1 / 29

NBA 600: Session 21 Privacy and Security 8 April 2003

NBA 600: Session 21 Privacy and Security 8 April 2003. Daniel Huttenlocher. Today’s Class. Public key cryptography Infrastructure (PKI) Encryption, signatures, certificates, authorities E-commerce transactions Network security Malicious code (“malware”) Viruses, worms, Trojan horses

joyceeverett
Télécharger la présentation

NBA 600: Session 21 Privacy and Security 8 April 2003

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. NBA 600: Session 21Privacy and Security8 April 2003 Daniel Huttenlocher

  2. Today’s Class • Public key cryptography • Infrastructure (PKI) • Encryption, signatures, certificates, authorities • E-commerce transactions • Network security • Malicious code (“malware”) • Viruses, worms, Trojan horses • Protecting your business • Differences between online, networked and physical worlds

  3. Increasing Risks • Information security getting harder • More varied access required • More sophisticated attacks/attackers • Online and networked world poses more challenges than offline or isolated world • Automated challenges • ATM PIN vs. website password • Action at a distance • Harder to monitor and to challenge • Availability of techniques to non-experts • Experts develop, non-experts with time use

  4. Public Key Cryptography • Invented by Diffie and Hellman, early ’70’s • Encryption key is public • Known to anyone, but specific to recipient • Decryption key is private • Known only to recipient • Encryption and decryption keys come in pairs • Only private key can decrypt messages that were encrypted with corresponding public key • Knowing public key does not make it easy to determine private key • RSA, most widely used schemes depends on difficulty of factoring large numbers

  5. Public Key Encryption on Web • Secure Web sites • Data encrypted using SSL (Secure Socket Layer) • Same data transfer but encrypted • URL’s start with https:// rather than http:// • Shows up with “padlock” in browser status bar • Hybrid scheme where public key encryption used to exchange shared keys • Traditional (symmetric) encryption considerably faster than public key • Use public key as way of safely sending keys for symmetric encryption

  6. Digital Signatures • Sender uses their private key to encrypt the message • Usually encrypt something short computed from the message because its cheaper • Called a “hash” • Sends to recipient • Recipient uses senders public key to decrypt in order to validate from sender • Get this key from someplace trusted • If they get the correct message or “hash” then must have been sent with sender’s private key

  7. AlicePublicEncryptionof MessageandBobPrivateEncryptedHash AlicePublicEncryptionof MessageandBobPrivateEncryptedHash BobPrivateEncryptionof Hash BobPrivateEncryptionof Hash Message Message Hash Public Key Schematic • Bob wants to send private, signed message to Alice • Encrypts a hash with his private key • Encrypts the message with Alice’s public key • Only Alice can decode with her private key • Then she uses Bob’s public key to verify signature Untrusted Network

  8. Issues With Digital Signatures • Some state laws make “assignee” responsible for all uses of digital signature • Until revoked • Means you are liable for what your signature is used for • Until you know it has been misused and have been able to get CA to revoke it • Very different from credit cards • Where you can deny transactions after the fact both under law and under convention/contract • Makes less attractive for payments

  9. Digital Certificates • Set of trusted authorities • Known to client software such as IE • Stores public key of each authority • An authority issues a certificate to the operator of a Web site • Digitally signed (with authority’s private key) • Contains public key of Web site operator • For a fee: e.g., currently VeriSign charges $900/yr for 128-bit SSL certificate • When Web browser connects to a secure site it receives the certificate • Uses authority’s public key to validate

  10. Digital Certificates Not Foolproof • Web browser has list of trusted certificate authorities (CA’s) • Do you trust them? • How are they determined? • Who do they grant authority to? • How do CA’s verify identity • E.g., elaborate cons

  11. SSL Encryption Setup • Before “padlock” appears on browser: • Client contacts server gets certificate, validates it (1-3) • Client sends PK encrypted secret data, server decrypts, both create shared keys (4-6) • Symmetric encrypted data transfer begins (7) • Generally takes under a second Source: CacheFlow

  12. Cryptographic Key Length • Hear about “n bit keys”, e.g., 128 bit • 2n possible values • E.g., for 40 bits about a trillion values • A trillion sounds big, but… • If a billion values per second can be tried then only about 15 mins • A fast desktop computer does a couple billion operations per second (e.g., 2.4 gHz) • A few of these together can test a billion key values per second • 1998 “machine” to crack 56 bit DES keys • Average of 4.5 days

  13. More on Cryptographic Keys • Key sizes today • Triple-DES uses 122 bit keys • Most methods use at least 128 bit keys • Each additional bit makes trying all possibilities take twice as long • So if 40 bit key takes 15 mins • 50 bits takes 10 days (250 hours) • 60 bits takes 27 years (10000 days), etc. • Public keys need to be considerably bigger • Depend on difficulty of factoring numbers • Current rule of thumb 1024 bit or longer

