Presentation is loading. Please wait.

Presentation is loading. Please wait.

Objectives Get a non-product-specific perspective onto security in IT Demystify the commonly used terminology – know your RC2 from AES Bring together various.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Objectives Get a non-product-specific perspective onto security in IT Demystify the commonly used terminology – know your RC2 from AES Bring together various."— Presentation transcript:

1 Objectives Get a non-product-specific perspective onto security in IT Demystify the commonly used terminology – know your RC2 from AES Bring together various aspects of security into an integrated whole Make some simple recommendations

2 Agenda Defining Integrated Security (level 200) Some Techniques for Securing IT (level 250) Recommendations (level 200) Printed/online slides include a section that covers security risk analysis process – they are self-explanatory (7 easy slides – please read at your leisure) Warning: this is a fast and furious A-to-Z type of a session. Attend at your own risk.

3 Defining Security

4 Security Definition (Cambridge Dictionary of English)  Ability to avoid being harmed by any risk, danger or threat …therefore, in practice, an impossible goal  What can we do then?  Be as secure as needed  Ability to avoid being harmed too much by reasonably predictable risks, dangers or threats (Rafal’s Definition)

5 Assets What we are securing?  Data  Services (i.e. business etc. applications or their individually accessible parts) This session is not about securing:  People (sorry), cables, carpets, typewriters and computers (?!)  Indeed: we (IT people) will secure the data on the computer or services it offers and we will often request that a PC should be locked up with an armed guard but how this is done is not really our business  Sometimes known as physical security

6 Digital Security as Extension of Physical Security of Key Assets Strong Physical Security of KA Strong Digital Security Good Security Everywhere Weak Physical Security of KA Strong Digital Security Insecure Environment Strong Physical Security of KA Weak Digital Security Insecure Environment

7 Aspects of Security Confidentiality ◄ Your data/service provides no useful information to unauthorised people Integrity ◄ If anyone tampers with your asset it will be immediately evident Authenticity ◄ We can verify that asset is attributable to its authors or caretakers Non-repudiation ◄ The author or owner or caretaker of asset cannot deny that they are associated with it Identity ◄ We can verify who is the specific individual entity associated with your asset

8 Additional Aspects of Data and Service Security Authorisation ◄ It is clear what actions are permitted with respect to your asset Loss ◄ Asset is irrecoverably lost (or the cost of recovery is too high) Denial of access (aka denial of service) ◄ Access to asset is temporarily impossible “Static” cryptography is useful but not sufficient:  Backups etc. needed  Behaviour (pattern) of access analysis needed

9 Cryptography Using really hard mathematics to implement most of the security aspects mentioned earlier “Static”  Cannot detect or prevent problems arising from a pattern of behaviour Relies of physical security of Key Assets (such as master private keys etc.) Strength changes with time, depending on the power of computers and developments in cryptanalysis

10 Behaviour (Pattern) Analysis Prohibits reaching an asset if history of access is out-of- pattern, e.g.:  Password lock-out after N unsuccessful attempts  Blocking packets at a router if too many come from a given source  Stopping a user from seeing more than N records in a database per day  Time-out of an idle secure session “Active”  Cannot prevent unauthorised use of asset – still need crypto  Can prevent legitimate access – need easy and secure “unlock” mechanisms Strength varies with sophistication on known attacks

11 Integrated Security Security should be Integrated Security: Static + Active Across All Your Assets Based On Risk Assessment

12 1 st Conclusion As 100% security is impossible, you need to decide what needs to be secured and how well it needs to be secured In other words, you need:  Asset list  Risk impact estimate for each asset

13 Some Techniques for Securing IT

14 What is Really Secure? Look for systems  From well-know parties  With published (not secret!) algorithms  That generate a lot of interest  That have been hacked for a few years  That have been analysed mathematically Absolutely do not “improve” algorithms yourself Employ someone to attempt a break-in

15 Behaviour (Pattern) Analysis Fairly new area (with exceptions) In addition to knowing your assets, you need to know your perimeter (edge)  Do you? Active access inspection and pattern matching are the main techniques

16 Many Perimeters External – Network Edge  Between you and internet etc. DMZ – De-militarized Zone  Between network edge and all protected resources  Only minimal protection possible Default Security Zone  The traditional LAN High Security Zone  “Network inside network”  For key assets Perimeter (Edge) of Isolation  Assets physically not connected to networks  Useful for some key assets (e.g. master keys) Isolation Network Edge

