e gov security_tut_session_2
DESCRIPTION
TRANSCRIPT
1PalGov © 2011
أكاديمية الحكومة اإللكترونية الفلسطينية
The Palestinian eGovernment Academy
www.egovacademy.ps
Tutorial 5: Information Security
Session 2
Internet Risks and Attacks
Dr. Mohammad Jubran
University of Birzeit
2PalGov © 2011
About
This tutorial is part of the PalGov project, funded by the TEMPUS IV program of the
Commission of the European Communities, grant agreement 511159-TEMPUS-1-
2010-1-PS-TEMPUS-JPHES. The project website: www.egovacademy.ps
University of Trento, Italy
University of Namur, Belgium
Vrije Universiteit Brussel, Belgium
TrueTrust, UK
Birzeit University, Palestine
(Coordinator )
Palestine Polytechnic University, Palestine
Palestine Technical University, PalestineUniversité de Savoie, France
Ministry of Local Government, Palestine
Ministry of Telecom and IT, Palestine
Ministry of Interior, Palestine
Project Consortium:
Coordinator:
Dr. Mustafa Jarrar
Birzeit University, P.O.Box 14- Birzeit, Palestine
Telfax:+972 2 2982935 [email protected]
3PalGov © 2011
© Copyright Notes
Everyone is encouraged to use this material, or part of it, but should properly
cite the project (logo and website), and the author of that part.
No part of this tutorial may be reproduced or modified in any form or by any
means, without prior written permission from the project, who have the full
copyrights on the material.
Attribution-NonCommercial-ShareAlike
CC-BY-NC-SA
This license lets others remix, tweak, and build upon your work non-
commercially, as long as they credit you and license their new creations
under the identical terms.
4PalGov © 2011
Tutorial 5: Information Security
Session 2: Internet Risks and Attacks
Session 2 Outline:
• Session 2 ILO’s.
• Attacks on Internet Stack (IP, DNS,
UDP, DOS, and DDOS).
• Symmetric and Asymmetric
Cryptography.
5PalGov © 2011
After completing this session you will be able to:
• A: Knowledge and Understanding• a1: Define the different risks and threats from being connected
to networks, internet and web applications.
• a2: Defines security standards and policies.
• a3: Understand the basic principles of cryptography
• B: Intellectual Skills• b1: Illustrate the different risks and threats from being
connected.
• b3: Design end-to-end secure and available systems.
• b4: Design integrity and confidentiality services.
Tutorial 2: Session 5 ILOs
6PalGov © 2011
Tutorial 5: Information Security
Session 2: Internet Risks and Attacks
Session 2 Outline:
• Session 2 ILO’s.
• Attacks on Internet Stack (IP, DNS,
UDP, DOS, and DDOS).
• Symmetric and Asymmetric
Cryptography.
7PalGov © 2011
Types of Attacks Experienced By Percent of Respondents -
2010 / 2011 CSI Computer Crime and Security Survey
8PalGov © 2011
Types of Attacks Experienced By Percent of Respondents -
2010 / 2011 CSI Computer Crime and Security Survey continue
2005 2006 2007 2008 2009 2010
Malware infection 74% 65% 52% 50% 64% 67%
Bots / zombies within the organization added in 2007 21% 20% 23% 29%
Being fraudulently represented as sender of phishing messages added in 2007 26% 31% 34% 39%
Password sniffing added in 2007 10% 9% 17% 12%
Financial fraud 7% 9% 12% 12% 20% 9%
Denial of service 32% 25% 25% 21% 29% 17%
Extortion or blackmail associated with threat of attack or release of stolen
data option added in 2009 3% 1%
Web site defacement 5% 6% 10% 6% 14% 7%
Other exploit of public-facing Web site option altered in 2009 6% 7%
Exploit of wireless network 16% 14% 17% 14% 8% 7%
Exploit of DNS server added in 2007 6% 8% 7% 2%
Exploit of client Web browser option added in 2009 11% 10%
Exploit of user’s social network profile option added in 2009 7% 5%
Instant messaging abuse added in 2007 25% 21% 8% 5%
Insider abuse of Internet access or e-mail 48% 42% 59% 44% 30% 25%
Unauthorized access or privilege escalation by insider option altered in 2009 15% 13%
System penetration by outsider option altered in 2009 14% 11%
Laptop or mobile hardware theft or loss 48% 47% 50% 42% 42% 34%
Theft of or unauthorized access to PII or PHI due to mobile device theft/loss option added in 2008 8% 6% 5%
Theft of or unauthorized access to intellectual property due to mobile device
theft/loss option added in 2008 4% 6% 5%
Theft of or unauthorized access to PII or PHI due to all other causes option added in 2008 8% 10% 11%
