Steenkiste & Eckhardt, SCS, CMU1Lecture 23Security - ApplicationsPeter SteenkisteSchool of Computer ScienceCarnegie Mellon University15-441 NetworkingMutilated by Dave Eckhardt, Fall 2004Steenkiste & Eckhardt, SCS, CMU2OutlinelKey management examples»Kerberos»SSL»PGPlBreaking into hostslDOSlFirewallsSteenkiste & Eckhardt, SCS, CMU3Web SecurityWeb SecuritySteenkiste & Eckhardt, SCS, CMU4KerberoslUses symmetric cryptosystem (DES).»Key derived by one-way function from user’s password.lKerberos 5 is an Internet Standard.»Export restrictions applylKerberos is an example of a centralized key distribution center.»Performance of private key cryptography without need to maintain N2 key pairs»Every user shares a private key with a key distribution center–Called a Kerberos Authentication Server (AS)»When Bob and Alice want to communicate securely, Bob requests a one time (shared) session key from the KDC»The session key is distributed only to Bob and AliceSteenkiste & Eckhardt, SCS, CMU5Kerberos OverviewKerberos OverviewSteenkiste & Eckhardt, SCS, CMU6All Those Tickets...?Credentials cache: FILE:/tkt/4435-0000-419b6602.krb5 Principal: [email protected] Issued Expires PrincipalNov 17 09:53:57 Nov 18 11:20:18 krbtgt/[email protected] 17 09:53:57 Nov 18 11:20:18 [email protected] 17 09:54:16 Nov 18 11:20:18 krbtgt/[email protected] 17 09:54:16 Nov 18 11:20:18 [email protected] 17 09:54:25 Nov 18 11:20:18 host/[email protected] 17 13:22:42 Nov 18 11:20:18 imap/[email protected] file: /tkt/4435-0000-419b6602Principal: [email protected] Issued Expires PrincipalNov 17 09:53:57 Nov 18 11:20:18 [email protected] 17 09:54:25 Nov 18 09:42:03 [email protected] 17 09:55:46 Nov 18 09:43:24 [email protected] 17 13:22:37 Nov 18 10:11:34 [email protected] 17 13:23:30 Nov 18 10:12:27 [email protected] & Eckhardt, SCS, CMU7Kerberos ProtocollBob tells AS that he wants to talk to Alice.»Encrypted using Bob’s private keylAS authenticates Bob, checks he has access privileges for Alice, and generates a session key for communication between Bob and Alice.lAS generates a ticket intended for Alice.»Bob’s name, the session key, and a timestamp»The ticket is encrypted using Alice’s private keylAS sends Bob the ticket plus session key.»Encrypted using Bob’s keylBob then contacts Alice with the ticket plus an encrypted timestamp.»Alice decrypts the ticket, plus timestamp and sends back the timestamp plus one (nonce)BobASAliceSteenkiste & Eckhardt, SCS, CMU8Secure Socket LayerSSLlGoal»Establish secure channel between two parties who do not share a secret (e.g., a private key).lFurther challenge (just for fun)»Assume there is no globally-believed directory of public keys (good assumption)»Assume further that new trusted servers are added to the network every hour (also good)lHow would you get this to work?Steenkiste & Eckhardt, SCS, CMU9SSL PlanlKey concept: certificate »“To whom it may concern, the private key matching public key 2398898ca76fe676bbabe67867d00d7987bad is held by the owner of www.FJALJFDSL.org.”lPlan (conceptual)»Contact a server you suspect is www.FJALJFDSL.org»It will send you a certificate containing its public key»You will generate a random symmetric-cipher session key and encrypt it with the server's public key»Only www.FJALJFDSL.org can decrypt the message and obtain the session keylDone!»?Steenkiste & Eckhardt, SCS, CMU10Trusting Certificates?lKey concept: certificate »“To whom it may concern, the private key matching public key 2398898ca76fe676bbabe67867d00d7987bad is held by the owner of www.FJALJFDSL.org.”lKey problem: how do you trust the certificate?»No global directory (and it would be out of date if you had one)lSolution»Certificates are signed (by “very trustworthy” organizations)Steenkiste & Eckhardt, SCS, CMU11Signed CertificateslKey concept: signed certificate»To whom it may concern, the private key matching public key 2398898ca76fe676bbabe67867d00d7987bad is held by the owner of www.FJALJFDSL.org.»--Sincerely, Baltimore Cybertrust»Hash: 469341329473a6755e5f5675a65b»Signature: 5fe65765865ca765b58675e5655a65c567586e65lWhat could go wrong?Steenkiste & Eckhardt, SCS, CMU12Quid custodit ipsos custodes?lWhat could go wrong?»Maybe Baltimore CyberTrust didn't claim exactly that (maybe the domain name was different, maybe the key was different...)–Server could provide bogus certificate»Who is Baltimore CyberTrust anyway?–How do I know their public key?–How do I know they aren't crooks?lOne approach – insert a level of indirection»Server provides www.FJALJFDSL.org certificate»Server also provides Baltimore CyberTrust certificate–“To whom it may concern, the private key matching public key ... is held by the owner of Baltimore CyberTrust...Signed, ReallyTrustworthyPeople.”»“Certificate Chain”Steenkiste & Eckhardt, SCS, CMU13Browser CA ListlThis indirection must bottom out eventually! »List of CA's (certificate authorities) stored in your browser–Default set compiled into executable–You can add, delete via “Security Preferences” dialogue–You probably installed “CMU CA” when you arrived here–Now you know what you did on that fateful day»Your responsibility to periodically scan CA list to make sure it's up to date–You do that, right?Steenkiste & Eckhardt, SCS, CMU14Secure Socket Layer ProtocollLots of complexities»Crypto handshake–Client and server each list their possible and preferred symmetric ciphers and key-size limits–Protocol derives a “good” compromise»Many kinds of certificates–Server certificates, signing certificates, authority certificates...»Certificate details–Expiration time, crypto protocol limitslBrowser will tell you when something is wrong»Weird confusing dialogue box»You will just click “ok” no matter what it says...Steenkiste & Eckhardt, SCS, CMU15SSL DiscussionlSSL offers good secrecy.»If Trudy intercepts the server’s first message, she only gets access to the server’s public key, which will not allow her to decrypt the session key–Requires the server’s private keylSSL offers authentication but still requires trust in the server.»The certificate certifies that the server is who it claims to be»This does not necessarily
View Full Document