Internet Security

1
Internet Security

• The art of war teaches us not to rely on the
  enemy not coming, but on our own readiness to
  receive him not on the chance of his attacking
  but rather on the fact that we have made our
  position unassailable.
  Sun Tze, The Art of War

2
Outline

• Introduction
• Reality Check
• Tradeoffs
• Security Requirements
• Cryptography
• Digital Commerce
• Firewalls

3
Motivation

• How Secure is the Real World?
• A simple stamped envelop buys fairly robust
  security
• Write a message on a piece of paper
• Seal that piece of paper in an envelope
• Write the name of the recipient on the outside of
  the envelope
• Mail the message
• Credit cards over the Internet are as exposed as
  they normally are
• Protecting privacy, property, and choice

4
Security Tradeoffs

• Ease of Use Vs Increased Complexity
• Flexibility Vs Rigid Guidelines
• Open Access Vs Restricted Access
• Possibly Some Performance Loss
• Increased Network Management Load

5
Security Requirements

• Confidentiality information exposed only to
  authorized parties.
• Authentication originator's identity is
  assured.
• Integrity information is received as sent.
• Non-repudiation sender and receiver cannot deny
  communication.
• Access Control resources are controlled by
  authorized parties.
• Availability resources are available when needed.

6
Cryptography The Study of Encryption

• What is encryption?
• Encryption is the transformation of data into a
  form unreadable by anyone without a secret
  decryption key. Its purpose is to ensure privacy
  by keeping the information hidden from anyone for
  whom it is not intended, even those who can see
  the encrypted data. Encryption allows secure
  communication over an insecure channel. In a
  symmetric cryptosystem, a single key serves as
  both the encryption and decryption keys.
• What is authentication?
• Authentication in a digital setting is a process
  whereby the receiver of a digital message can be
  confident of the identity of the sender and/or
  the integrity of the message. Authentication
  protocols can be based on either conventional
  secret-key cryptosystems like DES or on
  public-key systems like RSA authentication in
  public-key systems uses digital signatures.
• What is a digital signature?
• What is public-key cryptography?
• What are the advantages and disadvantages of
  public-key cryptography over secret-key
  cryptography?
• Is cryptography exportable from the U.S.?

7
Symmetric Cryptosystems

• Symmetric cryptosystems use the same key (the
  secret key) to encrypt and decrypt a message.
  This is the classic crypto system used in the
  past.
• Symmetric cryptosystems have a problem how do
  you transport the secret key from the sender to
  the recipient securely and in a tamperproof
  fashion?
• If you could send the secret key securely, you
  wouldn't need the symmetric cryptosystem in the
  first place (because you would simply use that
  same secure channel to send your message).
• Frequently, trusted couriers are used as a
  solution to this problem.

8
What Are Digital Signatures?

• The digital equivalent of the handwritten
  signature on printed documents
• A secure digital signature system consists of two
  parts
• a method of signing a document such that forgery
  is infeasible
• a method of verifying that a signature was
  actually generated by whomever it represents
• Secure digital signatures cannot be repudiated
  i.e., the signer of a document cannot later
  disown it by claiming it was forged

9
Public Key Cryptography

• Invented in 1976 by Whitfield Diffie and Martin
  Hellman in order to solve the key management
  problem
• Each person gets a pair of keys, called the
  public key and the private key. Each person's
  public key is published while the private key is
  kept secret.
• All communications involve only public keys, and
  no private key is ever transmitted or shared
• How it works for Encryption
• How it works for Authentication

10
How Public Key Cryptography Works For Encryption

• When Alice wishes to send a message to Bob, she
  looks up Bob's public key in a directory, uses it
  to encrypt the message and sends it off.
• Bob then uses his private key to decrypt the
  message and read it.
• No one listening in can decrypt the message.
• Anyone can send an encrypted message to Bob but
  only Bob can read it.
• Clearly, one requirement is that no one can
  figure out the private key from the corresponding
  public key.

11
How Public Key Cryptography Works For
Authentication

• Alice, to sign a message, does a computation
  involving both her private key and the message
  itself the output is called the digital
  signature and is attached to the message, which
  is then sent.
• Bob, to verify the signature, does some
  computation involving the message, the purported
  signature, and Alice's public key.
• If the results properly hold in a simple
  mathematical relation, the signature is verified
  as genuine otherwise, the signature may be
  fraudulent or the message altered, and they are
  discarded.

12
Comparison Public Key Vs Private Key

• The primary advantage of public-key cryptography
  is increased security the private keys do not
  ever need to be transmitted or revealed to
  anyone.
• Each person gets a pair of keys, called the
  public key and the private key. Each person's
  public key is published while the private key is
  kept secret.
• Public-key systems can provide a method for
  digital signatures and authentication. The
  authentication methods have non-repudiation
  properties. Such signed messages are provably
  authentic in a court of law.
• Public key methods suffer from poor performance.

13
Is Cryptography Exportable From the U.S.?

• All cryptographic products need export licenses
  from the State Department, acting under authority
  of the International Traffic in Arms Regulation
  (ITAR), which defines cryptographic devices,
  including software, as munitions.
• The NSA has de facto control over export of
  cryptographic products. The State Department will
  not grant a license without NSA approval and
  routinely grants licenses whenever NSA does
  approve.
• It is the stated policy of the NSA not to
  restrict export of cryptography for
  authentication it is only concerned with the use
  of cryptography for privacy.
• Export policy is currently a matter of great
  controversy, as many software and hardware
  vendors consider current export regulations
  overly restrictive and burdensome.

