Network
A comprehensive categorization of security technologies and their relative threats.
Threats
Security Reference Handbook
Cryptography
Network Security Page Network Security Tools . . . . . . . . . . . . . . . . . . . . . . . . 2 Network Security Related Standards . . . . . . . . . . . . . . . 3 Authentication Schemes . . . . . . . . . . . . . . . . . . . . . . . 3 Authorization Policy . . . . . . . . . . . . . . . . . . . . . . . . . 4 Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Perimeter Security . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Content Inspection . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Data in Motion Security . . . . . . . . . . . . . . . . . . . . . . . 8 Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Wireless Security Issues . . . . . . . . . . . . . . . . . . . . . . 10 Incident Response . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Glossary of Network Security Terms . . . . . . . . . . . . . . . 12 Security Threats Threat Categories . . . . . . . . . . . . . . . . . . Profiles . . . . . . . . . . . . . . . . . . . . . . . . Info Gathering Techniques . . . . . . . . . . . . Impersonation / Spoofing . . . . . . . . . . . . Social Engineering (Attacks against people) Computer Virus . . . . . . . . . . . . . . . . . . . Avenues of Attack . . . . . . . . . . . . . . . . . Vulnerabilities . . . . . . . . . . . . . . . . . . . . General Hacking . . . . . . . . . . . . . . . . . . Denial of Service . . . . . . . . . . . . . . . . . Cracking . . . . . . . . . . . . . . . . . . . . . . . Hybrid Techniques . . . . . . . . . . . . . . . . . Piracy & Digital Rights Management (DRM) . Noteworthy Organizations & Response Teams Web Site Hacking . . . . . . . . . . . . . . . . . Physical Threats . . . . . . . . . . . . . . . . . . Glossary of Security Threats Terms . . . . . . .
. . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . .
24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40
Cryptography Basic Functionality of Crypto . . . . . . . . . . . . Crypto Primary Function . . . . . . . . . . . . . . . Symmetric/Asymmetric Function . . . . . . . . . . Trust Models . . . . . . . . . . . . . . . . . . . . . . . Certificate Comparison . . . . . . . . . . . . . . . . Secure Messaging with Public Key Cryptography Public-Key Infrastructure & Digital Certificates Relative Strength Comparisons . . . . . . . . . . . ISO Reference/Security Protocols . . . . . . . . . Related Standards . . . . . . . . . . . . . . . . . . . IKE: Key Negotiation . . . . . . . . . . . . . . . . . Time Stamping . . . . . . . . . . . . . . . . . . . . . Protocol Using Crypto . . . . . . . . . . . . . . . . Secure Messaging . . . . . . . . . . . . . . . . . . . Glossary of Cryptography Terms . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
46 47 48 49 50 51 52 53 54 55 56 57 58 59 61
About Symantec Symantec, a world leader in Internet security technology, provides a broad range of content and network security solutions to individuals and enterprises. The company is a leading provider of virus protection, firewall and virtual private network, vulnerability management, intrusion detection, Internet content and e-mail filtering, remote management technologies and security services to enterprises around the world. Symantec’s Norton brand of consumer security products leads the market in worldwide retail sales and industry awards. Headquartered in Cupertino, Calif., Symantec has worldwide operations in 37 countries. For more information, please visit www.symantec.com.
Network
3. Authentication Network Security Reference Schemes
Threats
1
Cryptography
Network
1. Network Security Tools
Security tools in use today • Host-based Vulnerability Assessment Tools: • ESM COPS, NCARP, crack, Tiger, logcheck, tklogger • Network Traffic Analysis & Intrusion Detection Tools: • NetProwler, tcpdump, synsniff, NOCOL, Shadow • Security Management and Improvement Tools:
2
• ESM, crack, localmail, smrsh, logdaemon, npasswd, op, passwd+, S4-kit, sfingerd sudo, swatch, watcher, wuftpd, LPRng • Firewall, Proxy amd Filtering Tools: • Raptor, fwtk, ipfilter, ipfirewall, portmap v3, SOCKS, tcp_wrappers, smapd • Network-Based Vulnerability Assessment Tools: • NetRecon, nmap, nessus, SATAN, Internet Scanner • Encryption Tools: • md5, md5check, PGP, rpem, UFC-crypt • One-Time Password Tools: • OPIE, S/Key • Secure Remote Access and Authorization Tools: • RADIUS, TACACS+, SSL, SSH, Kerberos
3. Network 2. Authentication Security Schemes Related Standards
IETF:
Internet Engineering Task force organization
http://www.ietf.org/
Internet Engineering Task force organization
ANSI (ISO/IEC):
BS7799:
Security related - RFCs
ANSI
http://www.bsi-global.com/group.xhtml
AAA: 2903-06 Algorithms/Crypto: 1319-21, 1984, 2040, 2082, 2403-09, 2612, 2631, 2630, 2628, 2627 PGP: 1991, 2015, 2440 PKCS: 2437, 2985, 2986, PKI, X. 509: 2459, 2510-11, 2527-28, 2585, 2692-93, 2559-60, RADIUS: 2139, 2313-15, 2618-2621, 28652869 S/MIME: 1847-8, 2311-12, 2631, 2632, Secure DNS: 2536-39, 2540-1, 3007, 3008, TLS (SSL): 2595 VPN, Remote Access, IPsec: 1826-7, 2401, 2406, 2402, 2888, 2685 Other: 2504 Users’ security Handbook 2828 Internet Security Glossary 3013 ISP Security Procedures
NCITS (ITI): Information Technology (includes X3, NCITS, ANSI/ISO)
http://www.c-cure.org
Common Criteria:
IEEE: http://ieee-security.org/ 802.10c LAN/MAN Security (SILS) Key Management 1363-2000 Public Key Cryptography 1244.2 -2000 MMS session Security
British Standard BS7799, first published in February 1995, revised May 1999. "Code of Practice for Information Security Management", due to become an international standard (ISO/IEC 13335). 1. Business Continuity Planning 2. System Access Control 3. System Dev & Maintenance 4. Physical & Environmental 5. Compliance 6. Personnel Security 7. Security Organization 8. Computer & Network Management 9. Asset Classification
CVE:
World-Wide Web Consortium
W3C Security http://www.w3.org/Security/ Platform for Privacy Preferences (P3P) XML-Signature WG (xmldsig) Metadata Public Policy Role PICS Signed Labels (Dsig) Vendor-Driven Secure XML S2ML, AuthXML
3
WAP:
CVE:
WAP
http://www.cve.mitre.org/ A list of standardized Names for publicly known vulnerabilities and other information security exposures
http://www.wapforum.org Wireless Transport Layer Security (like SSL) Class1: Anonymous Auth, Class 2: Server Auth, Class 3: Client Auth WPKI: Wireless PKI, (Like IETF PKIX) WML: Wireless Mark-up Language WML Script Crypto Library
Cryptography
http://csrc.nist.gov/cc/ (CTCPEC, FC, TCSEC and ITSEC Common Criteria for Information Technology Security Evaluation (CC) version 2.1, (ISO) 15408 Smart Card Security Users Group (SCSUG): SCSUG Smart Card Protection Profile: SCPP v2.0
ANSI NCITS 118-1998 Personal Identification Number X9 TG-8-1995 Check Security Guideline X9 TG-5-1992 Information Security ISO/IEC TR 13335: Management of IT Security ISO/IEC 9979: Registration of crypto algorithms ISO/IEC 9798: Authentication, D-Sig... ISO/IEC 9797: Message Authentication Codes ISO/IEC 15408: Common criteria for IT ISO/IEC 14888: Digital Signatures ISO/IEC 11770: Key management ISO/IEC 10118: Hash Functions ISO 9735: Electronic data interchange (EDIFACT) ISO 13491: Banking, Mag stripe card systems ISO 10202: Financial transaction cards
W3C:
Threats
Working Groups: Open Specification for PGP (openpgp) Authenticated Firewall Traversal (aft) Common Authentication Tech (cat) IP Security Policy (ipsp) IP Security Protocol (ipsec) IP Security Remote Access (ipsra) Intrusion Detection Exchange (idwg) Kerberized Internet Negoc. Keys (kink) Kerberos WG (krb-wg) One Time Password Authentication (otp) Public-Key Infrastructure (X.509) (pkix) S/MIME Mail Security (smime) Secure Network Time Protocol (stime) Secure Shell (secsh) Securely Available Credentials (sacred) Sec Issues Network Event Log (syslog) Simple Public Key Infrastructure (spki) Transport Layer Security (tls) Web Transaction Security (wts) XML Digital Signatures (xmldsig)
IETF:
Network
3. Authentication Schemes
Something you know: Passwords Personal Identification Numbers (PIN) Keywords (mother’s maiden name, etc.)
Something you have: Keys Tokens (hardware & software) Cryptocard Smartcards Digital certificates and private keys
4
Something you are (biometrics): Fingerprint Iris or retina scan Body geometry Voiceprint
Typing characteristics
Remote authentication protocols NTLM domains RADIUS Kerberos TACACS PAP/CHAP
LDAP
Authentication enhancements Two-factor authentication Password and token, or biometric and password One-time passwords
Single sign-on Challenge Response Methods
IDENTITIES
Rules for granting privileges / access
DEVICES
1. 2. 3. 4. 5. 6.
Simple permission rights (read, write, delete) (ACL): Access Control List Operating systems (NT or UNIX) functions, NT active directory Single sign-on schemes Object oriented databases (Active Directory - NDS) Privilege Management Infrastructure: (PMI)
Cryptography
Gatekeepers such as Network Access Servers, Routers, remote access server, Dial-In devices possibly linked via LDAP to a directory or database
METHODS
5
Threats
Roles, Groups, Users (Person, Entities)
POLICIES
4. Authorization Policy
Network
5. Administration Routine Basis
V.
Periodical
12 9
3 6
Minimal • Properly configured event & alarm notification utilities on critical devices (Servers, Routers, Firewalls…) • Apply security patches 6
• Review Security Policy • Check for vulnerabilities
• Make sure passwords are not easily guessed
Satisfactory (all the above) • • • •
Proper use of a framework to help manage security Use host and network IDS Real-Time security awareness Manage Change Control to reduce new vulnerabilities
• Annual Security audit by a reputable third-party • Subscribe to a vulnerabilty/threat service (e-securityonline…) • Review security policy & compliance • Train and retrain personnel
Outstanding (all the above plus) • Correlate events & alarms from heterogenous devices • Integrate management of firewalls, IDS tools, AntiVirus, vulnerabilities scanners, host syslog event data and more • Automate incident management as much as possible
• Employee/3rd party to conduct “white hat” testing to guarantee integrity
6a. Perimeter Security
Techniques to prevent unauthorized access and unwanted payloads to and from a network.
Cryptography
INTERNET
Threats
7
Network
6b. Perimeter Security (continued)
• Packet-filtering Firewall Controlling access to and from a network by analyzing the incoming and outgoing packet headers (IP address & port #) and letting them pass or blocking the packets. • Statefull Inspection Analyze, track and follow each connection in a ‘statetable’ and monitor for policy violations • Proxy-based Firewall / Server Terminates all sessions entering and leaving a network, and reestablishes those sessions using its own version of the protocol. This ensures that the protocol is authentic according to the firewall and limits the service’s function.
8
• VPN Server / Router A device to create a secure private network over public networks to connect nodes. These systems use encryption and other security mechanisms to ensure that only authorized users can access the network and that the cipher text data in transit is unintelligible. • Circuit-level Gateway Creates a client / server connection without interpreting the application protocol, similar to Packetfiltering. Once the connection has been made, packets can flow between the hosts without further checking. • Network Address Translator (NAT) Changes internal addresses, which might not be routable, to a valid external address for delivery over a public network. It also changes the external address to an internally useable format. NAT provides a basic type of firewall by hiding internal IP addresses.
• Intrusion Detection System (IDS) A near real-time detection system either network-based, host-based or combination of both, that provides notification of an attack or exploit. It should promptly diagnose & notify the staff when an attack is in progress. • Remote Access Server (RAS), Access Control Server Enables users to connect to a private network using a modem and supports protocols like TCP/IP, IPX, and NetBeui. VPN clients over the Internet to a corporation network are taking over traditional RAS connections. • Application Gateway An application specific process providing proxy and translation services.It can apply security to specific applications, such as FTP and Telnet servers. • Content Inspection Device A device that inspects data for unwanted payloads (Virus), blocks specific URLs, blocks pre-identified ‘fingerprinted’ data, or performs key-word search & blocking. The device inspects both incoming and outgoing data. • Air Gap Techniques A device that sits in between internal & external networks transferring data between the networks. Using shared memory to maintain a physical barrier between the networks. Imagine someone swapping floppy disks between two machines really quickly. • Demilitarized Zone (DMZ) A segment of the network that sits between the Internet and an internal network's line of defense. Typically, the DMZ contains devices accessible to Internet traffic, such as Web (HTTP) servers, FTP servers, SMTP (e-mail) servers and DNS servers.
7. Content Inspection
Source 1
Inbound We b P a g e
Te c h n o l o g i e s
Malicious Code Virues Macros Trojans Active content Mobile code
Signatures Heuristics Keyword search
2 Unwanted Content
Inappropriate Material Confidential Spam Non-Work related Redundant messages (Jokes) Large files (Videos)
Script based behavior blocking & recognition
Content Inspection Engine
Patter n matching of known targets via overlapping hash values Suppor t vector machine analysis Allow /Deny Lists (Web site or E-mail)
Inbound Outbound
9
Internal End User
Threats
email
Payload
Full Word Relationship Scanning DDR
TM
(Dynamic Document Review)
Files
Internet
Extranet
Intranet
Internal
Diskettes or other exchangeable media
Cryptography
Content Arriving from...
