internet security & e-commerce - set web security e-commerce.pdf · 2/28/2001 · – financial...

Maurizio Decina - Internet Security - Rome, February 28, 2001 1

Internet Security & E-commerce

Maurizio DècinaPolitecnico di Milano/CEFRIEL

‘Sicurezza, Informazione e Formazione’MAFRAU & TRAINET


Network Security

• There Is No Such Thing As a 100% Secure Network System• Think About Security As a Triangle With Security, Performance,

and Usability at The Corners• You Cannot Be at All Corners at The Same Time, You Can Only

Optimize The Mix According to Your Specific Needs

Security

PerformanceUsability


Requirements for E-commerce

• Confidentiality• Integrity• Authenticity• Non-repudiation• Availability


Traditional Solutions

• Confidentiality ( Unauthorized Access)– Envelope

• Integrity (Protects Against Data Tampering)– Watermarks, Signatures

• Authenticity (Protects Against Masquerading)– Physical Presence, Notaries

• Non-repudiation (Protects Against Denial of Being a Party to a Transaction)– Receipts, Confirmations, Signatures


Electronic Solutions

• Confidentiality– Data Encryption

• Integrity– Hash Algorithms, Message Digests, Digital Signatures

• Authenticity– Digital Signatures, Certificates

• Non-repudiation– Digital Signatures, Audit Logs

• Availability– Redundant Systems, Automatic Rescue Procedures


Security Standards and Protocols

• IPSEC - Network Layer Security– Provides Security to IP Protocol– Key Distribution (DH)

• IKE (Internet Key Exchange)• ISAKMP (Internet Security

Association and Key Management Protocol)

– AH: Authentication Header• Authenticates Payload Only• Uses Keyed MD5 As a Default

for Data Integrity– ESP: Encapsulated Security

Payload• Uses DES-CBC As Default for

Encryption

AH ESP

TCP

HTTP FTP SMTP



• SSL - Session Layer Security– Protocol Independent– Available for HTTP, NNTP, SMTP

Available in Netscape Navigator, Microsoft IE, Most Servers

– HTTP - Port 443; SMTP - Port 563– SASL Framework– Key Exchange: RSA, DH,

FORTEZZA– Encryption Algorithms: RC2, RC4,

IDEA, DES, 3DES– Certificates: X.509 V3– Certificate Support Optional in

Clients (No Client Authentication to Servers)

IP

TCP

HTTP FTP SMTP

SSL



• S-HTTP and S/MIMEApplication Layer Security– Available in Some Servers– Encapsulates Existing HTTP

Data– Public Key Cryptography With

Encryption and Digital Signatures

– S-HTTP Is Not Widely SupportedIP

TCP

S-HTTP S/MIME



• PGP/SET - Content Based Security– Protocol Independent– PGP Secure Electronic

Messaging Based on Asymmetric and Symmetric Encryption

– SET Messaging Protocol to Secure Bank-card Transaction

IP

TCP

HTTP FTP SMTP

PGP SET


Secret Key Cryptography

• Symmetric Cryptography– Adding Confidentiality; Single Key, Shared Secret– Standards: DES (Digital Encryption Standard) and IDEA

(International Data Encryption Algorithm)– Fast, Easy to Implement, Reliable– Problem: Key Exchange in Un-trusted Networks

Secret key, Secure channelPlaintextmessage

Plaintextmessage

Encrypt Decrypt


Public Key Cryptography

• Asymmetric (Public-key) Cryptography– Adding Confidentiality; 2 Keys Mathematically

Linked: Public and Private Keys (RSA, DH)– Either Can Be Used for Encryption/Decryption– Problem: Computationally Intensive

Recipient’sPublic Key Plaintext

messagePlaintextmessage

Encrypt Decrypt

Recipient’sPrivate key


Public Key Cryptography

• Digital Signatures• Adding Authenticity, Integrity and Non-repudiation• Hash Functions (Result Cannot Be Reverted): Create

Unique Fingerprint of the Original Message

MessageDigest

Originator’sPrivate Key

Encrypt

Originator’sPublic Key

DecryptMessage

DigestMessage

Digest

Compare

Originator’s Message

Originator Recipient


Public Key Infrastructure

• Certification Authority (CA)• Registration Authority (RA)• Certificate Repository• Certificate Revocation System (CRL Publication)• Backup and Recovery for Keys (Optional)• Management of Key Histories (Optional)• Automatic Update of Key Pairs and Certificates

