Lecture 20 - Security and Encryption

Agenda

Announcements

  • This week's CS Colloquium - Williams alum Joe Vanderwaart '99. TCL 202, 2:35 PM Friday.

    • Security

    Security: Authentication

    Indentifying the user to the system.

    Most common method: passwords

  • passwords stored in an encrypted form - cipher text
  • one-way encryption algorithm: easy to convert "clear text" password to cipher text, hard to convert back
  • alternately, one-time passwords may be used

    • In Unix, see crypt(3) for more information about the encryption used. See /etc/passwd or /etc/shadow for password files.

    Security is compromised if passwords are compromised. There are many ways that this can happen:

  • passwords written down
  • typing simple passwords with someone watching
  • run a "crack" program, encrpyting possible passwords, comparing to encrypted entries in the password file
  • packet sniffers - "watch" password get typed if clear text passwords are written to a shared network
  • more recent problem: many web sites use passwords, meaning more chance that some passwords are stored in clear text or are even gathered by malicious web site operators or even more likely to be written down or stored somewhere
  • trojan horse to gather passwords

    • Security: Threats

  • other trojan horses:
  • if . is in your search path, someone (maybe me, maybe Duane) can replace something like ls when you're in our directory
  • if a system is compromised, many system programs could be "trojaned" - things like top, ps, might be included to make it harder to detect an intruder
  • trap doors: special "ways in" to the system left by programmers, compilers, or malicious users - consider "easter eggs" - could be malicious
  • stack and buffer overflows:
  • for example, if a program does not do good array bounds checking, this can be exploited to overwrite part of a program's memory (most importantly, a setuid program) to gain root access to a system
  • these are very common - source of the majority of recent Unix security problems
  • See web sites: [SecurityFocus][CERT] [Smashing The Stack For Fun And Profit]
  • worms and viruses - worms are standalone programs that replicate themselves, viruses are typically embedded in other files or programs - read about Morris Internet Worm
  • denial of service attacks - don't actually break in, but render a system or network unusable by overloading it with invalid requests

    • Real story: malicious trap door program left running as "pine".

    Real story: UNIX Cloak v1.0

    Discussion topic: Open Source vs. Proprietary systems for security?

    Recent news item: Trojan Found in libpcap and tcpdump

    Encryption

    For privacy or security, some information may need to be encrypted.

    We have seen that Unix stores password entries in an encrypted form.

    We'll talk a bit more about networks soon, but one of the problems with communicating across many of today's networks is that the information on the network can be seen not only by its intended recipient, but also by many other computers. Encryption has been used for this purpose for centuries, often with the messages being military orders.

    Even when a network is not involved, someone may want to encrypt files for privacy.

    Original data is called clear text, encrypted version is called cipher text.

    Conventional Encryption

    The cipher text is a function of the clear text, the encryption algorithm, and the secret key. The algorithm is public! Or at least a good scheme should not rely on the secrecy of the algorithm. It's just the key that is kept secret.

    The clear text is a function of the cipher text, the decryption algorithm, and the same secret key. Again, the algorithm is public. The decryption returns the original clear text.

    For the encryption to be strong enough, it must be very difficult to figure out the secret key, even given a bunch of cipher texts and the algorithm. Two approaches that an adversary may use are cryptanalysis, where properties of the clear text and the nature of the algorithm are examined to deduce the secret key, and a brute-force attack, where every possible key is tried until one works. For an n-bit key, this means up to 2n keys must be tried, making brute-force attacks expensive. But modern hardware can break a 56-bit key in just a few hours.

    Examples:

  • The Data Encryption Standard (DES) - 56-bit secret key. Selected by US Gov't in 1977. Broken in 1998.
  • New Advanced Encrpytion Standard (AES) - 168-bit key - competition was held, and Rijndael was selected in 2000 as the new standard. See more here.

    • Problem: how do we tell the intended recipient of our messages what our secret key is, without telling all the world what our secret key is. Perhaps this can be sent securely by some other means, but perhaps the only communication channel is the one we do not trust that led us to employ encryption in the first place.

    Public-Key Encryption

    Instead of a single key, we have a public key and a private key. The public key is, well, public - anyone who wants to have it, can have it. But the private key is never shared. This idea was proposed in 1976 by Diffie and Hellman.

    To transmit a message securely from Alice to Dilbert:

    1. Alice and Dilbert each compute their public key-private key pair. Each publishes its public key for all the world to see.
    2. Alice looks up Dilbert's public key, and uses it to encrypt the message.
    3. Dilbert receives the message, and uses his private key to decrypt.

    But what if Catbert intercepts the message?

    Everything is just fine - even though Catbert, the evil directory of Human Resources, has the cipher text and he can have Dilbert's public key, he does not have Dilbert's private key. So he has no way to intercept the message.

    The most popular public-key algorithm is the Rivest-Shamir-Adleman (RSA) Algorithm. It uses the fact that it is relatively easy to compute numbers that are products of large primes, but very difficult to factor the number into those primes.

    Secure shell works this way - when you set up ssh, your computer computes its public key and private key. When another computer wants to communicate securely with yours, they exchange public keys and they're off.

    There's still a potential problem with the distribution of public keys. Suppose Alice decides to send Dilbert a message for the first time, so she needs his public key. When she makes that request, maybe Dilbert is out of the office, but Catbert pretends to be Dilbert (spoofs his address) and sends his own public key instead. Since Alice didn't know it came from Catbert instead of Dilbert, she gladly encrypts messages intended for Dilbert using the bad public key, and Catbert sits in his office decrypting, soon to fire Alice for what she said about him..

    There is a lot more to discuss about encryption, but most of it does not really fit into this course. Some links to visit for more information:

  • NIST Computer Security Resource Center
  • OpenSSH
  • MIT Distribution Center for PGP (Pretty Good Privacy)
  • RC5 at distributed.net
  • RSA Laboratories' Frequently Asked Questions About Today's Cryptography