249
Information Security Fundamentals
Information_Security/016
Network
S R
Message
(1) Calculate a message digest
193
S
P
(2) Encrypt the digest using the private key
Message digests (to prevent modification of message contents)
(3) Attach the encrypted digest to the message
(4) The whole message is transferred
(5) R downloads the public key of S
(6) R decrypts the digest from S
(7) R calculates the digest on its own and compares it with the digest from S
P
Message
193
Information Security Fundamentals
Information_Security/017
Message digests (to prevent modification of message contents)
Network
S R
Message
(2) Attach the digest to the message
(1) Calculate a message digest
H e l l o W o r l d !72 101108108111 32 87 111 114108100 33ASCII Code:
(8 mod (total)) = 193
193
If we have 8 bits for a digest, what is theprobability of the digest accidentally match?
It’s 1/256!
CertificateAuthority
Merchant’shost (server)
Client’shost (browser)
CA creates a certificate for this merchant
S1
P1
Digital Certificate
S2
P2P2
HASH
CA encrypts this certificate using its PRIVATE key
Encrypt
CA issues (transmits) this certificates to the merchant
The merchant sends its certificate to you
HASH
Compare
P2
P1
Decrypt
(hash) digestof the server’scertificate
A client contacts this merchant for business
Digital signatureof this certificate
Extracted DigitalSignature of the CA
Re-Constructed DigitalSignature of the CA
Initiate the hybridencryption with
this server
Request for issuing a certificate for this merchant (must pay $$$)
P2P2P2
Information Security Fundamentals
Information_Security/018
Digital Certificate
Certificate: Data: Version: 3 (0x2) Serial Number: 7 (0x7) Signature Algorithm: md5WithRSAEncryption Issuer: C=JP, ST=Aichi-Ken, L=Nagoya, O=NIT, OU=TEST depth, CN=ailab second cert/[email protected] Validity Not Before: Sep 22 05:31:34 1998 GMT Not After : Sep 22 05:31:34 1999 GMT Subject: C=JP, ST=Aichi-Ken, O=nitech.ac.jp, OU=ailab, CN=test7.second/Email=7.second@mars Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (512 bit) Modulus (512 bit): 00:bd:06:2b:bc:35:55:0b:d7:c4:d6:09:a5:b7:5c: 57:2a:0a:e5:7d:8c:2e:ed:8f:df:c3:ca:37:63:bb: ae:b1:ac:94:54:40:da:7b:71:16:ff:e7:68:5e:00: 49:54:43:70:b7:a1:35:0a:e3:53:4d:4c:86:d2:90: e8:18:39:55:2b Exponent: 65537 (0x10001) X509v3 extensions: Netscape CA Revocation URL: .#http://www.cryptsoft.com/ca-crl.pem Netscape Comment: ..This is a comment Netscape Cert Type: ...@ Signature Algorithm: md5WithRSAEncryption e7:04:71:f0:9a:d5:da:5e:50:c5:13:20:97:8c:ff:69:fa:18: 2a:9d:b8:75:22:d7:f4:d5:87:4a:7c:c4:3a:7f:b7:72:0f:a3: f3:f4:82:60:8e:e0:f8:10:36:9f:d9:a8:c3:b2:83:50:3d:dd: 5c:b8:29:b7:79:49:03:13:6d:83
Declare the beginning of a certificate
ITU-T X.509 Version 3 certificate format
Unique Certificate Serial #
Which hash and encryption are used for the signature
Name of the CA who issued this certificate
Name of the server this certificate is issued to
This is the public-key information for the server!
This is the digital signature signedby this CA (not by this server)
Encryption algorithm you need to usewhen you talk to this server
CS 548 Network Security
Information_Security/019
CertificateAuthority
Merchant’shost (server)
Client’shost (browser)
S1
P1
S2
P2
CA issues (transmits) this certificates to the merchant
P1
Request for issuing a certificate for this merchant (must pay $$$)
P2P2P2
How can you be sure thatthis CA is a legitimate CA?
When (or how) did you getthe public-key of this CA?
If you are going to getthe public-key throughthe network, how you
are sure this key is fromthe CA?
Digital Certificate
Information Security Fundamentals
Information_Security/020
CertificateAuthority
Merchant’shost (server)
S2
P2
Certificate forthis CA Request for the certificate issued
to this CA
This CA sends its certificate to this merchant
P2P2P2
This is the certificatefor this merchant
HASH
CompareDecrypt
Extracted DigitalSignature of the CA
Re-Constructed DigitalSignature of the CA
P
We need the publickey for this decryption
S
P
You can (should) not getthe public-key from this CA
Digital Certificate
Information Security Fundamentals
Information_Security/021
CertificateAuthority
Merchant’shost (server)
S1
P1
S2
P2
Request for the certificate issued
to this CA
This CA sends its certificate to this merchant
P2P2P2
This is the certificatefor this merchant
HASH
CompareDecrypt
Extracted DigitalSignature of the CA
Re-Constructed DigitalSignature of the CA
AnotherCertificateAuthority
S3
P3
P3
P3
How can this merchantbe sure that P3 is from Y?
X
Y
AnotherCertificateAuthority
AnotherCertificateAuthority
AnotherCertificateAuthority
CA X requests Y to issue a certificate for X!
Certificate forthis CA
Digital Certificate
Information Security Fundamentals
Information_Security/022
CertificateAuthorityCertificateAuthorityCertificateAuthority
R
CertificateAuthorityCertificateAuthorityCertificateAuthority
Merchant’shost (server)
Root CA
The CA who does not have the parent CA
Digital Certificate
(a) Your browser must have the pre-installed certificate of the root CA
(b) If your browser does not have the certificate of the root CA, you must make your own decision of you accept (trust) the certificate of not
S3
P3
S3S3S3
P3P3
P3P3
P4P4P4
P4P4P4
P5P5P5
P5P5P5
S6
P6
S6S6S6
P6P6P6
P6P6P6
P6P6P6
P3P3
X
CertificateAuthorityCertificateAuthorityCertificateAuthority
Y
CertificateAuthorityCertificateAuthorityCertificateAuthority
Z
S5
P5
S5S5
P5P5P5
S4
P4
S4S4
P4P4P4
Information Security Fundamentals
Information_Security/023
Information Security Fundamentals
Information_Security/024
Repudiation of message transmission of receiving
Network
S R
Message
S transmitsa message to R
R received thismessage from S
Non-Repudiation
(a) S can not deny that it transmitted this message to R.
(b) R can not deny that it received this message from S.
Information Security Fundamentals
Information_Security/025
Repudiation of message transmission of receiving
Network
S R
Message
I did not transmitthis message to S
I did not receivethis message from S
Non-Repudiation
(a) S can not deny that it transmitted this message to R.
(b) R can not deny that it received this message from S.
This situation is NOT repudiation
(because message transfer did not occur)
Information Security Fundamentals
Information_Security/026
How to prevent repudiation?
Homework: Develop an algorithm that prevents the two types of repudiations
• Use the information security solutions we discussed so far
• We still assume an insecure network environment
(especially message losses and message duplications)
Hints:
• Like digital certificate, combine multiple security solutions
• It should be “algorithm” (which contains “if – else” structures)