Theft of or unauthorized access to intellectual property due to all other
causes option added in 2008 5% 8% 5%
9PalGov © 2011
Types of Attacks Experienced By Percent of Respondents -
2010 / 2011 CSI Computer Crime and Security Survey continue
10PalGov © 2011
Types of Attacks Experienced By Percent of Respondents -
2010 / 2011 CSI Computer Crime and Security Survey continue
Acting before
attack is why you
are being invited
to this tutorial
11PalGov © 2011
Security TerminologyLecture slides by Lawrie Brown
12PalGov © 2011
Vulnerabilities and Attacks in computer security
• Vulnerability: is a weakness which allows an attacker to
reduce system's information assurance as a result of[1]
– system susceptibility or flaw
– attacker access to the flaw
– and attacker capability to exploit the flaw
• Vulnerable in system resource may result in
– System being corrupted (loss of integrity)
– System being leaky (no confidentiality)
– System is down or doesn’t respond (unavailability)
• Attacks exploited vulnerabilities and may be
– Passive (eavesdropping ,release of message information, traffic
analysis)
– Active (masquerade, replay, modification, denial of service)
[1]: The Three Tenents of Cyber Security". U.S. Air Force Software Protection Initiative. http://www.spi.dod.mil/tenets.htm. Retrieved 2009-12-15.
13PalGov © 2011
Countermeasures to Attacks in computer security
• To deal with computer attacks actions should be taken
(countermeasures) to minimize risks provided few constraints
(complexity, effectiveness, cost, people’s convenience, …)
• Countermeasures may be classified as
– Prevention: to prevent and avoid being attacked
– Detections: to detect attacks in order to handle them
– Recover: to recover and restore the situation after being attacked
14PalGov © 2011
Security Taxonomy
Attacker Tool Vulnerability Action Target Unauthorized
physical design probe accountincrease access
commandImplementati
on scan processdiscloser of information
script or program configuration flood data
corruption of information
autonomous agent authenticate component
denial of service
Info exchange bypass computer
Theft of resources
toolkit spoof network
distributed read internetwork
data tap copy
steal
modify
delete
Lecture slides by Lawrie Brown
15PalGov © 2011
• A denial-of-service attack (DoS attack) or distributed denial-
of-service attack (DDoS attack) is an attempt to make a
computer or network resource unavailable to its intended
users[1]
– network bandwidth
– system resources
– application resources
Classic Denial of Service AttacksGraphics from slides by Lawrie Brown
16PalGov © 2011
TCP Connection Handshake
client server
1
2
3
Send SYN
(seq=x)
Receive SYN
(seq=x)
Send SYN-ACK
(seq=y, ack=x+1)
Receive SYN-ACK
(seq=y, ack=x+1)
Send ACK
(ack=y+1)
Receive ACK
(ack=y+1)
17PalGov © 2011
SYN Spoofing Attack
attacker server
1
2
Send SYN with
spoofed source
address
(seq=x) Receive SYN
(seq=x)
Send SYN-ACK
(seq=y, ack=x+1)
spoofed client
Resend SYN-ACK
after timeout
Assume failed
connection request
Won’t send SYN-ACK
because it didn’t start
the connection
Attacker don’t need a high
bandwidth connection to
start the attack.
Client under attack is
flooded with
18PalGov © 2011
Types of Flooding Attacks
• Flooding attack is a form of DoS attack in which the attacker
try to overload the clients resources
• It can be classified according to the network protocol used
– ICMP Flood
• Rely on the broadcast configuration of the network
• uses ICMP packets, e.g echo request
• typically allowed through because some are required
• the attack usually done as follows:
– Determining the IP address to attack
– Determine a network with good bandwidth and resources to amplify the attack
– Hacker will send huge amount of ICMP packets to a broadcast ip address for the
network, with a spoofed source IP address to point to the client under attack.
– Router or gateway deliver the broadcast at layer 2 to all the hosts in the network.
– Hosts reply to the spoofed address causing a lot of traffic..
19PalGov © 2011
Types of Flooding Attacks continue
– UDP Flood
• send a large number of UDP packets to random port to a specific client
• client will check applications listening to that port
• If none, then will send ICMP destination unreachable
• To avoid being flooded with these packets, attacker may use a spoofed
source address.