  14. Network Security • Traditionally predicated on internal versus external risks • Internal handled through passwords, monitoring and restricted physical access • External handled through isolation (firewall) • Do not allow data to/from outside world • Traditional models not working well any longer • Needs for remote access to protected data • Employees, trusted customers/suppliers • Email viruses bring untrusted inside

  15. Network Security a Balancing Act • Maximize safety without unduly limiting legitimate work • Parallels to physical security • As with all complex security problems • Protection • Detection • Reaction • Protection now harder because isolation was “best” protection • Detection and reaction involve people and procedures more heavily

  16. VPN’s • Virtual Private Network (VPN) • An encrypted connection over an untrusted network (e.g., Internet) • On both ends, acts as if part of the company trusted network • VPN server connected to by user machines “in the field” • Most widely used is Microsoft’s PPTP • First version had substantial security flaws discovered by outside experts • As with all complex software still issues • E.g., late 2002 denial of service attack

  17. Schematic of VPN

  18. Risks of VPN’s • Security flaws particularly problematic • Because allows external access to the network, compromise can bring outsiders inside • Passwords are more at risk • External source of attack; less accountability • Passwords may be stolen or observed • Non-electronically or with spyware • Users may not adequately protect machines on the VPN • Access by friends, household members, colleagues, etc.

  19. Malicious Code (“Malware”) • Dates back to early days of computing • Often as pranks, or to demonstrate possibilities • Some terminology • Virus: hidden program or piece of code that “infects” some other program or file causing an unexpected, usually negative, result • Worm: independent program that actively duplicates itself • Trojan horse: malicious program that pretends to be a benign application • Generally must be deliberately installed

  20. Spreading Viruses • Most viruses today are scripts or macros that infect files or email • Because files and email are commonly exchanged between people • Such viruses spread more quickly than other means such as sharing programs • Viruses are always created by someone who intends to do harm • Often based on “templates”, so many similar • Virus scanners must be updated for each new virus, impossible to predict new ones

  21. Current Virus Prevention • Email filters that examine both incoming and outgoing email • Remove known viruses, automatically update • Most now replicate via address book • Scans of file systems for infected programs and files • Still can get “bitten” by new ones • Opening attachments can be dangerous • Even if from someone you know because they may be infected • Even viewing email in auto-preview panes can be problematic

  22. Worms and Trojan Horses • Less prevalent because harder to spread • Worms tend to exploit flaws in servers • Usually “buffer overflow” which allows code sent over network to be executed • Think of someone blindly following a recipe and you can insert new steps they simply follow • Recent one was Microsoft SQL server “slammer” worm • Widespread effect this past January • Trojan horses install unknown functionality • All downloaded programs a risk this way

  23. Protecting Your Business • Need good technology but not enough • Should be easy to use and fit with work processes • Need to instill importance in employees and have them contribute to security not evade • View computer and network security as a senior management issue • Policies set by CIO/CTO but agreed to and followed by all senior managers • Likely to have impact on employees and business than physical security

  24. Security Rules of Thumb • Basic technology policies • Keep software patches on all externally accessible and critical systems up to date • According to CERT prevents 95% of intrusions • Use automatically updating anti-virus software • Use firewalls and network loggers • Have regular, automated, offsite backups • Periodically test that restores work • Basic personnel policies • Information security is everyone’s responsibility, broadly educate employees

  25. Passwords • Particularly difficult balance between security and usability • One-time token systems can help • External access particularly problematic • Wide range of remote attackers • Most passwords easy to crack • E.g., Dictionary lookups in matter of minutes • Even all possible 7 character passwords can be tried in a few weeks • But policies can make worse

  26. Microsoft Trustworthy Computing • Initiative launched in early 2002 • Across all product groups • Active involvement of research and academics • Goals are to provide • Security • Privacy • Reliability • Business Integrity • Products and services using software that are as trustworthy as those using electricity • Took electric industry from 1880’s-1920’s

  27. Trustworthy Computing Goals • Security • Systems that are resilient to attack and protect confidentiality, integrity and availability • Privacy • Customer able to control data about themselves and those using data adhere to “fair information” principles • Reliability • Customer can depend on product to fulfill its functions when required to do so • Business integrity • Vendor behaves responsively and responsibly

  28. Trustworthy Computing Means • Secure by design, by default and in deployment • Fair information principles • User data only collected or shared with consent • Availability – ready for use • Manageability • Easy to install and manage; scalable • Accuracy – functions correctly • Usability – easy to use and suited to needs • Responsiveness and transparency of firm

  29. Some Main Players in Security • VeriSign (VRSN) • Digital trust services • $1.2B/yr revenue, up 24% y-o-y (acquisition) • $2.3B market cap • CheckPoint Software (CHKP) • Firewalls • $427M/yr revenue, down 19% y-o-y • $3.9B market cap • RSA Security (RSAS) • E-Security solutions (e.g., secureID) • $230M/yr revenue, down 18% y-o-y • $420M market cap

More Related