ISA 662 Review for the Final Exam

1
ISA 662 Review for the Final Exam

• Spring 2006
• Duminda Wijesekera

2
Covered Topics

• Cryptography
• Key management
• Protocols
• Authentication and Identity
• Information flow and confinement
• Non-inteferearence and policy composition

3
Cryptography

• Diffie-Hellman
• RSA
• Cryptographic Checksums

4
The Big Picture
Plain- text
Plain- text
Ciphertext
Encryption Algorithm
Decryption Algorithm
INSECURE CHANNEL
A
B
B's Public Key
B's Private Key
RELIABLE CHANNEL
B's Public Key
5
The Need
Plain- text
Plain- text
Ciphertext
Encryption Algorithm
Decryption Algorithm
INSECURE CHANNEL
A
B
B's Public Key
B's Private Key
RELIABLE CHANNEL
B's Public Key
6
Diffie-Hellman Key Exchange
7
D-H Mathematics Discrete Logarithm

• D-H is based on the discrete logarithm problem
• Given integers n and g and prime number p,
  compute k such that n g k mod p
• In general computationally infeasible
• Choices for g and p are critical
• Both p and (p1)/2 should be prime
• p should be large (at least 512 bits, possibly
  1028 bits)
• g should be a primitive root mod p

8
Man-in-the-middle Attack
K1
K2
B
C
A
active intruder
K1
A
B
K2
A
B
9
RSA In Summary

• Choose public key (n,e)
• Compute private key (n,d)
• Encryption C Me mod n
• Decryption M Cd mod n
• Underlying theory Euler's Totient Theorem

10
Key Generation

• Choose 2 large (512 bit) prime numbers
• p and q
• Compute n p q
• Choose e relatively prime to (p-1)(q-1)
• Compute d such that 1 ed mod (p-1)(q-1)
• Publish (n,e) and keep (n,d) (discard p, q)

11
Encryption/Decryption

• Encryption C Me mod n
• Decryption M Cd mod n
• Underlying theory
• Cd mod n (Me mod n)d mod n Med mod n
• M1 mod (p-1)(q-1) mod n
• M (p-1)(q-1)i 1 mod n
• (1i M) mod n (by Fermats Little Theorem)
• M mod n
• M (require Mltn M relatively prime to n)

12
One-way Hash Functions

• Also known as message digest
• A function H(M) m satisfies
• (Fixed length) M can be of any length, whereas m
  is of fixed length
• (One-way) computing H(M)m is easy, but
  computing H-1(m)M is computationally infeasible
• (Collision-free) in two forms
• Weak collision-freedom given any M, difficult to
  find another M such that H(M)H(M)
• Strong collision-freedom difficult to find any M
  and M such that H(M)H(M)

13
Use of Public-Key Cryptosystems
Public Key
Encryption
Receiver
Private Key
Signature
Sender
14
Kerberose
15
What Kerberos Provides

• A centralized authentication service
• Authenticate users to services
• Authenticate services to users
• Servers are relieved of the burden of maintaining
  authentication information
• Supports inter-server authentication

16
Main Components and Interactions
Kerberos
1. Request ticket to talk to Bob
Client Alice
2. Invents session key Kab, encrypts with
Alices master key EKa(Kab), encrypts with
Bobs master key EKb(Kab), Sends over to
Alice
4. Checks and start using Kab
3. Submits EKb(Kab),

• Main Component Key Distribution Center
• Shares a master key with each principle
• Generates session keys,
• encrypts using a remote recipients key ticket

Server Bob
17
Protocols

• Background
• PEM
• SSL
• IPSEC

18
SSL Protocol Stack
Somethings wrong!
establishing
and done!
encrypt/MAC
SSL Record Protocol
TCP
IP

• Before we zoom on each of them, we consider two
  things
• How to characterize an SSL connection (i.e., SSL
  parameters)
• What cipher techniques can be used

19
SSL Session and Connection (Contd)

• Why two separate terms?
• So the two sets of parameters can change
  independently
• Session states change less frequently (for
  performance)
• Connection states change more frequently (for
  security)
• One session (re-used by) multiple connections