• Countermeasure: use firewalls to block unwanted trafic
– TCP SYN Flood
• use TCP SYN (connection request) packets
• but for volume attack
• Countermeasure may include: SYN cookies provide protection against
the SYN flood by eliminating the resources allocated on the target host.
• Limiting the number of connection per source address is not a solution
since attacker may use randomly generated spoofed source addresses.
20PalGov © 2011
Some DoS attacksLecture notes of Prof. Ruby Lee
Attack Affected Area Example Description
Network Level
Device
Routers, IP
Switches,
Firewalls
Ascend Kill II,
“Christmas Tree Packets”
Attack attempts to exhaust hardware resources
using multiple duplicate packets or a software
bug.
OS Level Equipment Vendor
OS, End-User
Equipment.
Ping of Death,
ICMP Echo Attacks,
Teardrop
Attack takes advantage of the way operating
systems implement protocols.
Application Level
Attacks
Finger Bomb Finger Bomb,
Windows NT RealServer
G2 6.0
Attack a service or machine by using an
application attack to exhaust resources.
Data Flood
(Amplification,
Oscillation,
Simple Flooding)
Host computer or
network
Smurf Attack (amplifier
attack)
UDP Echo (oscillation
attack)
Attack in which massive quantities of data are
sent to a target with the intention of using up
bandwidth/processing resources.
Protocol Feature
Attacks
Servers, Client PC,
DNS Servers
SYN (connection depletion) Attack in which “bugs” in protocol are utilized
to take down network resources. Methods of
attack include: IP address spoofing, and
corrupting DNS server cache.
21PalGov © 2011
Countermeasures … to DoS attacksLecture notes of Prof. Ruby Lee
Attack Countermeasure
Options
Example Description
Network Level
Device
Software patches,
packet filtering
Ingress and Egress
Filtering
Software upgrades can fix known bugs and
packet filtering can prevent attacking traffic
from entering a network.
OS Level SYN Cookies, drop
backlog connections,
shorten timeout time
SYN Cookies Shortening the backlog time and dropping
backlog connections will free up resources.
SYN cookies proactively prevent attacks.
Application
Level Attacks
Intrusion Detection
System
GuardDog, other
vendors.
Software used to detect illicit activity.
Data Flood
(Amplification,
Oscillation,
Simple Flooding)
Replication and Load
Balancing
Akami/Digital
Island provide
content distribution.
Extend the volume of content under attack
makes it more complicated and harder for
attackers to identify services to attack and
accomplish complete attacks.
Protocol Feature
Attacks
Extend protocols to
support security.
ITEF standard for
itrace, DNSSEC
Trace source/destination packets by a means
other than the IP address (blocks against IP
address spoofing). DNSSEC would provide
authorization and authentication on DNS
information.
22PalGov © 2011
Distributed Denial of Service Attacks
• Let us read it together: “A Distributed Denial of Service (DDoS) attack uses many computers to launch a coordinated DoS attack against one or more targets. Using client/server technology, the perpetrator is able to multiply the effectiveness of the Denial of Service significantly by harnessing the resources of multiple unwitting accomplice computers which serve as attack platforms. Typically a DDoS master program is installed on one computer using a stolen account. The master program, at a designated time, then communicates to any number of "agent" programs, installed on computers anywhere on the internet. The agents, when they receive the command, initiate the attack. Using client/server technology, the master program can initiate hundreds or even thousands of agent programs within seconds”[1]
[1] Stein, Lincoln. The World Wide Web Security FAQ, Version 3.1.2, February 4, 2002.
http://www.s3.org/security/faq/
23PalGov © 2011
DDoS Control HierarchyGraphics from slides by Lawrie Brown
24PalGov © 2011
Reflection Attacks
• Attacker uses a spoofed source address and send many
requests to many servers
• Servers will respond to the client under attack (his IP is
being spoofed by attacker)
• If many servers response with good speed and bandwidth,
client or target will be flooded with packets.
• Countermeasure: block source spoofed packets
25PalGov © 2011
Amplification AttacksGraphics from slides by Lawrie Brown
26PalGov © 2011
DNS Amplification Attacks
• Attacker uses an ip spoofed DNS inquiry to trigger
a response from the DNS server to the target.
