26
COMP 416 :: Fall 2010 Security Lecture 17 COMP 416 Fall 2010

COMP 416 :: Fall 2010 Security Lecture 17 COMP 416 Fall 2010

Embed Size (px)

Citation preview

Page 1: COMP 416 :: Fall 2010 Security Lecture 17 COMP 416 Fall 2010

COMP 416 :: Fall 2010

Security

Lecture 17

COMP 416

Fall 2010

Page 2: COMP 416 :: Fall 2010 Security Lecture 17 COMP 416 Fall 2010

COMP 416 :: Fall 2009

Security• Often the most overlooked and misunderstood part

of computer science.• We will not even attempt to be comprehensive.• For more:

– Mike Reiter• UNC Undergrad / Ph.D from Cornell

• Director of cyber-security lab at CMU

• Now kicking ass at UNC

– Fabian Monrose• Shamelessly stolen from Johns Hopkins

Page 3: COMP 416 :: Fall 2010 Security Lecture 17 COMP 416 Fall 2010

COMP 416 :: Fall 2009

Where we need security• Model situation:

• Where do we need security?– Protect client from script.

• In this case, server is the “bad” guy

– Protect communication between client and server.• In this case, anyone can be the “bad” guy.

Client Server

ScriptBrowser

CGI

Web ServerData

Page 4: COMP 416 :: Fall 2010 Security Lecture 17 COMP 416 Fall 2010

COMP 416 :: Fall 2009

Basic Security Needs• What are the basic security questions (or needs) of

the client and the server:– Client:

• Is the server who the server says it is?• Is the script safe to run?• Is the data correct?• Is the data private? In other words, are we sure that no one else

can get/use this data?

– Server:• Is the client who the client says it is?• Is the data correct and private?

Page 5: COMP 416 :: Fall 2010 Security Lecture 17 COMP 416 Fall 2010

COMP 416 :: Fall 2009

Categories of Security Needs

• Authentication– Make sure that you are talking to who you think

you are talking to.

• Privacy– Ensure that no one else can use or get the data.

• Safety– Feel safe executing programs that were written

by strangers.

Page 6: COMP 416 :: Fall 2010 Security Lecture 17 COMP 416 Fall 2010

COMP 416 :: Fall 2009

Authentication• Fundamental fact:

– You have to trust something or someone eventually.

• Establishing trust:– Challenge/Response

• Ask the other party questions that only it should know. What are some human context examples?

• Call your bank, they ask you for your SS#, maiden name, address, etc.

– Third party authentication• Ask someone else to vouch for the other party.

Page 7: COMP 416 :: Fall 2010 Security Lecture 17 COMP 416 Fall 2010

COMP 416 :: Fall 2009

Certificates

• A certificate is used to make a claim of identity and/or authenticity.– Parts of a certificate:

• Name of party and any other information about themselves that they want to present as authentic.

• Name of certificate authority

• Digital signature of certificate authority (CA)

– If you trust the CA, you can trust the info.– Key to the trust is in the signature.

Page 8: COMP 416 :: Fall 2010 Security Lecture 17 COMP 416 Fall 2010

COMP 416 :: Fall 2009

Digital Signatures

• Certificate authority issues certificates and “signs” them digitally for authenticity.

• What functions must the signature provide?– Info. presented in certificate is the same info.

originally presented to the CA in the first place.– Verify that signature is really from CA.

• Digital signatures work by using “public-key cryptography”

Page 9: COMP 416 :: Fall 2010 Security Lecture 17 COMP 416 Fall 2010

COMP 416 :: Fall 2009

Public-key Cryptography• Diffie-Hellman, 1976• Trap-door function

– A function with that can be used with two pieces of information (numbers) with the following property:

• Call the two pieces of information PUB_KEY and PRIV_KEY

• Message to be encrypted: P

• E(P, PUB_KEY) => C, where C is encrypted message.

• D(C, PRIV_KEY) => P

• PRIV_KEY can’t be calculated from PUB_KEY

Page 10: COMP 416 :: Fall 2010 Security Lecture 17 COMP 416 Fall 2010

COMP 416 :: Fall 2009

Using public key crypto

BobAlice

1) Alice generates a key-pair.

Page 11: COMP 416 :: Fall 2010 Security Lecture 17 COMP 416 Fall 2010

COMP 416 :: Fall 2009

Using public key crypto

BobAlice

2) Alice gives Bob the public key

Page 12: COMP 416 :: Fall 2010 Security Lecture 17 COMP 416 Fall 2010

COMP 416 :: Fall 2009

Using public key crypto

BobAlice

3) Bob encodes message using public key

Hello

gekdisa3

Page 13: COMP 416 :: Fall 2010 Security Lecture 17 COMP 416 Fall 2010

COMP 416 :: Fall 2009

Using public key crypto

BobAlice

3) Alice decodes with private key

gekdisa3

Hello

Page 14: COMP 416 :: Fall 2010 Security Lecture 17 COMP 416 Fall 2010

COMP 416 :: Fall 2009

Symmetric Keys

• Public-key systems are symmetric– Only the private key can decode message

encoded by the public key.– Only public key can decode messages encoded

by the private key.

