Slide 1Slide 2Slide 3Slide 4Slide 5Slide 6Slide 7Slide 8Slide 9Slide 10Slide 11Slide 12Slide 13Slide 14Slide 15Slide 16Slide 17Slide 18Slide 19Slide 20Slide 21Slide 22Slide 23Slide 24Slide 25Slide 26Slide 27Slide 28Slide 29Slide 30Slide 31Slide 32Slide 33Slide 34Slide 35Slide 36Slide 37Slide 38Slide 39Slide 40Slide 41Slide 42Slide 43Slide 44Slide 45Slide 46Steenkiste & Eckhardt, SCS, CMU1Lecture 23Security - ApplicationsPeter SteenkisteSchool of Computer ScienceCarnegie Mellon University15-441 NetworkingMutilated by Dave Eckhardt, Fall 2004Steenkiste & Eckhardt, SCS, CMU1OutlineKey management examples»Kerberos»SSL»PGPBreaking into hostsDOSFirewallsSteenkiste & Eckhardt, SCS, CMU1Web SecurityWeb SecuritySteenkiste & Eckhardt, SCS, CMU1KerberosUses symmetric cryptosystem (DES).»Key derived by one-way function from user’s password.Kerberos 5 is an Internet Standard.»Export restrictions applyKerberos is an example of a centralized key distribution center.»Performance of private key cryptography without need to maintain N2 key pairs»Every user shares a private key with a key distribution center–Called a Kerberos Authentication Server (AS)»When Bob and Alice want to communicate securely, Bob requests a one time (shared) session key from the KDC»The session key is distributed only to Bob and AliceSteenkiste & Eckhardt, SCS, CMU1Kerberos OverviewKerberos OverviewSteenkiste & Eckhardt, SCS, CMU1All Those Tickets...?Credentials cache: FILE:/tkt/4435-0000-419b6602.krb5 Principal: [email protected] Issued Expires PrincipalNov 17 09:53:57 Nov 18 11:20:18 krbtgt/[email protected] 17 09:53:57 Nov 18 11:20:18 [email protected] 17 09:54:16 Nov 18 11:20:18 krbtgt/[email protected] 17 09:54:16 Nov 18 11:20:18 [email protected] 17 09:54:25 Nov 18 11:20:18 host/[email protected] 17 13:22:42 Nov 18 11:20:18 imap/[email protected] file: /tkt/4435-0000-419b6602Principal: [email protected] Issued Expires PrincipalNov 17 09:53:57 Nov 18 11:20:18 [email protected] 17 09:54:25 Nov 18 09:42:03 [email protected] 17 09:55:46 Nov 18 09:43:24 [email protected] 17 13:22:37 Nov 18 10:11:34 [email protected] 17 13:23:30 Nov 18 10:12:27 [email protected] & Eckhardt, SCS, CMU1Kerberos ProtocolBob tells AS that he wants to talk to Alice.»Encrypted using Bob’s private keyAS authenticates Bob, checks he has access privileges for Alice, and generates a session key for communication between Bob and Alice.AS generates a ticket intended for Alice.»Bob’s name, the session key, and a timestamp»The ticket is encrypted using Alice’s private keyAS sends Bob the ticket plus session key.»Encrypted using Bob’s keyBob then contacts Alice with the ticket plus an encrypted timestamp.»Alice decrypts the ticket, plus timestamp and sends back the timestamp plus one (nonce)BobASAliceSteenkiste & Eckhardt, SCS, CMU1Secure Socket LayerSSLGoal»Establish secure channel between two parties who do not share a secret (e.g., a private key).Further challenge (just for fun)»Assume there is no globally-believed directory of public keys (good assumption)»Assume further that new trusted servers are added to the network every hour (also good)How would you get this to work?Steenkiste & Eckhardt, SCS, CMU1SSL PlanKey concept: certificate »“To whom it may concern, the private key matching public key 2398898ca76fe676bbabe67867d00d7987bad is held by the owner of www.FJALJFDSL.org.”Plan (conceptual)»Contact a server you suspect is www.FJALJFDSL.org»It will send you a certificate containing its public key»You will generate a random symmetric-cipher session key and encrypt it with the server's public key»Only www.FJALJFDSL.org can decrypt the message and obtain the session keyDone!»?Steenkiste & Eckhardt, SCS, CMU1Trusting Certificates?Key concept: certificate »“To whom it may concern, the private key matching public key 2398898ca76fe676bbabe67867d00d7987bad is held by the owner of www.FJALJFDSL.org.”Key problem: how do you trust the certificate?»No global directory (and it would be out of date if you had one)Solution»Certificates are signed (by “very trustworthy” organizations)Steenkiste & Eckhardt, SCS, CMU1Signed CertificatesKey concept: signed certificate»To whom it may concern, the private key matching public key 2398898ca76fe676bbabe67867d00d7987bad is held by the owner of www.FJALJFDSL.org.»--Sincerely, Baltimore Cybertrust»Hash: 469341329473a6755e5f5675a65b»Signature: 5fe65765865ca765b58675e5655a65c567586e65What could go wrong?Steenkiste & Eckhardt, SCS, CMU1Quid custodit ipsos custodes?What could go wrong?»Maybe Baltimore CyberTrust didn't claim exactly that (maybe the domain name was different, maybe the key was different...)–Server could provide bogus certificate»Who is Baltimore CyberTrust anyway?–How do I know their public key?–How do I know they aren't crooks?One approach – insert a level of indirection»Server provides www.FJALJFDSL.org certificate»Server also provides Baltimore CyberTrust certificate–“To whom it may concern, the private key matching public key ... is held by the owner of Baltimore CyberTrust...Signed, ReallyTrustworthyPeople.”»“Certificate Chain”Steenkiste & Eckhardt, SCS, CMU1Browser CA ListThis indirection must bottom out eventually! »List of CA's (certificate authorities) stored in your browser–Default set compiled into executable–You can add, delete via “Security Preferences” dialogue–You probably installed “CMU CA” when you arrived here–Now you know what you did on that fateful day»Your responsibility to periodically scan CA list to make sure it's up to date–You do that, right?Steenkiste & Eckhardt, SCS, CMU1Secure Socket Layer ProtocolLots of complexities»Crypto handshake–Client and server each list their possible and preferred symmetric ciphers and key-size limits–Protocol derives a “good” compromise»Many kinds of certificates–Server certificates, signing certificates, authority certificates...»Certificate details–Expiration time, crypto protocol limitsBrowser will tell you when something is wrong»Weird confusing dialogue box»You will just click “ok” no matter what it says...Steenkiste & Eckhardt, SCS, CMU1SSL
View Full Document