Network
8a. Data in Motion Security
a) VPN (Vir tual Private Network)
Network Server INTERMEDIATE STATION (I .S.)
END STATION (E.S.) Internet Cloud
10
LNS
Edge Device
IPsec Host
(Firewall/Router)
Any Networked Device
Certifying Authority
IPsec Manager
(Issues, Revokes Certificates)
(Creates, Modifies, Deletes Security Associations/Rules)
Inside Corporate Network - Intranet
V P N - V i r t u a l P r i v a t e N e t w o r k ( Tu n n e l - M o d e )
E n d - t o - E n d ( Tr a n s p o r t - M o d e ) LT2P
PPP
IP
END STATION (E . S. )
8b. Data in Motion Security, (continued)
b) IPSEC (IETF standard) D i r e c t or y Ser vices
P o l ic y Ag e n t
I P S e c u r it y P o l ic y
IP Security P ol i c y
P ol i c y A g e n t
SA Ne g ot i a t i on IPSe c Dr i v e r
IKE
I P Sec Driv er
IKE
S e c u r it y A s s o c ia t i on
U s e r 2 on h os t B S e c u r i t y A s s oc i a t i on
11 A p p l ic a t io n
A p p l i c a t i on
Tr a n s p o r t T C P /UD P
Tr a n s p or t TCP/UDP IP Layer Encr ypted IP packets
I P S e c D r ive r
IPSec Driver
Data
IP HDR
Data
Tu n n e l M o d e
New IP HDR
IPSec HDR
Transport Mode
IP HDR
Data
Encr ypted
IP HDR
IPSec HDR
Data Encr ypted
Cryptography
IPSec and Security
IP HDR
Threats
Key Exchange
Us e r 1 o n h o s t A
Network
8c. Data in Motion Security, (continued)
c) SSL (TLS)
SSL/TLS
Browser
(https://)
First time exchange of messages with no client authentication no session id, no client authentication
12 Message Type
Client-hello
Direction
Data Transferred
C>S
challenge data
Server-hello
C
connection-id, server-certificate, cipher-specs
Client-master-key
C>S
cipher-kind, clear-master-key, {secret-masterkey} server-public-key
Client-finish
C>S
{connection-id} client-write-key
Server-verify
C
{connection-data} server-write-key
Server-finish
C
{session-id} server-write-key
9. Best Practices
Rules to Live by
Intranet
1. Top Management MUST buy into the security initiative
Ad
min
L
2. Meet standard of due care
oc
istrative Autho
Comm Syste al m
rit
y
s
3. Some degree of security is better than nothing 4. Nothing is completely secure, so why aim for perfection
End Systems
6. Security is an Investment, not an expense 7. Protect “valuable” assets against probable threats
13
Internet
8. Layer security solutions by users & app plus logical entities
Threats
5. You’re only secure as your weakest link
Developing a Plan
2. Prevention Approving Security Changes/Modifications Ongoing Monitoring & Administration 3. Response Security Violations Restoration Review & Forensics
Security Usage Policy Risk assessment
Business needs assessment
Security architecture guide
Incident response procedures Acceptable use policies
Periodic re-evaluation
System administration procedures
Cryptography
1. Preparation Create Security Usage Policy Conduct Risk Analysis Establish a Security Team Structure
Network
10a. Wireless Security Issues
Metropolitan & Wireless-Carrier (almost anywhere, cities…)
V. Personal Area Network (PAN) & Local Area Network (LAN) (in building, campus, airport…)
Threats Threat: Eavesdropping (2-5 MHz at 1w) Protection: Threat: Location independence, attacker’s physical location flexibility Protection:
Link-level ciphering by MAC-entities Authentication mechanism is critical
Threat: Employees cobbling together wireless net without IT involvement Protection: Notify employee of corp. regulations and scan for devices Threat: Spamming a carrier’s wireless customers Protection: Use content filtering technology (BrightMail)
14
WAP (WTLS, WPKI) TDMA (EPE: Enhanced Privacy and Encryption) SME: Message Encryption, CMEA: Cellular Message Encryption Algorithm CAVE: authentication algorithm, DCCH: Digital Control Channel DTC: Digital Traffic Channel keys, VPM: Voice Privacy Mask
Threat: Denial-of-Service via powerful interference transceiver Protection: Very expensive tempest or faraday environment or use of spread spectrum transmission – (direct sequences)
Security Protocols 802.11 WEP
Services Accounting, Billing, WAP, SMS (Short Message Service), AntiVirus, Content Filtering, Vulnerability Assessment, IDS
Free-Based Local Area Access, Network Management, AntiVirus, Content Filtering, Vulnerability Assessment, IDS
Device O/S General OEMed Multivendor: Palm, PocketPC (MS-CE), EPOC MOBILE PHONE PROPRIETARY: Nokia, Motorola, Ericcson… Other: iMODE (DoCoMo), StarFISH
MS-Windows, Palm, PocketPC (MS-CE), Psion, EPOC
Transmission VOICE-CENTRIC W/SLOW DATA: TDMA, CDMA, GSM DATA-CENTRIC W/VOICE: CDPD, EDGE, GPRS BROADBAND VOICE/DATA: UTMS (3G-G3PP, 3GPP/2)
IEEE 802.11, IrDA, BlueTooth
10b. Wireless Security Issues (continued) Transmission
VOICE-CENTRIC W/SLOW DATA: TDMA, CDMA, GSM DATA-CENTRIC W/VOICE: CDPD, EDGE, GPRS BROADBAND VOICE/DATA: UTMS (3G-G3PP, 3GPP/2)
IEEE 802.11, IrDA, BlueTooth
Bluetooth Security (Trusted Device) User Interface
Application
Application
General Mgmt Entity
Application
(or other multiplexing protocol)
Service Database
7
15
4
2
Device Database
L2CAP 6
1
Threats
3
Security Manager
RFCOMM
5
HCI Link Manager/Link Controller
Connect request to L2CAP L2CAP request access from the security manager Security manager: lookup in service database Security manager: lookup in device database If necessary, security manager enforces authentication and encryption 6. Security manager grants access 7. L2CAP continues to set-up the connection
Legend Query
Registration
Cryptography
1. 2. 3. 4. 5.
Network
11a. Incident Response
Incident Response Sequence 1. Understand the extent and source of an intrusion 2. Protect sensitive data contained on systems 3. Protect the systems, the networks, and their ability to continue operating as intended 4. Recover systems 5. Collect information to better understand what happened 6. Support legal investigations 7. Communicate with all parties that need to be made aware of an intrusion and its progress 16
8. Collect and protect information associated with an intrusion 9. Apply short-term solutions to contain an intrusion 10. Eliminate all means of intruder access 11. Return systems to normal operation 12. Identify and implement security lessons learned Computer Forensics (After the fact, Preserve data for admissibility) Rules 1. Never mishandle evidence 2. Never work with the original evidence by using Ghost to make copy disks and work with ghosted copy 3. Never trust the suspect’s operating system, (use a forensic Boot Disk) 4. Document everything!
11b. Incident Response, (continued)
Preparation & Response Timeline
Lessons
Eliminate Contain
17
Collect and Protect
Threats
Return
Communicate Analyze
Prepare
Policy
Policy
T0
T1
T2
T3
Tn
Tn+1
Cryptography
Time
Prepare
Network
12. Glossary of Network Security Terms
18
• Access Control: Protection of system resources against unauthorized access. • Access Control List (ACL): the identities of the system entities that are permitted to access the resource. • Access Control List (ACL): A collection of access control entries that define a hierarchy of access rules to be evaluated when a server receives a request for access to a particular resource. See access control entry (ACE). • Accountability: The property of a system (including all of its system resources) that ensures that the actions of a system entity may be traced uniquely to that entity, which can be held responsible for its actions. • Administrative Security: The management constraints, operational procedures, accountability procedures, and supplemental controls established to provide an acceptable level of protection for sensitive data. • Administrator: The person who installs and configures one or more CMS managers and sets up privileged users, or agents, for them. • AH (Authentication Header): provides connectionless integrity, data origin authentication, and an optional anti-reply service for IPsec. • Assets: Information or resources to be protected. • Assurance: Grounds for confidence that an entity meets its security objectives. • Attribute Value Assertion (AVA): An assertion of the form attribute = value, where attribute consists of a tag, such as an (organization) or UID (user ID), and value consists of a value, such as “Symantec” or a login name. AVAs are used to form the distinguished name (DN) that identifies the subject of a certificate (called the subject name of the certificate). • Authentication: Confident identification; that is, assurance that a party to some computerized transaction is not an impostor. Authentication typically involves the use of a password, certificate, PIN, or other information that can be used to validate identity over a computer network.
• Authentication Data: Information used to verify the claimed identity of a user. • Authorization: to convey official sanction, access or legal power to an entity. • Biometric Authentication: A method of generating authentication information for a person by digitizing measurements of a physical characteristic, such as a fingerprint, a hand shape, a retina pattern, a speech pattern (voiceprint), or handwriting. • Call Back: An authentication technique for terminals that remotely access a computer via telephone lines. The host system disconnects the caller and then calls back on a telephone number that was previously authorized for that terminal. • Classification Level: A grouping of classified information to which a hierarchical, restrictive security label is applied to increase protection of the data. • Clean System: A computer system in which the operating system and application system software and files have just been freshly installed from trusted software distribution media. • Common Criteria: This standard addresses data confidentiality, data integrity, and availability and may apply to other aspects of security. It focuses on threats to information arising from human activities, malicious or otherwise, but may apply to non-human threats. It applies to security measures implemented in hardware, firmware, or software. • Computer Emergency Response Team (CERT): An organization that studies computer and network INFOSEC in order to provide incident response services to victims of attacks, publish alerts concerning vulnerabilities and threats, and offer other information to help improve computer and network security. • Confidentiality: the act of keeping something private and secret from all but those who are authorized to see it. • Configuration Control: The process of regulating changes to hardware, firmware, software, and documentation.
12. Glossary of Network Security Terms
19
Cryptography
• Filtering Router: An internetwork router that selectively prevents the passage of data packets according to a security policy. • Firewall: An internetwork gateway that restricts data communication traffic to and from one of the connected networks. • Honey Pot: A system (e.g., a web server) or system resource (e.g., a file on a server), that is designed to be attractive to potential crackers and intruders, like honey is attractive to bears. • https: HTTP enhanced by a security mechanism, which is usually SSL. • Identity-Based Security Policy: A security policy based on the identities and/or attributes of users, a group of users, or entities acting on behalf of the users and the resources/objects being accessed. • IETF (Internet Engineering Task Force): An open standards group chartered by the Internet Society (ISOC) which has a working group dedicated to security. (ietf.org) • INFOSEC: security measures that implement and assure security services in computer systems. • Integrity: assurance that data is not modified (by unauthorized persons) during storage or transmittal. • Internet Protocol security (IPsec): Architecture specifing (a) security protocols (AH and ESP), (b) security associations (c) key management (IKE), and (d) algorithms for authentication and encryption. • Intrusion Detection: A security service that monitors and analyzes system events for the purpose of finding, and providing real-time or near real- time warning of, attempts to access system resources in an unauthorized manner. • IPsec (Internet Protocol Security): an IETF standard for TCP/IP layer security that provides encryption, host authentication and data integrity. • ISA/KMP (Internet Security Association, Key Mgt. Protocol): defines the procedures for authenticating a communicating peer, creation and management of Security Associations, key generation techniques, and threat mitigation (e.g., denial of service and replay attacks).
Threats
• Contingency Plan: A plan for emergency response, backup operations, and post-disaster recovery. • Credentials: something that provides a basis for credit or confidence. • Data Integrity: The property whereby has not been changed, destroyed, or lost in an unauthorized or accidental manner. • Directory Access Protocol (DAP): An OSI protocol [X519] for communication between a Directory. User Agent (a client) and a Directory System Agent (a server). • Disaster Plan: A synonym for “contingency plan”. • DNSSEC (Domain Name System Security Working Group): a proposed IETF draft that will specify enhancements to the DNS protocol to protect the DNS against unauthorized modification of data and against masquerading of data origin. It will add data integrity and authentication capabilities to the DNS via digital signatures. • Domain: Security usage: An environment or context that is defined by a security policy, security model, or security architecture. • Dual Control: A procedure that uses two or more entities (usually persons) operating in concert to protect a system resource. • Electronic Commerce: General usage: Business conducted through paperless exchanges of information, using electronic data interchange, electronic funds transfer (EFT) other paperless technologies. • End-to-End Encryption: Continuous protection of data that flows between two points in a network. • ESP (Encapsulating Security Payload): a vehicle for access control based on distribution of cryptographic keys that provides data confidentiality and limited traffic flow confidentiality. • Extranet: A computer network that an organization uses to carry application data traffic between the organization and its business partners. • Evaluation Assurance Level (EAL): A package consisting of assurance components from Part 3 that represents a point on the Common Criteria predefined assurance scale.