17 Tools for Behaviour Analysis Traditional: Firewalls and Proxies around the perimeters (edges)  Stateful packet inspection Traditional: Limiting number of accesses to Key Assets  Password lock-outs Newer: Event Analysis and Active Agents  Rules can be programmed into some security servers (ISA) or monitoring tools (MOM)  Neural networks are showing some promise for out- of-pattern detection

18 Basic Crypto Terminology Plaintext  The stuff you want to secure, typically readable by humans (email) or computers (software, order) Ciphertext  Unreadable, secure data that must be decrypted before it can be used Key  You must have it to encrypt or decrypt (or do both) Cryptanalysis  Hacking it by using science Complexity Theory  How hard is it and how long will it take to run a program

19 Symmetric Key Cryptography Encryption “The quick brown fox jumps over the lazy dog” “AxCv;5bmEseTfid3) fGsmWe#4^,sdgfMwi r3:dkJeTsY8R\s@!q3 %” “The quick brown fox jumps over the lazy dog” Decryption Plain-text input Plain-text output Cipher-text Same key (shared secret)

20 Symmetric Pros and Cons Weakness:  Must agree the key beforehand  Securely pass the key to the other party Strength:  Simple and really very fast (order of 1000 to 10000 faster than asymmetric mechanisms)  Super-fast if done in hardware (DES, Rijndael)  Hardware is more secure than software, so DES makes it really hard to be done in software, as a prevention

21 Public Key Cryptography Knowledge of the encryption key doesn’t give you knowledge of the decryption key Receiver of information generates a pair of keys  Publish the public key in a directory Then anyone can send him messages that only she can read

22 Public Key Encryption Encryption “The quick brown fox jumps over the lazy dog” “Py75c%bn&*)9|fDe^ bDFaq#xzjFr@g5=&n mdFg$5knvMd’rkveg Ms” “The quick brown fox jumps over the lazy dog” Decryption Clear-text Input Clear-text Output Cipher-text Different keys Recipient’s public key Recipient’s private key private public

23 Public Key Pros and Cons Weakness:  Extremely slow  Susceptible to “known ciphertext” attack Strength  Solves problem of passing the key

24 Hybrid Encryption (Real World) As above, repeated for other recipients or recovery agents Digital Envelope Other recipient’s or agent’s public key (in certificate) in recovery policy Launch key for nuclear missile“RedHeat”is... Symmetric key encrypted asymmetrically (e.g., RSA) Digital Envelope User’s public key (in certificate) RNG Randomly- Generated symmetric “session” key Symmetric encryption (e.g. DES) *#$fjda^ju539!3t t389E *&\@ 5e%32\^kd

25 *#$fjda^ju539!3t 5e%32\^kd Launch key for nuclear missile“RedHeat”is... Launch key for nuclear missile“RedHeat”is... Symmetric decryption (e.g. DES) Digital Envelope Asymmetric decryption of “session” key (e.g. RSA) Symmetric “session” key Session key must be decrypted using the recipient’s private key Digital envelope contains “session” key encrypted using recipient’s public key Recipient’s private key Hybrid Decryption

26 Digital Signatures Want to give plain text data to someone, and allow them to verify the origin  Integrity, authenticity & non-repudiation Much more on this in my PKI session SEC390 at 16:45 in room 6 today Much more on this in my PKI session SEC390 at 16:45 in room 6 today

27 DES, IDEA, RC2, RC5 Symmetric DES (Data Encryption Standard) is the most popular  Keys very short: 56 bits  Brute-force attack took 3.5 hours on a machine costing US$1m in 1993. Today it probably is done real-time.  Triple DES (3 DES) not much more secure but may thwart NSA  Just say no, unless value of data is minimal IDEA (International Data Encryption Standard)  Similar to DES, but “not” from NSA  128 bit keys RC2 & RC5 (by R. Rivest)  RC2 is older and RC5 newer (1994) - similar to DES and IDEA

28 Rijndael Standard replacement for DES for US government, and, probably for all of us as a result…  Winner of the AES (Advanced Encryption Standard) competition run by NIST (National Institute of Standards and Technology in US) in 1997-2000  Comes from Europe (Belgium) by Joan Daemen and Vincent Rijmen. “X-files” stories less likely (unlike DES). Symmetric block-cipher (128, 192 or 256 bits) with variable keys (128, 192 or 256 bits, too) Fast and a lot of good properties, such as good immunity from timing and power (electric) analysis Construction deceptively similar to DES (S-boxes, XORs etc.) but really different

29 CAST and GOST CAST  Canadians Carlisle Adams & Stafford Tavares  64 bit key and 64 bit of data  Chose your S-boxes  Seems resistant to differential & linear cryptanalysis and only way to break is brute force (but key is a bit short!) GOST  Soviet Union’s “version” of DES but with a clearer design and many more repetitions of the process  256 bit key but really 610 bits of secret, so pretty much “tank quality”  Backdoor? Who knows…