14
Commerce Over the Internet (WWW Enhancements)

• Secure HTTP (S-HTTP)Secure HTTP is an
  interoperable extension of the World-Wide Web's
  existing HyperText Transfer Protocol (HTTP) that
  provides communication and transaction security
  for WWW clients and servers. The protocol was
  developed by Enterprise Integration Technologies
  (EIT) beginning in early 1994. In S-HTTP, the
  client browser and the WWW server "negotiate" the
  level of security required.
• Secure Sockets Layer (SSL)The SSL Protocol
  developed by Netscape Communications is designed
  to provide privacy between two communicating
  applications (a client and a server). The
  advantage of the SSL Protocol is that it is
  application protocol independent.The SSL
  protocol provides "channel security" which has
  three basic properties The channel is
  private.The channel is authenticated. The
  channel is reliable.

15
Commerce Over the Internet Digital Cash

• What is it?
• Are there different types?
• The two-payment problem
• Blind signatures

16
Digital Cash The Internet Currency

• With digital cash, banks and customers (for
  example) use their encryption keys to encrypt
  (for security) and sign (for identification)
  blocks of digital data that represent money
  orders.
• A bank "signs" money orders using its private key
  and customers and merchants verify the signed
  money orders using the bank's widely published
  public key.
• Customers sign deposits and withdraws using their
  private key and the bank uses the customer's
  public key to verify the signed withdraws and
  deposits.

17
Types of Digital Cash

• IdentifiedIdentified digital cash contains the
  identity of the person who originally withdrew
  the money from the bank. Like credit cards,
  identified digital cash enables the bank to track
  the transaction.
• AnonymousAnonymous digital cash works just like
  real paper cash. It leaves no transaction trail.
  You create anonymous digital cash by using
  numbered bank accounts and blind
  signatures.Both types can used on-line and
  off-line (i.e. without directly involving a bank).

18
The Two Payment Problem

• Since digital cash is just a bunch of bits, a
  piece of digital cash is very easy to duplicate
  hence counterfeit.
• On-line digital cash systems prevent double
  spending by requiring merchants to contact the
  bank's computer with every sale. The bank
  computer maintains a database of all the spent
  pieces of digital cash and can easily indicate to
  the merchant if a given piece of digital cash is
  still spendable.
• Off-line digital cash systems detect
  double-spending in a couple of different ways
• Using "smart" cards which keep a mini database of
  all the pieces of digital cash spent by that
  smart card.
• Structure the digital cash and cryptographic
  protocols so the identity of the double spender
  is known by the time the piece of digital cash
  makes it way back to the bank.

19
Blind Signatures

• A person could gives a different (but
  definitively verifiable) pseudonym to every
  organization they do business with. They could
  pay for goods in untraceable electronic cash. At
  the same time, organizations would benefit from
  increased security and lower record-keeping
  costs.
• Recent innovations in microelectronics make this
  vision practical by providing personal
  representatives that store and manage their
  owners pseudonyms, credentials and cash. Such
  microprocessors have already been embedded in
  pocket computers the size and thickness of a
  credit card.
• Transactions employing these techniques avoid the
  possibility of fraud while maintaining the
  privacy of those who use them.

20
Firewalls

• What is a network firewall?
• A firewall is any one of several ways of
  protecting one network from another untrusted
  network. The actual mechanism whereby this is
  accomplished varies widely, but in principle, the
  firewall can be thought of as a pair of
  mechanisms one which exists to block traffic,
  and the other which exists to permit traffic.
  Some firewalls place a greater emphasis on
  blocking traffic, while others emphasize
  permitting traffic.
• Why would I want a firewall?
• What can a firewall protect against?
• What can't a firewall protect against?

21
Actual Firewalls

• Can be a computer with firewall software
• Might be a programmable multiprotocol router
• Or a combination of the above
• Note A firewall operates on headers of data
  packets - not on the contents, so firewalls can
  block or permit traffic based on source or
  destination, or type of protocol, but not on
  message content.

22
Why would I want a firewall?

• Keep the mischief makers off your network.
• In a case where a company's policies dictate how
  data must be protected, a firewall is very
  important, since it is the embodiment of the
  corporate policy.
• Lastly, a firewall can act as your corporate
  ambassador to the Internet - a safe place to
  store information you want the public to access.

23
What Can A Firewall Protect Against?

• Some firewalls operate on a specific service like
  Email, or all services except a specific service.
• Firewalls are configured to protect against
  unauthenticated interactive logins from the
  outside world.
• More elaborate firewalls block traffic from the
  outside to the inside, but permit users on the
  inside to communicate freely with the outside.
• Firewalls are also important since they can
  provide a single "choke point" where security and
  audit can be imposed.

24
What Can't A Firewall Protect Against?

• Firewalls can't protect against attacks that
  don't go through the firewall. For example, a
  magnetic tape can just as effectively be used to
  export data.
• Firewall policies must be realistic, and reflect
  the level of security in the entire network. For
  example, a site with classified data doesn't need
  a firewall at all they shouldn't be hooking up
  to the Internet in the first place.
• In general, a firewall cannot protect against a
  data-driven attack -- attacks in which something
  is mailed or copied to an internal host where it
  is then executed.