• Attacker try to exploit DNS behavior to convert a
small request to a much larger response
– 60 byte request to 512 - 4000 byte response
• attacker sends requests to multiple servers with
high bandwidth connections, which flood target
– need only moderate flow of request packets
– DNS servers will also be loaded
27PalGov © 2011
DDoS Attack Defenses
• three lines of defense against DDoS:– attack prevention and preemption
– attack detection and filtering
– attack source traceback and identification Avoid initial attack
• Use of Firewalls
• Check incoming/outgoing Packets (filtration)
• Use a server farm and load balancer to offset the effects of a
DDoS attack
• countermeasure SYN flood attacks by discarding the first
SYN packet, this will cause delay for legitimate users.
• Change logical addressing (IP) of attacked systems.
28PalGov © 2011
Attack Prevention
• block spoofed source addresses
– on routers as close to source as possible
– still far too rarely implemented
• rate controls in upstream distribution nets
– on specific packets types
– e.g. some ICMP, some UDP, TCP/SYN
• use modified TCP connection handling
– use SYN cookies when table full
– or selective or random drop when table full
• block IP directed broadcasts
• block suspicious services & combinations
• manage application attacks with “puzzles” to distinguish legitimate
human requests
• good general system security practices
• use mirrored and replicated servers when high-performance and
reliability required
29PalGov © 2011
Tutorial 5: Information Security
Session 2: Internet Risks and Attacks
Session 2 Outline:
• Session 2 ILO’s.
• Attacks on Internet Stack (IP, DNS,
UDP, DOS, and DDOS).
• Symmetric and Asymmetric
Cryptography.
30PalGov © 2011
Symmetric and Asymmetric Cryptography
• Cryptography
– The science and art of engineering and designing ciphers;
• Cryptanalysis
– The science and art of analysing and breaking them;
• Cryptology
– Both the above.
Plain text
encryption
Cipher text
decryption
Plain text
31PalGov © 2011
Standardizing Encryption and Decryption
• We want robust reusable components to do
encryption and decryption.
– Standardize the algorithm; allows public review.
– Concentrate the information that makes the
process unique into a key.
Plain text
encryption
Cipher text
decryption
Plain text
encryption Key
decryption Key
32PalGov © 2011
Symmetric and Asymmetric Systems
• Symmetric encryption: both keys used for encryption
(encryption key) and for decryption (decryption key) are the
same.– Keys are shared secretly (key distribution is an issue to look for)
– Both partes trust each other to keep the keys secret from public.
• Asymmetric encryption: the key used for encryption
(encryption key is different than the one used for decryption
(decryption key), they might be used in different formats.– The two keys are owned and managed separately– One of the keys is kept private, but the other one is made available to public
(public key).
33PalGov © 2011
Symmetric Systems Kinds of Cipher
• There are three common families of cipher:– Substitution ciphers
• Replace each symbol independently of the others
– Stream ciphers• Process each symbol in a way that depends on its position in the input
stream
– Block ciphers• Divide input into blocks and apply the same algorithm to each block in
sequence– but may depend on position in the sequence of blocks.
– Might require adding padding bits (e.g. 14 bits all set to zeros at the end of a
block of 50 bits if the encryption algo. requires blocks of 64 bits)
34PalGov © 2011
Digital Encryption Standard (DES) and 3DES
• DES is a Feistel Cipher– Block size 64 bits
– Key size 56 bits
– 16 stages; each has a 48 bit key formed from the user key
– One-way function (will be discussed later) is SP
• Expand to 48 bits (4 bits to 6 bits)
• Mix in stage key with XOR
• Pass through S-boxes that map 6 bits back to 4 and then permute results.
• Key now generally seen as too short
– Best shortcuts need 242 known texts to recover key.
• Using the current technology, DES has been broken
– broken: plain text can be recovered from the encrypted text within a reasonable
amount of time.
• To improve strength, Triple DES provides three keys
– Three stages
• Encrypt with key one
• Decrypt with key two
• Encrypt with key three
– This structure chosen so that if all three keys are set equal, result is single DES
35PalGov © 2011
Advanced Encryption Standard (AES)
• AES returns to the Substitution Permutation (SP) structure– Used 128 bit (16 byte) blocks and 128, 192 or 256 bit keys
• S-box is 8 bit to 8 bit, derived from group theory to have good properties
• Linear transformation is based on laying data out as a 4*4 grid of bytes
and applying matrix operations
• Bytes from a key stream derived from the user key are added in to each
byte of the matrix to complete the stage.
• There are 10, 12 or 14 stages depending on key length.
• It is expect to hold against cryptanalysis for some time
depending on the advancements of technology and
computations power
36PalGov © 2011
Styles of Block Encryption
• Electronic Code Book– Each block is coded independently.
– this is weak, because equal text blocks give equal cipher texts.
