NBA 600: Session 21 Privacy and Security 8 April 2003

1
NBA 600 Session 21Privacy and Security8 April
2003

• Daniel Huttenlocher

2
Todays Class

• Public key cryptography
• Infrastructure (PKI)
• Encryption, signatures, certificates, authorities
• E-commerce transactions
• Network security
• Malicious code (malware)
• Viruses, worms, Trojan horses
• Protecting your business
• Differences between online, networked and
  physical worlds

3
Increasing Risks

• Information security getting harder
• More varied access required
• More sophisticated attacks/attackers
• Online and networked world poses more challenges
  than offline or isolated world
• Automated challenges
• ATM PIN vs. website password
• Action at a distance
• Harder to monitor and to challenge
• Availability of techniques to non-experts
• Experts develop, non-experts with time use

4
Public Key Cryptography

• Invented by Diffie and Hellman, early 70s
• Encryption key is public
• Known to anyone, but specific to recipient
• Decryption key is private
• Known only to recipient
• Encryption and decryption keys come in pairs
• Only private key can decrypt messages that were
  encrypted with corresponding public key
• Knowing public key does not make it easy to
  determine private key
• RSA, most widely used schemes depends on
  difficulty of factoring large numbers

5
Public Key Encryption on Web

• Secure Web sites
• Data encrypted using SSL (Secure Socket Layer)
• Same data transfer but encrypted
• URLs start with https// rather than http//
• Shows up with padlock in browser status bar
• Hybrid scheme where public key encryption used to
  exchange shared keys
• Traditional (symmetric) encryption considerably
  faster than public key
• Use public key as way of safely sending keys for
  symmetric encryption

6
Digital Signatures

• Sender uses their private key to encrypt the
  message
• Usually encrypt something short computed from the
  message because its cheaper
• Called a hash
• Sends to recipient
• Recipient uses senders public key to decrypt in
  order to validate from sender
• Get this key from someplace trusted
• If they get the correct message or hash then
  must have been sent with senders private key

7
Public Key Schematic

• Bob wants to send private, signed message to
  Alice
• Encrypts a hash with his private key
• Encrypts the message with Alices public key
• Only Alice can decode with her private key
• Then she uses Bobs public key to verify signature

Untrusted Network
8
Issues With Digital Signatures

• Some state laws make assignee responsible for
  all uses of digital signature
• Until revoked
• Means you are liable for what your signature is
  used for
• Until you know it has been misused and have been
  able to get CA to revoke it
• Very different from credit cards
• Where you can deny transactions after the fact
  both under law and under convention/contract
• Makes less attractive for payments

9
Digital Certificates

• Set of trusted authorities
• Known to client software such as IE
• Stores public key of each authority
• An authority issues a certificate to the operator
  of a Web site
• Digitally signed (with authoritys private key)
• Contains public key of Web site operator
• For a fee e.g., currently VeriSign charges
  900/yr for 128-bit SSL certificate
• When Web browser connects to a secure site it
  receives the certificate
• Uses authoritys public key to validate

10
Digital Certificates Not Foolproof

• Web browser has list of trusted certificate
  authorities (CAs)
• Do you trust them?
• How are they determined?
• Who do they grant authority to?
• How do CAs verify identity
• E.g., elaborate cons

11
SSL Encryption Setup

• Before padlock appears on browser
• Client contacts server gets certificate,
  validates it (1-3)
• Client sends PK encrypted secret data, server
  decrypts, both create shared keys (4-6)
• Symmetric encrypted data transfer begins (7)
• Generally takes under a second

Source CacheFlow
12
Cryptographic Key Length

• Hear about n bit keys, e.g., 128 bit
• 2n possible values
• E.g., for 40 bits about a trillion values
• A trillion sounds big, but
• If a billion values per second can be tried then
  only about 15 mins
• A fast desktop computer does a couple billion
  operations per second (e.g., 2.4 gHz)
• A few of these together can test a billion key
  values per second
• 1998 machine to crack 56 bit DES keys
• Average of 4.5 days

13
More on Cryptographic Keys

• Key sizes today
• Triple-DES uses 122 bit keys
• Most methods use at least 128 bit keys
• Each additional bit makes trying all
  possibilities take twice as long
• So if 40 bit key takes 15 mins
• 50 bits takes 10 days (250 hours)
• 60 bits takes 27 years (10000 days), etc.
• Public keys need to be considerably bigger
• Depend on difficulty of factoring numbers
• Current rule of thumb 1024 bit or longer

14
Network Security

• Traditionally predicated on internal versus
  external risks
• Internal handled through passwords, monitoring
  and restricted physical access
• External handled through isolation (firewall)
• Do not allow data to/from outside world
• Traditional models not working well any longer
• Needs for remote access to protected data
• Employees, trusted customers/suppliers
• Email viruses bring untrusted inside

