290 likes | 301 Vues
NBA 600: Session 21 Privacy and Security 8 April 2003. Daniel Huttenlocher. Today’s Class. Public key cryptography Infrastructure (PKI) Encryption, signatures, certificates, authorities E-commerce transactions Network security Malicious code (“malware”) Viruses, worms, Trojan horses
E N D
NBA 600: Session 21Privacy and Security8 April 2003 Daniel Huttenlocher
Today’s Class • Public key cryptography • Infrastructure (PKI) • Encryption, signatures, certificates, authorities • E-commerce transactions • Network security • Malicious code (“malware”) • Viruses, worms, Trojan horses • Protecting your business • Differences between online, networked and physical worlds
Increasing Risks • Information security getting harder • More varied access required • More sophisticated attacks/attackers • Online and networked world poses more challenges than offline or isolated world • Automated challenges • ATM PIN vs. website password • Action at a distance • Harder to monitor and to challenge • Availability of techniques to non-experts • Experts develop, non-experts with time use
Public Key Cryptography • Invented by Diffie and Hellman, early ’70’s • Encryption key is public • Known to anyone, but specific to recipient • Decryption key is private • Known only to recipient • Encryption and decryption keys come in pairs • Only private key can decrypt messages that were encrypted with corresponding public key • Knowing public key does not make it easy to determine private key • RSA, most widely used schemes depends on difficulty of factoring large numbers
Public Key Encryption on Web • Secure Web sites • Data encrypted using SSL (Secure Socket Layer) • Same data transfer but encrypted • URL’s start with https:// rather than http:// • Shows up with “padlock” in browser status bar • Hybrid scheme where public key encryption used to exchange shared keys • Traditional (symmetric) encryption considerably faster than public key • Use public key as way of safely sending keys for symmetric encryption
Digital Signatures • Sender uses their private key to encrypt the message • Usually encrypt something short computed from the message because its cheaper • Called a “hash” • Sends to recipient • Recipient uses senders public key to decrypt in order to validate from sender • Get this key from someplace trusted • If they get the correct message or “hash” then must have been sent with sender’s private key
AlicePublicEncryptionof MessageandBobPrivateEncryptedHash AlicePublicEncryptionof MessageandBobPrivateEncryptedHash BobPrivateEncryptionof Hash BobPrivateEncryptionof Hash Message Message Hash Public Key Schematic • Bob wants to send private, signed message to Alice • Encrypts a hash with his private key • Encrypts the message with Alice’s public key • Only Alice can decode with her private key • Then she uses Bob’s public key to verify signature Untrusted Network
Issues With Digital Signatures • Some state laws make “assignee” responsible for all uses of digital signature • Until revoked • Means you are liable for what your signature is used for • Until you know it has been misused and have been able to get CA to revoke it • Very different from credit cards • Where you can deny transactions after the fact both under law and under convention/contract • Makes less attractive for payments
Digital Certificates • Set of trusted authorities • Known to client software such as IE • Stores public key of each authority • An authority issues a certificate to the operator of a Web site • Digitally signed (with authority’s private key) • Contains public key of Web site operator • For a fee: e.g., currently VeriSign charges $900/yr for 128-bit SSL certificate • When Web browser connects to a secure site it receives the certificate • Uses authority’s public key to validate
Digital Certificates Not Foolproof • Web browser has list of trusted certificate authorities (CA’s) • Do you trust them? • How are they determined? • Who do they grant authority to? • How do CA’s verify identity • E.g., elaborate cons
SSL Encryption Setup • Before “padlock” appears on browser: • Client contacts server gets certificate, validates it (1-3) • Client sends PK encrypted secret data, server decrypts, both create shared keys (4-6) • Symmetric encrypted data transfer begins (7) • Generally takes under a second Source: CacheFlow
Cryptographic Key Length • Hear about “n bit keys”, e.g., 128 bit • 2n possible values • E.g., for 40 bits about a trillion values • A trillion sounds big, but… • If a billion values per second can be tried then only about 15 mins • A fast desktop computer does a couple billion operations per second (e.g., 2.4 gHz) • A few of these together can test a billion key values per second • 1998 “machine” to crack 56 bit DES keys • Average of 4.5 days
More on Cryptographic Keys • Key sizes today • Triple-DES uses 122 bit keys • Most methods use at least 128 bit keys • Each additional bit makes trying all possibilities take twice as long • So if 40 bit key takes 15 mins • 50 bits takes 10 days (250 hours) • 60 bits takes 27 years (10000 days), etc. • Public keys need to be considerably bigger • Depend on difficulty of factoring numbers • Current rule of thumb 1024 bit or longer
Network Security • Traditionally predicated on internal versus external risks • Internal handled through passwords, monitoring and restricted physical access • External handled through isolation (firewall) • Do not allow data to/from outside world • Traditional models not working well any longer • Needs for remote access to protected data • Employees, trusted customers/suppliers • Email viruses bring untrusted inside
Network Security a Balancing Act • Maximize safety without unduly limiting legitimate work • Parallels to physical security • As with all complex security problems • Protection • Detection • Reaction • Protection now harder because isolation was “best” protection • Detection and reaction involve people and procedures more heavily
VPN’s • Virtual Private Network (VPN) • An encrypted connection over an untrusted network (e.g., Internet) • On both ends, acts as if part of the company trusted network • VPN server connected to by user machines “in the field” • Most widely used is Microsoft’s PPTP • First version had substantial security flaws discovered by outside experts • As with all complex software still issues • E.g., late 2002 denial of service attack
Risks of VPN’s • Security flaws particularly problematic • Because allows external access to the network, compromise can bring outsiders inside • Passwords are more at risk • External source of attack; less accountability • Passwords may be stolen or observed • Non-electronically or with spyware • Users may not adequately protect machines on the VPN • Access by friends, household members, colleagues, etc.