– inference can then be used to break the cipher.
• Chain Coding (Cipher Block Chaining)– Block N is XORed with the encrypted version of block (N-1).
– Start with an agreed initial vector (key).
– the text generated is different each time;
– any change makes the rest of the message unreadable.
Mi encrypt Ci
Ci-1
37PalGov © 2011
Cryptographic Strength
• We can measure the strength of a system in terms of the
number of trials needed to break it in a given situation.
– For brute force attacks this is likely to relate to the effective key size –
e.g. a 16 bit key needs 215 trials on average to find the key.
– However, given more information, such as specific plaintext to cipher-
text correspondences, this number can be significantly reduced.
38PalGov © 2011
Cryptography - Forms of Attack
• Brute force
– Try all keys, assumes you can recognize success!
– Current specialised hardware can do 1011 key tests/sec
• Cut and paste
– If diffusion is low, we can substitute parts of known messages at known offsets in e.g. a banking transaction.
• Known plaintext or known ciphertext
– Shortcut the brute force costs by having examples of matching plain and cipher texts. Inject plaintext to see ciphertext, or inject known ciphertext to see decrypted plaintext.
39PalGov © 2011
• In symmetric cryptography the secret key must be shared
and in public key cryptography the private key need to be
delivered to its owner.
• Key Distribution Center (KDC):
– Jubran and Ahmad need shared symmetric key.
– KDC: server shares different secret key with each registered user
(many users) (KJ-KDC, KA-KDC, KX-KDC)
– Jubran, Ahmad know own symmetric keys, KA-KDC KB-KDC , for
communicating with KDC.
Key Distribution
Ahmad
KA-KDC
Jubran
KJ-KDCX
KX-KDC KDC
KJ-KDC
KX-KDC
KA-KDC
KY-KDC
40PalGov © 2011
Key Distribution Center (KDC)
Q: How does KDC allow Bob, Alice to determine shared
symmetric secret key to communicate with each other?
KDC
KJ-KDC
KX-KDC
KA-KDC
KY-KDC
Alice
knows R1
Uses A,J to
generate R11.KA-KDC(A,J)
2.KA-KDC(R1, KB-KDC(A,R1) )Ahmad
KA-KDC
Jubran
KJ-KDC
41PalGov © 2011
How Useful is a KDC?
• KDC trust may be questionable, it may expose our keys to
others
• Centralized processing and single point of failure
• Must always be online to support secure communication
• In practice, the KDC model is mostly used within single
organizations (e.g. Kerberos) but not more widely.
42PalGov © 2011
Public Key Styles
• The keys are different, one of them is kept private and the other one can be made public, text encrypted by either of them can be decrypted by the other– Confidentiality: sender will encrypt the message using my public key
(known by everyone), but only myself can decrypt the message using my private key (kept secret, known only to me).
– Authentication: I use my private key to encrypt a message (only myself can do that using my private key), anyone who use my public key to decrypt the message is sure that it was encrypted using my private key (myself assuming I kept the private key secret)
– non-repudiation: a message decrypted using my public key is defiantly being encrypted using my private key, and so I can’t deny creating it (off course assuming I kept my key secret).
– Motivation question: a message being encrypted using private key of A, what does the following cases imply
• The message is being decrypted using A’s public key.• The message is being decrypted using B’s public key... (but you don’t know the
original message)? To be discussed next.
43PalGov © 2011
Factoring. RSA Algorithm
• Ciphers based on the problem of factorizing large numbers
which have few prime factors.
•E.g. RSA:
– key is of order 1-2000 bits; message is split into blocks of similar size.
•Find a number N that is the product of two large prime numbers, p and q.
Pick a public exponent e. Secret exponent d is now given by
ed mod (p-1)(q-1) = 1
– N,e is the public key. N,d is the private key
•Infinite possibilities for d and M, and computationally expensive to factor N
into p and q, so encrypted message C is secure
NCM d modulo
NMC e modulo
44PalGov © 2011
Use of PKC in Communications
• Public keys are hard to generate and expensive to use.
• So we try to minimize their use.
– use for exchanges in the authorization process;
– use to transfer a fresh session key;
– use symmetric encryption for the session data;
– change session keys often enough.
45PalGov © 2011
Hash Functions and MACs
• We often want to know whether a message or document has
been modified since its creation.
• Can do this by calculating a smaller value represents the
document
– Changing the document changes this value
– The major concern in deciding what algorithm to use is to avoid
collisions
• In general, a small value representing a larger object is
called a hash and generated by a hash function.