Network
12. Glossary of Network Security Terms
20
• Layer 2 Tunneling Protocol (L2TP): An Internet client-server protocol that combines aspects of PPTP and L2F and supports tunneling of PPP over an IP network. • L2 CAP (logical Link Control and Adaption Protocol): A protocol layered over baseband protocols at the data link layer, providing connection and connectionless data ervices. • Lightweight Directory Access Protocol (LDAP): A client-server protocol that supports basic use of the X.500 Directory. • Link encryption: Stepwise protection of data that flows between two points in a network, provided by encrypting data separately on each network link, • Login: The act of a system entity gaining access to a session in which the entity can use system resources. • Non-Repudiation Service: A security service that provide protection against false denial of involvement in a communication. • Object Identifier (OID): An official, globally unique name for a thing, written as a sequence of integers. • On-line Certificate Status Protocol (OCSP): An Internet protocol used by a client to obtain from a server the validity status and other information concerning a digital certificate. • One-Time Password (OTP): Authentication technique in which each password is used only once. • Orange Book: the National Computer Security Center book entitled “Department of Defense Trusted Computer Systems Evaluation Criteria” that defines security requirements. • OSCP: (Online Certificate Status Protocol): An internet standard for verification of an X.509 cert in PRIX. An excellent real-time validity check over basic CRLs. • Password: A secret data value, usually a character string, that is used as authentication information. • Payment Gateway: SET usage: A system operated by an acquirer for the purpose of providing electronic commerce services to the merchants.
• Penetration Test: A system test, often part of system certification, in which evaluators attempt to circumvent the security features of the system. • Point-to-Point Tunneling Protocol (PPTP): Client-server protocol that enables a dial-up user to create a virtual extension of the dial-up link across a network by tunneling PPP over IP. • Protection Profile (PP): An implementation-independent set of security requirements for a category of TOEs that meet specific consumer needs. • Proxy Server: A computer process that relays a protocol between client and server computer systems, by appearing to the client to be the server and appearing to the server to be the client. • Public-Key Certificate: Digital certificate that contains a sequence of data items and has a digital signature computed on that sequence. • RADIUS (Remote Authentication Dial-In User Service): an IETF protocol (developed by Livingston, Enterprise), for distributed security that secures remote access to networks and network services against unauthorized access. RADIUS comprised of two pieces: authentication server code and client protocols. • Risk: An expectation of loss expressed as the probability that a particular threat will exploit a particular vulnerability with a particular harmful result. • Root: 1) A CA that is directly trusted by an end entity, or the CA that is the highest level. 2) A user account that has all privileges (including all security-related privileges) and thus can manage the system and its other user accounts. • SCEP: (Simple Certificate Enrollment Protocol): a PKI communication protocol which leverages existing technology by using PKCS#7 and PKCS#10 to secure issuance of certificates to network devices in a scalable manner.
12. Glossary of Network Security Terms • SKIP (Simple Key for IP): simple key-management for Internet pro-
tocols, developed by Sun Microsystems, Inc.
21
Cryptography
• Smart Card: A credit-card sized device containing one or more integrated circuit chips, which perform the functions of a computer's central processor, memory, and input/output interface. • SMS (short message service): A globally accepted wireless service for transmitting alphanumeric messages between mobile and external systems. • SOCKS: An Internet protocol [R1928] that provides a generalized proxy server that enables client-server applications. • Survivability: The ability of a system to remain in operation or existence despite adverse conditions. • Standards for Interoperable LAN/MAN Security (SILS): A developing set of IEEE standards including security management, Secure Data Exchange protocol, Key Management, SDE Sublayer Management, SDE Security Labels, and PICS Conformance. • Strength of Function (SOF): A qualification of a TOE security function expressing the minimum efforts assumed necessary to defeat its expected security behavior by directly attacking its underlying security mechanisms. • S/WAN (Secure Wide Area Network): RSA Data Security, Inc. driven specifications for implementing IPSEC to ensure interoperability among firewall and TCP/IP products. S/WAN's goal is to use IPSEC to allow companies to mix-and-match firewall and TCP/IP stack products to build Internet-based Virtual Private Networks (VPNs). • System Integrity: “The quality that a system has when it can perform its intended function in a unimpaired manner, free from deliberate or inadvertent unauthorized manipulation.” • TACACS+ (Terminal Access Controller Access Control System): a protocol that provides remote access authentication, authorization, and related accounting and logging services, used by Cisco Systems.
Threats
• Secure Socket Layer (SSL): A protocol that allows mutual authentication between a client and server and the establishment of an authenticated and encrypted connection. SSL runs above TCP/IP and below HTTP, LDAP, IMAP, NNTP, and other high-level network protocols. • Security: The condition of system resources being free from unauthorized access and from unauthorized or accidental change, destruction, or loss. • Security Architecture: A plan and set of principles that describe (a) the security services that a system is required to provide to meet the needs of its users, (b) the system elements required to implement the services, and (c) the performance levels required in the elements to deal with the threat environment. • Security Audit: An independent review and examination of a system's records and activities to determine the adequacy of system controls, ensure compliance with established security policy and procedures, detect breaches in security services, and recommend any changes that are indicated for countermeasures. • Security Clearance: A determination that a person is eligible, under the standards of a specific security policy, for authorization to access sensitive information or other system resources. • Security Perimeter: The boundary of the domain in which a security policy or security architecture applies. • Separation of Duties: The practice of dividing the steps in a system function among different individuals, so as to keep a single individual from subverting the process. • Secure Electronic Transaction (SET): A protocol to provide confidentiality of transaction information, payment integrity, and authentication of transaction participants for payment card transactions over unsecured networks, such as the Internet. • Single Sign-On: A system that enables a user to access multiple computer platforms or application systems after being authenticated just one time.
Network
12. Glossary of Network Security Terms
22
• Target of Evaluation (TOE): An IT product or system and its associated administrator and user guidance documentation that is the subject of an evaluation. • TEMPEST: A nickname for specifications and standards for limiting the strength of electromagnetic emanations from electrical and electronic equipment and thus reducing vulnerability to eavesdropping. • TLS (Transport Layer Security): an IETF draft, version 1 is based on the Secure Sockets Layer (SSL) version 3.0 protocol, and provides communications privacy over the Internet. • Threat Analysis: An analysis of the probability of occurrences and consequences of damaging actions to a system. • Token: An object that is used to control access and is passed between cooperating entities in a protocol that synchronizes use of a shared resource. • TOE Security Functions (TSF): A set consisting of all hardware, software, and firmware of the TOE that must be relied upon for the correct enforcement of the TSP. • Transport Layer Security (TLS): Internet protocol [R2246] based-on and very similar to SSL Version 3.0. • Transport Mode: The IPsec protocol encapsulates the packets of upperlayer protocols. • Trust: The extent to which someone who relies on a system can have confidence that the system meets its specifications. • Tunnel: A communication channel created in a computer network by encapsulating (carrying, layering) a communication protocol's data packets in (on top of) a second protocol that normally would be carried above, or at the same layer as, the first one. • Tunnel-Mode IPsec: A secure connection between an End Station (ES) and an Intermediate Station (IS), or between two IS devices, also known as a VPN. • Validate: When referring to a process intended to establish the soundness or correctness of a construct.
• Validation: a means to provide timeliness of authorization to use or manipulate information or resources. • Verification: to authenticate, confirm or to establish accuracy. • Verify: When referring to a process intended to test or prove the truth or accuracy of a fact or value. • Value-Added Network (VAN): A computer network or subnetwork that transmits, receives, and stores EDI transactions on behalf of its customers. • Virtual Private Network (VPN): A restricted-use, logical (i.e., artificial or simulated) computer network that is constructed from the system resources of a relatively public, physical (i.e., real) network (such as the Internet), often by using encryption and often by tunneling links of the virtual network across the real network. • VRRP (Virtual Router Redundancy Protocol): An election protocol that dynamically assigns responibility for one or more virtual router(s) to the VRRP router(s) on a LAN, allowing several routers on a multiaccess link to utilize the same virtual IP address. • WHOIS: An Internet utility that returns information about a domain name or IP address. • XTACACS: An extension to the TACACS protocol (developed by Cisco) which permits sending and authenticating SLIP/PPP requests, CHAP/ARAP authentication etc.
Security Threats Reference
Threats
23
Cryptography
Network
1. Threat Categories
SECURITY THREATS
Non-Human
Threats
Human
Malicious
Non-Malicious
24
Outsiders like Crackers Hackers
Insiders like Disgruntled Employees
Ignorant Employees
(Hardware/Software/Network) Bugs, Trap Doors Product Failure (MTBF) A/C or Power Failure (events that can be open security Breaches)
Natural Disasters Floods Fires Earthquakes Hurricanes
2. Profiles (Who’s breaking in?)
The Culprits
Skill
Corporate Spies
Med- High
Governments
Knowledge of target
Resources
Motivation
Med - High
Med - High
Financial, Competitive Gain
High
Med - High
High
National Interests
Med
High
Med
Financial, Revenge
(Intelligence Agencies)
Insiders
(Employees, Contractors) NOTE: Usually they have authority and access to some degree
Terrorists
High
Med
Med - High
Religious, Political Ideals
Career Criminals
Med - High
Med
Med
Financial, control/power
Hackers • Novice
Low
Low
Low
Intellectual curiosity, recognition
25
(Script Kiddie, Wannabe) NOTE: They have lots of time and are dangerous because they don’t always know what they are doing
• Black Hat
High
Med
• Grey Hat
Med - High
Med
Med
• White Hat
Med - High
No target
Med
(Noble or Old-school)
• Hacktivist
Recognition, professed security improvement Playing both black & white hat roles, for hire or not Improved Security (but write tools that are used by Novices)
Med - High
Med - High
Lo - Med
Political activist wanting to make a statement
Cryptography
Med - High
(Malicious)
Network
3. Info Gathering Techniques
• Social Engineering techniques to gather account numbers, passwords, etc. • Accessing Public Material
Threats
1. Government websites, search engines, InterNIC and other online services 2. Bulletin boards, log-in screens, phone directories, articles, news clippings, financial statements 3. Investigative services
• IP Address Scanning; ping, TJping, traceroute • Port Scanning; Ultrascan, NMAP, Slow Scan Attack, used to avoid detection • Utilities & Unix/NT Commands; Finger, Netstat, Rpcinfo, nslookup, whois, Browser to View Source, Telnet to connect to any available port and see what you get, for example s/w version numbers expn root @foo.com, rlogin, rsh, rexecd, look for /etc/shadow, /etc/passwd, /etc/aliases and try to mail these files back to yourself
26
• Man-in-the-middle; Packet sniffing via protocol analyzers (ethfind, sniff, netmon, tcpdump, for example) that have: 1. Physical network access: tapping in via a phone closet, unused network jack, or cable modem 2. Compromise a host in the network path 3. Rerouting data via spoofed RIP, DNS, or ICMP redirect packets • War Dialing; an automated tool that finds internal modems to exploit. ToneLOC, AIO, Modem Hunter and Demon Dialer are other examples
• • • •
Rogue Applications; GetAdmin, NetBUS, BackOrifice to get info, passwords... Dumpster Diving; After hours digging through corporate trash Shoulder Surfing; or overhearing conversations on Airplane, Bus, Restroom, anywhere in public Malicious Web Crawlers; search internet for vulnerable web sites (ie cgi bin vulnerabilities)
4. Impersonation / Spoofing Scenario
Why it can happen
How to prevent it
Email
Send bogus message with a fake “From” line to an SMTP server
No authentication in SMTP
Check source IP address of raw message or use digital signatures
Anonymous remailer
Attacker sends email via anonymous remailer account
No authentication in SMTP
Use digital signatures
Login
Use someone else's login and password to get on a host
Careless with passwords
Protect passwords or use strong authentication
Routing
Send bogus RIP or ICMP redirect packets to a router, or send a source-routed packet to a host
No authentication in RIP, ICMP redirects, source routed packets
Don't use them with untrusted networks
Third party
Send bogus email to the InterNIC requesting bogus domain name change or alternate IP address
InterNIC doesn't fully authenticate unless customer requests it
Have InterNIC authenticate changes to your domain
DNS spoofing
Send an unsolicited reply containing a bogus domain name/address pair to victim's DNS server
No authentication in DNS
Use modified DNS that doesn't cache entries
IP address
Send a packet with a bogus source IP address to a trusting host
Source address is rarely checked.
Block trusted internal addresses from entering your network
Session hijacking
Attacker inserts bogus packets into an established sesson, HUNT and Juggernaut are examples
Authentication already occurred
Encrypt sessions
Web spoofing http://www.cs.princeton.edu/si p/pub/spoofing.html
Attacker creates a “shadow copy” of the entire website, traffic is funneled through the attacker’s machine, allowing monitoring of the victim’s activities, passwords, account numbers
A "man in the middle attack" where the attacker rewrites all of the URLs on some Web page so that they point to the attacker's server rather than to some real server
Disable JavaScript, make sure your browser's location line is always visible, pay attention to the URL’s displayed
27
Cryptography
Type of spoof
Threats
Network
5. Social Engineering (Attacks against people)
Authority Attack (with or without artifact) Using fake badge, utility service outfit to gain info or access or identify a key individual by name/title as supposed friend or acquaintance or claiming authority and demanding information (impersonation)
28
6
Brute force, threatening, gun-to-head or blackmail
Pay-olla Attack Bribery, plain and simple $$$
Persistent Attack 3
Rubber-Hose Attack
Baiting someone to add, deny or clarify pseudo knowledge of the attacker, claiming to know more than you do, to solicit more info
Making an outlandish lie in order to get an informational response
12
Using a sexually attractive individual to gain info or access
Zero-Sum Knowledge Attack
Exaggerated / Knee-jerk Response Attack
9
The 10 Attack
Continuos harassment using guilt, intimidation and other negative ways to reveal info
Stake-Out Attack Analyzing activity over time, people movement & actions, deliveries of supplies
“The boy who cried wolf” Attack Setting off a series of false alarms that cause the victim to disable their own alarm system
Help Desk Attack Impersonating a current or new end-user needing help with access to a net/server
“Go with the Flow” Attack Crowded venues are a great time and place to gain access and information, such as a corporate party that has hundreds of employees, just act like you’re one of them
Fake Survey/Questionnaire Attack Win a free trip to Hawaii, just answer these questions about your network
6. Computer Virus Classes of Viruses
Pure Virus Malicious program that inserts some or all of its own code into another file. These "infected" files are usually program files or data files that contain executable content. Worm Malicious program that has the ability to distribute itself to other users. The most common method of distribution is email. Trojan Horse Malicious program that masquerades as a useful or fun program, but actually performs malicious activity, such as destroying data. Although there are three distinct classes of malicious programs, sometimes virus writers create programs that have attributes of more than one class, such as a trojan horse that deletes files and sends itself out to other users via email.
