Copyright (C) 2003 Jane Hsu 1
Security and Encryption
Jane Hsu
Copyright (C) 2003 Jane Hsu 2
The Internet Is An Insecure Place
n Many protocols do not provide any security. n Viruses, worms, Trojan horses etc. n Client/server applications often require
transmission of user identity/passwords. n “Crackers” may sniff passwords and other
sensitive information off the network. n Need to restrict control access privileges n “Crackers” also actively exploit many system
vulnerability or “security holes ” to inflict damages or to gain access to valuable information.
n No system is totally immune to security problems.
Copyright (C) 2003 Jane Hsu 3 Copyright (C) 2003 Jane Hsu 4
Solution?
n
There is nothing more secure then a
computer which is not connected to the
network --- and powered off!
n
But…
n
These restrictions are simply unrealistic
and unacceptable.
Copyright (C) 2003 Jane Hsu 5
Firewalls
Problems
n
Firewalls assume that “the bad guys” are
on the outside – a bad assumption!
nFirewalls restrict how your users can use
the Internet.
Copyright (C) 2003 Jane Hsu 6
Web Security
n Content security
¨ Digital rights management (DRM) ¨ Encryption
¨ Digital watermark
n Network security
¨ Encryption
nSymmetric encryption: DES nAsymmetric encryption: RSA ¨ IP security
n Digital signature/envelope
Copyright (C) 2003 Jane Hsu 7
Security Threats
n系統入侵
n資料竊取
n資料竄改
n身份冒用
n惡意破壞
Copyright (C) 2003 Jane Hsu 8
電子商務安全性的條件
n 存取控制(Access Control ) ¨必須能防止非法使用者或訊息任意進入,同時亦能授權 合法登入者,具有特定的使用權限 n 資料保密性(Confidentiality) ¨必須能防止非法的接收者竊取傳送並發現明文 n 資料完整性(Integrity) ¨接收方可確認所收到的資訊無被篡改或部分取代之虞 n 資料來源驗證性(Authentication) ¨可驗證接收到的資訊確實由合法的發送方所傳送,而非 別人偽造或利用以前的訊息來傳送 n 不可否認性(Non- Repudiation) ¨發送方於傳送完資訊後,不可否認其傳送過資訊之事實Copyright (C) 2003 Jane Hsu 9
網路安全性管理工具
資料加密 數位簽章 電子認證 存取控制 入侵偵測 防火牆 虛擬私人網路 安全的 通訊管道 安全性 管理工具Copyright (C) 2003 Jane Hsu 10
何謂密碼系統?
n密碼就是發送訊息的一方,秘密地將信息
的原文更改成無法輕易辨識的密文,再將
密文不做任何特殊保護地傳送。 如此一旦
密文一旦落入攻擊者手中時,信息的原文
仍然受到保護。當密文傳送到收件者手
中,合法的收件者卻能巧 妙地恢復原文。
German Enigma Cipher Machine
n In 1918, Arthur Scherbius filed for a patent for EnigmaCipher Machine and offered it to the German Navy.
n In 1926, German navy begins using Enigma Machine, lightly modified from a commercial model.
n In 1930, German armed forces introduced a significantly modified military model.
n In1932, Marian Rejewski , a 27- year-old Cryptanalyst (Cipher Bureau of the Polish Intelligence Service in Warsaw, Poland) mathematically determined the
Simple Cryptography
ροµανσ
αρε
Plaintext Ciphertext
Copyright (C) 2003 Jane Hsu 13
Caesar Cipher
ABCDEFGHIJKLMNOPQRSTUVWXYZ
NOPQRSTUVWXYZABCDEFGHIJKLM
THE GOTHS COMETH
rotate 13 positionsFUR TAFUE PAYRFU
Plaintext Key Ciphertext 13
Copyright (C) 2003 Jane Hsu 14
ABCDEFGHIJKLMNOPQRSTUVWXYZ BCDEFGHIJKLMNOPQRSTUVWXYZA CDEFGHIJKLMNOPQRSTUVWXYZAB DEFGHIJKLMNOPQRSTUVWXYZABC EFGHIJKLMNOPQRSTUVWXYZABCD FGHIJKLMNOPQRSTUVWXYZABCDE GHIJKLMNOPQRSTUVWXYZABCDEF HIJKLMNOPQRSTUVWXYZABCD...