New session state
session1
session2
connn
connection2
connection1

New connection state
20
SSL Session and Connection (Contd)

• Why two separate terms?
• So the two sets of parameters can change
  independently
• Session states change less frequently (for
  performance)
• Connection states change more frequently (for
  security)
• One session (re-used by) multiple connections

New session state
session1
session2
connn
connection2
connection1

New connection state
21
Overview
client
server
client hello
1
server hello

• Negotiate security capabilities between client,
  server
• Server authenticates itself and key exchange
• Client validates server and key exchange
• Finish and acknowledgement

certificate
server key exchange
2
request for cert
server done
certificate
certificate verification
3
client key exchange
change cipher spec
finished
4
We shall only consider 1-way handshake with RSA
(only server authenticates itself to client)
change cipher spec
finished
Indicate optional or situation-dependent
messages that are not always sent
22
Overview
client
server
client hello
1
server hello

• Negotiate security capabilities between client,
  server
• Server authenticates itself and key exchange
• Client validates server and key exchange
• Finish and acknowledgement

certificate
server key exchange
2
request for cert
server done
certificate
certificate verification
3
client key exchange
change cipher spec
finished
4
We shall only consider 1-way handshake with RSA
(only server authenticates itself to client)
change cipher spec
finished
Indicate optional or situation-dependent
messages that are not always sent
23
IPsec Overview

• Security Association
• Transport mode and tunnel mode
• Traffic protocols
• IP AH (Authentication header) protocol
• IP ESP (Encapsulating security protocol)
• Key exchange protocol
• IKE

Upper layer protocols (e.g., TCP, UDP, SSL, etc.)
IPsec traffic protocol (AH/ESP)
Key Exchange (e.g., IKE)
IP
24
IPsec Mode Overview

• Both traffic protocols (AH/ESP) can run in
• Transport mode
• Tunnel mode
• Four combinations
• (AH,ESP) (transport, tunnel)
• For different purposes

25
Transport Mode

• End to end (like SSL)
• The IP header is in clear (for routing)
• The goal is to protect payload only

payload
IP header
Alice
Bob
protected payload
IP header
IP header
Alice
Bob
Eve
26
Tunnel Mode

• Security gateway to security gateway
• The whole packet is embedded as payload
• The goal is to protect payload as well as traffic
  (the gateway usually has concurrent connections)

Alice
Bob
Alice
Bob
OSF1
OSF2
Eve
27
ISA 662 Information System Security

• Information Flow Control and Confinement

28
Entropy (Sec 32.2)

• H(X) - ?i p(Xxi) log2 p(Xxi)
• Measures the uncertainty of X
• How many bits required to represent X
• Example
• X 0 or 1, equally likely
• H(X) - ( p(X0)log2 p(X0) p(X1)log2 (X1) )
  
• - (1/2 log2 1/2 1/2 log2 1/2 )
  1
• Y 1 certainly Y0 impossible
• H(Y) - ( p(Y1)log2 p(Y1) ) Taking
  log2(0)0
• - 1 log2 1 0

29
Outline

• Entropy-based analysis
• Non-lattice information flow policies
• Compiler-based mechanisms
• Confinement problem and covert channel

30
Non-interefernce

• Problems with BLP Models
• Covert Channels
• Composing BLP models
• Deterministic Noninterference
• Unwinding theorem
• ACL Interpretation of Noninterference
• Restating Noninterference w.r.t. AC matrix model
• Policy Changes over time
• Composing deterministic noninterference secure
  systems

31
Entropy (Sec 32.2)

• H(X) - ?i p(Xxi) log2 p(Xxi)
• Measures the uncertainty of X
• How many bits required to represent X
• Example
• X 0 or 1, equally likely
• H(X) - ( p(X0)log2 p(X0) p(X1)log2 (X1) )
  
• - (1/2 log2 1/2 1/2 log2 1/2 )
  1
• Y 1 certainly Y0 impossible
• H(Y) - ( p(Y1)log2 p(Y1) ) Taking
  log2(0)0
• - 1 log2 1 0