A => f(private_key) => A`

A` => f(public_key) => A

Page 15: COMP 416 :: Fall 2010 Security Lecture 17 COMP 416 Fall 2010

COMP 416 :: Fall 2009

Back to authentication.• Quick review:

– Server presents certificate with lots of info signed by trusted certificate authority.

– Client must be assured that signature vouches for the info and that signature is from the CA.

• How does public-key cryptography help?– Trusted CA publishes its public key.

• What are the issues here?

– Signature is simply a digest of the certificate encoded with CA’s private key.

– Client uses public key to decode signature and check digest against the info.

Page 16: COMP 416 :: Fall 2010 Security Lecture 17 COMP 416 Fall 2010

COMP 416 :: Fall 2009

Digests• What does “digest” mean?

– A smaller version of the same information.

• In security: a small message that is generated mathematically from a larger one.

• What properties do we want from digest function?– Easy to calculate.– Hard to predict.– Sensitive to initial conditions.

Page 17: COMP 416 :: Fall 2010 Security Lecture 17 COMP 416 Fall 2010

COMP 416 :: Fall 2009

RSA

• RSA is one specific public-key system– Patent expired.– RSA stands for Rivest, Shamir, and Adleman

• Based on numerical properties of...– Modular arithmetic– Prime numbers– Factorization

Page 18: COMP 416 :: Fall 2010 Security Lecture 17 COMP 416 Fall 2010

COMP 416 :: Fall 2009

How RSA works.

• Pick two prime numbers.– p, q– Roughly equal size in bits.– The number p*q is called the modulus m.

• Now find two numbers e and d.– Relationship: e*d-1 = k * (p-1) (q-1)

• Public key is (e, pq)

• Private key is (d, pq)

Page 19: COMP 416 :: Fall 2010 Security Lecture 17 COMP 416 Fall 2010

COMP 416 :: Fall 2009

How RSA works

• To encode:– Break up message into fixed-size blocks.– Treat each block as one big number.

• Must be sure that max. value is less than pq.

– For each block bi, calculate ci = bie mod pq

• To decode:

– From ci calculate bi = cid mod pq

– Notice the symmetry.

Page 20: COMP 416 :: Fall 2010 Security Lecture 17 COMP 416 Fall 2010

COMP 416 :: Fall 2009

RSA cont’d.• Large number exponentiation.

– Whenever intermediate results get larger than the modulus, simply mod them back into range.

int mod_exp (int b, int e, int m) {

int res = 1;

while (e != 0) {

if (e % 2 == 1) res = (res * b) % m;

b = (b * b) % m;

e = e >> 1;

}

return res;

}

Page 21: COMP 416 :: Fall 2010 Security Lecture 17 COMP 416 Fall 2010

COMP 416 :: Fall 2009

Breaking RSA

• Inverting this is hard

– ci = bie mod pq

– That’s the “one-way” part.

• Key to breaking RSA is figuring out p and q from p*q.– Then, given public key (e, pq), you can derive

what d (the private key) is.– Fortunately, factorization is hard.

Page 22: COMP 416 :: Fall 2010 Security Lecture 17 COMP 416 Fall 2010

COMP 416 :: Fall 2009

Private communication• Public-key systems are slow.

– OK for things like digital signatures

– Not so good for long streams of communication.

• Private key systems– Both endpoints have the same key which is used to

encrypt/decrypt the message.

– Lots of algorithms (DES is very famous)

– What’s the problem?• Key exchange

– What’s the solution?• Use public-key system to exchange a “session” key and then use the

session key for crypto.

Page 23: COMP 416 :: Fall 2010 Security Lecture 17 COMP 416 Fall 2010

COMP 416 :: Fall 2009

SSL• Secure Sockets Layer

– URL starts with “https”

– Sits between HTTP and TCP.

– SSL Handshake• Server provides certificate to client with public key

• Client uses key to exchange info. with server and generate a session key.

– HTTP works just the same.

– TCP works just the same.

– SSL acts like a filter between them encrypting/decrypting everything.

Page 24: COMP 416 :: Fall 2010 Security Lecture 17 COMP 416 Fall 2010

COMP 416 :: Fall 2009

Client-side Programming

• Sandbox– Limit execution privileges of scripts.

• Same origin policy.

• No local filesystem privileges.

• Signed Scripts– Present a certificate that vouches for the script.– Expanded privileges granted to signed script

either by policy or by user via dialog.

Page 25: COMP 416 :: Fall 2010 Security Lecture 17 COMP 416 Fall 2010

COMP 416 :: Fall 2009

Discussion• Everything ties back to authentication.

– Specifically, you need a way to trust that the public key for someone is really their public key.

• Why should we trust a particular certificate?– Web of trust.

• If enough people say that the certificate is valid, then we trust that it is valid.

• Key point: no central point of failure.

• Implication: centralized security (gov’t or otherwise) very vulnerable and highly suspect.

Page 26: COMP 416 :: Fall 2010 Security Lecture 17 COMP 416 Fall 2010

COMP 416 :: Fall 2009

Last points

• Trade-off between flexibility and modes of failure.

• Security based on secret algorithms almost always fails.