Rotating Key Cipher
SOUND THE RETREAT
DEADFED
VSUPC XKG UEWWEX
plaintext key ciphertext
Copyright (C) 2003 Jane Hsu 15
General Principles
n
Longer keys make better ciphers
nRandom keys make better ciphers
n
Good ciphers produce “random” ciphertext
nBest keys are used once and thrown away
Copyright (C) 2003 Jane Hsu 16
密碼系統的演進
n 早期的密碼系統其關鍵在於所使用的演算法只有 發文與收文的兩方知道,如果其他人也知道的 話,機密性將不復存在。這種將機密性建立在密 碼演算法的密碼系統,只適用於封閉性的環境, 但現今網路通訊是開放性的 ,因此必須使用共通 的密碼系統,也就是說密碼演算法必須公開 ,而 任何人都可以使用 n 為了因應這樣的需要,現代的密碼系統使用了鑰 匙 (key) 的概念Copyright (C) 2003 Jane Hsu 17
金鑰(Key)
n 所謂「金鑰」實際上僅是一長串難以記憶的 0 與 1 的組 合,可以儲存於電腦的硬碟、磁片或 IC 卡片中 n 主要的功能是在文件透過網路傳輸的過程中,由特定的密 碼演算法利用金鑰將傳輸文件編碼加密,收件者在接獲文 件時,透過金鑰將文件解密還原 n 由於使用的演算法是公開的,因此必須確保演算法本身是 安全的、無法破解,並且需要保護鑰匙 n 雖然鑰匙是一連串 0 與 1 的組合,若使用暴力入侵,得嘗 試各種不同 0 與 1 的組合。但假設鑰匙的長度為 N 位 元,則有 2N種不同的鑰匙。因此鑰匙的長度 (位元數) 越 長,理論上安全性越佳Copyright (C) 2003 Jane Hsu 18
Copyright (C) 2003 Jane Hsu 19
Symmetric (Private Key) Cryptography
n Examples:
¨DES (Data Encryption Standard) 56-bit key
¨IDEA (International Data Encryption Algorithm) 128-bit key
¨AES (Advanced Encryption Standard)
¨RC4, RC5, Skipjack
n Advantages: fast, ciphertext secure
n Disadvantages: must distribute key in advance, key must not be divulged
8
Copyright (C) 2003 Jane Hsu 20
DES: Data Encryption Standard
n Widely published & used - federal standard n Complex series of bit substitutions, permutations
and recombinations n Basic DES: 56-bit keys
¨Crackable in about a day using specialized hardware
n Triple DES: effective 112-bit key
¨Uncrackable by known techniques
Copyright (C) 2003 Jane Hsu 21
非對稱式加密系統流程
Copyright (C) 2003 Jane Hsu 22
Asymmetric (Public Key) Cryptography
8
8
u
Examples: RSA, Diffie-Hellman, ElGamal
uAdvantages: public key widely
distributable, does digital signatures
u
Disadvantages: slow, key distribution
RSA
nRSA 是 Rivest、Shamir 和 Adelman 的縮寫,這 三位數學家在 1977 年共同發表出特殊加密的演 算法 n這種演算法主要以兩個質數作為加密與解密的兩 個鑰匙,這兩個鑰匙分別稱為公開鑰匙和私人鑰 匙,鑰匙的長度(位元數)決定了加密編碼的複
RSA 加解密流程
n找兩個很大的質數 p,q
nn=pxq z=(p-1)x(q-1)
n找一個與z互質的整數d
n
找一個整數e使得 (exd) mod z = 1
Copyright (C) 2003 Jane Hsu 25
RSA 加解密流程
Copyright (C) 2003 Jane Hsu 26
RSA 加解密範例
Copyright (C) 2003 Jane Hsu 27
Public Key Encryption: The Frills
FrillsnFast encryption/decryption nAuthentication of sender nVerification of message
integrity
nSafe distribution of public keys Technique nDigital envelopes nDigital signature nMessage digests nCertifying authorities
Copyright (C) 2003 Jane Hsu 28
Digital Envelopes
8
8
Copyright (C) 2003 Jane Hsu 29
數位簽章
n數位簽章是以一組公開金鑰與私密金鑰對
來驗證個人身分
n私密金鑰須由客戶妥善保管,不可洩漏他
人,而公開金鑰經過CA認證後,可作為驗
證私密金鑰的憑據
Copyright (C) 2003 Jane Hsu 30
數位簽章的安全保證
n 資料完整性(Integrity) ¨文件接收者透過數位簽章之核對可確保此文件的完整 性,避免被篡改、重送、遺失 n 資料來源辨識(Authentication) ¨文件接收者可確認此文件之發送者的身分,避免被冒名 傳送假資料 n 資料隱密性(Confidentiality) ¨文件可以金鑰加解密,以達到保密的安全保證 n 不可否認性(Non-repudiation) ¨因為只有文件發送者知道自己的私密金鑰,而且文件具 有發送者之數位簽章,使其無法否認發送此文件的事實Copyright (C) 2003 Jane Hsu 31
產生數位簽章
Copyright (C) 2003 Jane Hsu 32
訊息摘要
n赫序函數(Hash Function)則可將輸入的資
料濃縮成較短且為特定長度的結果
n任意的文件資料經過一個單向赫序函數計
算後,可以產生一串固定長度的資料,因
為不太可能設計另一份文件資料而在同一
函數運算後產生相同的結果,所以該結果
可視為原始文件資料的特徵值,稱為數位
指紋 (digital fingerprint) 或訊息摘要
(message digest)。
Copyright (C) 2003 Jane Hsu 33
數位簽章像什麼?