Description
Symptoms
Examples
Network-aware infection
The ability to enumerate available network file stores and infect files on those stores.
Infected files detected on file servers or systems with open shares. Viruses with this capability can spread through a network rapidly.
W32.Funlove, W32.HLLW.Bymer, Worm.ExploreZip
Mass mailing
Sends emails out to other users, usually with the malicious code body embedded in or attached to the email.
Email servers become slower and sometimes crash. The impact these types of threats have can be considered a denial of service attack.
VBS.LoveLetter, Wscript.Kakworm, W32.Prolin.Worm, Worm.ExploreZip
File destruction
Various files are removed from the system or corrupted. The files that are targeted for deletion may be particular file types or all files on the system.
Programs may no longer launch; data files may no longer be available; general system instability.
W32.Kriz, Worm.ExploreZip, VBS.NewLove.A
Data export
Finds personal information, such as passwords or credit card numbers, and sends it to a predetermined email or Internet location.
Generally there are no outward signs of this activity, other than possible higher Internet access charges.
Buddylist, PWSteal.Trojan
System interception
Hooks are inserted into various system components to allow monitoring or disabling of those components or possibly the alteration of their functionality. Sometimes hooks are used to automatically launch the malicious program.
Additional emails may be sent with normal outgoing mail; browser functionality may be limited or altered.
W95.MTX, W32.Navidad, Happy99.Worm
Hardware damage
Attempt to flash the BIOS or erase the CMOS settings.
Power On Self Test may not begin, hard drives may not be properly identified.
W32.Kriz, W95.CIH W32.Navidad, KeyPanic.Trojan,
Visual payload
Displays messages or graphics.
Various messages or graphical images may appear. New icons may appear in the system tray.
Happy99.Worm
Backdoor/remote control
Once installed on a system, these threats “listen” for commands coming from other computers and then execute them.
Excess network traffic, unusual activity on IP/UDP ports. Threats that perform denial of service attacks often use these backdoor mechanisms to carry out the attack.
Backdoor.SubSeven, BackOrifice, NetBus
Social engineering
Method that the virus writer users to falsely describe the malicious program to the user so that the user will be enticed to run the program.
The user may get an email that has an intriguing or enticing subject or message. Sometimes users encounter files that have been posted to news groups that purport to be pictures of a risque nature.
W32.Funlove, PrettyPark.Worm, Mypics.Worm
Note: Information on these and other malicious programs can be found on the Symantec AntiVirus Research Center Web site at http://www.sarc.com.
29
Cryptography
Malicious Activity
Network
7. Avenues of Attack Employee, Contractor or Access to a Wiring Closet on-site
INTERNAL THREAT
Indirection for the attacker is critical, aka covering your tracks
Innocent third parties Company ISP University
Threats
Tr a n s p o r t a t i o n (Removable Media, Jazz, Zip, CD)
INTERNET
Modem
or
Com
Server
30 BACK ISP 1
DOOR
Com Server
POP
Switch
ISP 2
VPN
UNIVERSITY
POP
TRUSTED
Head End Device
Internal
LINK
System Administrator
Net
Web
VPN Server
Server Mail
Remote Access Server
DNS
Com Server
Free Neighborhood Victims
PA R T N E R OF XYZ Co. Router
ISDN Cable Modem
Gateway
Router Modem
FRONT
DOOR
XYZ Co.
xDSL
EXTERNAL THREAT Outside
Inside
8. Vulnerabilities
1. Easily Guessed Passwords • Too short • Too simple (not using numbers, both cases and special characters) • Using common (dictionary) words • Using simple tricks (adding a number or reversing the login name) 2. Out of date Software (Security Patches Not Installed) 3. Misadministration of Systems • Services left on (lots of defaults come with every OS) • Accounts not closed, or too many accounts • Default accounts left in • Trusted services not sufficiently restricted
5. Untrained Personnel with lack of Security Awareness • Naivete to social engineering techniques • Don’t understand reasons and methods for protecting private information
7. Trusting Protocols that don’t Authenticate • DNS • ICMP Redirect • SMTP • Source Routing Option • RIP
8. Trusting things you get from others • Executable code (Trojan Horses, Virii) • Active content (a special form of executable code. Examples: JavaScript, ActiveX, Java, Macros, PostScript) • Input data to your scripts (may contain special characters, hidden commands or overflow buffers) 9. Stupid Vendor Tricks • Trapdoors left in • Security not designed in • Poor applied cryptography, or using 40-bit ciphers
31
Cryptography
4. Not Keeping Secrets • Writing passwords down (where people can see them) • Sending confidential data in email (it’s like a postcard!) • Using protocols that transmit passwords in the clear (FTP, HTTP, POP3, Telnet, SNMP) • Sending confidential data in FTP or HTTP
6. Running Trusted Services Over Untrusted Networks • NFS • Windows Disk Sharing • ‘R’ commands (rsh, rlogin, rexec) • X Windows
Network
9. General Hacking
1. Exploit misadministration
Threats
- Guess or use purloined password to access account via hole in firewall or dial-up modem. - Access services left on that are insecure TFTP, etc. - Use leftover debugging tool to gain access phf.cgi, files.pl
2. Exploit software bugs 32
- Buffer overflow to run malicious code - Insert special characters in input to victim’s application or web page - Use debug options or trapdoors in unpatched software - Use race condition to increase level of access (get root or administrator)
3. Get victim to run Trojan Horse program (like a game or cute display) to install backdoor program NetBus, BackOrifice which gives attacker access.
4. Exploit features accessible from outside, or on client hosts - Malicious code embedded in active/mobile code - Javascript (Use Excel CALL function, for example) - ActiveX - Java - NTFS Streams - Postscript - Make CD with AutoPlay that installs virus or backdoor program.
5. Misc. Hacker tools - Core dump analyzer - Hex editor - Modem Jammer: Prevents modem calls from being traced - Netcat: An excellent TCP/UDP connection tool by “The Hobbit” and weld pond
6. E-shoplifting - Modified html returned to vendor site
10. Denial of Service
Attack
Disk
Upload large files via FTP Causing large error messages in logs SYN Flood Teardrop Smurf Snork UDP Bomb OOB attack Ping of Death Flood Ping WinNuke Land Mailbombs, spam
Examples:
Network Bandwidth
X X
Internal Data Structure or BufferOverflow X X X
X X
X X X X X X X X X
Mailbombs SYN FLOOD
CPU cycles or crash
Aenima 2.0 WIN NUKE
ZERO LENGTH Wnuke5
WinGenocide Avalanche 3.0 4.0
X X X X X X X
Nuker
Notes Fill the disk with junk data Overflow disk or buffer Lock up port for short time Overlapping IP fragments Redirected broadcast, spoof IP address of victim a source Send spoofed error message to NT RPC port 135 Spoof packet between echo and chargen ports Uses bogus urgent data pointer values Buffer overflow of the IP datagram Swamps the network Send garbage to port 139 on NT Send spoof of victim as source Overloading email server/gateway or user’s mailbox
33
LiquidNuker
Cryptography
Distributed Denial of Service Attack (DDos) Examples: Trinoo, TFN, TFN2K, Stacheldraht A very serious threat that involves many machines in a coordinated attack to exhaust bandwidth, router processing capacity and network stack resources to break connectivity 1) Create a DDoS network of machines by breaking in, gain root access & remote control, install attack software 2) Send command packets to instruct all captured machines about type of flood attack, duration and target address 3) The network of DDoS machines send streams of packets (with forged source addresses) to the victim (i.e. smurf attack to provoke multiple echoes aimed at victim)
Threats
Network
11. Cracking
34
Light-weight (Easy “Brain Dead” Stuff)
Welter-weight (Mostly time consuming)
Middle-weight (Requires both brains and computer resources)
Heavy-weight (Hard - Rocket Science)
• No password at all, and you’re in
• Dictionary Attacks based on 1.Collegiate wordlist/namelist, 2. English wordlist 3. International wordlist & pattern list 4. Substitution filters; o=0, 1=!, for=4, to=2, E=3
• Bruteforce/Exhaustive Key Search
• Linear Crypto Analysis
• Look around for password written down on something • Finding a "Joe" account User name=password • Password derived from User name (5-10% effective) • Use back door left behind by a previous attacker
• Examples of Password/ Passphrase Guessing Crack v5.0 L0pht Crack v2.0 for NT NetBUS FastZip Password Jack the Ripper
• Asymmetric/Symmetric Cipher this may take a very long time depending on key length • 40-bit: Minutes • 56-bit: Hours/Days • 128-bit: Forget it! • SSL PKCS#1 Saltine Cracker
• Differential Crypto Analysis • Ciphertext-only attack • Known-plaintext attack • Chosen-plaintext attack • Adaptive chosen-plain text attack • Chosen Cipher-text attack • Chosen-key attack
12. Hybrid Attacks
An infinite number of hybrid attacks exist that use any combination of methods in different sequences depending on the target, level of knowledge and expertise of the attaker(s). The vast majority of attacks are “Hybrid” and this panel understates the possible number of combinations! A few examples...
Note: 80% of breakins include steps involving exploiting 1) known holes not patched 2) easy to guess passwords.
35
Break-In & Gain Control
Exploit:
Port Scanning Packet Sniffing Social Engineering War Dialing
Exploit well known defects, weak configurations in O/SS's Password Guessing/ Cracking install “rootkit” Add user & privileges for remote control
Modfy, Steal, Destroy... DDoS, Deface Website Manipulate Data,Copy Intellectual Property (HR database, Payroll Info, Credit Cards...)
Cryptography
Information Gathering
Network
13. Piracy & Digital Rights Management (DRM)
Two different ways to think about anti-piracy...
1) Try to prevent theft of Intellectual Property 2) Locate & audit Intellectual Property violations
Copying & Distributing…
Threats
Software Cracking ‘time-out’ & lic. code utilities, “Shared valid Lic. Code” Music Napster, ‘on-the-fly’ format changing, Audio jackers (sound card hacks) Video Macrovision hacks, std. Copying & format converting techniques Documents, Pictures…Cut & paste, screen print & scan, simple photo editor & scanners
Noteworthy Organizations: Business Software Alliance http://www.bsa.org/ Software & Information Industry Association http://www.siia.net/
36
DRM & Anti-Piracy Technology: Steganography & Watermarks: Embedded information within any type of digital content prior to distribution, hidden from detection. The files (images, executable software, music…) can be sent without anyone knowing what lies inside unless they possess the specific utility and decipher keys to unlock and view the hidden info, like a legal Trademark or Copyright notice. Vendor Schemes & Proprietary Viewers: Combining both hardware and software technology to prevent piracy, i.e. gaming industry devices with unique ‘game cartridges’. Other schemes: SDMI Portable Device, IBM cryptolope™, Adobe Acrobat Reader… Software Audit & Metering Tools: Utilities that determine software license compliance. These tools can help networks stay legally compliant within all manufacturer's software agreements thus reduce costs by allowing organizations to only purchase the software they need. License & Asset Mgt Tools: License management involves the distribution, allocation and control of licenses acquired from software vendors. Also these automated network tools can collect asset and software information throughout an organization, track software license compliance, meter software usage and provide critical information for software/hardware upgrade planning. Digital Asset Management (www.digital-integrity.com): Overlapping ‘Hash’ values or ‘fingerprinting’ valuable digital assets can be located and track, including every critical sentence, paragraph, table, or image within an organization or the entire Internet. It’s possible to detect copied information between any file format (text within .doc pasted into .pdf or .ppt). This technology will find copyright infringed material on the Internet or simply block it from leaving the company at the gateway.