15
Network Security a Balancing Act

• Maximize safety without unduly limiting
  legitimate work
• Parallels to physical security
• As with all complex security problems
• Protection
• Detection
• Reaction
• Protection now harder because isolation was
  best protection
• Detection and reaction involve people and
  procedures more heavily

16
VPNs

• Virtual Private Network (VPN)
• An encrypted connection over an untrusted network
  (e.g., Internet)
• On both ends, acts as if part of the company
  trusted network
• VPN server connected to by user machines in the
  field
• Most widely used is Microsofts PPTP
• First version had substantial security flaws
  discovered by outside experts
• As with all complex software still issues
• E.g., late 2002 denial of service attack

17
Schematic of VPN
18
Risks of VPNs

• Security flaws particularly problematic
• Because allows external access to the network,
  compromise can bring outsiders inside
• Passwords are more at risk
• External source of attack less accountability
• Passwords may be stolen or observed
• Non-electronically or with spyware
• Users may not adequately protect machines on the
  VPN
• Access by friends, household members, colleagues,
  etc.

19
Malicious Code (Malware)

• Dates back to early days of computing
• Often as pranks, or to demonstrate possibilities
• Some terminology
• Virus hidden program or piece of code that
  infects some other program or file causing an
  unexpected, usually negative, result
• Worm independent program that actively
  duplicates itself
• Trojan horse malicious program that pretends to
  be a benign application
• Generally must be deliberately installed

20
Spreading Viruses

• Most viruses today are scripts or macros that
  infect files or email
• Because files and email are commonly exchanged
  between people
• Such viruses spread more quickly than other means
  such as sharing programs
• Viruses are always created by someone who intends
  to do harm
• Often based on templates, so many similar
• Virus scanners must be updated for each new
  virus, impossible to predict new ones

21
Current Virus Prevention

• Email filters that examine both incoming and
  outgoing email
• Remove known viruses, automatically update
• Most now replicate via address book
• Scans of file systems for infected programs and
  files
• Still can get bitten by new ones
• Opening attachments can be dangerous
• Even if from someone you know because they may be
  infected
• Even viewing email in auto-preview panes can be
  problematic

22
Worms and Trojan Horses

• Less prevalent because harder to spread
• Worms tend to exploit flaws in servers
• Usually buffer overflow which allows code sent
  over network to be executed
• Think of someone blindly following a recipe and
  you can insert new steps they simply follow
• Recent one was Microsoft SQL server slammer
  worm
• Widespread effect this past January
• Trojan horses install unknown functionality
• All downloaded programs a risk this way

23
Protecting Your Business

• Need good technology but not enough
• Should be easy to use and fit with work processes
• Need to instill importance in employees and have
  them contribute to security not evade
• View computer and network security as a senior
  management issue
• Policies set by CIO/CTO but agreed to and
  followed by all senior managers
• Likely to have impact on employees and business
  than physical security

24
Security Rules of Thumb

• Basic technology policies
• Keep software patches on all externally
  accessible and critical systems up to date
• According to CERT prevents 95 of intrusions
• Use automatically updating anti-virus software
• Use firewalls and network loggers
• Have regular, automated, offsite backups
• Periodically test that restores work
• Basic personnel policies
• Information security is everyones
  responsibility, broadly educate employees

25
Passwords

• Particularly difficult balance between security
  and usability
• One-time token systems can help
• External access particularly problematic
• Wide range of remote attackers
• Most passwords easy to crack
• E.g., Dictionary lookups in matter of minutes
• Even all possible 7 character passwords can be
  tried in a few weeks
• But policies can make worse

26
Microsoft Trustworthy Computing

• Initiative launched in early 2002
• Across all product groups
• Active involvement of research and academics
• Goals are to provide
• Security
• Privacy
• Reliability
• Business Integrity
• Products and services using software that are as
  trustworthy as those using electricity
• Took electric industry from 1880s-1920s

27
Trustworthy Computing Goals

• Security
• Systems that are resilient to attack and protect
  confidentiality, integrity and availability
• Privacy
• Customer able to control data about themselves
  and those using data adhere to fair information
  principles
• Reliability
• Customer can depend on product to fulfill its
  functions when required to do so
• Business integrity
• Vendor behaves responsively and responsibly

28
Trustworthy Computing Means

• Secure by design, by default and in deployment
• Fair information principles
• User data only collected or shared with consent
• Availability ready for use
• Manageability
• Easy to install and manage scalable
• Accuracy functions correctly
• Usability easy to use and suited to needs
• Responsiveness and transparency of firm

29
Some Main Players in Security

• VeriSign (VRSN)
• Digital trust services
• 1.2B/yr revenue, up 24 y-o-y (acquisition)
• 2.3B market cap
• CheckPoint Software (CHKP)
• Firewalls
• 427M/yr revenue, down 19 y-o-y
• 3.9B market cap
• RSA Security (RSAS)
• E-Security solutions (e.g., secureID)
• 230M/yr revenue, down 18 y-o-y
• 420M market cap