Copyright (C) 2003 Jane Hsu 34
數位簽章運作的基本概念
Copyright (C) 2003 Jane Hsu 37
安全認證服務系統
n交易認證中心
¨以安控標準提供網路傳輸與系統安全 ,為網路 支付安全把關 n金鑰認證中心
¨以認證標準提供私法人憑證 、自然人憑證、交 易憑證之產製及核發,建立認證機制Copyright (C) 2003 Jane Hsu 38
Hierarchy of Trust
Copyright (C) 2003 Jane Hsu 39
Secure, Verifiable Transmission
8
Copyright (C) 2003 Jane Hsu 40
Public Key Cryptography
on the Web
n
Secure Socket Layer (SSL)
¨Netscape Communications Corporation
n
Secure HTTP (SHTTP)
¨Commerce Net
n
SET (Secure Electronic Transaction)
Copyright (C) 2003 Jane Hsu 41
SSL
nSSL(Secure Socket Layer)網路安全協定 n由Netscape網景公司開發,用來保護網上使用瀏 覽器交易安全的規格,因為各家瀏覽器軟體都支 援它的功能,因此是目前在網路上最受到廣泛採 納的一種 nSSL傳輸的資料也是經過鑰匙加密的處理,雖然 有可能被第三者截取,卻很難讀取資料內容 ,而 且經過加密的資料可以保持完整,不會受到竄改 或破壞
Copyright (C) 2003 Jane Hsu 42
SSL and SHTTP, similarities
n
RSA public key cryptography
nMD5 message digests
nVariety of private key systems
¨Strong cryptography for use in U.S.
Copyright (C) 2003 Jane Hsu 43
SSL and SHTTP, differences
Physical Layer Network interface Internet Transport Application SSL HTTP TELNET NNTP FTP SHTTPCopyright (C) 2003 Jane Hsu 44
SET
n
SET (Secure Electronic Transaction)安全
電子交易
n一種在
網際網路進行付款交易的安全機制
n其規格採用
RSA(1024 bits)
非對稱式運算法
則(即利用公鑰及私鑰分別加密與解密)
結合DES對稱式運算法則(加、解密為相同
之基碼)為安全方案,用以保護網路付款交
易之安全及隱密性
Copyright (C) 2003 Jane Hsu 45
SET
nSET由萬事達與威士兩個信用卡組織主導 ,結合 IBM、微軟、網景等國際資訊廠商共同推廣的網 路電子商務交易安全標準 n商家可以利用SET確認消費者身分,但不會看見 消費者信用卡的號碼,因此消費者在網上沒有被 盜刷的危險 n不過SET的系統太過複雜 ,建置的成本過高,所 以目前電子商務上的保密協定,還是以RSA、 SSL系統為主。Copyright (C) 2003 Jane Hsu 46
Secure Servers
n
Netscape Commerce Server
n
Microsoft Internet Information Server
nWebSite Professional
n
Quarterdeck/WebSTAR Professional
nOpenMarket Secure Server
n
Apache SSL
nMany others!
Secure Servers: Costs
n
Server software
¨Requires license from RSA Data Security
¨Often free for noncommercial use
¨$200-$1000 for commercial use
¨Export forbidden
Secure Servers: Set-up
n
Install & configure server software
nCreate “distinguished name” for your site
nFill out server certificate application at
Verisign’s Web site
Copyright (C) 2003 Jane Hsu 49
Using SSL
Copyright (C) 2003 Jane Hsu 50
SSL Failures
n Two well-publicized incidents in 1995 n 40-bit secret key used in export versions
vulnerable to brute force attack
¨Single encrypted message vulnerable to cracking in a few weeks on a network of workstations
¨Specialized hardware (probably) can crack in a matter of hours
n Implementation problem
¨Navigator 2.0 used predictable random number generator to generate secret keys
¨Messages crackable in a few minutes on conventional workstation
Copyright (C) 2003 Jane Hsu 51
Web Encryption Isn’t Panacea
n
Protect data at browser side & server side
nServer certificates vouchsafe name of
server but not honesty of merchant!
nProtect integrity of browser & server
software
Copyright (C) 2003 Jane Hsu 52
Alternative architectures
n
Separate Layer
¨Over TCP: SSL
¨Over IP: IPSec
n
Application-Specific
¨SHTTP
n
Parallel
¨Kerberos; Kerberos with TLS?
Copyright (C) 2003 Jane Hsu 53
Kerberos
n KERBEROS was the fierce watchdog of Hades. It was depicted as a three-headed dog with a serpent's tail, a mane of snakes, and a lion's claws.
n To provide strong authentication for client/server applicationsby using secret key cryptography.
n A client can prove its identity to a server (and vice versa) across an insecure network connection.
n Client/server can also encrypt all of their
communications to assure privacy and data integrity as they go about their business.
n Free implementation available from MIT
http://web.mit.edu/kerberos/www/
Copyright (C) 2003 Jane Hsu 54
Reference URLs
nSSL Protocol
¨http://home.netscape.com/newsref/std/SSL.ht ml nSHTTP Protocol
¨http://www.eit.com/projects/s -http/ nVerisign
¨http://www.verisign.com/n