• The hash used in this specific application is called a
message authentication code (MAC) or Message Integrity
Code (MIC).
46PalGov © 2011
Properties of a Hash
• What an attacker will typically be doing is taking a signed document and
trying to change it to another one which has the same hash but different
semantics
– This is why collisions are important – the aim is to find a collision with the
original value.
• Need a wide enough hash, or attacker can just try a series of changes
until a collision is found
– Can play with non-significant content, like white space to find a collision, or
use antonyms e.g. small -> big.
– Documents with a lot of hidden redundant information, such as Word
documents, make this easier.
• One technique is to use message blocks as keys to repeatedly encrypt a
partial hash, mixing input with output to make the process non-invertible.
47PalGov © 2011
Signature
• Just encrypting the text to be signed leaves it open to a
chosen message attack– Get target to sign an apparently innocent nonsense message,
constructed from random data encrypted with their public key and
something you want them to sign;
– Can extract original random bits, which have now been encrypted
with both public and private keys, leaving signed forged message.
• Also asymmetric encryption is computationally expensive
• So form a one way hash of message to be signed, and
encrypt that instead.• This is one area where message digest functions or message
authentication codes (MAC) are used.
48PalGov © 2011
Capabilities
• One particular use of signature is to represent authority
within operating systems.
• Authority is represented by a small capability object
containing– An action id
– A process identity
– Some signature information
• A requested action is permitted if a capability
corresponding to it is also presented
• The operating system supports transfer of capabilities,
changing the signature accordingly
• The cryptographic requirements can be quite weak
because lifetimes are typically short (average process
lifetime).
49PalGov © 2011
Public Key Infrastructure
• What is Public Key Infrastructure (PKI)
1) Set of hardware, software, people, policies, and
procedures needed to create, manage, distribute,
use, store, and revoke digital certificates[1]
2) Simply a system in which public keys are binded to
user identities by means of Certification Authority.
[1]: "LPKI - A Lightweight Public Key Infrastructure for the Mobile Environments", Proceedings of the 11th IEEE International
Conference on Communication Systems (IEEE ICCS'08), pp.162-166, Guangzhou, China, Nov. 2008.
50PalGov © 2011
Certification Authorities
Certification authority (CA)
• generates a signed certificate using CA’s private key
which binds a particular entity to its public key.
• An entity responsible to issue, revoke and manage
digital certificates
– Verify the identity and information provided by the entity
asking for certificate
– may generate private and public keys for entities.
– binds the identity and associated info. of an entity with its
public key using the CA’s private key public key
certificate
– Public key certificates are authentic as they can’t be altered
without detection.
51PalGov © 2011
Certification Authorities continue
• Procedure to obtain a CA signed digital certificate:
– Submit a proof of identity and any other information to be
included in the certificate to CA (usually done offline)
– CA uses its private key to bind the provided information by the
entity to its public key
– Again, the asymmetric key pair might be generated by the
CA, or the public key is provided by the entity itself.
– Again, Certificate contains
• Owner’s distinguished name
• Owners public key
• Issuer’s distinguished name
• Issuer’s digital signature
52PalGov © 2011
Certification Authorities continue
• How to validate a public key within a certificate:
– Get the CA signed certificate (from the entity itself or elsewhere)
– The CA public key must be known for you.
– Use the CA public key to verify the signature within the certificate. “notice: entity info and public key are binded by the CA
private key”
– If the signature is valid then accept the public key.
Digital Certificate of Jubran
· Some info.
· Public key; Kj
· Siganture; Sj
CA public key KCA
Use KCA to verify
the binding
between Sj and Kj
If Kj is truly binded
to Sj then use it
53PalGov © 2011
Certification Authority continue
• Important: you must TRUST the CA in order to TRUST
the digital certificate including the public key signed by
it, and so any digitally signed messages validated
using this public key
54PalGov © 2011
Some General Conclusions
• Cryptography is hard, and widespread testing and
comment is needed– Don’t roll your own – reuse well analysed solutions
• Keep algorithm choice modular– If progress demands greater strength, be able to change
algorithms as a configuration matter
• More is not necessarily better– Offering multiple solutions leads to interworking problems,
and negotiation becomes a vulnerability.
– Don’t encrypt already encrypted material – may have side
effects that weaken the whole system.
55PalGov © 2011
Summary
• In this session we discussed the following:
– Overview and awareness topics on attacks on
Internet Stacks
– More focus was toward denial of service and
distributed denial of service.
– Introduction to cryptography and hash functions