14. Noteworthy Organizations & Response Teams
Security Info, portals and more CSI (Computer Security Institute) eSecurity Online InfoSysSec New Order Packet Storm SearchSecurity Security Focus TruSecureTM - ICSA Whitehats
Organizations www.gocsi.com www.esecurityonline.com www.infosyssec.com neworder.box.sk http://packetstorm.securify.com www.searchsecurity.com www.securityfocus.com www.truesecure.com www.whitehats.com
Vulnerabilities lists
CERIAS www.cerias.purdue.edu CERT Coordination Center www.cert.org CVE (Common Vulnerabilities & Exposures) cve.mitre.org FIRST (Forum of Incident & Response Security Teams) www.first.com ISSATM (Information Systems Security Association) www.issa-tntl.org NSI National Security Institute www.nsi.org SANS Institute (System Administration, Networking, and Security) www.sans.org USENIX / SAGE www.usenix.org
Government
Security Focus www.securityfocus.com CERT Coordination Center www.cert.org CVE (Common Vulnerabilities & Exposures) cve.mitre.org SANS Institute (System Administration, Networking, and Security) www.sans.org
DOJ (Department of Justice) FBI (Federal Bureau of Investigation) ICAT NIST (National Institute of Stds & Technology) NSA (National Security Agency)
Vendors & Managed Security Providers
Miscellaneous Sites www.symantec.com www.sarc.com www.microson.com/security www.cisco.com/security xforce.iss.net www.atstake.com www.securify.com www.counterpane.com
Certification Centers CheckmarkTM ICSATM VB100% (West Coast Labs) Virus Test Center Common Criteria
www.check-mark.com www.truesecure.com www.av-test.com/ http://agn-www.informatik.uni-hamburg.de/vtc/ http://csrc.nist.gov/cc/aa/aalist.htm
2600 magazme AntiOnline Ardent-Hacker.net Cult of the Dead Cow Def Con DigiCrime EFF (Electronic Frontier Foundation) Hack Factor X, “HFX” Hacker News Network Happy Hacker Technotronic The Hideaway WebFringe Attrition Information Assurance Technology Analysis Center
www.2600.com www.antionline.com www.ardent-hacker.net www.cultdeadcow.net www.defcon.org www.digicrime.com/dc.html www.eff.org www.hfactorx.org www.hackernews.com www.happyhacker.org www.technotronic.com www.hideaway.net www.webfringe.com www.attrition.org iac.dtic.mil/iatac
37
Cryptography
Symantec SARC (Symantec Antivirus Research Center) Microsoft Security Group CISCOTM Network Security Council ISSTM X-Force @Stake Securify Counterpane
www.usdoj.gov www.fbi.gov.scitech.htm http://icat.nist.gov www.nist.gov www.nsa.gov
Threats
Network
15. Web Site Hacking
38
Disrupt, Degrade Denial
Observe, Copy, Steal Data
• • • •
• Sniffing, port scanning • Hack system access, gain access to credit cards • Exploit database, application
Denial of service attacks Syn flood Smurf attacks DNS exploits
Masquerade, Impersonate
Modify, Corrupt, Change Content
• Spoofing • DNS exploits
• • • • •
e-Shoplifting by changing html http based attacks feed invalid data (enter wrong data) exploit CGI bin holes exploit unpatched O/S and webserver software holes
16. Physical Threats
2nd, The Attack Stealing the computer, laptop at Airport or Back-up tape, disks and replacing with blanks
- Crawl under a computer raised floor, through ceiling space
- Boot disk on locked system, NTFS2DOS.exe hack
- Picking a mechanical lock, obtaining or duplicating keys - Activate Door Open button on the inside or slide flat panel under door to activate the motion unlock sensor
- Unlocked wiring closets in public areas then sniff/destroy/whatever - Dumpster diving for ‘deadtree’ items or media - Recovering shredded/pseudo destroyed material - Surveillance by either looking over someone’s shoulder "shoulder-surfing" high-powered photography, cameras for viewing, listening to PIN entries
- Circumvent Alarm System
- Wire tapping & recording video or audio
- Motion, passive IR (temperature), microwave (reflection)
- Trojan attacks (undetected/unattended agent)
- Badge systems / card reader / FOBS / LC tuned circuits man-in-the-middle attack between ‘panel’ and ‘control machine’
39
- Keyboard typing, swap out keyboard for similar looking recording kb or one that sends data out by RF signal - Smart card tampering, may be very difficult
- Hack card reader or duplicate cards - relatively easy - (12 bit Person Code, 8 bit Install code)
- RF transmitter, van Eck radiation, CRT image capture
- Biometrics access control attack false positive (design flaws) hacks on fingerprint readers, replay
- Exploiting BIOS faults (special password, certain key combo) - Obtaining keying material/private key of a CA, or local key ring then crack it
Cryptography
Sophisticated
General
1st, Gain Physical Access - Breaking in by knocking down a door, crowbar attack...
Threats
Network
17. Glossary of Security Threats Terms LEGEND
40
Electronic Mail
TCP / IP (Internet or Intranet)
Web Sites / Browser
Applications
Person / Identity
Computer / Device
Active attack: An attack which results in an unauthorized state change, such as the manipulation of files or the adding of unauthorized files or programs. Active cheater: An attacker that is one of the parties involved in the protocol and disrupts the process in an attempt to cheat (PKCS #1 SSL attack). Anonymous remailer: usually an Internet email service, in which you can send and receive email without knowing its origins (sender) or receiver. Attack: An attempt to bypass security controls on a computer. The attack may alter, release, or deny data. Whether an attack will succeed depends on the vulnerability of the computer system and the effectiveness of existing countermeasures. Audit trail: In computer security systems, a chronological record of system resource usage. This includes user login, file access, other various activities, and whether any actual or attempted security violations occurred, legitimate and unauthorized. Back Door: A hole in the security of a computer system deliberately left in place by designers or maintainers. Synonymous with trap door; a hidden software or hardware mechanism used to circumvent security controls. A secret way to enter a computer or program that bypasses normal operating mode.
Birthday attack: Based on the statistical probability that finding two identical elements in a known finite space, the expected effort takes the square root of the key space number of steps. With only 23 people in a room, there is a better chance than even, that two have the same birthday. Black-Hat hacker: A criminal or malicious hacker, opposite of a white hat hacker. Data Diddling: The act of intentionally entering false information into a system or modifying existing data. Also known as a darkside hacker. Bomb: A general synonym for crash, normally of software or operating system failures. Brute force attack: Typically a known-plaintext attack that exhausts all possible key or password combinations. Carding: The act of generating and or creating phony credit cards or calling cards, usually by knowing something about the card numbering algorithm. Chosen ciphertext attack: A cryptanalytic attack by choosing known ciphertext to be decrypted and have access to the decrypted plaintext. For example, having access to a tamperproof blackbox that does automatic decryption. Chosen-key attack: The attacker does not possess the key, but only some knowledge about the relationship between different keys. This is an obscure and usually impractical attack. Correlation attack: Combining the output of several stream ciphertext sequences in some nonlinear manner. Thus revealing a correlation with the combined keystream and attacked using linear algebra. Countermeasures: An active process that responds to an attack, putting up a defense or launching a retaliatory response.
17. Glossary of Security Threats Terms
• •
Derf: Gaining physical access to a computer that is currently logged in by an absent minded individual. Dictionary attack: Trying to discover a password by comparing a password file with a list of known hashed values of password. Differential linear cryptanalysis: A relatively new attack that combines both differential and linear cryptanalysis. DNS spoofing: Assuming the DNS name of another system by either corrupting the name service cache of a victim system, or by compromising a domain name server for a valid domain. Eavesdropping: Surreptitious interception of information sent over a network by an entity for which the information was not intended. FIN attack: Using the FINish flag within the TCP header to tear down a session or as a method of stealth scanning against ports. Firewall: A system or combination of systems that enforces a boundary between two or more networks. Gateway that limits access between networks in accordance with local security policy. Fork Bomb: (see Logic Bomb): Also known as Logic Bomb - Code that can be written in one line of code on any Unix system; used to recursively spawn copies of itself, "explodes" eventually eating all the process table entries and effectively locks up the system. Hacker: A person who enjoys exploring the details of computers and how to stretch their capabilities. A malicious or inquisitive meddler who tries to discover information by poking around. A person who enjoys learning the details of programming systems and how to stretch their capabilities, as opposed to most users who prefer to learn only the minimum necessary. Hacking: Unauthorized use, or attempts to circumvent or bypass the security mechanisms of an information system or network.
41
Cryptography
Crack: A popular hacking tool used to decode encrypted passwords. System administrators also use Crack to assess weak passwords by novice users in order to enhance the security. Cracker: One who breaks into computer systems or accounts. Cracking: The act of breaking into a computer system or account; what a cracker does. Contrary to widespread myth, this does not usually involve some mysterious leap of hackerly brilliance, but rather persistence and the dogged repetition of a handful of fairly well-known tricks that exploit common weaknesses in the security of target systems. Craming: A subtle scam used to get someone to change telephone long distance carriers without their knowledge. Cryptanalysis: 1) The analysis of a cryptographic system and/or its inputs and outputs to derive confidential variables and/or sensitive data including cleartext. 2) Operations performed in converting encrypted messages to plaintext without initial knowledge of the crypto-algorithm and/or key employed in the encryption. Data driven attack: A form of attack that is encoded in innocuous seeming data that is executed by a user or a process to implement an attack. A data driven attack is a concern for firewalls, since it may get through the firewall in data form and launch an attack against a system behind the firewall. Data mining (warehousing): The act of collecting information to build a database or personal dossier. Demon dialer (see war dialer): A program, which repeatedly calls the same telephone number. This is benign and legitimate for access to a BBS or malicious when used as a denial of service attack. Denial of service: Action(s) that prevents any part of an information system from functioning in accordance with its intended purpose. Usually flooding a system to prevent it from servicing normal and legitimate requests.
Threats
Network
17. Glossary of Security Threats Terms
42
Hijacking (IP): An action whereby an active, established session is intercepted and co-opted by the unauthorized user. IP splicing attacks may occur after an authentication has been made, permitting the attacker to assume the role of an already authorized user. Primary protections against IP splicing rely on encryption at the session or network layer. ICMP Flood: A denial of service attack that sends a host more ICMP echo requests (“ping”) packets than the protocol implementation can handle. Indirection: Covering your tracks so that the target cannot identify or prove who is attacking them. Internet worm: A worm program that was unleashed on the Internet in 1988. Robert T. Morris wrote it as an experiment that got out of hand. Intrusion detection: Pertaining to techniques, which attempt to detect intrusion into a computer or network by observation of actions, security, logs, or audit data. Detection of break-ins or attempts either manually or via software expert systems that operate on logs or other information available on the network. IP spoofing: An attack whereby a system attempts to impersonate another system by using a false source IP address. Joe account: An account where the user name and password are the same. Keystroke logger: A program that records everything a user enters via a keyboard. Known-plaintext attack: The cryptanalyst has access not only to the ciphertext of several messages, and also the plaintext. The challenge is to deduce the key or keys used to encrypt or an algorithm to decrypt any new messages encrypted with the same key or keys.
Leapfrog attack: Use of user-id and password information obtained illicitly from one host to compromise another host. The act of TELNETing through one or more hosts in order to preclude a trace (a standard cracker procedure). Letterbomb: A piece of email containing live data intended to do malicious things to the recipient's machine or terminal. Under UNIX, a letterbomb can also try to get part of its contents interpreted as a shell command to the mailer. The results of this could range from silly to denial of service. Linear crypt analysis: An attack using linear approximations to describe the action of a block cipher. If you XOR some plaintext, XOR ciphertext, then the results, you get a single bit that is the XOR of some of the key bits. Logic Bomb: Also known as a Fork Bomb - A resident computer program which, when executed, checks for a particular condition or particular state of the system which, when satisfied, triggers the perpetration of an unauthorized act. Mail bomb: The mail sent to urge others to send massive amounts of email to a single system or person, with the intent to crash the recipient's system. Mail bombing is widely regarded as a serious offense. Malicious code: Hardware, software, of firmware that is intentionally included in a system for an unauthorized purpose; e.g. a Trojan horse. Man-in-the-middle: An active attack that typically is gaining information by sniffing or tapping a line between two unsuspecting parties. Misrepresentation: The presentation of an entity as a person or organization that it is not. For example, a web site might pretend to be a furniture store when it is really just a site that takes credit-card payments but never sends any goods. Misrepresentation is one form of impersonation. See also spoofing.
17. Glossary of Security Threats Terms
•
• •
Phreaker: An individual fascinated by the telephone system. Commonly, an individual who uses his knowledge of the telephone system to make calls at the expense of another. Piggyback attack: The gaining of unauthorized access to a system via another user's legitimate connection.
Ping-of-Death: An attack using an echo request (ping) IP datagram with over 65,507 bytes of data (creating an illegal, oversized IP datagram). This buffer overflow causes some systems to crash or lock up. Ping sweep: An attack that sends ICMP echo requests (“pings”) to a range of IP addresses, with the goal of finding hosts that can be probed for vulnerabilities. Port scanning: An attack that sends client requests to a range of server port addresses on a host, with the goal of finding an active port and exploiting a known vulnerability. Probe: Any effort to gather information about a machine or its users for the apparent purpose of gaining unauthorized access to the system at a later date. Prowler: A daemon that is run periodically to seek out and erase core files, truncate administrative log files, nuke lost & found directories, and otherwise clean up. Replay attack: A attack in which a valid data transmission is maliciously or fraudulently repeated, either by the originator or by an adversary who intercepts the data and retransmits. Replicator: Any program that acts to produce copies of itself. Examples include; a program, a worm, a fork bomb or virus. It is even claimed by some that UNIX and C are the symbiotic halves of an extremely successful replicator. Retro-Virus: A retro-virus is a virus that waits until all possible backup media are infected too, so that it is not possible to restore the system to an uninfected state. Root kit: A collection of tools that allows a hacker to provide a backdoor into a system, collect information on other systems on the network, mask the fact that the system is compromised, and much more. Rootkit is a classic example of Trojan Horse software.
43
Cryptography
NAK attack: Negative Acknowledgment - A penetration technique which capitalizes on a potential weakness in an operating system that does not handle asynchronous interrupts properly and thus, leaves the system in an unprotected state during such interrupts. Pagejacking: A masquerade attack in which the attacker copies (steals) a home page or other material from the target server, diverting browsers from the target server to the attacker’s server. Packet sniffing: The act of monitoring the packets on a network segment to pick up useful information like logins and passwords. See also Sniffer. Passive attack: Attack, which does not result in an unauthorized state change, such as an attack that only monitors and/or records data. Penetration: The successful unauthorized access to an automated system. Perimeter security: The technique of securing a network by controlling access to all entry and exit points of the network. Usually associated with firewalls and/or filters. Phage: A program that modifies other programs or databases in unauthorized ways; especially one that propagates a virus or Trojan horse. PHF hack: The phf.cgi script which comes with some web servers as a diagnostic tool can be used by an attacker to run other commands at a privileged level. Phracker: An individual who combines phone phreaking with computer hacking.