(Optional)• Support for Non-repudiation of Digital Signatures• Support for Cross-certification• Support for Legacy Applications


Cryptography

• Most Ciphers Consist of Public Algorithm and a Key Which Needs to Be Long to Be Safe (40, 56, 128 Bits)

• Encryption and Decryption Is Computationally Expensive

• Brute Force Attack:• If It Takes One Day for a Device to Break 40 Bit DES• It Takes 7 Years for the Same Device to Break 56 Bit DES• It Takes Several Billion Years to Break 112 Bit 3DES

Plaintext Ciphertext PlaintextEncryption Decryption


Cryptography

• The Most Popular Symmetric Encryption Algorithms– DES - Data Encryption Standard (56 Bit + 8 Bit Checksum =

64 Bit)– 3DES - Triple Data Encryption Algorithm (112 Bit, 168 Bit) – IDEA - International Data Encryption Algorithm– RC4 - Rivest Cipher 4 (128 Bit)– AES - Advanced Encryption Standard ( New NIST Standard:

Rijndael, 128 Bit, 192 Bit, 256 Bit)• The Most Popular Asymmetric Encryption Algorithms

– DH - Diffie Hellman– RSA - Rivest Shamir Adleman (1024 Bit)– DSA - Digital Signature Algorithm (1024 Bit)– ECC - Elliptic Curve Cryptosystem (160 Bit)


Security Innovations

• Public Key Cryptography– Truncated Polynomials Ring

• By NTRU Communications and Content Security– Quantum Computing

• Quantum Cryptolink, by IBM’s Almaden Research Center• Biometrics Techniques for Individuals Authentication

– Today Based On: Passwords, PINs, ID Cards, etc.– Biometric Technology Develops Recognition/Authentication

Systems That Recognize Individuals by Biological or Behavioral Characteristics

– Fingerprint Scans, Voice Authentication, Eye Iris Scans,… • Trusted Identity Systems

– Identrus LLC, and GTA - Global Trust Authority– Financial Liability of Parties Involved in Transactions


Secure Electronic Messaging

• Requirements– Privacy, Authentication, Integrity, Availability, Virus

Checking, Support for Non-text Messages, Non-repudiation (Proof of Sending and Receiving)

• Standards– SMTP - Simple Mail Transfer Protocol– POP3 - Post Office Protocol 3– IMAP4 - Internet Message Access Protocol 4– MIME, S/MIME - Secure/ Multipurpose Internet Mail Extension– PGP - Pretty Good Privacy– SSL - Secure Socket Layer– X.400 - OSI E-mail Standard– X.509 V3 - Public Key Certificate Standard


Secure Electronic MessagingPGP - Pretty Good Privacy

Plaintext

Sessionkey

ciphertext

Encryptedsession

key

Plaintext

Sessionkey

Encrypted withsession key

Decrypted withsession key

compressed

Recipientspublic key

Recipientsprivate key

Encryption Decryption


Secure Electronic Messaging

• S/MIME – Seamlessly Integrated Into Software (Browsers,

Servers)

MIME header

Content

S/MIME header

EncryptedContent


Credit Card Transaction

In The Real World • Card Owner Comes to a Supermarket, Gives His Credit

Card and Signs a Receipt in the Presence of a Merchant• Card Reader Calls the Bank Twice: Once for the

Individual Authorization and Then Again at the End of the Day for Settlement and Accounting

Card Holder (owner of the card)

Card Processing Network

(verifone reader in supermarket)

Issuing bank(represents a client)

Acquiring bank(represents a merchant)


Payments on The Web

• Model Existing Systems• Technologies Such As SSL and SET Make

Purchasing Over the Internet Possible• Heavily Relies on SSL

– Users Can Authenticate Servers, but Not Vice Versa

– It Is Easier to Implement Certificates on the Server• Users Retrieve Server Certificate• Clients Use User ID and Passwords to

Authenticate to a Server


Payments on the Web

Client Server

hello

User ID/password

Client Server

hello


Secure Socket Layer

• SSL Does Not Assure That Merchant Is Authorized to Accept Credit Card

• Session Key Is Known Only to Browser and Server• Confidentiality Obtained Through Encryption (Privacy;

Prevents Eavesdropping)• Data Integrity Obtained Through Hashing (MD5)• Server Authentication Obtained Via Digital Certificates• (Optional) Client Authentication Via Digital Certificates• Credit Card Number Can Be Read Only by the

Merchant Server• SSL Session Involves Exchange Certificates and Keys


Secure Electronic Transaction

• SET Messages Are Essentially the Same As Those That Have Been Used in the Traditional Banking Networks for Years. SET Allows Them to Flow Across the Insecure, Open Internet

• SET Defines All Necessary Communication Between Banks, Merchants, Cardholders, Whereas SSL Creates a Secure Connection Between 2 Computers.

