sign in sign up
<<
Home , Public key certificate, Secure channel, Stunnel

Main Points

• Applying last week’s lectures in practice • Creating Secure Channels Secure Channels • Example Applications – PGP: CS 161/194-1 – TLS: Anthony D. Joseph – VPN: September 26, 2005

September 26, 2005 CS161 Fall 2005 2 Joseph/Tygar/Vazirani/Wagner

What is a ? Plaintext Plaintext Creating Secure Channels

Encryption / Internet / • and Data Integrity Decryption Decryption and MAC – Use Public Infrastructure or third-party server to authenticate each end to the other • A stream with these security requirements: – Add Code for – Authentication integrity • Ensures sender and receiver are who they claim to be – Confidentiality • Confidentiality • Ensures that data is read only by authorized users – Data integrity – Exchange session key for encrypt/decrypt ops • Ensures that data is not changed from source to destination • Bulk data transfer – Non-repudiation (not discussed today) • Ensures that sender can’t deny message and rcvr can’t deny msg • Key Distribution and Segmentation September 26, 2005 CS161 Fall 2005 3 September 26, 2005 CS161 Fall 2005 4 Joseph/Tygar/Vazirani/Wagner Joseph/Tygar/Vazirani/Wagner

Symmetric Key-based Symmetric Key-based Secure Channel

Secure Channel Alice Bob

• Sender (A) and receiver (B) share secret keys KABencrypt KABencrypt

– One key for A è B confidentiality KABauth KABauth – One for A è B authentication/integrity Message MAC Compare? Message – Each message sent from A è B contains: MAC

• Ciphertext = E_KABencrypt(nonce + msg)

• Authenticity/Integrity check = MAC_KABauth(Ciphertext) Nonce + Message Encryption Decryption Nonce Check? C = E_KABencrypt(M), • Different keys for each direction = 4 keys MAC_KABauth(C)

– KABencrypt, KABauth, KBAencrypt, KBAauth How to exchange secret keys?

September 26, 2005 CS161 Fall 2005 5 September 26, 2005 CS161 Fall 2005 6 Joseph/Tygar/Vazirani/Wagner Joseph/Tygar/Vazirani/Wagner

1 Secure Channel: Choice #1 PKI Components

• Use public key certificates • Requires Public Key Infrastructure (PKI) – Manages wide-scale public key distribution – Provides a trust distribution mechanism • PKI Properties – Authentication è via Public Key Certificates – Confidentiality è via Encryption – Integrity è via Digital Signatures

September 26, 2005 CS161 Fall 2005 7 September 26, 2005 CS161 Fall 2005 8 Joseph/Tygar/Vazirani/Wagner Joseph/Tygar/Vazirani/Wagner

Certification Authority Digital Certificate

• People, processes responsible for creation, • Signed data structure that binds delivery and management of digital certificates an entity with its corresponding • Organized in a hierarchy public key – Enables delegation of authority (sign on behalf of X)

Root CA (Verisign) – Signed by a recognized and trusted authority = Certification Authority CA-1 (yahoo.com) CA-2 (berkeley.edu) (CA) CA-2.1 (eecs.berkeley.edu) – Provide assurance that a particular public key belongs to a specific entity

September 26, 2005 CS161 Fall 2005 9 September 26, 2005 CS161 Fall 2005 10 Joseph/Tygar/Vazirani/Wagner Joseph/Tygar/Vazirani/Wagner

Digital Certificate Chain Browsers Include Root CA Certificates Anthony’s Digital Certificate UCB EECS’ Digital Cert Tools? Options ? Advanced ? View Certs

Name: Anthony Joseph Name: UCB EECS Public Key: 0xABCD12345 Public Key: 0xEF67890B

Signed by Signed by UCB EECS UCB

Verisign CA’s Digital Cert UCB’s Digital Certificate

Name: Verisign CA Name: UCB Public Key: 0xBCD012345 Public Key: 0x98765432

Signed by Signed by Verisign Verisign September 26, 2005 CA CS161 Fall 2005 CA 11 September 26, 2005 CS161 Fall 2005 12 Joseph/Tygar/Vazirani/Wagner Joseph/Tygar/Vazirani/Wagner

2 PKI Example: Creating Certs PKI Example: Getting Keys

1. Alice generates her own key pair 4. Alice gets Bob’s public key from the CA private key public key Alice Alice

private key publicBob key 2. Bob generates his own key pair Alice

private key public key Bob Bob 5. Bob gets Alice’s public key from the CA public key

Alice 3. Both send their public key to a CA and private key receive a signed by CA Bob

September 26, 2005 CS161 Fall 2005 13 September 26, 2005 CS161 Fall 2005 14 Joseph/Tygar/Vazirani/Wagner Joseph/Tygar/Vazirani/Wagner

PKI Example: Secure Channel Secure Channel: Choice #2 5. Alice uses private key to encrypt and sign: Auth authentication, confidentiality, integrity server