Threats
Network
17. Glossary of Security Threats Terms
•
44
Root: The highest level of access to a Unix computer. SATAN: Security Administrator Tool for Analyzing Networks - A tool for remotely probing and identifying the vulnerabilities of systems on IP networks. A freeware program which helps to identify system security weaknesses. Scanner/port scanning: An information gathering method or tool in which all possible port numbers are accessed to determine which services are running or available on a host. Script-Kiddie: A person who aspires to be a hacker/cracker but has very limited knowledge or skills related to information system. Usually associated with young teens that collect and use simple malicious programs obtained from the Internet. Secure shell: A completely encrypted shell connection between two machines protected by a super long pass-phrase. Sequence number: A number used to coordinate an upcoming TCP session. Has been guessed as part of a spoofing attack. Session hijacking: A sophisticated attack in which the attacker spoofs both ends of a TCP session in progress, thereby gaining unauthorized access to the session and system. Slamming: The act of changing a telephone customer's long distance service provider without their knowledge or permission. Shell: A software layer that provides the interface between a user and the operating system of a computer. Shoulder surf: To look over someone’s shoulder to view a passphrase or pin to gain access at a later time. Smurfing: A denial of service attack in which an attacker spoofs the source address of an echo-request ICMP (ping) packet to the broadcast address for a network, causing the machines in the network to respond en masse to the victim thereby clogging its network. Snarf: To grab a large document or file for the purpose of using it with or without the author's permission.
Sniffer/sniffing: A program running on a computer or device that's attached to a network that filters, captures, and records network traffic, i.e. packets. Comes from a Network General (now Network Associates) protocol analyzer product known as Sniffer. Social engineering: A euphemism for non-technical or low-technology means such as lies, impersonation, tricks, bribes, blackmail, and threats - used to attack information systems. Spam: Unsolicited commercial email (UCE). The electronic mail equivalent of junk mail. Spoofing: Pretending to be someone else. The deliberate inducement of a user or a resource to take an incorrect action. Attempt to gain access to a system by pretending to be an authorized user. Impersonating, masquerading, and mimicking are forms of spoofing. Steganography: The practice of hiding secrets in otherwise normal looking data files, like JPEG pictures, etc. Subversion: Occurs when an intruder modifies the operation of the intrusion detector to force false negatives to occur. SYN flood attack: When the SYN queue is flooded, no new connection can be opened. Threat: The means through which the ability or intent of a threat agent to adversely affect an automated system, facility, or operation can be manifest. A potential violation of security. Trapdoor: A hidden computer flaw known to an intruder, or a hidden computer mechanism (usually software) installed by an intruder, who can activate the trap door to gain access to a computer. Traffic analysis: Monitoring data or encrypted data to or from a specific target to learn patterns. Tripwire: A software tool that generates one way hash signatures of sensitive files which are used to detect tampering or alteration.
17. Glossary of Security Threats Terms
45
Cryptography
Trojan Horse: An apparently useful and innocent program containing additional hidden code which allows the unauthorized collection, exploitation, falsification, or destruction of data. TTY watcher: A hacker tool that allows hackers with even a small amount of skill to hijack terminals. It has a GUI interface. Virus: A program that can "infect" other programs by modifying them to include a, possibly evolved, copy of itself. Wannabe hacker: A novice hacker, see Script-Kiddie. War dialer: A program that will automatically dial a range of telephone number looking for a modem/computer to answer. A program that dials a given list or range of numbers and records those, which answer with handshake tones, which might be entry, points to computer or telecommunications systems. White Hat Hacker: One who usually does not break into unauthorized systems, but they do sometimes write the tools that get used by the novices and black hat hackers. Whitemail: The dissemination of false information for financial gain via email. Worm: Independent program that replicates from machine to machine across network connections often clogging networks and information systems as it spreads.
Cryptography Reference
47
Cryptography
Cryptography
Threats
Network
1. Basic Functionality of Crypto
48
RET SEC TOP
1
Authentication: Wh o are you?
2 Authorization: W here are you allowed t o go?
3
Confidentiality: Pri v a cy / E n cr y p t i on
4 In te g ri ty: N ot ch a n ge d or m od i f i e d
5
Non-Reputation: D i gi t a l si gn atur e.
2. Crypto Primary Function
ENCRYPTION
D I G I TA L S I G N AT U R E S
(Private & Confidential)
SYMMETRIC KEY ALGORITHM
Stream Cipher RC4 SEAL WAKE A5 PKZIP
Block Cipher
PUBLIC KEY (ASYMMETRIC) ALGORITHM
Discrete Log
DES, 3DES RC2, RC5, RC6 IDEA CAST Blowfish,Twofish MARS RIJNDAEL (AES) Serpent
(Message Integrity)
( Authentic/Non-Repudiation)
MESSAGE DIGEST (HASH ALGORITHM)
Factoring
DSA RSA ECC LUC Diffie-Hellman ElGamal Encrytion, (Diffie-HellmanMerkle-VernamElGamal)
Public-Key Infrastructure PKIX SPKI SDSI PGP DNSSEC
MD2 MD5 SHA SHA-1 RIPE-MD160
Key Management ISA/KMP SKIP Photuris Diffie-Hellman ElGamal IKE (ISA/KMP w/OAKLEY)
49
Threats
Network
3. Symmetric /Asymmetric Function
Symmetric (Conventional) Encryption
Al
ice
Bo
2
b
ic Al
50
Plaintext
Cryptography
Asymmetric (Public Key) Encryption
Shared Key
Encryption Algorithm
Ciphertext
Decryption Algorithm
Plaintext
1
e
Alice places document in dual-key strongbox.
Alice locks box with Bob’s public key.
3
4
Bob unlocks box with his private b Bo key.
Box transported to Bob.
5
Bob retrieves document.
4. Trust Models DIRECT (Peer to peer)
DISTRIBUTED (Web of Trust)
HIERARCHIAL
Root CA
USA
Japan
France
USA Corp.
Japan Corp.
French Gov.
Brazil
Friend Individuals
Individuals
Alice
Bob
Employer Spouse USA Gov.
If certificate's key is compromised, how many others does it affect
Brazil Brazil Corp. Univ. You
Affects One
Affects Very Many
Affects Few
Affects All
Affects Many
Signer Leaf Nodes
Third Party Services
Basic Web of Trust (primitive) Name Server
1 Bob and Alice exchange keys in a secure fashion.
Registration Authority
Alice
2 Alice signs Bob’s key and returns it.
Key Generator
Certificate Leaf Node
Certificate Authority
Bob
Certificate Directory
3 Carol and Alice exchange keys in a secure fashion; Carol trusts Alice as an introducer
4 Bob sends Carol his key, signed by Alice. Carol can now trust Bob's key.
Carol
Signee
Cross-Signed (signed one another)
51
Network
5. Certificate Comparison
PGP v5 and later P U B L I C K E Y PA C K E T • • • • • •
X.509 v3 VERSION (OF CERTIFICATE FORMAT)
Packet he a d e r f i e ld Version n u m b e r Times tam p of ke y c r e a t i on Validity p e r i od Public-Ke y t y p e (R S A , D S A , D H ) Key Mat e r i a l
Certification Authority's Private Key
CERTIFICATE SERIAL NUMBER SIGNATURE ALGORITHM IDENTIFIER (FOR CERTIFICATE ISSUER'S SIGNATURE
USER ID:
[email protected] ISSUER (CERTIFICATION AUTHORITY) X.500 NAME
• Pac ke t h e a d e r f i e ld • 25 5 c h a r a c t e r oc t e t st r i n g (typ i c a lly R F C 822)
52
VALIDITY PERIOD (START AND EXPIRATION DATES/TIMES)
SIGNATURE: Spouse
SUBJECT X.500 NAME
SIGNATURE: Co-worker
Generate Digital Signature
SIGNATURE: Employer • Packet header field • Timestamp • Version number • Signer Key ID • Length of following info, MD Calc. • Signature classification • Public-Key Type • Message Digest Algorithm • String of data holding the signed digest
SUBJECT PUBLIC KEY INFORMATION
ALGORITHM IDENTIFIER PUBLIC KEY VALUE
ISSUER UNIQUE IDENTIFIER ISSUER UNIQUE IDENTIFIER
S U B K E Y PA C K E T • Packet header field • Similar to Main Public-Key Packet S U B K E Y S I G N AT U R E PA C K E T • Packet header field • Similar to signature packet
TYPE
CRITICAL
FIELD VALUE
TYPE
NON-CRITICAL
FIELD VALUE
ASSERTION CERTIFICATION AUTHORITY'S DIGITAL SIGNATURE
EXTENSIONS
Cryptography
Threats
USER ID:
[email protected]
6. Secure Messaging with Public Key Cryptography
1
2
Alice creates a message for Bob
Bill
Jan
5
4
3
Alice encrypts message with Bob’s public key
Alice mails message
Bob retrieves message
(SMTP, X.400, etc.)
(SMTP, X.400, etc.)
6
Bob decrypts Alice’s message with his private key
Bob reads message
Router
Sue
Bob
INTERNET
To:
Bo
To:
b
Bo
To:
b ic Al
o e B
b
53
Router
S T E P 5 : T R A N S PA R E N T P R O C E D U R E
S T E P 2 : T R A N S PA R E N T P R O C E D U R E
A Seal message (MD5, SHA1)
D
C
B Alice signs message with her private key
Compress message (ZIP)
(RSA, DSA)
Al ic Al
e
ice A
A
Encrypt message with random session key (IDEA, CAST, Triple DES) and Bob’s public key (RSA, Diffie-Hellman)
e lic To:
Al
ice
Bo
b
B
Decompress message
Examine seal for tampering
(UNZIP)
(MD5, SHA-1)
C
KEY LEGEND
Bob verifies Alice’s signature with her public key
Public Key
(RSA, DSA) Al
ice
Al
ice
Private Key
A
e lic
Network
7. Public-Key Infrastructure & Digital Certificates STEP 1: OBTAIN CERTIFICATE
STEP 2: USING CERTIFICATE
Employee, Individual or Device needs Cert.
Enterprise Network
1
2
OCSP Status Request
Rejected
Submit Certificate Request (PKCS 10)
Access Granted! Retrieve Cert
Threats
Identify Attribute (Name, Org, Emp#…)
Status Notification
Cert Generate Key-Pair (Local or Central)
6
Valid Certificate!
OCSP Client and Toolkit 5
Certificate Authority Processing Center 4 3
54 Registration Authority receives request (Vetting Process)
either
Certificate Authority receives request (Vetting Process)
Signed OCSP Response
Issuing CA OCSP Responder
Certificate Status Database
OCSP PROCESS
Approved
Cryptography
End User
Resource
Pending (…) Rejected
Cert Created & Issued (Signing Process)
Director y/Database/Repositor y (Published Certificate)
Many combination of Locally Hosted or Remote Hosted Services
1. A user presents a certificate and requests to access a protected Enterprise resource. The request is signed with the user’s private key corresponding to their certificate. The Enterprise OCSP client and toolkit verify that the certificate chain and signature are correct. 2. The Enterprise OCSP client then composes and sends an OCSP request to the OCSP Responder of the Certificate Authority that issued the user’s certificate.
Status Notification
3. The CA OCSP Responder obtains the certificate status in real tirne from the certificate status database. 4. The CA OCSP Responder generates an OCSP response that states the certificate status, signs the response, and sends it to the Enterprise OCSP client. 5. The Enterprise OCSP client parses the response and verifies its signature to determine that the response is legitimate. 6. If the response states that the certificate is valid, the Enterprise OCSP client application verifies that the user is authorized for access to the resource. If so, the OCSP client grants the user access to the requested resource.
8. Relative Strength Comparisons
Key Lengths
Brute Force Attack
Public Key
Symmetric Asymmetric Elliptic Cipher (RSA,DSA,DH) Curve
Average Times needed to search half the symmetric key-space (worst case scenario would be twice as long) A T T A C K E R ’S
(Conventional)
40 56 64 80 96 112 120 128
bits bits bits bits bits bits bits bits
274 384 512 1024 1536 2048 2560 3072
bits bits bits bits bits bits bits bits
57 80 106 132 160 185 237 256
bits bits bits bits bits bits bits bits
Key Length...
Number of Possible Keys
Time required at 106 encryptions/µsec
32 bits 56 bits 128 bits
232 = 4.3 x 109 231 µsec = ~36 min ~2 millisec 256 = 7.2 x 1016 255 µsec = 1142 yrs ~10 hours 24 2128 = 3.4 x 1038 2127µsec = ~5 x 10 ~5 x 1018 yrs
Passphrase Guessing (dictionary attack) Strong
OK
Weak
example
“dogie” “br1a9Az” “,tHX1lb
Key Individual Length Attacker (bits)
Small Group
Academic Network
Large Company
Military Intelligence Agency
40 56 64 80 128
days decades centuries infeasible infeasible
hours years decades infeasible infeasible
milliseconds hours days centuries infeasible
microseconds seconds minutes centuries millennia
weeks centuries millennia infeasible infeasible
Assumptions are based on 1997 technology:
Average Time for Exhaustive Key Search Time required at 1 encryption/µsec
C A P A B I L I T Y
Individual Attacker: one high-end desktop machine and software (217 – 2 24 keys/second) Small Group: 16 high-end machines and software (221 – 2 24 keys/second) Academic Network: 256 high-end machines and software (225 – 2 28 keys/second) Large Company: $1,000,000 hardware budget (243 keys/second) Military Intelligence Agency: $1,000,000,000 hardware budget and advanced technology (255 keys/second)
Using easy-to-remember English words results in approximately 1.3 bits of entropy per character, (word space) vs. purely random characters (total space).
