1 NBA 600: Session 21 Privacy and Security 8 April 2003Daniel Huttenlocher
2 Today’s Class Public key cryptography Network securityInfrastructure (PKI) Encryption, signatures, certificates, authorities E-commerce transactions Network security Malicious code (“malware”) Viruses, worms, Trojan horses Protecting your business Differences between online, networked and physical worlds
3 Increasing Risks Information security getting harderMore varied access required More sophisticated attacks/attackers Online and networked world poses more challenges than offline or isolated world Automated challenges ATM PIN vs. website password Action at a distance Harder to monitor and to challenge Availability of techniques to non-experts Experts develop, non-experts with time use
4 Public Key CryptographyInvented by Diffie and Hellman, early ’70’s Encryption key is public Known to anyone, but specific to recipient Decryption key is private Known only to recipient Encryption and decryption keys come in pairs Only private key can decrypt messages that were encrypted with corresponding public key Knowing public key does not make it easy to determine private key RSA, most widely used schemes depends on difficulty of factoring large numbers
5 Public Key Encryption on WebSecure Web sites Data encrypted using SSL (Secure Socket Layer) Same data transfer but encrypted URL’s start with https:// rather than Shows up with “padlock” in browser status bar Hybrid scheme where public key encryption used to exchange shared keys Traditional (symmetric) encryption considerably faster than public key Use public key as way of safely sending keys for symmetric encryption
6 Digital Signatures Sender uses their private key to encrypt the message Usually encrypt something short computed from the message because its cheaper Called a “hash” Sends to recipient Recipient uses senders public key to decrypt in order to validate from sender Get this key from someplace trusted If they get the correct message or “hash” then must have been sent with sender’s private key
7 Public Key Schematic Bob wants to send private, signed message to Alice Encrypts a hash with his private key Encrypts the message with Alice’s public key Only Alice can decode with her private key Then she uses Bob’s public key to verify signature AlicePublic Encryption of Message and BobPrivate Encrypted Hash AlicePublic Encryption of Message and BobPrivate Encrypted Hash Message Message Untrusted Network BobPrivate Encryption of Hash BobPrivate Encryption of Hash Hash
8 Issues With Digital SignaturesSome state laws make “assignee” responsible for all uses of digital signature Until revoked Means you are liable for what your signature is used for Until you know it has been misused and have been able to get CA to revoke it Very different from credit cards Where you can deny transactions after the fact both under law and under convention/contract Makes less attractive for payments
9 Digital Certificates Set of trusted authoritiesKnown to client software such as IE Stores public key of each authority An authority issues a certificate to the operator of a Web site Digitally signed (with authority’s private key) Contains public key of Web site operator For a fee: e.g., currently VeriSign charges $900/yr for 128-bit SSL certificate When Web browser connects to a secure site it receives the certificate Uses authority’s public key to validate
10 Digital Certificates Not FoolproofWeb browser has list of trusted certificate authorities (CA’s) Do you trust them? How are they determined? Who do they grant authority to? How do CA’s verify identity E.g., elaborate cons
11 SSL Encryption Setup Before “padlock” appears on browser:Client contacts server gets certificate, validates it (1-3) Client sends PK encrypted secret data, server decrypts, both create shared keys (4-6) Symmetric encrypted data transfer begins (7) Generally takes under a second Source: CacheFlow
12 Cryptographic Key LengthHear about “n bit keys”, e.g., 128 bit 2n possible values E.g., for 40 bits about a trillion values A trillion sounds big, but… If a billion values per second can be tried then only about 15 mins A fast desktop computer does a couple billion operations per second (e.g., 2.4 gHz) A few of these together can test a billion key values per second 1998 “machine” to crack 56 bit DES keys Average of 4.5 days
13 More on Cryptographic KeysKey sizes today Triple-DES uses 122 bit keys Most methods use at least 128 bit keys Each additional bit makes trying all possibilities take twice as long So if 40 bit key takes 15 mins 50 bits takes 10 days (250 hours) 60 bits takes 27 years (10000 days), etc. Public keys need to be considerably bigger Depend on difficulty of factoring numbers Current rule of thumb 1024 bit or longer
14 Network Security Traditionally predicated on internal versus external risks Internal handled through passwords, monitoring and restricted physical access External handled through isolation (firewall) Do not allow data to/from outside world Traditional models not working well any longer Needs for remote access to protected data Employees, trusted customers/suppliers viruses bring untrusted inside
15 Network Security a Balancing ActMaximize safety without unduly limiting legitimate work Parallels to physical security As with all complex security problems Protection Detection Reaction Protection now harder because isolation was “best” protection Detection and reaction involve people and procedures more heavily
16 VPN’s Virtual Private Network (VPN)An encrypted connection over an untrusted network (e.g., Internet) On both ends, acts as if part of the company trusted network VPN server connected to by user machines “in the field” Most widely used is Microsoft’s PPTP First version had substantial security flaws discovered by outside experts As with all complex software still issues E.g., late 2002 denial of service attack
17 Schematic of VPN
18 Risks of VPN’s Security flaws particularly problematicBecause allows external access to the network, compromise can bring outsiders inside Passwords are more at risk External source of attack; less accountability Passwords may be stolen or observed Non-electronically or with spyware Users may not adequately protect machines on the VPN Access by friends, household members, colleagues, etc.