Malicious Code (“Malware”) • Dates back to early days of computing • Often as pranks, or to demonstrate possibilities • Some terminology • Virus: hidden program or piece of code that “infects” some other program or file causing an unexpected, usually negative, result • Worm: independent program that actively duplicates itself • Trojan horse: malicious program that pretends to be a benign application • Generally must be deliberately installed
Spreading Viruses • Most viruses today are scripts or macros that infect files or email • Because files and email are commonly exchanged between people • Such viruses spread more quickly than other means such as sharing programs • Viruses are always created by someone who intends to do harm • Often based on “templates”, so many similar • Virus scanners must be updated for each new virus, impossible to predict new ones
Current Virus Prevention • Email filters that examine both incoming and outgoing email • Remove known viruses, automatically update • Most now replicate via address book • Scans of file systems for infected programs and files • Still can get “bitten” by new ones • Opening attachments can be dangerous • Even if from someone you know because they may be infected • Even viewing email in auto-preview panes can be problematic
Worms and Trojan Horses • Less prevalent because harder to spread • Worms tend to exploit flaws in servers • Usually “buffer overflow” which allows code sent over network to be executed • Think of someone blindly following a recipe and you can insert new steps they simply follow • Recent one was Microsoft SQL server “slammer” worm • Widespread effect this past January • Trojan horses install unknown functionality • All downloaded programs a risk this way
Protecting Your Business • Need good technology but not enough • Should be easy to use and fit with work processes • Need to instill importance in employees and have them contribute to security not evade • View computer and network security as a senior management issue • Policies set by CIO/CTO but agreed to and followed by all senior managers • Likely to have impact on employees and business than physical security
Security Rules of Thumb • Basic technology policies • Keep software patches on all externally accessible and critical systems up to date • According to CERT prevents 95% of intrusions • Use automatically updating anti-virus software • Use firewalls and network loggers • Have regular, automated, offsite backups • Periodically test that restores work • Basic personnel policies • Information security is everyone’s responsibility, broadly educate employees
Passwords • Particularly difficult balance between security and usability • One-time token systems can help • External access particularly problematic • Wide range of remote attackers • Most passwords easy to crack • E.g., Dictionary lookups in matter of minutes • Even all possible 7 character passwords can be tried in a few weeks • But policies can make worse
Microsoft Trustworthy Computing • Initiative launched in early 2002 • Across all product groups • Active involvement of research and academics • Goals are to provide • Security • Privacy • Reliability • Business Integrity • Products and services using software that are as trustworthy as those using electricity • Took electric industry from 1880’s-1920’s
Trustworthy Computing Goals • Security • Systems that are resilient to attack and protect confidentiality, integrity and availability • Privacy • Customer able to control data about themselves and those using data adhere to “fair information” principles • Reliability • Customer can depend on product to fulfill its functions when required to do so • Business integrity • Vendor behaves responsively and responsibly
Trustworthy Computing Means • Secure by design, by default and in deployment • Fair information principles • User data only collected or shared with consent • Availability – ready for use • Manageability • Easy to install and manage; scalable • Accuracy – functions correctly • Usability – easy to use and suited to needs • Responsiveness and transparency of firm
Some Main Players in Security • VeriSign (VRSN) • Digital trust services • $1.2B/yr revenue, up 24% y-o-y (acquisition) • $2.3B market cap • CheckPoint Software (CHKP) • Firewalls • $427M/yr revenue, down 19% y-o-y • $3.9B market cap • RSA Security (RSAS) • E-Security solutions (e.g., secureID) • $230M/yr revenue, down 18% y-o-y • $420M market cap