# of characters 5 7 10
complexity
word space
total space
time-to-break total space
25 (lowercase) 62 (alphanumeric) 95 (full keyboard)
12 bits 24 bits 40 bits
23.5 bits 41.7 bits 65.7 bits
40 minutes 22 years infeasible (3.8 x 108yrs)
55
Network
9. ISO Reference/Security Protocols
Us er A ppl ic at ion
Cryptography
Threats
ISO Reference Model
56
Pr o x y Ba se d F ir e w a ll
Di s tr i b u ted d a ta se r vice Pla n Da ta Str ea m
7
A ppl ic at ion Layer
6
S y nt ax independent mes s a ges Enc r yp ted Data Pa c k ets P re s en t at ion Layer
5
S S L Pr o t o co l S S L H a n d sh a k e Pr o t o co l
S S L R e co r d Pr o t o co l
Se s s ion Layer Net w o rk independent mes s a ges
4
Tran s por t Laye r
3
Ne t work Laye r
2
D at a Lin k Laye r
1
P h ys ic al Layer Phy sical co nnec tion t o net w o rk har d war e
D at a Net work
S o ck s, Pr o x i e s
Pa ck e t F il t e r - ci r cuit l a yer IPse c/V PN • L2TP, L2F, PPTP • LinkLayer Point-to-Point Hardware Encr yptors • Mac Layer Filtering (switches)
10. Related Standards
U.S. Government Standards - NIST (FIPS)
ANSI Banking and Security Standards
FIPS# FIPS 46-2 FIPS 74 FIPS 81 FIPS 102 FIPS 112 FIPS 113 FIPS 140-1 FIPS 171 FIPS 180-1 FIPS 181 FIPS 185 FIPS 186 FIPS 188 FIPS 190-191 FIPS 196
ANSI # X3.92 X3.106 X9.8 X9.9 X9.17 X9.19 X9.23 X9.24 X9.26 X9.30:1 X9.30:2 X9.55 X9.57
Subject DES Guidelines for using DES DES modes of operation Guidelines for certification & accreditation Password usage Data authentication (CBC-MAC) Cryptomodule security requirements Key management using X9.17 Secure hash standard (SHA-1) Automated password generator Key escrow (Clipper & Skipjack) Digital Signature Standard (DSS) Standard security labels for info transfer Guidelines for authentication & analyzing LAN Entity authentication (asymmetric)
Subject Data Encryption Algorithm (DEA) Data Encryption Algorithm (DEA) PIN management and security Message authentication (wholesale) Key management (wholesale; symmetric) Message authentication (retail) Encryption of messages (wholesale) Key management (retail) Sign-on authentication (wholesale) Public Key, Digital Signature Algorithm Public Key, Secure Hash Algorithm Extensions to Public Key Certificates & CRLs Certificate Management for Financial Services
PKCS No.
PKCS title
No.
PKCS title
1 3 5 6 7
RSA encryption standard Diffie-Hellman key-agreement standard Password-based encryption standard Extended-certificate syntax standard Cryptographic message syntax standard
8 9 10 11 12
Private-Key information syntax standard Selected attribute types Certification request syntax standard Cryptographic token interface standard Personal information exchange syntax standard
57
Network
11. IKE: Key Negotiation
IKE Main mode IPSec Lifetime Expires
Hash E n c r y p t io n A ut h en t ic a t io n Dif f ie- H ellm a n g ro up SA lif et im e
• • • •
E s t a b lis h S A s Key m a t eria l Dif f ie- H ellm a n ex c h a n ge Pro t ec t io n f o r I PSec n eg ot i at i on
ELEMENTS
Quick Mode
IPSec
Threats
• • • • •
• • • • •
Hash E n c r y p t io n PF S g ro up S A lif et im e Mo d e
FUNCTIONS • Pro t ec t io n v ia E SP • I n t eg rit y v ia A H • Req ues t Key s f ro m I KE
ELEMENTS
FUNCTIONS
58 SA Request IPSec (triggered by ACL)
IKE SA Offer - DES, SHA_1, RSA, sig, D-H group 1 lifetime
Cryptography
Alice
Policy Match accept offer
Bob
Alice D-H exchange: KE, nonce ISAKMP Phase1
In the clear
Bob D-H exchange: KE, nonce Oakley Main Mode
Protected
Alice Authenticate D-H apply SHA Hash Bob IKE SA Inbound Established Outbound Established
Bob Authenticate D-H apply SHA Hash
Alice IKE SA Inbound Established Outbound Established
12. Time Stamping
1
Create Document Identifier
1. Calculate a hash or fingerprint for data file of any size and is a unique value that is based on the exact content of the data file.
Any file 01010010011010
Client's computer using IP Protector 2
Computer message digest (SHA-1)
Fingerprint (HASH)
Send to independent time stamping authority
Create Time Stamp
DigiStamp’s server 15March2000 9:24am
01010010011010
01010010011010
01010010011010
12 9
3
2. An internet-based server adds the current time to the fingerprint, signs that intermediate product (SHA-1 digest + current time) using public key encryption, generating a time stamp. The time stamp is delivered back to the client software for storage.
6
Current time (official UTC sync)
3
Construct Time Stamp
Store Data Locally
• Standard CMS (PKCS#7) record
• Verified locally with public key
Private Key
Sign Time Stamp
3. The time stamp is delivered back to the client software for storage.
59
Threats
Network
13a. Secure Messaging
1 Digital Signature added (DSA, SHA-1) using sender’s private key.
60
Cryptography
Alice
Original Plaintext
Signed
2 Document with signature compressed.
3 Compressed file encrypted with one-time session key (IDEA, CAST Triple DES).
Compressed
Encrypted
4 Encrypted copy of session key added (DH) using receiver’s public key.
Keyed
5 File converted to ASCII armor format.
Armored
6 Message transferred via insecure channel. (telephone, satellite, microwave)
Attacker
ker
13b. Secure Messaging
7 Message received in ASCII armor format.
Attacker
Dearmor
8 ASCII armor removed.
Dekey
9 One-time (IDEA, CAST, Triple DES) session key recovered using recipient’s private key.
Decrypt
10 File decrypted using one-time session key (IDEA, CAST, Triple DES).
11 File decompressed revealing signature and plaintext message.
Decompress
Verify
12 Signature verified using sender’s public key (DSA, SHA-1).
Original Plaintext
61
Bob
Network
14. Protocol Using Crypto
Cryptography
Threats
Applications
62
Protocols
Status
RFC #s
Public Key
Symmetric
Key Length
Hash
Encoding
Cert Type
Trust Model
Store & Forward DMS (MSP) (e-mail) MOSS PEM PGP PGP/MIME S/MIME
RFC RFC RFC RFC RFC
1847,1848 1241,2,3,4 1991 2015,1847 1847
RSA RSA RSA RSA, DH RSA, DH RSA
DES, 3DES, IDEA DES DES IDEA, CAST, 3DES IDEA, CAST, 3DES RC2, RC4, 3DES
56,128 56 56 128 128 40,128
MD5 MD5 MD5 MD5, SHA-1 MD5, SHA-1 MD5, SHA-1
base 64, ASN.1 base 64 RADIX 64 RADIX 64 RADIX 64 ASN.1
X.509 X.509 X.509 PGP PGP X.509
H H,D H H,D,W H,D,W H,D
Network Transport (Browser)
TLS (SSL) PCT SHTTP
RFC draft draft
RSA, DH RSA RSA
3DES, RC2, RC4, DES-CBC40,128 DES, RC2, RC4, IDEA DES, 3DES, DES, CBC
base 64
X.509 X.509 X.509
H D,H D,H, Kerb,RSA
Voice
Clipper PGPfone
FIPS
RSA DH
Skipjack 80 Blowfish, CAST, 3DES 160,128
Session Key Management
IKE SKIP
RFC
RSA RSA
RC2, DES, 3DES DES, IDEA, RC4
MD5, SHA-1 MD5
Network Authentication (Login)
Kerberos PAP CHAP TACACS RADIUS CAT OTP
RFC RFC RFC RFC
1510 1334 1994 927
DES-CBC, DES
MD4, MD5, CRC32 MD5 MD5
RFC RFC
2078,2228 2289,2243
RSA
DES
56
MD5, SHA MD5, SHA MD2, MD5
GSM, ADPCM
MDS, SHA-1 MD4, MD5, SHA
D = Distributed H = Hierarchy W = Web of Trust
ASN.I
D X.509
X.509 X.509
D, H D, H
D, H D, H
Glossary of Cryptography Terms
Legend Algorithm Symmetric/Conventional Asymmetric/Public Key Message Digest/Hash Organization RED = Algorithm BLUE = Protocol/API/Standard
Methods Certificate Standard Protocol API GREEN = Organization
63
cryptography
A5: a trade-secret cryptographic algorithm used in European cellular telephones. AES (Advanced Encryption Standard): NIST approved standards, assumed for next 20 - 30 years. AKEP (Authentication Key Exchange Protocol): Key transport based on symmetric encryption allowing two parties to exchange a shared secret key, secure against passive adversaries. Algorithm (encryption): A set of mathematical rules (logic) used in the processes of encryption and decryption. ASN.1 (Abstract Syntax Notation One): ISO/IEC standard for encoding rules used in X.509 certificates, two types exist; DER (Distinguished Encoding Rules), BER (Basic Encoding Rules).
Attribute Certificate: A digital certificate that binds a set of descriptive data items, either directly to a subject name or to the identifier of another certificate that is a public-key certificate. Asymmetric keys: a separate but integrated user key-pair, comprised of one public-key and one private-key. Each key is one way, meaning that a key used to encrypt information cannot be used to decrypt the same data. Authorization Certificate: an electronic document to prove one’s access or privilege rights; also to prove one is who they say they are. Blind Signature: ability to sign documents without knowledge of content, similar to a notary public. Block Cipher: a symmetric cipher operating on blocks of plaintext and ciphertext, usually 64 bits. Blowfish: a 64-bit block symmetric cipher consisting of key expansion and data encryption. A fast, simple, and compact algorithm in the public domain written by Bruce Schneier. CA (Certificate Authority): a trusted third party (TTP) who creates certificates that consist of assertions on various attributes and binds them to an entity and or to their public key. CAPI (Crypto API): Microsoft’s crypto API for Windows-based operating systems and applications. CAST: A 64-bit block cipher using 64-bit key, six S-boxes with 8-bit input and 32-bit output, developed in Canada by Carlisle Adams and Stafford Tavares.
Cryptography
Threats
Network
Glossary of Cryptography Terms
64
CBC (Cipher Block Chaining): the process of having plaintext XORed with the previous ciphertext block before it is encrypted, thus adding a feedback mechanism to a block cipher. Certificate (digital certificate): An electronic document attached to a public key by a trusted third party, which provides proof that the public key belongs to a legitimate owner and has not been compromised. Certificate Enrollment Protocol (CEP): Specifies how a device communicates with a CA, including how to retrieve the CA's public key, how to enroll a device with the CA, and how to retrieve a CRL. CEP uses PKCS #7 and PKCS #10. Certificate Extensions: An X.509 v3 certificate contains an extensions field that permits any number of additional fields to be added to the certificate. Certificate extensions provide a way of adding information such as alternative subject names and usage restrictions to certificates. CFB (Cipher Feedback Mode): A block cipher that has been implemented as a self-synchronizing stream cipher. Certification: endorsement of information by a trusted entity. Certificate Management Messages over Cryptographic Message Syntax (CMC): Message format used to convey a request for a certificate to a Registration Manager or Certificate Manager. Certificate Management Message Formats (CMMF): Message formats used to convey certificate requests and revocation requests from end entities to a Registration Manager or Certificate Manager and to send a variety of information to end entities.
Certificate Management Systems (CMS): A highly configurable set of software components and tools for creating, deploying, and managing certificates. CMS comprises three major subsystems that can be installed in different CMS instances in different physical locations: Certificate Manager, Registration Manager, and Data Recovery Manager. Certificate Revocation Tree (CRT): A mechanism for distributing notice of certificate revocations. CHAP (Challenge Handshake Authentication Protocol): a session-based, two-way password authentication scheme. Ciphertext: the results of manipulating either characters or bits via substitution, transposition or cryptographic operations. Cleartext: characters in a human readable form or bits in a machine readable form (also called plaintext). CPS (Certificate Practice Statement): Describe the policies, practices, and procedures employed by a CA. (Certificate Authority) CRL (Certificate Revocation List): an online, up-to-date list of previously issued certificates that are no longer valid. Cross-certification: two or more organizations or Certificate Authorities that share some level of trust. Cryptanalysis: The art or science of transferring ciphertext into plaintext without initial knowledge of the key used to encrypt the plaintext. Cryptography: the art and science of creating messages that have some combination of being private, signed, unmodified, with non-repudiation.
Glossary of Cryptography Terms
Cryptoperiod: specific time span during which a cryptographic key is authorized, or for which a key setting remains in effect. Cryptosystem: a system comprised of cryptographic algorithms, all possible plaintext, ciphertext, and keys. Data Integrity: a method of ensuring information has not been altered by unauthorized or unknown means. Decryption: the process of turning ciphertext back into plaintext. DES (Data Encryption Standard): a 64-bit block cipher, symmetric algorithm also known as Data Encryption Algorithm (DEA) by ANSI and DEA-1 by ISO. Widely used for over 20 years, adopted in 1976 as FIPS 46. Diffie-Hellman: the first public key algorithm, invented in 1976, using discrete logarithms in a finite field. Digital Signature: The digital equivalent of a written signature, providing cryptographic evidence that the original document is authentic unaltered, not forged and non-repudiable, almost always using a public-key algorithm. Direct Trust: an establishment of peer-to-peer confidence. Discrete Logarithm: the underlying mathematical problem used by asymmetric algorithms, like Diffie-Hellman and Elliptic Curve. It is the inverse problem of modular exponentiation, which is a one-way function. DSA (Digital Signature Algorithm): a public-key digital signature algorithm proposed by NIST for use in DSS. DSS (Digital Signature Standard): a NIST proposed standard (FIPS) for digital signatures using DSA.