19 Malicious Code (“Malware”)Dates back to early days of computing Often as pranks, or to demonstrate possibilities Some terminology Virus: hidden program or piece of code that “infects” some other program or file causing an unexpected, usually negative, result Worm: independent program that actively duplicates itself Trojan horse: malicious program that pretends to be a benign application Generally must be deliberately installed
20 Spreading Viruses Most viruses today are scripts or macros that infect files or Because files and are commonly exchanged between people Such viruses spread more quickly than other means such as sharing programs Viruses are always created by someone who intends to do harm Often based on “templates”, so many similar Virus scanners must be updated for each new virus, impossible to predict new ones
21 Current Virus Preventionfilters that examine both incoming and outgoing Remove known viruses, automatically update Most now replicate via address book Scans of file systems for infected programs and files Still can get “bitten” by new ones Opening attachments can be dangerous Even if from someone you know because they may be infected Even viewing in auto-preview panes can be problematic
22 Worms and Trojan HorsesLess prevalent because harder to spread Worms tend to exploit flaws in servers Usually “buffer overflow” which allows code sent over network to be executed Think of someone blindly following a recipe and you can insert new steps they simply follow Recent one was Microsoft SQL server “slammer” worm Widespread effect this past January Trojan horses install unknown functionality All downloaded programs a risk this way
23 Protecting Your BusinessNeed good technology but not enough Should be easy to use and fit with work processes Need to instill importance in employees and have them contribute to security not evade View computer and network security as a senior management issue Policies set by CIO/CTO but agreed to and followed by all senior managers Likely to have impact on employees and business than physical security
24 Security Rules of ThumbBasic technology policies Keep software patches on all externally accessible and critical systems up to date According to CERT prevents 95% of intrusions Use automatically updating anti-virus software Use firewalls and network loggers Have regular, automated, offsite backups Periodically test that restores work Basic personnel policies Information security is everyone’s responsibility, broadly educate employees
25 Passwords Particularly difficult balance between security and usability One-time token systems can help External access particularly problematic Wide range of remote attackers Most passwords easy to crack E.g., Dictionary lookups in matter of minutes Even all possible 7 character passwords can be tried in a few weeks But policies can make worse
26 Microsoft Trustworthy ComputingInitiative launched in early 2002 Across all product groups Active involvement of research and academics Goals are to provide Security Privacy Reliability Business Integrity Products and services using software that are as trustworthy as those using electricity Took electric industry from 1880’s-1920’s
27 Trustworthy Computing GoalsSecurity Systems that are resilient to attack and protect confidentiality, integrity and availability Privacy Customer able to control data about themselves and those using data adhere to “fair information” principles Reliability Customer can depend on product to fulfill its functions when required to do so Business integrity Vendor behaves responsively and responsibly
28 Trustworthy Computing MeansSecure by design, by default and in deployment Fair information principles User data only collected or shared with consent Availability – ready for use Manageability Easy to install and manage; scalable Accuracy – functions correctly Usability – easy to use and suited to needs Responsiveness and transparency of firm
29 Some Main Players in SecurityVeriSign (VRSN) Digital trust services $1.2B/yr revenue, up 24% y-o-y (acquisition) $2.3B market cap CheckPoint Software (CHKP) Firewalls $427M/yr revenue, down 19% y-o-y $3.9B market cap RSA Security (RSAS) E-Security solutions (e.g., secureID) $230M/yr revenue, down 18% y-o-y $420M market cap