Cryptography - Lecture 21 - Security in Practise, User Identification

1. Security in Practise - Secure Email

• email is one of the most widely used and regarded network services
• currently message contents are not secure
  • may be inspected either in transit
  • or by suitably priviledged users on destination system

2. Email Privacy Enhancement Services

• confidentiality (protection from disclosure)
• authentication (of originator)
• message integrity (protection from modification)
• non-repudiation of origin
• (protection from denial by sender)

3. Secure Email Implementation

• can't assume real-time access to a trusted key server
• hence must use public key algorithms and certificates to exchange session keys and authenticate contents
• as well as private key encryption for speed
• also limited by email system constraints (text content only)
• often implement using email encapsulation

4. PEM & S/MIME

• PEM was original Internet standard for secure email
  • confidentiality - DES encryption in CBC mode
  • integrity - DES encrypted hash (MD2/MD5)
  • authentication - either DES or RSA encrypted hash
  • non-repudiation - RSA encrypted hash
• key management uses either
  • central on-line, private-key server
  • public-key certificates, using X.509 strong authentication
  • signed by a Certification Authority (CA) hierarchy
• S/MIME is revised version with wider applicability
  • uses DES, Triple-DES, RC2 private key ciphers
  • X.509 certificates, central or "web of trust" certification

5. PGP

• Pretty Good Privacy
• widely used de facto secure email standard
  • developed by Phil Zimmermann
  • available on Unix, PC, Macintosh and Amiga systems
  • originally free!!!! commercial versions now available
• confidentiality - IDEA encryption
• integrity - RSA encrypted MIC (MD5)
• authentication & non-repudiation - RSA encrypted MIC
• uses grass-roots key distribution
  • trusted introducers used to validate keys
  • no certification authority hierarchy needed
  • should be able to import X.509 certificates soon

6. PGP - In Use

• all PGP functions are performed by a single program
• must be integrated into existing email/news
• each user has a keyring of known keys
  • containing their own public and private keys (protected by a password)
  • public keys given to you directly by a person
  • public keys signed by trusted introducers
• used to sign/encrypt your messages
• used to validate messages received

7. Sample PGP Message

-----BEGIN PGP SIGNED MESSAGE-----

May all your signals trap
May your references be bounded
All memory aligned
Floats to ints be rounded

Lawrie
-----BEGIN PGP SIGNATURE-----
Version: 2.3
iQBzAgUBLdl1RILpoub8ek7fAQF2nwLuJwVPh8iiFrksXSCe6z37ZdV37pXvsYyz0WAnCBCdpu55yId5/kVhmvusTo10zUHPssPwB99TQq9YsduSfkVeILjfJNJEuUWQkJl8dWvaB+IIEEodF0Xpbc23krnuOA==
=hn90
-----END PGP SIGNATURE-----

8. PGP - Issues

• were questions of legality, but PGP may now be legally used by anyone in the world:
  • noncommercial use in US/Canada with licenced MIT version
  • commercial use in US/Canada with Viacrypt version
  • noncommercial use outside the US is probably legal with (non US sourced) international version
  • commercial use outside the US requires an IDEA licence for the international version
• was a legal battle in US over its original export between US govt and Phil Zimmermann

9. Security in Practise - SNMP

• SNMP is a widely used network management protocol
• comprises
  • management station
  • management agent with
  • its management information base (MIB)
  • linked by network management protocol (GET,SET)

10. SNMP Versions and Security

• SNMP v1 lacks any security (GET and SET open if there)
• SNMP v2 includes security extensions for
  • message authentication (keyed MD5)
  • message secrecy (DES)
  • based on the SNMPv2 party (sender & receiver roles)
  • used for access control & key management
  • all associated information stored in a party MIB
  • assumes syncronised clocks (within a set interval)
  • unfortunately ended up with several variants
• SNMP v3
  • attempt to reconcile variants
  • using MD5/SHA/DES for various security needs

11. Security in Practise - One Time Passwords

• password snooping of network logins is increasing
• one solution uses a one-time password (OTP) which is
  • only ever used once
  • generated by a one-way hash function
  • using a program, token, or pre-printed list

12. OPIE (Onetime Passwords In Everything)

• S/Key and OPIE are widely used PD schemes
• enable login over an insecure network
• secure against passive attacks
• OPIE is an Internet standard

  s = f(pass|seed)
  p0 = fN(s)
  p1 = fN-1(s)
  

• server can verify response using stored p_i-1 and passing once through hash function
• attacker would need to invert hash function, which is extremely difficult
• hash function f used is MD4 S/Key, MD5/SHA OPIE
• does require periodic resetting

13. User Identification

• user identification (identity verification)
  • convince system of your identity
  • before it can act on your behalf
• sometimes also require that the computer verify its identity with the user
• user authentication is based on three methods
  • what you know
  • what you have
  • what you are

14. User Identification in Practise

• valid information supplied against a table of possible values based on users claimed identity

15. What you Know - Passwords or Pass-phrases

• prompt user for a login name and password
• verify identity by checking that password is correct
• on some (older) systems, password was stored in the clear (this is now regarded as insecure, since breakin compromises all users of the system)
• more often use a one-way function, whose output cannot easily be used to find the input value
  • either takes a fixed sized input (eg 8 chars)
  • or based on a hash function to accept a variable sized input to create the value
• important that passwords are selected with care to reduce risk of exhaustive search
• cf. Denning Computer (In)security Fig 2 & 3, pp111-12

16. What you Know - One-shot Passwords

• one problem with traditional passwords is caused by eavesdropping their transfer over an insecure network
• one possible solution is to use one-shot (one-time) passwords
  • these are passwords used once only
  • future values cannot be predicted from older values
• either generate a printed list, and keep matching list on system to be accessed (cf home banking)
• or use an algorithm based on a one-way function to generate previous values in series (eg see SKey/OPIE example previously)
• generally good only for infrequent access

17. What you Have

• here verify identity based on possession of some object, often also combined with a password
• can be passive (encoded value) or active
• common passive tokens are a magnetic card or magnetic key
• with required code value encoded in it (eg access control cards)

18. What you Have - Smart Card or Calculator

• an active token
• may interact with system
• may require information from user
• could be used to actively calculate:
  • a time dependent password
  • a one-shot password
  • a challenge-response verification
  • public-key based verification
• cf. Davies fig 7.7 & 7.8 pp184-84

19. What you Are

• here verify identity based on your physical characteristics or involuntary reponse patterns
• known as biometrics
• characteristics used include:
  • signature (usually dynamic)
  • fingerprint
  • hand geometry
  • face or body profile
  • speech
  • retina pattern
• always have tradeoff between
  • false rejection (type I error)
  • false acceptance (type II error)
• cf. Davis fig 7.12 p195

20. Summary

• some examples of security in practise
• user authentication issues