30 Careful with Streams! Do NOT use a block cipher in a loop Use a crypto-correct technique for treating streams of data, such as CBC (Cipher Block Chaining) .NET Framework implements it as ICryptoTransform on a crypto stream with any supported algorithm

31 RC4 Symmetric  Fast, streaming encryption R. Rivest in 1994  Originally secret, but “published” on sci.crypt Related to “one-time pad”, theoretically most secure But! It relies on a really good random number generator  And that is the problem

32 RSA, DSA, ElGamal, ECC Asymmetric  Very slow and computationally expensive – need a computer  Very secure Rivest, Shamir, Adleman – 1978  Popular and well researched  Strength in today’s inefficiency to factorise into prime numbers  Some worries about key generation process in some implementations DSA (Digital Signature Algorithm) – NSA/NIST thing  Only for digital signing, not for encryption  Variant of Schnorr and ElGamal sig algorithm ElGamal  Relies on complexity of discrete logarithms ECC (Elliptic Curve Cryptography)  Really hard maths and topology  Better than RSA, in general and under a mass of research

33 Quantum Cryptography Method for generating and passing a secret key or a random stream  Not for passing the actual data, but that’s irrelevant Polarisation of light (photons) can be detected only in a way that destroys the “direction” (basis)  So if someone other than you observes it, you receive nothing useful and you know you were bugged Perfectly doable over 10-50km long fibre-optic link  But seems pretty perfect, if a bit tedious and slow Don’t confuse it with quantum computing, which won’t be with us for at least another 50 years or so, or maybe longer…

34 MD5, SHA Hash functions – not encryption at all! Goals:  Not reversible: can’t obtain the message from its hash  Hash much shorter than original  Two messages won’t have the same hash MD5 (R. Rivest)  512 bits hashed into 128  Mathematical model still unknown  But it resisted major attacks SHA (Secure Hash Algorithm)  US standard based on MD5

35 Diffie-Hellman, “SSL”, Certs Methods for key exchange DH is very clever since you always generate a new “key- pair” for each asymmetric session  STS, MTI, and certs make it even safer Certs (certificates) are the most common way to exchange public keys  Foundation of Public Key Infrastructure (PKI) SSL uses a protocol to exchange keys safely  See session on PKI

36 Cryptanalysis Brute force  Good for guessing passwords, and some 40-bit symmetric keys (in some cases needed only 27 attempts) Frequency analysis  For very simple methods only (US mobiles) Linear cryptanalysis  For stronger DES-like, needs 243 plain-cipher pairs Differential cryptanalysis  Weaker DES-like, needs from 214 pairs Power and timing analysis  Fluctuations in response times or power usage by CPU

37 Breaking It on $10 Million Symme-tric Key ECC Key RSA Key Time to Break MachinesMemory 56112420 < 5 mins 10000Trivial 80160760 600 months 43004GB 961921020 3 million years 114170GB 1282561620 10E16 years 0.16120TB From a report by Robert Silverman, RSA Laboratories, 2000

38 Some Recommendations

39 Strong Systems It is always a mixture! Changes all the time… Symmetric:  Min. 128 bits for RC2 & RC5, 3DES, IDEA, carefully analysed RC4, 256 bit better Asymmetric:  RSA, ElGamal, Diffie-Hellman (for keys) with minimum 1024 bits (go for the maximum, typically 4096, if you can afford it) Hash:  Either MD5 or SHA but with at least 128 bit results, 256 better

40 Weak Systems Anything with 40-bits (including 128 and 56 bit versions with the remainder “fixed”) CLIPPER A5 (GSM mobile phones outside US) Vigenère (US mobile phones)  Dates from 1585! Unverified certs with no trust Weak certs (as in many “class 1” personal certs)

41 Summary Decide what to secure and how Have someone fulfil the role of CSO (Chief Security Officer) Combine static crypto-based security with active behaviour (pattern) analysis Use reasonably strong security mechanisms Balance security against accessibility

42 Resources & Reading Visit www.microsoft.com/security www.microsoft.com/security Attend sessions on PKI (incl. SEC390) For more detail, read:  Applied Cryptography, B. Schneier, John Wiley & Sons, ISBN 0-471-12845-7  Foundations of Cryptography, O. Goldereich, www.eccc.uni-trier.de/eccc-local/ECCC- Books/oded_book_readme.html www.eccc.uni-trier.de/eccc-local/ECCC- Books/oded_book_readme.html www.eccc.uni-trier.de/eccc-local/ECCC- Books/oded_book_readme.html  Handbook of Applied Cryptography, A.J. Menezes, CRC Press, ISBN 0-8493-8523-7  PKI, A. Nash et al., RSA Press, ISBN 0-07-213123-3  Cryptography in C and C++, M. Welschenbach, Apress, ISBN 1-893115-95-X (includes code samples CD)