ECC (Elliptic Curve Cryptosystem): a unique method for creating public-key algorithms based on mathematical curves over finite fields or with large prime numbers. EES (Escrowed Encryption Standard): a proposed U.S. government standard for escrowing private keys. ElGamal Scheme: used for both digital signatures and encryption based on discrete logarithms in a finite field, can be used with the DSA function. Encryption: the process of disguising a message in such a way as to hide its substance. Entropy: a mathematical measurement of the amount of uncertainty or randomness. FIPS (Federal Information Processing Standard): U.S. government standards published by NIST. GAK (Government Access to Keys): a method for the government to escrow individuals’ private keys. GSS-API (Generic Security Services API): IETF RFC 1508 is a high level security API, which isolates session-oriented application code from implementation details. Hash: a one-way function - a function that produces a message digest that cannot be reversed to produce the original. Hierarchical Trust: a graded series of entities that distribute trust in an organized fashion, commonly used in X.509 issuing certifying authorities. IDEA (International Data Encryption Algorithm): a 64-bit block symmetric cipher using 128-bit keys based on mixing operations from different algebraic groups. Considered one of the strongest algorithms.
65
Cryptography
Threats
Network
Glossary of Cryptography Terms
66
Identity Certificate: a signed statement which binds a key to the name of an individual and has the intended purpose of delegating authority from that named individual to the public key. IKE (Internet Key Exchange): a manual and automatic key exchange method combining ISA/KMP and Oakley Key Exchange, as described in IETF IPsec specification. ISO (International Organization for Standardization): responsible for a wide range of standards, like the OSI model and international relationship with ANSI on X.509. ITU-T (International Telecommunication Union Telecommunication): formally the CCITT (Consultative Committee for International Telegraph and Telephone), a worldwide telecommunications technology standards organization. Kerberos: a trusted-third-party authentication protocol developed at MIT. Key: a means of gaining or preventing access, possession, or control represented by any one of a large number of values. Key Escrow/Recovery: a mechanism that allows a third party to retrieve the cryptographic keys used for data confidentiality, with the ultimate goal of recovery of encrypted data. Key Exchange: a scheme for two or more nodes to transfer a secret session key across an unsecured channel. Key Length: the number of bits representing the key size; the longer the key, the stronger it is. Key Management: the process and procedure for safely storing and distributing accurate cryptographic keys, the overall process of generating and distributing cryptographic key to authorized recipients in a secure manner.
Key Splitting: a process for dividing portions of a single key between multiple parties, none having the ability to reconstruct the whole key. KTC (Key Translation Center): a trusted server that makes a key chosen by one party available to another party by reencrypting (translating) it by a key shared with the requesting party. LRA (Local Registration Agent): an entity appointed by a CA or RA to assist other entities in applying for certificates, revoking their certificates or both. MAA (Message Authenticator Algorithm): an ISO standard that produces a 32-bit hash, designed for IBM mainframes. MAC (Message Authentication Code): a key-dependent oneway hash function, requiring the use of the identical key to verify the hash. MD2 (Message Digest 2): 128-bit one-way hash function designed by Ron Rivest, dependent on a random permutation of bytes. MD4 (Message Digest 4): The predecessor of MD5, later found to be weak. MD5 (Message Digest 5): 128-bit one-way hash function designed by Ron Rivest, very widely used. Message Digest (also MD): A number that is derived from a message. Change a single character in the message and the message will have a different message digest. MIC (Message Integrity Check): Same as Message Digest. Micalg (MIC algorithm) used to identify the MIC algorithm used in signing MIME Messages.
Glossary of Cryptography Terms
MIME (Multipurpose Internet Mail Extensions): a freely available set of specifications that offers a way to interchange text in languages with different character sets, and multi-media email among many different computer systems that use Internet mail standards. Modulus: The defining constant in modular arithmetic, and usually a part of the public key in asymmetric cryptography NIST (National Institute for Standards and Technology): a division of the U.S. Dept. of Commerce that publishes open, interoperability standards called FIPS. Non-repudiation: preventing the denial of previous commitments or actions. NSA (National Security Agency): a United States cryptologic organization tasked with making and breaking codes and ciphers. Oakley: The "Oakley Session Key Exchange" provides a hybrid Diffie-Hellman session key exchange for use within the ISA/KMP framework. Oakley provides the important property of "Perfect Forward Secrecy.” One-Time Pad: a large nonrepeating set of truly random key letters used for encryption, considered the only perfect encryption scheme, invented by Major J. Mauborgne and G. Vernam in 1917. Not widely used because key management is impractical. One-Way function: a function of a variable string to create a fixed length value representing the original pre-image, also called message digest, fingerprint, message integrity check (MIC).
PAP (Password Authentication Protocol): an authentication protocol that allows PPP peers to authenticate one another, does not prevent unauthorized access but merely identifies the remote end. Passphrase: an easy-to-remember phrase used for better security than a single password, key crunching converts it into a random key. Password: a sequence of characters or word that a subject submits to a system for purposes of authentication, validation, or verification. Perfect Forward Secrecy: a cryptosystem in which the ciphertext yields no possible information about the plaintext, except possibly the length. PGP (Pretty Good Privacy): an application & protocol (RFC 1991) for secure email and file encryption developed by Phillip R. Zimmermann, originally published as Freeware, the source code has always been available for public scrutiny. PGP uses a variety of algorithms, like IDEA, RSA, Diffie-Hellman, CAST, DSA, MD5, SHA-1 for providing encryption, authentication, message integrity, and key management. PGP is based on the “Web-of-Trust” model and has world-wide deployment. PGP/MIME: an IETF standard (RFC 2015) that provides privacy and authentication using the Multipurpose Internet Mail Extensions (MIME) security content types described in RFC 1847, currently deployed in PGP 5.0 and later.
67
Cryptography
Threats
Network
Glossary of Cryptography Terms
68
PKCS (Public Key Crypto Standards): set of “de facto” standards for public key cryptography developed in cooperation with an informal consortium (Apple, DEC, Lotus, Microsoft, MIT, RSA and Sun) that includes algorithm specific and algorithm independent implementation standards. Specifications defining message syntax and other protocols controlled by RSA Data Security Inc. PKI (Public Key Infrastructure): a widely available and accessible certificate system for obtaining an entity’s public-key with some degree of certainty that you have the ‘right’ key and it has not been revoked. PKIX: A contraction of "Public-Key Infrastructure (X.509)", the name of the IETF working group that is specifying an architecture and set of protocols needed to support an X.509-based PKI for the Internet. Plaintext (or cleartext): the human readable data or message before it is encrypted. Private Key: the privately held “secret” component of an integrated asymmetric key pair, often referred to as the decryption key. Public Key: the publicly available component of an integrated asymmetric key pair often referred to as the encryption key. RA (Registration Authority): responsible for authorizing entities or LRA, distinguished by unique names, as members of a security domain, this involves associated a user with specific key material. RAs work on behalf of the CA. Random Number: an important aspect to many cryptosystems, and a necessary element in generating a unique key(s) that are unpredictable to an adversary .
RC2 (Rivest Cipher 2): variable key size, 64-bit block symmetric cipher, once a proprietary algorithm of RSA, Data Security Inc. RC4 (Rivest Cipher 4): variable key size stream cipher, once a proprietary algorithm of RSA Data Security, Inc. RC5 (Rivest Cipher 5): a block cipher with a variety of parameters, block size, key size, and number of rounds. RIPE-MD: an algorithm developed for the European Community’s RIPE project, designed to resist known cryptanalysis attacks and produce a 128/160-bit hash value, a variation of MD4. Revocation: retraction of certification or authorization. ROT-13 (Rotation Cipher): a simple substitution (Caesar) cipher, rotating each 26 letters 13 places. RSA: short for RSA Data Security, Inc.; or referring to: Ron Rivest, Adi Shamir, and Len Adleman; or to the algorithm they invented. The RSA algorithm is used in public-key cryptography and is based on the fact that it is easy to multiply two large prime numbers together, but hard to factor them out of the product. S-Box: A nonlinear substitution function (thus “S-Box”) basic to block ciphers (eg. DES and CAST), where an input is XOR-ed and converted to an output (6 bits and 4 bits, respectively, in DES) and which provides the core of such ciphers’ security. SA (Security Association): a simplex (uni-directional) logical connection that specifies a security process through the use of AH and ESP. SAFER (Secure And Fast Encryption Routine): a non-proprietary block cipher 64-bit key encryption algorithm. Not patented, available license free. Developed by Massey, who developed IDEA.
Glossary of Cryptography Terms Salt: a random string that is concatenated with passwords before operated on by a one-way function; helps prevent against successful dictionary attacks. Secret Key: either the “private key” in public-key (asymmetric) algorithms or the “session key” in symmetric algorithms. Secure Channel: a means of conveying information from one entity to another such that an adversary does not have the ability to reorder, delete, insert or read (SSL, IPSEC, whispering in someone’s ear). Self-Signed Certificate: A public-key certificate for which the public key bound by the certificate and the private key used to sign the certificate are components of the same key pair Session Key: The secret (symmetric) key used to encrypt each set of data on a transaction basis. A different session key is used for each communication session. SHA-1 (Secure Hash Algorithm): the 1994 revision to SHA, developed by NIST, (FIPS 180-1) used with DSS produces a 160-bit hash, similar to MD4, very popular and is widely implemented. Skipjack: The 80-bit key encryption algorithm contained in NSA’s Clipper chip. The algorithm is classified; NSA will not release information on how it works. It has a backdoor feature for government access. SKMP (Secure-Key Management Protocol): an IBM proposed key-recovery architecture that uses a key encapsulation technique to provide the key and message recovery to a trusted third-party escrow agent. Smart Cards: tamper-resistant hardware devices that store private keys and other sensitive information.
SOQ: a widely adopted standard for digital certificates that uses ANSI.1 encoding and carries cryptographic material and X.500 conventional content. S/MIME (Secure Multipurpose Mail Extension): a proposed standard developed by a consortium of e-mail software vendors led by RSADSI, for encrypting and/or authenticating MIME data. S/MIME defines a format for the MIME data, the algorithms that must be used for interoperability (RSA, RC2, SHA1), and the additional operational concerns such as X.509 certificates and transport over the Internet. SPI (Security Parameter Index): the combination of destination address, a security protocol and an SPI uniquely identifies a security association (SA). SSH (Secure Shell): an IETF proposed protocol for securing the transport layer by providing encryption, cryptographic host authentication, and integrity protection. SSL (Secure Socket Layer): developed by Netscape to provide security and privacy over the Internet. Supports server and client authentication and maintains the security and integrity of the transmission channel. Operates at the transport layer and mimics the “sockets library,” allowing it to be application independent. Encrypts the entire communication channel and does not support digital signatures at the message level. Steganography: Methods of hiding the existence of a message or other data, i.e., digital watermark or “invisible” ink. Stream cipher: a class of symmetric-key encryption operating on the plaintext one byte (or one bit) at a time. Substitution cipher: the characters of the plaintext are substituted with other characters to form the cipher text.
69
Cryptography
Threats
Network
Glossary of Cryptography Terms
70
Symmetric algorithm: an encryption algorithm in which the same secret key is used for both encryption and decryption. Also known as conventional, secret-key and single-key algorithms. Block and stream ciphers are classes of symmetric algorithms. Timestamping: recording the time of creation or existence of information. TLSP (Transport Layer Security Protocol): ISO 10736, draft international standard. Transposition cipher: the plain text remains the same but the order of the characters is transposed. Triple DES: an encryption configuration in which the DES algorithm is used three times with three different keys. Trust: a firm belief or confidence in the honesty, integrity, justice, reliability, etc., of a person, company, and so forth. TTP (Trusted Third-Party): a responsible party in which all participants involved agree upon in advance to provide a service or function, such as certification, by binding a public-key to an entity, time-stamping, or key-escrow. Web of Trust: a distributed trust model used by PGP to validate the ownership of a public key where the level of trust is cumulative, based on the individuals knowledge of the ‘introducers’. XOR (eXclusive Or opeRation): exclusive - or operation, a mathematical way to represent differences.
X.509v3: an ITU-T digital certificate that is an internationally recognized electronic document used to prove identity and public key ownership over a communication network. It contains the issuer’s name, the user’s identifying information, and the issuer’s digital signature, as well as other possible extensions in version 3. Zeroed: the degaussing, erasing or overwriting of electronically stored data.
Glossary of Cryptography Terms
3
Network Threats Cryptography
The information in this document is subject to change without notice and must not be construed as a commitment on the part of Symantec Corporation. Symantec assumes no responsibility for any errors that may appear in this document. No part of this document may be reproduced, stored in a retrieval system, or transmitted, in any form a by any means - graphic, electronic, or mechanical, including photocopying and recording - without the ,prior written permission of the copyright owner. Symantec and the Symantec logo are U.S. registered trademarks of Symantec Corporation. Other brands and products are trademarks of their respective holders). Copyright © 2001 Symantec Corporation. All Rights Reserved. Printed in the United States of America 08/01 09-71-00385