Alice Recall: Asymmetric Bob KB KA is expensive! ? Use only Alice for authentication and Public Bob Alice symmetric Alice Private Message Sign Hash Hash and compare Message • Use a trusted third-party authentication

Encryption Decryption server and symmetric key for authentication, integrity, and confidentiality Bob Bob Public Private • Users share secret key with auth server September 26, 2005 CS161 Fall 2005 15 September 26, 2005 CS161 Fall 2005 16 Joseph/Tygar/Vazirani/Wagner Joseph/Tygar/Vazirani/Wagner

Third-Party Authentication Authentication Choices Hi Bob! I’m Alice,

Here’s N L KAB • Both require a trusted third-party server Auth Hi Bob! I’m Alice, server • Both require wide-spread deployment of Here’s N L K AB server infrastructure KB KA • Still have distribution problem Bob Alice – Root certificates versus shared secrets • Alice constructs a secure channel to auth server • Difference is use of public/private key • Alice sends secret key message for Bob cryptosystem versus private/shared key one – Also includes nonce and session key lifetime - Why? • Another alternative: • Server constructs secure channel to Bob • Server forwards message – Pretty Good Privacy (more later on) September 26, 2005 CS161 Fall 2005 17 September 26, 2005 CS161 Fall 2005 18 Joseph/Tygar/Vazirani/Wagner Joseph/Tygar/Vazirani/Wagner

3 Three Concrete Examples Pretty Good Privacy (PGP)

• Pretty Good Privacy (PGP) • Provides • Transport Layer Security (TLS) – Authentication, Confidentiality, Integrity (optional) • Virtual Private Networks (VPN) • Application examples: file transfers, e-mail • Weaker authentication than PKI, but – Freely available: standalone and plug-ins for many e-mail clients – Not controlled by a government or standard organization

September 26, 2005 CS161 Fall 2005 19 September 26, 2005 CS161 Fall 2005 20 Joseph/Tygar/Vazirani/Wagner Joseph/Tygar/Vazirani/Wagner

PGP Services PGP: Public

• Authentication • No rigid public key management scheme – ; uses DSS/SHA or RSA/SHA • Problem: how to reliably get public key • Confidentiality – Possible solution: physically (secure but unpractical) or by phone – Encryption (triple DES or RSA) • PGP solution: build a “” • Integrity – Let’s assume you know several variably trusted users – Optional digital signature on entire message – Each of these indvidual can sign certificates for other users • Also provides – Each signature has an associated trust field indicating – Compression è Zip the level of trust in the certificate

September– E 26,-mail 2005 compatibilityCS161 èFall 2005Radix-64 conversion 21 September 26, 2005 CS161 Fall 2005 22 – Large file supportJoseph/Tygar/Vazirani/Wagner è Segmentation Joseph/Tygar/Vazirani/Wagner

Transport Layer Security (TLS) • Follow on to Secure Socket Layer (SSLv3) • Often used for secure HTTP web browsing – HTTPS (HTTP over SSL over TCP), SMTP, and NNTP [://bearfacts.berkeley.edu/] – standalone program tunnels any TCP traffic • Steps: 1. Negotiate algorithm choices for authentication and bulk data transfer 2. Use public key encryption-based key exchange or certificate-based authentication 3. Encrypt stream with symmetric • MAC and optional compression September 26, 2005 CS161 Fall 2005 23 September 26, 2005 CS161 Fall 2005 24 Joseph/Tygar/Vazirani/Wagner Joseph/Tygar/Vazirani/Wagner

4 Virtual Private Network (VPN) VPN Implementations

Yoyodyne Corp VPN server • Typically a virtual network driver that Internet User forwards traffic over a secure channel Branch Office – Many commercial clients for PCs Yahoo – Open source client: OpenVPN • Often need to provide secure remote access to a – Commercial hardware available for network protected by a performance or networks – Remote access, telecommuting, branch offices, … • Software clients use IPSEC or TLS/SSL • VPN tunnels all or some traffic from a machine or network to another network • Try it for yourself! – Provides Authentication, Confidentiality, Integrity – http://www.net.berkeley.edu/vpn/ September 26, 2005 CS161 Fall 2005 25 September 26, 2005 CS161 Fall 2005 26 Joseph/Tygar/Vazirani/Wagner Joseph/Tygar/Vazirani/Wagner

VPN Perimeter Security Issues VPN Perimeter Security Issues • Slammer worm penetrates • A VPN enables access to servers unsecured network of a – That’s the goal! D-B contractor • But, if remote machine or network is • Squirms through a VPN compromised, attacker gains access to the into D-B's internal network servers • Disables safety monitoring – Same as if they were inside building system for ~5hrs Ohio's Davis-Besse • Defeats physical and network security • Plant was already offline • Analog systems still online Nuclear Power Plant (Jan 2003) SecurityFocus 08/19/03 September 26, 2005 CS161 Fall 2005 27 September 26, 2005 CS161 Fall 2005 28 Joseph/Tygar/Vazirani/Wagner Joseph/Tygar/Vazirani/Wagner

5