43 Community Resources http://www.microsoft.com/communities/default.mspx Most Valuable Professional (MVP) http://www.mvp.support.microsoft.com/ http://www.mvp.support.microsoft.com/Newsgroups Converse online with Microsoft Newsgroups, including Worldwide http://www.microsoft.com/communities/newsgroups/default.mspx User Groups Meet and learn with your peers http://www.microsoft.com/communities/usergroups/default.mspx

44 evaluations… evaluations… Please don’t forget to complete your online Evaluation Form

45 Risk Analysis for IT Security A Bonus Section for Your Reading Pleasure

46 Examples Asset:  Internal mailbox of your Managing Director Risk Impact Estimate (examples!)  Risk of loss: Medium impact  Risk of access by staff: High impact  Risk of access by press: Catastrophic impact  Risk of access by a competitor: High impact  Risk of temporary no access by MD: Low impact  Risk of change of content: Medium impact

47 Creating Your Asset List List all of your named assets starting with the most sensitive Your list won’t ever be complete, keep updating as time goes on Create default “all other assets” entries  Divide them into logical groups based on their probability of attacks or the risk of their “location” between perimeters

48 Risk Impact Assessment For each asset and risk attach a measure of impact Monetary scale if possible (difficult) or relative numbers with agreed meaning  E.g.: Trivial (1), Low (2), Medium (3), High (4), Catastrophic (5) Ex:  Asset: Internal MD mailbox  Risk: Access to content by press  Impact: Catastrophic (5)

49 Risk Probability Assessment Now for each entry measure probability the loss may happen Real probabilities (difficult) or a relative scale (easier) such as: Low (0.3), Medium, (0.6), and High (0.9) Ex:  Asset: Internal MD mailbox  Risk: Access to content by press  Probability: Low (2)

50 Risk Exposure and Risk List Multiply probability by impact for each entry  Exposure = Probability x Impact Sort by exposure  High-exposure risks need very strong security measures  Lowest-exposure risks can be covered by default mechanisms or ignored Example:  Press may access MD mailbox: Exposure = P(Low=0.3) x I(Catastrophic=5) = 1.5  By the way, minimum exposure is 0.3 and maximum is 4.5 is our examples

51 Mitigation and Contingency For high-exposure risks have a plan:  Mitigation: Reduce its probability or impact (so exposure)  Transfer: Make someone else responsible for the risk  Avoidance: avoid the risk by not having the asset  Contingency: what to do if the risk becomes reality

52 2 nd Conclusion Security risk management is an ongoing activity which requires someone to be responsible for it Who? Your CSO – Chief Security Officer  Do you have one?

Download ppt "Objectives Get a non-product-specific perspective onto security in IT Demystify the commonly used terminology – know your RC2 from AES Bring together various."

Similar presentations

Public Key Infrastructure – tell me in plain English AND THEN deep technical how PKI works Steve Lamb stephlam@microsoft.com http://blogs.technet.com/steve_lamb.

Public Key Infrastructure – tell me in plain English AND THEN deep technical how PKI works Steve Lamb
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
NSRC Workshop Some fundamental security concerns... Confidentiality - could someone else read my data? Integrity - has my data been changed? Authentication.

NSRC Workshop Some fundamental security concerns... Confidentiality - could someone else read my data? Integrity - has my data been changed? Authentication.
1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Digital Signature Key distribution.

1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Digital Signature Key distribution.
Mostly borrowed & updated from Steve Lamb in Microsoft Land….

Mostly borrowed & updated from Steve Lamb in Microsoft Land….
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown and edited by Archana Chidanandan Cryptographic Tools.

First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown and edited by Archana Chidanandan Cryptographic Tools.
Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.

Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.
CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.
Cryptography Basic (cont)

Cryptography Basic (cont)
Chapter 5 Cryptography Protecting principals communication in systems.

Chapter 5 Cryptography Protecting principals communication in systems.
Wireless Security In wireless networks. Security and Assurance - Goals Integrity Modified only in acceptable ways Modified only by authorized people Modified.

Wireless Security In wireless networks. Security and Assurance - Goals Integrity Modified only in acceptable ways Modified only by authorized people Modified.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Cryptographic Technologies

Cryptographic Technologies
CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
Cryptography April 20, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.
Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.

Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Similar presentations

Ads by Google