• Set Provides Merchants With Assurance That the Card Holder Will Not Say “It Is Not Me”. The Bank Has Evidence That Holder Made a Purchase

• SET Provides a Card Holder With Assurance That the Merchant Is Legitimate


Secure Electronic Transaction

Consumer

CA

BankNetPayment Gateway

MerchantTransaction

Certificate Certificate

Authorization

Settlement

DigitalWallet


Computer Crimes

• Computer Crimes– First Network Attack: 1988 (Worm; Robert Morris, Cornell)– Attackers: Hackers Vs. Crackers ( Vandals, Spies)– Hackers Are Proud of What They Are Doing and Publish

Their Achievements - Crackers Are Hacking for Profit

• Attacks– Social Engineering Method (Obtaining Username and

Password From Another Person), Shoulder Surfing– Exploits (Buffer Overflows), Trojan Horses and System

Modifications (Modified Login, Telnet, FTP, …)– (Distributed) Denial of Service, Resource Exhaustion


Threats

• Hacker Attacks (Vandalism, Springboard)• Denial of Service (Competition)• Theft (Software, Ideas, Money)• Damage to Public Image (Companies,

People)


Security IncidentsSecurity Incidents (CERT)

0

1000

2000

3000

4000

5000

6000

7000

8000

9000

1988 1989 1990 1991 1992 1993 1994 1995 1996 1997 1998 1999

Year

Num

ber

IncidentsVulnerabilities


Security Incidents

• Intruder Tools More and More Sophisticated• Widely Available Over the Net• More Increasingly User Friendly

– Unsophisticated User Can Easily Use Them and Gain Access to Corporate Key Servers (OSS, Billing System, Etc.)

• Automation of Discovery and Compromise of Systems– Up to 10000 Host in 1 Hour

• Encryption Tools• Scheduling Tools


Attacks & Intruders


Malicious Programs

• Trojan Horse: Secret Undocumented Routine Embedded Within a Program

• Virus: Code Embedded Within a Program That Causes a Copy of Itself to Be Inserted in One or More Other Programs

• Worm: Program That Replicate Itself and Send Copies Across a Network

• Bacteria: Program That Consumes System Resources by Replicating Itself

• Logic Bomb: When Certain Conditions Are Met the Program Executes Some Functions in Unauthorized Actions

• Trapdoor: Secret Undocumented Entry Point Into a Program


Some Attacks

• Denial of Service - Servers or Services Stop Running• IP Spoofing - Hacker Poses As a Legitimate Host

Using a Fabricated IP Address• Session Hijacking - Stealing Sessions• Web Spoofing - Creating Fake Web Sites• DNS Hijacking - Redirect DNS• Password Sniffing - Tools Like TCP Grab or

Passfinder• Buffer Overflow - Holes in Commercial and Public

Domain Software (Sendmail, Various Servers, Etc.)


Attack

Distributed DOS Attacks Some DDOS Tools• Trinoo

• Attacker Uses TCP; Masters and Daemons Use UDP

• Stacheldraht• Attacker Uses Encrypted TCP to

Master; Masters and Daemons Use TCP and ICMP ECHO REPLY; RPC Used for Auto-update

• TFN• Attacker Uses Shell to Invoke

Master; Masters and Daemons Use ICMP ECHOREPLY

• TFN2K• Configurable (UDP/ICMP/TCP)

Intruder

Master

Daemon

Target

Configure

Activate


Typical Network Attack


e-Gap @ DMZ & Back Office


Aspects of Security

• Attack– Action That Compromises the Security of Information Owned

by an Organisation• Security Policy

– The Set of Desired Security Goals• Security Procedures

– The Way Security Goals Are Achieved• Security Services

– Services That Enhance the Security• Security Mechanisms

– Mechanisms Designed to Detect, Prevent or Recover From an Attack

internet security & e-commerce - set web security e-commerce.pdf · 2/28/2001 · – financial...

Documents